Do I need to validate the nonce when using the settings api?

As mentioned I wasn’t able to find it explicitly mentioned, although it was implied in some articles, that it was being done.

When using the settings_fields( string $option_group ) wordpress function you can see from the source code that it includes a nonce field:

https://developer.wordpress.org/reference/functions/settings_fields/

function settings_fields( $option_group ) {
    echo "<input type="hidden" name="option_page" value="" . esc_attr( $option_group ) . "" />";
    echo '<input type="hidden" name="action" value="update" />';
    wp_nonce_field( "$option_group-options" );
}

I finally realised that if I changed the value of this nonce in the dev tools in the browser to another value and submitted the form then if it were being validated it should fail.

This was the case giving me a 403 response and a message that ‘The link you followed has expired.’

So I was reassured that the settings api does in fact validate this nonce and the warning in the Plugin Check was unnecessary.

I was surprised it was not more clearly mentioned in the docs or previous questions on here (or at least I couldn’t find by googling), I hope that this saves someone else some time! :-S

Related Posts:

  1. Validate an option array
  2. Persist fields with Setting API
  3. How to prevent options.php deleting valid existing data from the database
  4. Verify Submitted Form Values and Show Warning Messages with Setting API
  5. Settings api sanatize callback not being triggered
  6. Settings API vs Theme Customizer
  7. How should one implement add_settings_error on custom menu pages?
  8. Settings API – sanitizing urls, email addresses and text
  9. Add your own settings page for plugin
  10. Adding an html editor to plugin settings page
  11. add static page to reading settings for custom post type
  12. How to display an admin notice after updating plugin settings?
  13. Nonce in settings API with tabbed navigation
  14. Dynamic settings fields with Settings API
  15. do_settings_sections() doesn’t escape quotes
  16. Import / Export Settings API fields values?
  17. Saving multiple checkboxes with WordPress settings api
  18. wordpress settings api add fields
  19. register_setting sanitize callback $input is null
  20. Can I dynamically create duplicate fields with the Settings API?
  21. Stop the form of beign submitted on “Save changes” custom option page
  22. What exactly is the purpose of settings_fields()?
  23. wordpress settings API and option array structure
  24. Echo all API Settings sections?
  25. Settings Page won’t save
  26. Settings API – generating field value based on a different field?
  27. How to validate register settings array
  28. Submit options page input values with decimals
  29. Using multiple settings_fields() on 1 settings page
  30. Settings API store serialized data in the database (The Right Way)
  31. Verify Nonce returns false – Request Nonce returns correct value
  32. Output ‘do_settings_sections()’ as tabs, not one under the other
  33. Saving plugin’s settings in 1 field in json format
  34. PHP Notice: Undefined offset: 0 in /wordpress/wp-includes/plugin.php and Register Settings API change
  35. Hide output of add_settings_field()
  36. How to make new plugin setting checkbox default as checked
  37. How to wrap html around Settings API add_settings_section()
  38. Settings API – sanitize_callback is not called and it leads to an incorrect behavior
  39. What is the best way to save and retrieve Multiple rows of data with the Settings API?
  40. Storing HTML in wp_options
  41. Settings API: Two update notices after saving settings?
  42. Settings API in Section
  43. Storage of array in settings
  44. Settings API and dynamically generated submenu pages
  45. Error: options page not found when I try to save the changes made in my settings page
  46. Display Each Setting Section In Each Specific Tab within Same Page || Settings API
  47. WordPress Settings API – Sanitize Integer
  48. Preserve old values on error in setting API
  49. WordPress API Setting : the title of the section rendered not showing
  50. add_settings_section() order
  51. Splitting do_settings_sections within HTML?
  52. Why are these settings unregistered?
  53. How to use/retrieve an options array, with defaults, using get_option()
  54. Displaying errors with settings api
  55. Displaying validation message in options-general.php
  56. How I can Make two input field at add_settings_section
  57. Settings Page – Option won’t save in database
  58. Customize format of settings
  59. Seeking clarity on data sanitization fields for settings textarea
  60. Prevent invalid or empty values from being saved to the database and retain the form field values upon error
  61. How to create a WordPress options page
  62. Settings API validation callback
  63. When should I use register_setting() and add_settings_field()
  64. Flush rewrite rules on option update with Settings API
  65. Why aren’t these WordPress options being saved to the database correctly?
  66. input on custom settings page adds http://
  67. Is it possible to get a list of options for a specific options group?
  68. register_setting & add_settings_error validation issues with multiple fields
  69. WordPress is creating nonce as a logged in user but verifying it incorrectly
  70. update_option_$option action not working as expected
  71. Saving array of data to database using wordpress settings API
  72. settings api sub menu and data not populating
  73. how to get wp_editor to save data in plugin admin page
  74. Getting all the settings for a plugin
  75. Can someone tell me where I’ve gone wrong with this plugin’s Settings page?
  76. Use the Settings API to whitelist a setting, but don’t output it
  77. How to handle complex data with Settings API
  78. Can’t save settings to database using Setting API
  79. Writing Mysql and Php code in wordpress Posts
  80. Should I escape the html for the settings field created with add_settings_field?
  81. How to Save value from two inputs as array?
  82. How to save Checkbox-Options in Plugin Options Page
  83. Assign value to custom checkbox using get_option()
  84. Multiple plugins linked to same settings page
  85. Settings page – can’t change checkbox to unchecked
  86. Add Logo Upload per Setting API
  87. Add two input fields in add_settings_field
  88. Custom setting field value not working inside add_action init hook
  89. settings api callback functions won’t display?
  90. Restrict access to options-*.php pages
  91. How to move setting field up a row on general page?
  92. Option doesn’t save
  93. Save button in theme customization page stays disabled
  94. Settings API Multiple Checkbox in General Settings
  95. Can I use add_option for a plugin categories and how?
  96. Adding Form Fields with Settings API
  97. Custom button and html with [settings api plugin]
  98. illegal offset in option add
  99. WordPress’s automatic ‘Settings saved.’ text fails to display after tapping on the ‘Save Changes’ button on my custom settings page
  100. Tab Nav and WordPress Settings API
deneme bonusudeneme bonusu veren sitelerpulibet girişOnwin Güncel Giriştürkçe altyazılı pornocanlı bahis casino