Validating widget’s configuration data on Admin page

@tf is almost there, I think. You can use JS on your widget’s admin form, as I’ve done it before (though not for validation). Within your widget’s constructor, add an action: add_action( “admin_print_scripts-widgets.php”, array( __CLASS__, ‘register_my_validation_script’ ) ); Then create the corresponding function inside your widget’s class: function register_my_validation_script() { wp_enqueue_script( ‘my-script-handle’, plugins_url( ‘/my-validation-script.js’, __FILE__ … Read more

HTML Validation fails because of ampersands in RSS link

You can escape the HTML, so instead of echo $item[‘link’]; you would write: echo esc_html($item[‘link’]); // This is a WP function //or echo htmlspecialchars($item[‘link’]); //PHP equivalent Also important to note your code is depreciated, fetch_rss has been replaced by fetch_feed. http://codex.wordpress.org/Function_Reference/fetch_feed ps. You can also use esc_attr which is identical to esc_html in this case.

Flush rewrite rules on option update with Settings API

I register custom post type on init action and the validate which I’m writing about is set to register_setting inside admin_init action. This is the key to your issue. You’re registering the custom post type, and presumably you’re setting up the rewrite rules in that registration. When you call flush_rewrite_rules(), the rules are rebuilt right … Read more

Sanitizing text fields in array

The best way to sanitize text fields within WordPress is to use sanitize_text_field() function: $data = sanitize_text_field( $_POST[‘key’] ); Additionally, if you register the meta field properly width register_meta() function, you can define the sanitize callback and the expected data type as well. For example: add_action( ‘init’, ‘cyb_register_meta_fields’ ); function cyb_register_meta_fields() { $args = array( … Read more

Is it necessary to do validation again when retrieving data from database?

The short answer is “yes”, the longer answer is “it depends”. Why do you need to validate? because if you have code, which if used with wrong parameters will delete wordpress (very bad example I know), you should made double sure that it is not triggered by some DB corruption, or more likely, misbehaving filter. … Read more

Settings API validation callback

If you have an options page (which should be inside one form), then all data is sent from that form, regardless of whether or not the option has been changed. The array received for validation is the data received from (your part of) the form. If the data is ’empty’ it is because the data … Read more

Settings API – getting hidden input / submit button’s name

Using $_POST is too low level. Simply give it the same name as your other options. When you options are displayed they should have the names of the form: my_settings[a_particular_option]. For instance: <input name=”my_settings[some_input_option]”/> Then for your hidden input and submit button: <input type=”hiddden” name=”my_settings[foo]” value=”bar”/> <input name=”my_settings[SubmitButton]” type=”submit” class=”button-primary” value=”<?php _e(‘Save Changes’); ?>”/> In … Read more

Make post_content and other custom fields required

Don’t rely entirely on JavaScript validations. Use below hook for Server side validation. function check_if_post_content_set( $maybe_empty, $postarr ) { // Check if post is already created. IMPORTANT if($postarr[‘ID’] && (int)$postarr[‘ID’] > 0){ if( !$postarr[‘post_content’] OR $postarr[‘post_content’] == ” OR $postarr[‘post_content’] == NULL ){ $maybe_empty = true; } } return $maybe_empty; } add_filter( ‘wp_insert_post_empty_content’, ‘check_if_post_content_set’, 999999, … Read more