get_the_title( int|WP_Post $post )
Retrieve post title.
Description Description
If the post is protected and the visitor is not an admin, then "Protected" will be displayed before the post title. If the post is private, then "Private" will be located before the post title.
Parameters Parameters
Return Return
(string)
Source Source
File: wp-includes/post-template.php
function get_the_title( $post = 0 ) { $post = get_post( $post ); $title = isset( $post->post_title ) ? $post->post_title : ''; $id = isset( $post->ID ) ? $post->ID : 0; if ( ! is_admin() ) { if ( ! empty( $post->post_password ) ) { /** * Filters the text prepended to the post title for protected posts. * * The filter is only applied on the front end. * * @since 2.8.0 * * @param string $prepend Text displayed before the post title. * Default 'Protected: %s'. * @param WP_Post $post Current post object. */ $protected_title_format = apply_filters( 'protected_title_format', __( 'Protected: %s' ), $post ); $title = sprintf( $protected_title_format, $title ); } elseif ( isset( $post->post_status ) && 'private' == $post->post_status ) { /** * Filters the text prepended to the post title of private posts. * * The filter is only applied on the front end. * * @since 2.8.0 * * @param string $prepend Text displayed before the post title. * Default 'Private: %s'. * @param WP_Post $post Current post object. */ $private_title_format = apply_filters( 'private_title_format', __( 'Private: %s' ), $post ); $title = sprintf( $private_title_format, $title ); } } /** * Filters the post title. * * @since 0.71 * * @param string $title The post title. * @param int $id The post ID. */ return apply_filters( 'the_title', $title, $id ); }
Expand full source code Collapse full source code View on Trac
Changelog Changelog
Version | Description |
---|---|
0.71 | Introduced. |
User Contributed Notes User Contributed Notes
You must log in before being able to contribute a note or feedback.
get_the_title intentionally allows for HTML
So get_the_title should not be escaped.
Use
the_title_attribute()
instead ofget_the_title()
if you’re outputting the post title for html attributes.get_the_title
should be escaped.Super admins and administrators have the ability to enter arbitrary HTML in the title field, but that doesn’t prevent problems from appearing, for example:
script
tag with malicious javscriptAll of this is a non-issue with escaping, which makes sure what’s outputted is what you expected. That doesn’t mean you can’t let users put HTML in there, as long as you specify which tags are allowed
To display the title safely, do this:
And if you want the title to include HTML tags:
Print the current post’s title
Simple breadcrumb trail for pages, two levels deep.