返回不同$_POST的快捷码属性

时间:2020-07-26 作者:Ali Hamdan

我正在创建一个解决方案,以启用自定义字段的前端编辑,我正在使用包含自定义字段的隐藏输入,通过POST请求将其发送到编辑表单,表单包含以短代码形式显示的默认值,以呈现收到的正确$\\u POST。

我使用一个属性来选择在每个短代码中呈现哪个$\\u帖子,[编辑\\u字段=“Email\\u 1”]应为电子邮件1输出$\\u POST(通过POST请求和隐藏输入从上一页发送)

function Edit_field($atts){
     extract(shortcode_atts(array(
                  \'Field\' => \'\',
               ), $atts));
               
    if($Field == \'Email_1\'){
   return $_POST[\'Edit_Email_1\'];}
   
   if($Field == \'Client_Description\'){
   return $_POST[\'Edit_Client_Description\'];}
}
add_shortcode(\'Edit_field\', \'Edit_field\');
输入HTML:

<input type="hidden" name="Edit_Email_1">Value to be sent</input>
在前端,我希望使用:

[Edit_Field Field="Email_1"]
在这种情况下,处理$邮政有什么特别的吗?

非常感谢,

1 个回复
最合适的回答,由SO网友:Sally CJ 整理而成

Is there anything special for dealing with $_POST in this case?

Maybe, if you can elaborate more on what you mean by "special"?

But as with other PHP arrays, you should always check if the POST variable is actually set before attempting to use it:

// Example for the Edit_Email_1 input:
if ( isset( $_POST[\'Edit_Email_1\'] ) ) {
    return $_POST[\'Edit_Email_1\'];
}

Secondly, you should also escape the value just as with any user-supplied or untrusted data, e.g. using esc_html() or absint() if the input should be a (non-negative) number, or esc_attr() if the value is to be displayed in a form field like <input>.

So for the above reason, you might want to add a context attribute to your shortcode which will determine whether the value should be escaped, sanitized or returned as-is (i.e. raw/unchanged).

On the front end I am anticipating to use:

[Edit_Field Field="Email_1"]

Yes, you can do so, but you should know that:

  1. Shortcodes are case-sensitive, so you should:

    • Use [Edit_field Field="Email_1"]

    • And not [Edit_Field Field="Email_1"]


    Because you defined the shortcode as add_shortcode(\'Edit_field\', \'Edit_field\'); — note the first Edit_field, where the f is in lowercase.

  2. WordPress converts the shortcode attributes (i.e. the attribute name) to lowercase, so the $Field in your Edit_field() function will be empty and you should use $field instead along with \'field\' => \'\' in your shortcode_atts() array.

However, please just avoid using extract() and use the $atts instead to access the shortcode attributes:

Note: I\'ve applied the context attribute in this function.

function Edit_field( $atts ) {
    // Don\'t use extract().
    $atts = shortcode_atts( array(
        \'field\'   => \'\',
        \'context\' => \'view\',
    ), $atts );

    if ( $atts[\'field\'] == \'Email_1\' && isset( $_POST[\'Edit_Email_1\'] ) ) {
        return ( \'edit\' === $atts[\'context\'] ) ?
            esc_attr( $_POST[\'Edit_Email_1\'] ) :
            esc_html( $_POST[\'Edit_Email_1\'] );
    }

    if ( $atts[\'field\'] == \'Client_Description\' && isset( $_POST[\'Edit_Client_Description\'] ) ) {
        return ( \'edit\' === $atts[\'context\'] ) ?
            esc_attr( $_POST[\'Edit_Client_Description\'] ) :
            esc_html( $_POST[\'Edit_Client_Description\'] );
    }

    // Shortcodes should always return something.
    return \'\'; // .. even if it\'s an empty string.
}

And because the attribute names are lowercased, then just use lowercase in the shortcode like so:

<p>[Edit_field field="Email_1"]</p>
<p>[Edit_field field="Client_Description"]</p>

<input value=\'[Edit_field field="Email_1" context="edit"]\'>
<input value=\'[Edit_field field="Client_Description" context="edit"]\'>
标签: plugins   plugin-development   functions   theme-development   shortcode   小码农  

相关推荐

重置插件版本缓存|PRE_SET_SITE_TRANSPENT_UPDATE_PLUGINS

在我的插件中,我使用这些过滤器进行自动更新并检查许可证。add_filter( \'pre_set_site_transient_update_plugins\', array( &$this, \'check_for_update\' ) ); add_filter( \'plugins_api\', array( &$this, \'plugin_api_call\' ), 10, 3 ); 但正如我所看到的,WordPress在我的插件中更改了版本标签后,会调用该过