Build Your Own Business Website header image

Whoops, you've found some premium content!

Watch the opening clip of this video to preview it,
the full video is available to paid members.

Part 5 – Choose Genesis Options Sanitization Filters

Difficulty Level -

Filed Under Topics -

Listed Under Lesson Subjects -

Applies to -

We’ve set Genesis Child Theme Option defaults for taxonomy, the term and posts to show. We should now come down here and repeat this for box2 and box3. With that done, the next thing that we have to do is choose which sanitization filters that we want to use for these.

Creating Secure Code

Now, this is something that we’ve never talked about and generally speaking, it’s considered to be a fairly advance concept. This is has to do with the security of the code you write and of the skin that you’re working on. Essentially, what we do is we sanitize all data before it gets added to the database.

4 Genesis Sanitation Filters

Genesis makes this process very easy for you because it provides you with 4 sanitization filters which cover all of the things that you really need to have done. There are other ways to sanitize data besides these 4 filters that Genesis has chosen but these 4 filters will filter every problem. They aren’t necessarily the be all and end all of data filtering but they will prevent any problem from getting through.

Filter 1,0

The 4 filters are 1,0 which means that the returned value has to be 1 or 0. True or false, so a checkbox is a 1, 0 kind of return. Actually, radio buttons are also. So checkboxes and radio buttons get the 1,0.

Filter no_html

The second type is no_html. Now, no_html is very broad and generally speaking, if you’re not using a true, false type of data input then you’re typically going to use the no_htmlL.

Filter safe_html

The third one is safe_html. Right now I’m having a hard time putting my finger on what instance you would use safe_html because what you typically will end up using is the fourth one which requires unfiltered HTML.

Filter unfiltered_html

For example, if you wanted to put javascript in or something like that, that requires unfiltered_html. So what happens is that when you use this little sanitization filter, whatever gets inserted in there kind of gets encapsulated and protected. That way if it’s bad, if a hacker got in with some malicious script and added code to your setting, it still gets encapsulated and stored in the database in a safe way so it can’t attack the database.

Using the no_html Filter

So you have these 4 different filters. We’re only going to use one, the no HTML filter. The way this works is you have an add_action hook which is the ‘genesis_settings_sanitizer_init’. That’s the name of the hook.

So we’ll say add_action and then the name of the hook is this ‘genesis_settings_sanitizer_init’ and the name of the function which is our byob_front_page_settings_sanitization_filters.

3 Attributes of the genesis_add_option filter

Then what you’re doing is you’re calling a function, the genesis_add_option filter. This is the standard Genesis function that’s designed for this purpose and it takes 3 attributes.

Takes the Name of the Filter being Used

The first attribute that it takes is the name of the filter that you’re going to use. We are going to use the no_html filter so that’s the first attribute it’s going to take.

Constant GENESIS_SETTINGS_FIELD

The second attribute it takes is a constant and I’m just going to copy the constant but the constant is GENESIS_SETTINGS_FIELD. You don’t have to know anything other than that’s the name of the constant that it’s looking for. So it understands that this is the filter you’re using and this is the reason why you’re using the filter.

Array of Elements

Finally, you have an array of those elements that are going to use it and each one of these is going in that array. We’re just going to pop down here and each one of these to it. It’s ‘box1_taxonomy’ and ‘box1_term’ and ‘box1_post_to_show’ and then we’ll just copy that again for the next 3, that’s box1, box2 and box3.

What this means is that whatever content gets added to these settings is going to be run through the no_html options filter that Genesis has. The purpose for that is to make sure that the code that gets stored in the database is safe and each one of these things that we defined above are going to go through that filter.

Save $200 on Membership Now!

Start learning today for as little as
$0.82 PER DAY!
THIS IS A LIMITED TIME OFFER!
Subscription Options
0 Comments… add one
0 comments… add one

Leave a Comment