How to stop wordpress from mangling HTML in a metabox textarea

I’v re-worked your code. I’ll try to explain some of the changes after the code block

add_action("admin_menu", "tf_book_deets_create");

function tf_book_deets_create(){

    add_meta_box('tf_book_details', 'Book Details', 'tf_book_details', 'books');
}

function tf_book_details () {
    global $post;

    $tf_book_media = get_post_meta($post->ID, "tf_book_media", true);
    $tf_book_review = get_post_meta($post->ID, "tf_book_review", true);


    ?>

    <div class="admin_meta"> 
    <ul>

    <li><label>Reviews:</label><textarea rows="5" cols="70" name="tf_book_review"><?php echo esc_textarea($tf_book_review); ?></textarea></li>

    <li><label>Media:</label><textarea rows="5" cols="70" name="tf_book_media"><?php echo esc_textarea($tf_book_media); ?></textarea></li>
    </ul>

    <?php wp_nonce_field( 'book-nonce', 'book_nonce_name', false ); ?>

    </div>


<?php 
}

add_action ('save_post', 'save_tf_book_details');   


function save_tf_book_details( $post_id ) {

    // make sure we're on a supported post type
    if ( $_POST['post_type'] != 'books' ) return;  

    // verify this came from our screen and with proper authorization.
    if ( !wp_verify_nonce( $_POST['book_nonce_name'], 'book-nonce' )) return;

    // verify if this is an auto save routine. If it is our form has not been submitted, so we dont want to do anything
    if ( defined('DOING_AUTOSAVE') && DOING_AUTOSAVE ) return;


    // Check permissions
    if ( 'page' == $_POST['post_type'] ) {
        if ( !current_user_can( 'edit_page', $post_id ) ) return;
    } else {
        if ( !current_user_can( 'edit_post', $post_id ) ) return;
    }

    // OK, we're authenticated: we need to find and save the data
    if ( isset( $_POST["tf_book_media"] ) ) update_post_meta( $post_id, "tf_book_media", wp_kses_post( $_POST["tf_book_media"] ) );
    if ( isset( $_POST["tf_book_review"] ) ) update_post_meta( $post_id, "tf_book_review", wp_kses_post( $_POST["tf_book_review"] ) );

}

Textarea markup

First I switched the textarea markup. The value of a textarea is set in between the opening and closing textarea tags. The textarea’s value is also escaped with esc_textarea()

Basic sanitization and nonce security

I added some basic validation and nonce security to the save_tf_book_details() function. First the nonce that I added to the metabox callback function is verified here, so we’re sure the data is coming from the right place.

I also ran the text area inputs through the wp_kses_post() function, which filters out any scripts or other tags that are not allowed in regular posts.

Related Posts:

  1. How to change default position of WP meta boxes?
  2. Custom Taxonomy as checkbox or dropdown
  3. Why won’t my metabox data save?
  4. echo value from ‘select’ field type into page template using cmb2?
  5. WP_List_Table Inside Metabox Not Working on Submit
  6. Custom post type metabox array
  7. Add metabox with media uploader in a custom post type [duplicate]
  8. wp_generate_attachment_metadata gives me an empty array
  9. Best way to arrange custom post types by Attributes -> Order metabox value?
  10. Removing Edit Permalink/View “Custom Post Type” areas
  11. Unable to save custom taxonomy terms in a custom-built metabox
  12. How to sort CPT by custom meta value (date), and return posts month by month
  13. Possible to add meta box to edit.php pages?
  14. How can I include meta box content when searching?
  15. update a post meta from a single table cell TablePress
  16. How to create a repeatable / reusable divs in the metabox?
  17. How to add meta boxes(repeater fields) from WordPress back end?
  18. Displaying Meta Box Image
  19. How to customize the Categories meta box to allow only one category?
  20. wp is not defined error using wp.media to create a custom image uploader
  21. Displaying custom posts only if custom meta box’s date is not expired
  22. Displaying Metabox value (custom post type taxonomy)
  23. Hide Meta Boxes for Non-Admins
  24. get_post_meta is returning image id
  25. Add TinyMCE to CPT metaboxes in 3.1?
  26. advanced search forms with 3 input text and that the main problem 3 input text
  27. Using My-Meta-Box-Class plugin, how is ‘Date’ value stored?
  28. Send email button in custom post type backend
  29. What’s the difference between same wp functions get_posts(); functions in different form?
  30. Keep display metadata value on backend – Custom Metabox
  31. Populate dropdown from one custom post type inside another custom post type
  32. Custom Post Type with Templates using Meta Boxes?
  33. Why is my select meta data not saving?
  34. What is the best way to correlate one-to-many content-type relationships?
  35. Visual editor issue by having multiple tiny mce editors in a CPT
  36. A better way to add a meta box to custom post types
  37. Meta Query Filtering not working on Custom Meta Box using Radio Buttons
  38. Grouping metadatas into one
  39. Anon function and add_meta_box
  40. Create Connection Between two post types
  41. Listing custom terms in custom post meta
  42. Can custom fields be added without a meta box?
  43. Can’t publish custom post type – “You are not allowed to edit this post.”
  44. Meta Box on Custom Post Type not saving
  45. Moving meta boxes in admin
  46. Meta-Boxes for CustomPostType cause PHP Errors and Notices in “Add New” view
  47. custom post type metaboxes not saving
  48. Custom post type, have only my meta boxes
  49. Display Repeatable Meta Box Content
  50. Can I restrict category availability?
  51. Displaying a div from an assigned meta_value when on a page
  52. Saving Meta Data within Custom Post Type
  53. Using custom post type as taxonomy
  54. Values from meta-box not on $_POST
  55. Metabox multiple custom post select -> display selected items?
  56. Custom post type suddenly stoped working after WordPress 5 update
  57. Get id from metabox dropdown
  58. Custom posttype content metabox
  59. Reusable metabox backend and frontend
  60. Filter posts of custom post type by meta key in (List All Section)
  61. How can I output WPAlchemy repeating fields meta values in my page template?
  62. How can I modify a custom post type and custom page template for a child theme if all content seams to be handled by theme’s ‘native’ plugin?
  63. Meta box data not saving
  64. saving dropdown menu data on custom post type
  65. Set Default Option Value as Blank for Meta Box
  66. Questions regarding add_meta_box()
  67. Meta box with front-end styling
  68. How to retrive Custom Post Type Meta Fields in Custom WP_Query
  69. Cannot Save MetaBox Data in Custom Post Type
  70. Custom post type meta box empty after save
  71. How to add a class to meta boxes (to customize them in CSS)?
  72. Metaboxes inside Tab
  73. Custom Post Type meta data getting deleted on bulk editing taxonomies
  74. Create post meta box that links another post
  75. Show a custom post title in another custom post type in Meta box
  76. How to avoid duplicate posts queried from custom meta?
  77. Modify Publish Metabox location on CPT
  78. PHP Warning with Custom Fields
  79. Custom taxonomy with custom post type archive page
  80. Simple Data picker meta box
  81. Wrong post ID in meta box callback
  82. How to shows CPT which has specific meta key?
  83. Render the metabox input values as HTML
  84. wp_dropdown_pages doesn’t allow me to select more than one custom post type
  85. Delete custom post type metadata without deleting the post in admin area
  86. Metabox is not saving
  87. Custom metabox fields not saving when limited to a certain CPT
  88. Not Able to Display Metabox Saved Checkbox and Selected option After Save/ Update
  89. Repeatable WordPress custom fields in a metabox
  90. Select custom post by meta value
  91. Make meta box appear if the previous if not empty?
  92. Adapting plugin for custom post type?
  93. Custom post type – permalink
  94. WP_Query arguments: Loop through custom post type – get all entries except excluded meta_key?
  95. How to query custom post then display sections by meta value
  96. Custom meta box includes
  97. Post AND page parameter for WP function
  98. Add text to metabox input text field from Thickbox
  99. Display div based on Group metabox selection [closed]
  100. Multiple posts selection [closed]

Leave a Comment