Just wanted to get a straight answer on this: when submitting query_vars to a call to get_posts or WP_Query, is sanitation needed or does WordPress already take care of that?
Sanitation needed for WP_Query or get_posts calls?
Leave a Reply
You must be logged in to post a comment.
No. Parameters given to the
WP_Queryobject only need to be escaped for the database query – this is handled by WordPress.