[wp-trac] [WordPress Trac] #35528: Settings API output still not escaped
WordPress Trac
noreply at wordpress.org
Tue Jan 19 18:57:38 UTC 2016
#35528: Settings API output still not escaped
--------------------------------+------------------------------
Reporter: regodon | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Options, Meta APIs | Version: 4.4.1
Severity: normal | Resolution:
Keywords: reporter-feedback | Focuses:
--------------------------------+------------------------------
Comment (by regodon):
Hi Again,
It looks like I just needed to escape the field's value in the render
callback function with '''esc_attr'''.:
{{{#!php
<?php
add_settings_field('my_setting', 'My setting', 'my_setting_render',
'my_options_group', 'my_setting_section');
function my_setting_render() {
$options = get_option('my_option_name');
?><input name='my_option_name[my_setting]' value="<?php echo
esc_attr($options['my_setting']);?>">
<?php
}
}}}
Not a real bug, sorry. But I find it would be useful if the Settings API
had functions for rendering common form fields so developers doesn't have
to create their own render functions for basic fields and deal with "low
level" html. Should I create a new ticket with the feature request?
Thanks
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35528#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list