We’ve set Genesis Child Theme Option defaults for taxonomy, the term and posts to show. We should now come down here and repeat this for box2 and box3. With that done, the next thing that we have to do is choose which sanitization filters that we want to use for these.
Creating Secure Code
Now, this is something that we’ve never talked about and generally speaking, it’s considered to be a fairly advance concept. This is has to do with the security of the code you write and of the skin that you’re working on. Essentially, what we do is we sanitize all data before it gets added to the database.
4 Genesis Sanitation Filters
Genesis makes this process very easy for you because it provides you with 4 sanitization filters which cover all of the things that you really need to have done. There are other ways to sanitize data besides these 4 filters that Genesis has chosen but these 4 filters will filter every problem. They aren’t necessarily the be all and end all of data filtering but they will prevent any problem from getting through.
The 4 filters are 1,0 which means that the returned value has to be 1 or 0. True or false, so a checkbox is a 1, 0 kind of return. Actually, radio buttons are also. So checkboxes and radio buttons get the 1,0.
The second type is no_html. Now, no_html is very broad and generally speaking, if you’re not using a true, false type of data input then you’re typically going to use the no_htmlL.
The third one is safe_html. Right now I’m having a hard time putting my finger on what instance you would use safe_html because what you typically will end up using is the fourth one which requires unfiltered HTML.
Using the no_html Filter
So you have these 4 different filters. We’re only going to use one, the no HTML filter. The way this works is you have an add_action hook which is the ‘genesis_settings_sanitizer_init’. That’s the name of the hook.
So we’ll say add_action and then the name of the hook is this ‘genesis_settings_sanitizer_init’ and the name of the function which is our byob_front_page_settings_sanitization_filters.
3 Attributes of the genesis_add_option filter
Then what you’re doing is you’re calling a function, the genesis_add_option filter. This is the standard Genesis function that’s designed for this purpose and it takes 3 attributes.
Takes the Name of the Filter being Used
The first attribute that it takes is the name of the filter that you’re going to use. We are going to use the no_html filter so that’s the first attribute it’s going to take.
The second attribute it takes is a constant and I’m just going to copy the constant but the constant is GENESIS_SETTINGS_FIELD. You don’t have to know anything other than that’s the name of the constant that it’s looking for. So it understands that this is the filter you’re using and this is the reason why you’re using the filter.
Array of Elements
Finally, you have an array of those elements that are going to use it and each one of these is going in that array. We’re just going to pop down here and each one of these to it. It’s ‘box1_taxonomy’ and ‘box1_term’ and ‘box1_post_to_show’ and then we’ll just copy that again for the next 3, that’s box1, box2 and box3.
What this means is that whatever content gets added to these settings is going to be run through the no_html options filter that Genesis has. The purpose for that is to make sure that the code that gets stored in the database is safe and each one of these things that we defined above are going to go through that filter.