Settings API – easiest way of validating checkboxes?

If the setting in question is $setting, and is a checkbox type, you validate it like so:

<?php
$valid_input[$setting] = ( isset( $input[$setting] ) && true == $input[$setting] ? true : false );
?>

In this case, $input is the form data passed to the validation callback, where $input is an array-of-arrays. The validation method is known as whitelisting, where the current settings array is called (in this case, as $valid_input), and each setting in the settings array is only updated if the value in $input[$setting] passes the validation.

With checkboxes, if the checkbox isn’t set, then the setting itself doesn’t get populated in the $input array. So, the first step to validate it is to determine if it’s been set in $input. The second step is to ensure that the value that is set is true (or 'true', or 'on', or whatever it is to which you set the checkbox value in the settings form). If both those conditions are met, return true; otherwise, return false.

See: it’s quite simple, really. 🙂

Edit

Regarding this:

function setting_validate($input) {
   foreach($options as $option) {
     if($option['type'] == "checkbox") { 
        //set it to 1 if sent
     }
   }

   $options = get_option('XX_theme_settings');
   $merged = array_merge($options, $input);  
   return $merged;  
}

…that’s not exactly the way you want to do it. You want to limit the return value to valid options; that is, you want to return, explicitly, the settings that you know you’ve defined. If, somehow, someone can populate $input with additional data – i.e. malicious code – your method would simply pass that additional data right into the database.

Don’t do an array_merge(). Update each $valid_options[$setting] separately/individually, and only ever return $valid_options.

Here’s the process:

  1. Define the currently valid data: 

    $valid_input = get_option( 'XX_theme_settings' );
  2. Update the currently valid data with $input only if $input passes your validation/sanitization.
  3. Then return the updated, currently valid data.

If the fields are being generated dynamically, then you should also step through them dynamically, in your validation callback. You have this correct, with foreach( $options as $option ).

Putting it all together might look like this:

<?php
function setting_validate( $input ) {
    // Get current setting values
    $valid_options = get_option( 'XX_theme_options' );
    // Get option parameters array
    // Note: XX_theme_get_option_parameters() function
    // should be defined to return the array you've 
    // defined for $options
    $options = XX_theme_get_option_parameters();
    // Now step through the option parameters,
    // and validate each $input[$option]
    foreach( $options as $option ) {
         // If $option['type] is a checkbox
         if( 'checkbox' == $option['type'] ) { 
             // verify that $input[$option] is set
             // and is set with a valid value;
             // if so, set $valid_input[$option] to 1
             $valid_input[$option] = ( isset( $input[$option] && true == $input[$option] ? 1 : 0 );
         }
     }
     // Return the updated $valid_input array
     return $valid_input;
}
?>

Related Posts:

  1. Settings API not saving values to database
  2. [Multisite]How can I update custom blog option?
  3. Call require_once form admin page with checkbox
  4. This CSS Stuffing Works, But Is This A Good Practice?
  5. Settings API – adding setting fields dynamically?
  6. WordPress Admin back-end – advanced options page?
  7. How To View Site from Non-Logged-In User’s Perspective
  8. Custom plugin settings: clicking “save changes” does not display success message
  9. Is it safe to post form data via Ajax to the settings api? Am I missing something?
  10. wp_dropdown_pages() in theme admin page
  11. How can I show the contents of only a few users
  12. Admin option sidebar count
  13. Problem with Settings API: changes are not saved after submit
  14. Add Custom Script in Other Plugin’s Options page
  15. Accessing variable from admin panel?
  16. How can I POST or GET to the same admin page from which I am POST-ing or GET-ing
  17. WordPress custom admin functions security
  18. Show global Message in User Profiles with admin only Input field in WordPress Backend
  19. Settings API – Last two tabs not rendered separate
  20. Get Link of Page Selected through a Select Field in Custom Admin Page
  21. My code for creating an admin option doesn’t work
  22. I don’t have permission to save the theme options I created myself?
  23. Pull Random Images From Options Page [closed]
  24. Woo Commerce Settings for Check-out Form [closed]
  25. Where in WP can I check history or log of updates of plugins etc?
  26. How does admin-ajax.php work?
  27. Can an admin check passwords of registered users?
  28. Should I use is_admin() inside ‘admin_init’ hook callback
  29. Settings API – creating reusable form elements?
  30. Cannot access admin panel
  31. Disable the post save process completely
  32. How can we customize the logo and some text on the welcome screen?
  33. Allow admin login at /admin
  34. Appearance->Editor not visible
  35. Custom WP_List_Table displays blank rows
  36. Remove post from new menu in top bar
  37. Possible to create placeholder images in WordPress editor that are clickable (should bring up uploader)?
  38. Enqueue jQuery UI Tabs In Admin Area
  39. How to maintain wordpress site blogs in production and staging?
  40. Settings API erases itself?
  41. Possible to add another setting to ‘Front page displays’ setting for Custom Post Type
  42. How to Use Resposive Tables in WordPress ADMIN Pages?
  43. WordPress redirects me to homepage after page update in admin section
  44. how to display “Edit | Quick Edit | Trash | View” in custom WP_List_Table column?
  45. Extend plugin options page
  46. Help extending custom drag-drop page ordering on admin page list screen
  47. Change the Default Pages Menu View in wp-admin
  48. In administration, how do I display comments of a certain user?
  49. New users must comment when requesting username
  50. WordPress stripping html and script tags from some admin users on save
  51. Why are my styles being applied to the admin area?
  52. Disable WP Editor for specific page templates
  53. How to change admin menu position of “Media”?
  54. Hide Updates from Admins that don’t equal a set Username
  55. wp_schedule_event only when admin is visited
  56. Two settings_fields in one form
  57. Editing the Backend Uploader
  58. Hide Pages on Edit Pages based on Capability (edit_others_pages)?
  59. Hide one admin from another admin
  60. Whitelisting items from custom options page
  61. How to add custom classes to admin list table default rows or columns?
  62. How to hide a specific part of dashboard for non-admin roles?
  63. Get a listing of portfolio items and categories
  64. Show the submitted values in the form when validation fails
  65. WordPress Remove Submenus
  66. Continuous Login Sessions For Super Admins Across Multi-Site Network of Sites
  67. using rewrites to secure login page
  68. page not updating with database
  69. Redirect from the dashboard to edit.php if wp_is_mobile() is true
  70. If statement for admin page
  71. Customizing WordPress Admin – How to Change the Avatar size
  72. Create a WordPress administrator without access to back-end
  73. WordPress 3.1’s admin bar disappears only leaving its 28 px padding (in ubuntu)!
  74. Can I use register_settings and unregister_setting once the settings page has loaded?
  75. Shared account / dual blogging in WordPress
  76. How To Make Iris Color Picker Showed Up Over Form and Text?
  77. Issue on Checkbox with Custom Option Page
  78. my checkbox is not saving it’s value
  79. Can’t login to my admin area
  80. Settings API: Setting default option via ‘get_option’ fails
  81. how to show admin notice in custom menu page after submitting the form?
  82. How much traffic is real traffic?
  83. How to change the descriptive text on the menus admin page?
  84. Getting rid of menu items on a custom taxonomy
  85. Parsing post->ID in included plugin file
  86. How To Remove Import/Export Option From Tools?
  87. Error “Sorry, you are not allowed to access this page”
  88. Create WordPress Menu Item Without Linking to a Custom Page
  89. Echo custom admin field into a is_single()
  90. WordPress Boilerplate Plugin doesn’t see callback functions for add_settings_field and add_settings_section
  91. Search Only Works when Logged into Admin
  92. Different role for free and pro users in wordpress without using bbpress
  93. WordPress login not working
  94. Enqueue script throws error in console
  95. Adding additional text fields and image upload to a Page?
  96. Incorporating the Settings API in WordPress Themes – by Chip Bennet
  97. Calculate and save an average in a meta
  98. How to fix: Clicking ‘Quick Edit’ link in Admin (edit.php) makes posts disappear?
  99. Use the wordpress admin table
  100. What Role to assign remote site developer?

Leave a Comment