How to build forms correct for BAW Anti CSRF
-
I’m using the plugin BAW Anti CSRF, which work a little too well. I get the “If you read this, maybe something goes wrong with the plugin “BAW Anti CSRF”.”-warning on my own form.
To the theme i’m working on i have a settings page were i just use the “update_option” to store some values.
The form has the action admin-post.php, i use a wp_nonce_field and all that. But BAW Anti CRF gives warnings on save. Does anyone know a good tutorial for making this work properly and correct without disable this plugin every time i want to make this update?The code i use now looks something like this:
add_action('admin_menu', 'add_specials_to_admin_menu'); function add_specials_to_admin_menu() { $capability = "manage_options"; add_menu_page('Specialz', 'Specialz', $capability, 'handle_special_settings', 'show_specials_form'); } if(is_admin()) add_action('admin_post_save_the_specials_to_options', 'save_the_specials_to_options'); function show_specials_form() { if(!is_admin) return false; ?> <form method="POST" action="admin-post.php" id="my_special_settings_form"> <input type="hidden" name="action" value="save_the_specials_to_options" /> <?php wp_nonce_field( 'verify_the_specialz' ); ?> <input type="text" name="my_special_value"/><br/> <input type="submit" value="Save" name="save"/> </form> <?php } function save_the_specials_to_options() { if ( !current_user_can( 'manage_options' ) ) { wp_die( 'You are not allowed to be on this page.' ); } check_admin_referer( 'verify_the_specialz' ); update_option('specialz', $_POST['my_special_value']); wp_safe_redirect(wp_get_referer()); }
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘How to build forms correct for BAW Anti CSRF’ is closed to new replies.