允许在设置API输入字段中使用HTML

时间:2015-10-15 作者:neilgee

我想允许HTML通过用户进入插件输入字段,我使用的是设置API,但它会将所有HTML都去掉。-下面的代码-有指针吗?

function plugin_settings(){
  register_Setting(
        \'ng_settings_group\', 
        \'my_settings\',
        \'plugin_prefix validate_input\' 
  );
  add_settings_section(
        \'my_section\', 
        \'My Settings\', 
        \'plugin_prefix my_section_callback\', 
        \'plugin\'
    );
   add_settings_field(
        \'ng_menu_html\',
        \'HTML Carat\', 
        \'plugin_prefix ng_html_callback\', 
        \'plugin\', 
        \'my_section\' 
    );
}
add_action(\'admin_init\', \'plugin_prefix plugin_settings\');

function ng_html_callback() {
$options = get_option( \'my_settings\' ); 

if( !isset( $options[\'ng_html\'] ) ) $options[\'ng_html\'] = \'\';

echo \'<label for="ng_html">\' . esc_attr_e( \'Insert additional HTML\',\'plugin\') . \'</label>\';
echo \'<input type="text" id="ng_html" name="my_settings[ng_html]" value="\' . $options[\'ng_html\'] . \'" placeholder="Add HTML">\';
}

2 个回复
SO网友:cybmeta

注册设置时,传递该设置的santize回调:

register_setting(
    \'my_setting_group\', 
    \'my_setting_name\',
     // The next parameter is the validation callback
    \'my_setting_validation\' 
);
然后,在验证回调中,您可以允许您想要的任何内容。例如,在下一个代码段中unfiltered_html 允许插入原始HTML代码;允许其他用户在帖子内容中插入相同的HTML标记:

function my_setting_validation( $input ) {

    // Check for the field that we want to allow html
    if( $input[\'ng_menu_html\'] ) {

        if ( current_user_can(\'unfiltered_html\') ) {

            $validated_input[\'ng_menu_html\'] =  $input[\'ng_menu_html\'];

        } else {

            $validated_input[\'ng_menu_html\'] = stripslashes( wp_filter_post_kses( wp_slash( $input[\'ng_menu_html\'] ) ) ); // wp_filter_post_kses() expects slashed


        }


     } else {

         // Sanitize here other fields with no HTML or whatever you want

     }

     return $validated_input;

 }
最后,您需要使用esc_attr() 设置字段值时:

function ng_html_callback() {

    $options = get_option( \'my_setting_name\' ); 

    if( !isset( $options[\'ng_html\'] ) ) $options[\'ng_html\'] = \'\';

        echo \'<label for="ng_html">\' . _e( \'Insert additional HTML\', \'plugin\') . \'</label>\';
        echo \'<input type="text" id="ng_html" name="my_settings[ng_html]" value="\' . esc_attr( $options[\'ng_html\'] ) . \'" placeholder="Add HTML">\';
    }

}

SO网友:neilgee

这就是我最终的验证结果-部分来自here

function my_setting_validation( $input ) {
       // Create our array for storing the validated options
        $output = array();

        // Loop through each of the incoming options
        foreach( $input as $key => $value ) {

            if( isset( $input[\'ng_menu_html\'] ) ) {

                // Keep HTML in this field
               $output[\'ng_menu_html\'] = wp_kses_post($input[\'ng_menu_html\']);

            } // end if

            // Check to see if the current option has a value. If so, process it.
            if( isset( $input[$key] ) ) {

                // Strip all HTML and PHP tags and properly handle quoted strings
                $output[$key] = strip_tags( stripslashes( $input[ $key ] ) );

            } // end if


        } // end foreach

        // Return the array processing any additional functions filtered by this action
        return apply_filters( \'my_setting_validation\' , $output, $input );
    }
正如你所指出的,确保esc_attr 在输入字段中使用。

echo \'<input type="text" id="ng_menu_html" name="my_settings[ng_menu_html]" value="\' . esc_attr($options[\'ng_menu_html\']) . \'" placeholder="Add custom HTML mark up">\';

标签: html   settings-api   escaping   input   小码农  

相关推荐

将HTML代码转换为WordPress菜单

我有这个HTML <div class=\"navbartop\"> <a href=\"/\">Home</a> <div class=\"subnavtop\"> <button class=\"subnavtopbtn\">Alfabetic <i class=\"fa fa-caret-down\"></i></button> <div