allow html in plugin input

  • Hi. I am using a plugin called “Oxford Debates.”

    I think this question might be general coding, though. In one of the plugin’s input fields I would like to add some html – really just some well-placed [br /] codes. (Brackets instead of <> so it will display here instead of execute.)

    I have found a part of the plugin code for sanitizing inputs. I commented out the relevant sanitize_text_area but that did not help.

    Any ideas?

    THANK YOU!!

    // Checks for input and sanitizes/saves if needed
if( isset( $_POST[ 'titlepa-text' ] ) ) {
	update_post_meta( $post_id, 'titlepa-text', sanitize_text_field( $_POST[ 'titlepa-text' ] ) );
	//update_post_meta( $post_id, 'textpa-text', sanitize_text_field( $_POST[ 'textpa-text' ] ) );
	update_post_meta( $post_id, 'titlepb-text', sanitize_text_field( $_POST[ 'titlepb-text' ] ) );
	//update_post_meta( $post_id, 'textpb-text', sanitize_text_field( $_POST[ 'textpb-text' ] ) );
	update_post_meta( $post_id, 'duration-check', sanitize_text_field( $_POST[ 'duration-check' ] ) );
	update_post_meta( $post_id, 'initduration-text', sanitize_text_field( $_POST[ 'initduration-text' ] ) );
	update_post_meta( $post_id, 'endduration-text', sanitize_text_field( $_POST[ 'endduration-text' ] ) );
	update_post_meta( $post_id, "usera", $_POST["usera"]);
	update_post_meta( $post_id, "userb", $_POST["userb"]);
	update_post_meta( $post_id, "votea", $_POST["votea"]);
	update_post_meta( $post_id, "voteb", $_POST["voteb"]);
}
Viewing 3 replies - 1 through 3 (of 3 total)

  • Hopefully this will give you an idea of how to accomplish this.

    https://wordpress.stackexchange.com/questions/205577/allow-html-in-settings-api-input-field

    Thread Starter mavisdouglass

    (@mavisdouglass)

    Thanks for the reply, Bob. I really appreciate that you took the time to post that.

    However, I hate to say, I have no idea how to relate that post on stack exchange with my own code.

    Honestly, I know quite a bit about WP. But still half of the time I can’t make heads or tails of the code.

    In an effort to avoid troubling you, I tried a (yet another) plugin that is supposed to allow html into posts via shortcode. That didn’t work either. All I need to do is insert some line breaks in the relevant text area (of the plugin). It does not offer the option to input as text/code mode.

    Could you please be so kind as to offer a clue (feel so dumb for asking) how to relate that stack exchange post to the code I’m using?

    Eternal thanks,
    Mavis

    Moderator bcworkz

    (@bcworkz)

    Don’t worry, the way forward is not clear at all. You found the problem code, but just commenting out the entire line means the fields are not updated at all. You still want the update_post_meta() part, but without the sanitize_text_field() part.

    Do not simply delete the function call though, it provides some extremely important sanitization that needs to be replicated in part. That is where Bob’s link is useful, it suggests a viable alternate sanitization. Here is the modified second update line (first commented out):
    update_post_meta( $post_id, 'textpa-text', stripslashes( wp_filter_post_kses( $_POST[ 'textpa-text' ] ) ) );

    Apply a similar change to other update lines where you need HTML allowed. I removed the wp_slash() call used in the SE example because $_POST values are usually already slashed where necessary. The kses filter still strips possibly harmful HTML, the allowed tags are the same as those allowed for post content.

    Note that your changes may be lost when the plugin updates. Ideally plugin authors would provide ways for other devs to alter their code’s functionality without risking loss, but such thoughtfulness seems to be rather rare.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘allow html in plugin input’ is closed to new replies.