WP_Customize_Widgets::sanitize_widget_instance()
Sanitizes a widget instance.
Unserialize the JS-instance for storing in the options. It's important that this filter only get applied to an instance once.
Method of the class: WP_Customize_Widgets{}
No Hooks.
Return
Array|null
. Sanitized widget instance.
Usage
$WP_Customize_Widgets = new WP_Customize_Widgets(); $WP_Customize_Widgets->sanitize_widget_instance( $value, $id_base );
- $value(array) (required)
- Widget instance to sanitize.
- $id_base(string)
- Base of the ID of the widget being sanitized.
Default: null
Notes
- Global. WP_Widget_Factory. $wp_widget_factory
Changelog
Since 3.9.0 | Introduced. |
Since 5.8.0 | Added the $id_base parameter. |
WP_Customize_Widgets::sanitize_widget_instance() WP Customize Widgets::sanitize widget instance code WP 6.7.1
public function sanitize_widget_instance( $value, $id_base = null ) { global $wp_widget_factory; if ( array() === $value ) { return $value; } if ( isset( $value['raw_instance'] ) && $id_base && wp_use_widgets_block_editor() ) { $widget_object = $wp_widget_factory->get_widget_object( $id_base ); if ( ! empty( $widget_object->widget_options['show_instance_in_rest'] ) ) { if ( 'block' === $id_base && ! current_user_can( 'unfiltered_html' ) ) { /* * The content of the 'block' widget is not filtered on the fly while editing. * Filter the content here to prevent vulnerabilities. */ $value['raw_instance']['content'] = wp_kses_post( $value['raw_instance']['content'] ); } return $value['raw_instance']; } } if ( empty( $value['is_widget_customizer_js_value'] ) || empty( $value['instance_hash_key'] ) || empty( $value['encoded_serialized_instance'] ) ) { return; } $decoded = base64_decode( $value['encoded_serialized_instance'], true ); if ( false === $decoded ) { return; } if ( ! hash_equals( $this->get_instance_hash_key( $decoded ), $value['instance_hash_key'] ) ) { return; } $instance = unserialize( $decoded ); if ( false === $instance ) { return; } return $instance; }