允许在自定义Metabox区域中使用HTML

时间:2019-04-01 作者:Raashid Din

我知道有很多问题与我的问题有关,但我真的无法得到解决。我的问题很简单,如何允许post上自定义metabox中的textarea中的html。到目前为止,我已经创建了添加元框的代码。

add_action( \'add_meta_boxes_post\', function ( $post ) {
    if ( $post->_wp_page_template === \'page-templates/skyscraper-post.php\' ) {
        add_meta_box( \'sky_post_excerpt\', \'SkyScraper Post Excerpt and Links\', \'sky_post_excerpts\', \'post\', \'advanced\', \'high\' );
    }
});
add_action( \'save_post\', \'post_meta_box_save\' );
function sky_post_excerpts() {
    global $post;
    $values = get_post_custom( $post->ID );

    $strong_title = isset( $values[\'skyscraper_strong\'] ) ? esc_attr( $values[\'skyscraper_strong\'][0] ) : "";
    $title = isset( $values[\'skyscraper_post_title\'] ) ? esc_attr( $values[\'skyscraper_post_title\'][0] ) : "";
    $text = isset( $values[\'skyscraper_post\'] ) ? esc_attr( $values[\'skyscraper_post\'][0] ) : "";
    $image = isset( $values[\'skyscraper_post_image\'] ) ? esc_attr( $values[\'skyscraper_post_image\'][0] ) : "";

// We\'ll use this nonce field later on when saving.
    wp_nonce_field( \'my_post_meta_box_nonce\', \'post_meta_box_nonce\' );
    ?>

    <table class="form-table">
    <tbody>
        <tr valign="top">
        <th scope="row">
            <label><strong>Skyscraper Title</strong></label>
        </th>
        <td>
            <p><input class="widefat" rows="4" name="skyscraper_strong" id="skyscraper_strong" value="<?php echo $strong_title; ?>"/>
            </p>
            <p><input class="widefat" rows="4" name="skyscraper_post_title" id="skyscraper_post_title" value="<?php echo $title; ?>"/>
            </p>
        </td>
    </tr>

    <tr valign="top">
        <th scope="row">
            <label for="skyscraper_post"><strong>Skyscraper Page Excerpt</strong></label>
        </th>
        <td>
            <p><textarea class="widefat" rows="4" name="skyscraper_post" id="skyscraper_post"> <?php echo $text; ?></textarea>
            </p>
        </td>
    </tr>
    <tr valign="top">
        <th scope="row">
            <label for="skyscraper_image"><strong>SVG Image Link</strong></label>
        </th>
        <td>
            <p><input class="widefat" rows="4" name="skyscraper_post_image" id="skyscraper_post_image" value="<?php echo $image; ?>"/>
            </p>
        </td>
    </tr>

    </tbody>
</table>
    <?php
}


function post_meta_box_save( $post_id ) {
    // Bail if we\'re doing an auto save
    if( defined( \'DOING_AUTOSAVE\' ) && DOING_AUTOSAVE ) return;

    // if our nonce isn\'t there, or we can\'t verify it, bail
    if( !isset( $_POST[\'post_meta_box_nonce\'] ) || !wp_verify_nonce( $_POST[\'post_meta_box_nonce\'], \'my_post_meta_box_nonce\' ) ) return;

    // if our current user can\'t edit this post, bail
    if( !current_user_can( \'edit_post\' ) ) return;

    // Make sure your data is set before trying to save it
    if( isset( $_POST[\'skyscraper_post\'] ) )
        update_post_meta( $post_id, \'skyscraper_post\', wp_kses( $_POST[\'skyscraper_post\'], $allowed ) );

    // Make sure your data is set before trying to save it
    if( isset( $_POST[\'skyscraper_post_image\'] ) )
        update_post_meta( $post_id, \'skyscraper_post_image\', wp_kses( $_POST[\'skyscraper_post_image\'], $allowed ) );

    // Make sure your data is set before trying to save it
    if( isset( $_POST[\'skyscraper_strong\'] ) )
        update_post_meta( $post_id, \'skyscraper_strong\', wp_kses( $_POST[\'skyscraper_strong\'], $allowed ) );

    // Make sure your data is set before trying to save it
    if( isset( $_POST[\'skyscraper_post_title\'] ) )
        update_post_meta( $post_id, \'skyscraper_post_title\', wp_kses( $_POST[\'skyscraper_post_title\'], $allowed ) );
}
我怎样才能输出html呢。因为我在谷歌上看不到任何解决方案。提前感谢

1 个回复
SO网友:mrben522

我修复了您的输入类型/清理和转义问题。我认为仍然可以用这段代码进行一些清理。我看到没有标签的输入、无效属性等。

add_action( \'add_meta_boxes_post\', function ( $post ) {
    if ( $post->_wp_page_template === \'page-templates/skyscraper-post.php\' ) {
        add_meta_box( \'sky_post_excerpt\', \'SkyScraper Post Excerpt and Links\', \'sky_post_excerpts\', \'post\', \'advanced\', \'high\' );
    }
});
add_action( \'save_post\', \'post_meta_box_save\' );
function sky_post_excerpts() {
    global $post;
    $values = get_post_custom( $post->ID );

    $strong_title = isset( $values[\'skyscraper_strong\'] ) ? stripslashes(wp_filter_post_kses(addslashes( $values[\'skyscraper_strong\'][0] ) ) ) : "";
    $title = isset( $values[\'skyscraper_post_title\'] ) ? esc_attr( $values[\'skyscraper_post_title\'][0] ) : "";
    $text = isset( $values[\'skyscraper_post\'] ) ? esc_attr( $values[\'skyscraper_post\'][0] ) : "";
    $image = isset( $values[\'skyscraper_post_image\'] ) ? esc_attr( $values[\'skyscraper_post_image\'][0] ) : "";

    // We\'ll use this nonce field later on when saving.
    wp_nonce_field( \'my_post_meta_box_nonce\', \'post_meta_box_nonce\' );
    ?>

    <table class="form-table">
        <tbody>
        <tr valign="top">
            <th scope="row">
                <label><strong>Skyscraper Title</strong></label>
            </th>
            <td>
                <p><textarea class="widefat" rows="4" name="skyscraper_strong" id="skyscraper_strong" ><?php echo $strong_title; ?></textarea>
                </p>
                <p><input class="widefat" rows="4" name="skyscraper_post_title" id="skyscraper_post_title" value="<?php echo $title; ?>"/>
                </p>
            </td>
        </tr>

        <tr valign="top">
            <th scope="row">
                <label for="skyscraper_post"><strong>Skyscraper Page Excerpt</strong></label>
            </th>
            <td>
                <p><textarea class="widefat" rows="4" name="skyscraper_post" id="skyscraper_post"> <?php echo $text; ?></textarea>
                </p>
            </td>
        </tr>
        <tr valign="top">
            <th scope="row">
                <label for="skyscraper_image"><strong>SVG Image Link</strong></label>
            </th>
            <td>
                <p><input class="widefat" rows="4" name="skyscraper_post_image" id="skyscraper_post_image" value="<?php echo $image; ?>"/>
                </p>
            </td>
        </tr>

        </tbody>
    </table>
    <?php
}


function post_meta_box_save( $post_id ) {
    // Bail if we\'re doing an auto save
    if( defined( \'DOING_AUTOSAVE\' ) && DOING_AUTOSAVE ) return;

    // if our nonce isn\'t there, or we can\'t verify it, bail
    if( !isset( $_POST[\'post_meta_box_nonce\'] ) || !wp_verify_nonce( $_POST[\'post_meta_box_nonce\'], \'my_post_meta_box_nonce\' ) ) return;

    // if our current user can\'t edit this post, bail
    if( !current_user_can( \'edit_post\' ) ) return;
    $allowed = wp_kses_allowed_html();

    // Make sure your data is set before trying to save it
    if( isset( $_POST[\'skyscraper_post\'] ) )
        update_post_meta( $post_id, \'skyscraper_post\', wp_kses( $_POST[\'skyscraper_post\'], $allowed ) );

    // Make sure your data is set before trying to save it
    if( isset( $_POST[\'skyscraper_post_image\'] ) )
        update_post_meta( $post_id, \'skyscraper_post_image\', wp_kses( $_POST[\'skyscraper_post_image\'], $allowed ) );

    // Make sure your data is set before trying to save it
    if( isset( $_POST[\'skyscraper_strong\'] ) )
        update_post_meta( $post_id, \'skyscraper_strong\', wp_kses( $_POST[\'skyscraper_strong\'], $allowed ) );

    // Make sure your data is set before trying to save it
    if( isset( $_POST[\'skyscraper_post_title\'] ) )
        update_post_meta( $post_id, \'skyscraper_post_title\', wp_kses( $_POST[\'skyscraper_post_title\'], $allowed ) );
}

标签: custom-field   metabox   post-meta   小码农  

相关推荐

自定义MetaBox中的WP查询排序顺序

我正在尝试对基于meta\\u键交易金额的帖子列表进行排序,这将首先显示最高的交易,然后逐步降低到较小的交易金额。交易金额将在1000至900万之间。目前,下面的代码正在根据第一个数字对交易金额进行排序。因此,如果我有一个6000和6000000的交易,他们会将它们并排放置,而不是先显示6000000。交易金额从CMB2内的自定义元数据库中提取。我的代码中是否缺少了排序无法识别逗号后的金额的内容?我的WP\\U查询 <?php $transaction = n