I want to add a new field to the user registration. I’m using this tutorial by Paul Underwood. The tutorial works but I want to switch the input text to a textarea which I do know how to do. The problem is making sure WordPress saves this information correctly. I realized it’s because of sanitize_text_field( … Read more
I have a WordPress site using pretty permalinks. I want to filter a string to that the it ends up with the exact same formatting as the url slug, does anyone know the filter or function to do so? 1 Answer 1 You can use sanitize_title() function: $string = “This is title string”; // return … Read more
Is default functions like update_post_meta() safe to use user inputs? e.g. update_post_meta(76, ‘my_key’, $_GET[‘value’]) Or should I use $_GET[‘value’] = sanitize_text_field($_GET[‘value’]); before using update_post_meta(76, ‘my_key’, $_GET[‘value’]) 2 Answers 2 After upvoting @pieter’s answer…. In recent time I came to the realization that it is much better to handle “bad” data gracefully when it is used … Read more
I already posted this question in wordpress support forums here but I didn’t get any help and nor could I find a solution yet. As the title says, I am calling register_settings functions multiple times, for different groups of option, but for the same option name, as follows: // Create Basic Settings register_setting( ‘posttype_basic_group’, //option … Read more
I uploaded a Theme at THE marketplace and got soft rejected because I should “always escape late” I am not sure how to solve this other than I did. I have multiple if statements where HTML is saved in a variable. I escaped the user values there and later output the variable without escaping it … Read more
I have two fields. The first is for plain text (but with special characters) and the second for html content (wp_editor is used). Both are later needed for phpmailer. <textarea style=”width:100%;height:200px;” name=”doi-altbody”><?php echo $epn_doi_altbody; ?></textarea> wp_editor( $epn_doi_body, ‘doi-body’, array( ‘editor_height’ => ‘300px’ ) ); 1) How do i correctly secure them after submitting the form … Read more
I got to learn something new today here on this post. I have code written for a Post widget → <?php class chimp_post_widget extends WP_Widget { function __construct() { //Create Widget parent::__construct( ‘post_display_widget’, esc_html__(‘The Post Widget’,’simplisto’), array( ‘classname’ => ‘post-widget’, ‘description’ => esc_html__(‘A Post Thumbnail Widget’, ‘simplisto’ ) ) ); } public function form( $instance … Read more
This question already has answers here: In Which Contexts are Plugins Responsible for Data Validation/Sanitization? (2 answers) Sanitize and data validation with apply_filters() function (1 answer) Closed 3 years ago. I am developing a custom plugin on WordPress for a client. Just a simple question: when I am using update_post_meta() and update_user_meta(), do I need … Read more
I have added a meta field for text input. I want to allow some html tags such as <strong> and <i> For example: <strong>hello</strong> world I can save the input field value without sanitizing and its no problem this way: if( isset( $_POST[‘my_field’] ) ){ update_post_meta($post->ID, ‘my_field’, $_POST[‘my_field’]); } However if I use the sanitize_text_field … Read more
Everything is in the question. For a notices system to show warnings/errors in the admin, I´m using transient. When I published my first plugin, I received an email to ask me to sanitize/validate/escape data which inserts in database so… I´m doing a function to wrap set_transient() to do this but I´m not sure if in … Read more