如何阻止WordPress破坏元文本区域中的HTML

时间:2012-09-12 作者:Nadine

有谁能帮个忙,建议一下在元框中设置一个textarea以停止破坏HTML的最佳方法吗?我一直在digging around here online... and here...and also here...我在寻找答案,但我不知道如何将它们正确地组合在一起,以符合我已经做过的事情。

这是我的。。。

add_action("admin_init", "tf_book_deets_create");

function tf_book_deets_create(){

    add_meta_box(\'tf_book_details\', \'Book Details\', \'tf_book_details\', \'books\');
}

function tf_book_details () {
    global $post;

    $custom = get_post_custom($post->ID);

    $tf_book_media = $custom["tf_book_media"][0];
    $tf_book_review = $custom["tf_book_review"][0];

    ?>

    <div class="admin_meta"> 
    <ul>

    <li><label>Reviews:</label><textarea rows="5" cols="70" name="tf_book_review" value="<?php echo $tf_book_review; ?>" ></textarea></li>

    <li><label>Media:</label><textarea rows="5" cols="70" name="tf_book_media" value="<?php echo $tf_book_media; ?>" ></textarea></li>
    </ul>

    </div>


<?php }

    add_action (\'save_post\', \'save_tf_book_details\');   

    function save_tf_book_details(){ 
    global $post;

        update_post_meta($post->ID, "tf_book_media", $_POST["tf_book_media"]);
        update_post_meta($post->ID, "tf_book_review", $_POST["tf_book_review"]);

    }
我只是想听听你的想法。

非常感谢。

1 个回复
最合适的回答,由SO网友:helgatheviking 整理而成

我重新编写了你的代码。我将尝试在代码块之后解释一些更改

add_action("admin_menu", "tf_book_deets_create");

function tf_book_deets_create(){

    add_meta_box(\'tf_book_details\', \'Book Details\', \'tf_book_details\', \'books\');
}

function tf_book_details () {
    global $post;

    $tf_book_media = get_post_meta($post->ID, "tf_book_media", true);
    $tf_book_review = get_post_meta($post->ID, "tf_book_review", true);


    ?>

    <div class="admin_meta"> 
    <ul>

    <li><label>Reviews:</label><textarea rows="5" cols="70" name="tf_book_review"><?php echo esc_textarea($tf_book_review); ?></textarea></li>

    <li><label>Media:</label><textarea rows="5" cols="70" name="tf_book_media"><?php echo esc_textarea($tf_book_media); ?></textarea></li>
    </ul>

    <?php wp_nonce_field( \'book-nonce\', \'book_nonce_name\', false ); ?>

    </div>


<?php 
}

add_action (\'save_post\', \'save_tf_book_details\');   


function save_tf_book_details( $post_id ) {

    // make sure we\'re on a supported post type
    if ( $_POST[\'post_type\'] != \'books\' ) return;  

    // verify this came from our screen and with proper authorization.
    if ( !wp_verify_nonce( $_POST[\'book_nonce_name\'], \'book-nonce\' )) return;

    // verify if this is an auto save routine. If it is our form has not been submitted, so we dont want to do anything
    if ( defined(\'DOING_AUTOSAVE\') && DOING_AUTOSAVE ) return;


    // Check permissions
    if ( \'page\' == $_POST[\'post_type\'] ) {
        if ( !current_user_can( \'edit_page\', $post_id ) ) return;
    } else {
        if ( !current_user_can( \'edit_post\', $post_id ) ) return;
    }

    // OK, we\'re authenticated: we need to find and save the data
    if ( isset( $_POST["tf_book_media"] ) ) update_post_meta( $post_id, "tf_book_media", wp_kses_post( $_POST["tf_book_media"] ) );
    if ( isset( $_POST["tf_book_review"] ) ) update_post_meta( $post_id, "tf_book_review", wp_kses_post( $_POST["tf_book_review"] ) );

}

Textarea markup

首先,我切换了textarea标记。textarea的值设置在开始和结束textarea标记之间。textarea的值也用esc_textarea()

Basic sanitization and nonce security

我向save_tf_book_details() 作用首先nonce 我添加到metabox回调函数中的数据在这里得到验证,因此我们确信数据来自正确的位置。

我还通过wp_kses_post() 函数,它过滤掉常规帖子中不允许的任何脚本或其他标记。

结束
标签: custom-post-types   metabox   esc-textarea   小码农  

相关推荐

保存Metabox键并将值存储为数组

$key = \"key\"; $meta_boxes = array( \"item-count\" => array( \"name\" => \"item-count\", \"type\" => \"itemcount\", \"std\" => \"\", \"title\" => \"How many items?\", \"description\" =>