sanitization
Remove tinyMCE from admin and replace with textarea
I have created a plugin wherein I have a custom post type. I am using post_content for some simple text. I do not need to offer any fancy editing or insertion of data for this field, so I looked for a way to remove the buttons from the tinyMCE editor.
Data sanitization: Best Practices with code examples
I am trying to understand data sanitization (not data validation) to help me write secure themes for WordPress. I have searched the Internet trying to find a comprehnsive guide for theme developers detailing best practices. There were couple of resources I came across including the codex page titled Data Validation, though none were useful to me. The codex page lists available sanitization functions, their usage and what they do, but fails to explain why you would use one over the other or in what situation would you use a particular sanitization function. The purpose of this post is to request everyone to contribute examples of bad/unsanitized code and how it should be re-written for proper sanitization. This could be general code to sanitize post title or post thumnails src or more elaborate codes that handle sanitization of $_POST data for Ajax requests.
What’s the difference between esc_* functions?
I’ve read Professional WordPress and it says: