Saving Embed Code From Dashboard Widget

Ok, so the main problem here is ultimately just that wp_filter_post_kses is probably filtering out iframes. But I also want to address the round about way you’re handling the form. You’re not doing AJAX, which is sending the request to the server via Javascript, but you’re trying to hook into the AJAX hooks and then run them manually on admin-post.php? It’s all a huge mess.

Here’s working code that will do what you want with actual AJAX, and I’ll go over some things to pay attention to at the bottom:

function wpse_211908_add_dashboard_widgets() {
    wp_add_dashboard_widget(
        'wpse_211908_stream_options',
        'Stream Settings',
        'wpse_211908_stream_options_widget'
    );
}
add_action('wp_dashboard_setup', 'wpse_211908_add_dashboard_widgets' );

function wpse_211908_stream_options_widget() {
    $code = stripcslashes( get_option( 'stream_code' ) );
    $status = get_option( 'stream_status' );
    ?>

    <form id="stream_options" method="post">
        <p><textarea name="stream_code" rows="5" class="widefat"><?php echo esc_textarea( $code ); ?></textarea>

        <p><label><input type="checkbox" name="stream_status" value="1" <?php checked( $status, '1' ); ?>> Live</label>

        <?php wp_nonce_field( 'stream_options_ajax_call' ); ?>
        <input type="hidden" name="action" value="wpse_211908_save_stream_options">

        <p><input type="submit" class="button button-primary" value="Save">
    </form>

    <script>
        ( function($) {
            var $form = $( '#stream_options' );
            var $button = $form.find( 'input[type="submit"]' );

            $form.on( 'submit', function(e) {
                e.preventDefault();

                $button.prop( 'disabled', true ).attr( 'value', 'Saving...' );

                $.ajax( {
                    url: window.ajaxurl,
                    method: 'post',
                    data: $form.serialize(),
                    complete: function() {
                        $button.prop( 'disabled', false );
                    },
                    success: function() {
                        $button.attr( 'value', 'Saved' );
                    },
                    error: function() {
                        $button.attr( 'value', 'Save' );
                    },
                } );
            } );

            $form.on( 'input change', function() {
                $button.attr( 'value', 'Save' );
            } );
        } )( jQuery );
    </script>

    <?php
}

function wpse_211908_save_stream_options() {
    if ( empty( $_POST['_wpnonce'] ) || ! wp_verify_nonce( $_POST['_wpnonce'], 'stream_options_ajax_call' ) ) {
        http_response_code(403);
        exit();
    }

    if ( ! current_user_can( 'manage_options' ) ) {
        http_response_code(403);
        exit();
    }

    update_option( 'stream_code', $_POST['stream_code'] );

    $status = isset( $_POST['stream_status'] ) ? '1' : '0';
    update_option( 'stream_status', $status );

    wp_die();
}
add_action( 'wp_ajax_wpse_211908_save_stream_options', 'wpse_211908_save_stream_options', 99 );

Firstly, notice that I have prefixed all my functions and any variables that are going to be shared with WordPress to avoid conflicts. This is a good practice and I recommend it. Names like add_dashboard_widgets are just begging to
cause conflicts.

Notice the script tag in the widget. This is the JavaScript that will send the AJAX request. Because I have a hidden field named action with the value wpse_211908_save_stream_options, this means that it will become $_POST['action'] and I can handle it by using the wp_ajax_wpse_211908_save_stream_options hook. Using Javascript for the submission means that you don’t need to have a page load when submitting.

Also in the widget notice that I have used esc_textarea() to make sure HTML in the $code variable doesn’t break the HTML of the widget. And notice my use of checked() as a simpler way of outputting the checked attribute.

The second function is what handles the AJAX request. Notice that I can handle everything in the one function rather than adding actions which check fields and trigger actions. In here I send 403 errors if the nonce doesn’t verify, or if the user does not have permission to update settings.

One thing you’ll notice is that I don’t do anything special to $_POST['stream_code']. Filtering submitted HTML isn’t necessary when we’re already checking that it’s a trusted user. If you want to lock this down more, you can use wp_kses, but you need to provide your own list of allowed elements since iframes will get stripped by wp_filter_post_kses().

Then notice that for the $_POST['stream_status'] I simply check that it exists (with AJAX it won’t come through at all when not checked) and manually set to '0' or '1'. wp_kses() is considerable overkill for sanitizing a checkbox.

Finally, to use the HTML on the front end, just use:

Related Posts:

  1. How can I fix fatal RevSlider error in dashboard after upgrading to PHP 7? [closed]
  2. How to remove these fields from the ‘Profile’ section?
  3. Determining WordPress’ Version from the Host’s Command Line?
  4. Hide dashboard from non-admin users
  5. How can I change the dashboard appearance?
  6. Custom Role does not have access to dashboard
  7. Remove Visual Composer Tab from Dashboard Menu [closed]
  8. Disable “Blogroll” or “WordPress Dashboard News” section in WordPress v.4.1?
  9. Local wordpress setup with SPAM in the incoming links dashboard section?
  10. Dashboard says “no posts found” even though there are some posts
  11. How do I disable dashboard update notifications for subscribers?
  12. How to redirect non admins to homepage if trying to view mysite.com/wp-admin/?
  13. Custom wp_welcome_panel for every role or custom dashboard
  14. WordPress dashboard is slooow. Front end is fast
  15. How can I hide certain submenus of the Settings tab in the dashboard?
  16. How do I create a section in the dashboard w/ an input field
  17. Hooking into add_submenu_page
  18. Can I limit this meta box to a particular page?
  19. WSOD for admin when using PHP 7
  20. How to write files in hosting in admin dashboard?
  21. global $wp_meta_boxes returns NULL
  22. How to fix WordPress dashboard screen option & help button, it’s not working
  23. How to Display posts thumbnail in dashboard all posts row in first column?
  24. How to remove “WordPress News” feed downloading?
  25. What happened to the WordPress dashboard?
  26. Move “Menus” link from Appearance > Menus to its own tab on left column Dashboard
  27. Video tutorials in Dashboard
  28. How do I create a section in the dashboard w/ an input field
  29. Browser loading content from Twitter in admin area?
  30. Hide widgets/plugins from dashboard
  31. How to see wp-config file from WordPress dashboard?
  32. Hide the wp-admin bar from dashboard
  33. Edit/remove wp_dashboard_recent_drafts()
  34. Does the 3.4.2 Dashboard have Chrome Frame headers?
  35. WordPress Dashboards: slowness and timeouts
  36. Login as non-admin user removes Dashboard submenu. I wish to re-enable it
  37. How can I change a submenu-item in the WordPress-dashboard to a mainmenu-item?
  38. Pending Post review notification for contributors
  39. Can’t sort Posts in wordpress Dashbaord
  40. wordpress dashboard is too slow . its same pages are taking 10 min approx
  41. Remove add_menu()’s second argument from it’s submenus list
  42. Can you navigate away from the updates screen during an update?
  43. read excel file in the dasboard programmatically
  44. Can’t access dashboard
  45. Possible to have mutiple rows for each post/page in the admin table listing?
  46. “Appearance > Editor” missing from clean WP install [closed]
  47. Force 3 Column Dashboard Widgets
  48. Limit scripts and styles on dashboard for user role
  49. Create Post Using Form on WP Dashboard
  50. How to use the ‘Quick edit’ option only for Admin and Editor in ‘All posts’ on the Dashboard?
  51. Dashboard memory overload problem
  52. Including a custom options page causes “Pages” to disappear from dashboard menu
  53. WordPress dashboard + website are totally messed up [closed]
  54. WordPress Dashboard – Restricting Access
  55. add different stylesheet file to edit themes file list [duplicate]
  56. Cannot access dashboard after upgrading to 3.5
  57. Wp backend page content not showing, but actual page is fine
  58. how can I go about creating a dashboard in the post section of wordpress admin
  59. Add dashboard widget to page created with add_menu_page()?
  60. Customizing the dashboard page or post overview
  61. Add custom row to welcoming in dashboard
  62. Why does adding a dashboard widget in includes/admin.php fail?
  63. Home Dashboard Screen Options always change
  64. How to hide the tags “all, publish, thrash, draft, pending” for authors posts but not for the administrator?
  65. How to remove: Notice: You’re using the auto-generated password for your account. Would you like to change it? [closed]
  66. WP_HOME (and WP_URL) are undefined
  67. Can’t Access The Dashboard Functions
  68. redirect from /members/front to /members/custom
  69. Why Do Pages Always Work Aa Expected When Logged Into The Dashboard?
  70. Backend/dashboard not visible after admin login
  71. How to modifiy default ‘All Pages’ in Dashboard into a Tree View(Collapsible child pages)
  72. change the words “WordPress running on theme” in “At a glance”,especially the link “theme.php”
  73. Unable to find interface that lets me edit text on the front page
  74. Good way to remove unnecessary stuff from dashboard?
  75. WP Dashboard video modal on load
  76. How do i add a unique body class to the wordpress dashboard’s home page?
  77. Want to remove WP welcome panel
  78. Cannot make changes on Dashboard
  79. Term Meta – saving multiple values in one form with select options
  80. Empty Dashboard in WordPress
  81. How can I remove these options from the dashboard?
  82. Possible to manually force update to latest WordPress?
  83. Add Inline Styles In WP Dashboard
  84. Different site languages for different users
  85. Which plugin could minify the Dashboard? [closed]
  86. After Login into Admin Panel, Dashboard is blank
  87. How to add custom field to wordpress page everytime user uploads new image in WP visual editor?
  88. change the Dashboard menu items label wp
  89. How to move plugin link from left navigation to a different location?
  90. The Admin Dashboard Div
  91. Create 3 buttons for new post for a different category
  92. how to change only the language of dashboard [duplicate]
  93. Dashboard Menu settings
  94. Jetpack Connection Broken [closed]
  95. Mysteriously Slow WordPress Dashboard – No Slow Queries [closed]
  96. Show custom messages on dashboard menu page
  97. Editing wordpress dashboard
  98. Change links behind buttons in admin dashboard
  99. In WordPress dashboard, how to open link in new tab, in priority for pages/posts : open “Edit with Elementor” and “Edit” (with WordPress) in new tab
  100. How to add a link under plugin title in plugins page in dashboard