ckovacs Gravity Support Forums User Favorites: ckovacs en-US Tue, 21 Apr 2026 08:28:02 +0000 http://bbpress.org/?v=1.0.1 q https://legacy.forums.gravityhelp.com/search.php https://legacy.forums.gravityhelp.com/topic/using-kses-to-clean-user-input#post-16024 Tue, 11 Jan 2011 21:55:49 +0000 ckovacs 16024@https://legacy.forums.gravityhelp.com/ <p>Thanks, David. I'll have a bash with that.</p> <p>adcstudio, as I understand it, if the post data is going in to the default Wordpress fields (like content or title), it's going to be automatically filtered by WP. </p> https://legacy.forums.gravityhelp.com/topic/using-kses-to-clean-user-input#post-16015 Tue, 11 Jan 2011 20:14:10 +0000 adcSTUDIO 16015@https://legacy.forums.gravityhelp.com/ <p>Do all fields need to be kses'd or sanitized like that, or does GravityForms handle some? I haven't been filtering my post fields, or for example, an Address Field that I add to meta data. I haven't gone live yet, so do I need to sanitize everything, or perhaps just the meta data? </p> https://legacy.forums.gravityhelp.com/topic/using-kses-to-clean-user-input#post-16009 Tue, 11 Jan 2011 19:02:45 +0000 David Smith 16009@https://legacy.forums.gravityhelp.com/ <p>Here's a general idea of how to do this (notes in the code sample):</p> <p><a href="http://pastie.org/1450360" rel="nofollow">http://pastie.org/1450360</a> </p> https://legacy.forums.gravityhelp.com/topic/using-kses-to-clean-user-input#post-15937 Tue, 11 Jan 2011 01:16:15 +0000 ckovacs 15937@https://legacy.forums.gravityhelp.com/ <p>Hey guys, </p> <p>I've been struggling with finding the best way to clean user-contributed posts on submit, for security purposes. Posting with the form will only be available for logged-in users.</p> <p>Basically, I've got a few custom fields in addition to the normal title/content that is being created on form submit, and I want to make sure that neither malicious users nor bots can inject any Bad Code or tags.</p> <p>My thinking is that the best way to do this is to leverage KSES (<a href="http://ottopress.com/2010/wp-quickie-kses/" rel="nofollow">see examples here</a>) to do so, using a filter. As far as I can figure out, this</p> <p><code>add_filter(&#39;custom_field_content&#39;,&#39;wp_filter_kses&#39;);</code></p> <p>would be the way to go, but the next step -- actually applying that filter to the three custom fields that users will be filling in on the gravity form -- is where I get a little lost. I understand I need a custom function in functions.php -- I'm reasonably capable with that sort of thing -- but hooks and filters still mystify me a bit.</p> <p>Any help would be much appreciated. I'm pretty sure it's not all that hard, but my I can't quite get my head around it.</p> <p>Thanks! </p>