To keep our users safe, Contact Form 7 – Dynamic Text Extension (DTX) sanitizes and escapes all data before inserting them as the value or placeholder of a contact form.
When sanitizing data, DTX attempts to identify the type of the value and will use sanitize_email(), sanitize_url(), sanitize_key(), and sanitize_title() where applicable.
Advanced users may want to extend this functionality by adding their own custom sanitization. The filter sends three (3) parameters:
$value(string—the value to be sanitized)$type(string—the type of sanitation to return, the default isautowhere automatic identification will be used to attempt to identify URLs and email addresses vs text)$protocols(array|string|false—specify protocols to allow either as an array of string values or a string value of comma separated protocols, the default is booleanfalsewhere DTX’s default uses onlyhttpandhttpsprotocols)
Example of Custom Sanitizing
/**
* Custom DTX Sanitize Filter
*
* @param string $value value to be sanitized
* @param string $type Optional. The type of sanitation to return. Default is `auto` where automatic identification will be used to attempt to identify URLs and email addresses vs text.
* @param array|string $protocols Optional. Specify protocols to allow either as an array of string values or a string value of comma separated protocols.
*
* @return string the modified value
*/
function custom_dtx_sanitize($value = '', $type = 'auto', $protocols = false)
{
// Do something cool to $value
return $value;
}
add_filter('wpcf7dtx_sanitize', 'custom_dtx_sanitize', 10, 3);Disable DTX Sanitizing Filter
While it’s highly discouraged as this could put your website, database, or users at risk to allow unfiltered data, you can disable the filter using this code snippet:
remove_filter('wpcf7dtx_sanitize', 'wpcf7dtx_sanitize', 10);View Source Code
View the current source code. This feature was introduced in version 3.3.0 of the Contact Form 7 – Dynamic Text Extension WordPress plugin.
