WP_Theme::sanitize_header()privateWP 3.4.0

Sanitizes a theme header.

Method of the class: WP_Theme{}

No Hooks.

Return

String|Array. An array for Tags header, string otherwise.

Usage

// private - for code of main (parent) class only
$result = $this->sanitize_header( $header, $value );
$header(string) (required)
Theme header. Accepts 'Name', 'Description', 'Author', 'Version', 'ThemeURI', 'AuthorURI', 'Status', 'Tags', 'RequiresWP', 'RequiresPHP', 'UpdateURI'.
$value(string) (required)
Value to sanitize.

Changelog

Since 3.4.0 Introduced.
Since 5.4.0 Added support for Requires at least and Requires PHP headers.
Since 6.1.0 Added support for Update URI header.

WP_Theme::sanitize_header() code WP 6.4.3

private function sanitize_header( $header, $value ) {
	switch ( $header ) {
		case 'Status':
			if ( ! $value ) {
				$value = 'publish';
				break;
			}
			// Fall through otherwise.
		case 'Name':
			static $header_tags = array(
				'abbr'    => array( 'title' => true ),
				'acronym' => array( 'title' => true ),
				'code'    => true,
				'em'      => true,
				'strong'  => true,
			);

			$value = wp_kses( $value, $header_tags );
			break;
		case 'Author':
			// There shouldn't be anchor tags in Author, but some themes like to be challenging.
		case 'Description':
			static $header_tags_with_a = array(
				'a'       => array(
					'href'  => true,
					'title' => true,
				),
				'abbr'    => array( 'title' => true ),
				'acronym' => array( 'title' => true ),
				'code'    => true,
				'em'      => true,
				'strong'  => true,
			);

			$value = wp_kses( $value, $header_tags_with_a );
			break;
		case 'ThemeURI':
		case 'AuthorURI':
			$value = sanitize_url( $value );
			break;
		case 'Tags':
			$value = array_filter( array_map( 'trim', explode( ',', strip_tags( $value ) ) ) );
			break;
		case 'Version':
		case 'RequiresWP':
		case 'RequiresPHP':
		case 'UpdateURI':
			$value = strip_tags( $value );
			break;
	}

	return $value;
}