Post Content HTML not TEXT

  • hi,

    basicaly i want to add posts from the frontend,
    when i write <b>hello</b> it shows like this <b>hello</b> instead of this hello can anyone help please ive tryed adding the tag exceptions but its still not working
    heres my template

    <?php /* Template Name: Insert Posts */

$postTitleError = '';

if(isset($_POST['submitted']) && isset($_POST['post_nonce_field']) && wp_verify_nonce($_POST['post_nonce_field'], 'post_nonce')) {

	if(trim($_POST['postTitle']) === '') {
		$postTitleError = '<div class="notice error"><span data-icon="X" class="icon medium" style="display: inline-block;"></span>Please enter a title. <a data-icon="x" class="icon close" href="#close" style="display: inline-block;"></a></div>';
		$hasError = true;
	} else {
		$postTitle = trim($_POST['postTitle']);
	}

	$post_information = array(
		'post_title' => esc_attr(strip_tags($_POST['postTitle'] )),
		'post_content' => esc_attr(strip_tags($_POST['postContent'],'<p><a><b><br /><input><form><img><textarea><li><ol><ul><table>')),
		'post-type' => 'post',
		'post_status' => 'pending'
	);

	$post_id = wp_insert_post($post_information);

	if($post_id)
	{

		// Update Custom Meta
		update_post_meta($post_id, 'vsip_custom_one', esc_attr(strip_tags($_POST['customMetaOne'])));
		update_post_meta($post_id, 'vsip_custom_two', esc_attr(strip_tags($_POST['customMetaTwo'])));

		// Redirect
		wp_redirect( home_url() ); exit;
	}

} ?>

<?php get_header(); ?>

	<!-- #primary BEGIN -->
	<div id="primary">

		<form action="" id="primaryPostForm" method="POST">

			<fieldset>
<?php if($postTitleError != '') { ?>
				<span class="error"><?php echo $postTitleError; ?></span>
				<div class="clearfix"></div>
			<?php } ?>

				<input type="text" placeholder="Article Title" name="postTitle" id="postTitle" value="<?php if(isset($_POST['postTitle'])) echo $_POST['postTitle'];?>" class="required col_10" />

			</fieldset>

			<fieldset>

				<textarea  class="editable" placeholder="Detailed Article Content" name="postContent"  ><?php if(isset($_POST['postContent'])) { if(function_exists('stripslashes')) { echo stripslashes($_POST['postContent']); } else { echo $_POST['postContent']; } } ?></textarea>

			</fieldset>

			<fieldset>

				<input type="text" placeholder="Custom Meta Two" name="customMetaOne" class="col_10" id="customMetaOne" value="<?php if(isset($_POST['customMetaOne'])) echo $_POST['customMetaOne'];?>" />

			</fieldset>

			<fieldset>

				<input type="text" placeholder="Custom Meta One" name="customMetaTwo" class="col_10" id="customMetaTwo" value="<?php if(isset($_POST['customMetaTwo'])) echo $_POST['customMetaTwo'];?>" />

			</fieldset>

			<fieldset>

				<?php wp_nonce_field('post_nonce', 'post_nonce_field'); ?>

				<input type="hidden" name="submitted" id="submitted" value="true" />
				<button type="submit"><?php _e('Add Post', 'framework') ?></button>

			</fieldset>

		</form>

	</div><!-- #primary END -->

<?php get_footer(); ?>
Viewing 2 replies - 1 through 2 (of 2 total)

  • Maybe this could be the problem –
    Strip Tags

    By not sanitizing any data you intend to store in the database though, you are creating a security issue for yourself by allowing people to potentially submit and store malicious code in your database.

    Thread Starter Connor Miles

    (@connor15)

    hi,

    thanks i know that was causing it but as you can see i have tried adding these <p><a><b><br /><input><form><img><textarea><li><ol><ul><table> as exceptions but its not working

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Post Content HTML not TEXT’ is closed to new replies.