Simply put the wp_insert_post call inside your conditional check so its only called if the post title is not empty, something like this: if (empty($_POST[‘my_title’])){ echo ‘error: please insert a title’; } else { $title = $_POST[‘my_title’]; $new_post = array( ‘post_title’ => $title, ‘post_status’ => ‘publish’, ‘post_type’ => ‘post’); $pid = wp_insert_post($new_post); }
The short answer; absolutely. wp_insert_post() will only SQL escape the content. Use the KSES library & wp_kses() to filter out the nasties, or esc_html() to escape all HTML. Most importantly, check out the codex on data validation (read: sanitization). A Note On KSES: Use wp_filter_kses() or wp_kses_data() to apply the same KSES rules as post … Read more
No, there is no function for that. You would need a complete JavaScript parser. This is not part of the WordPress core.
What you need to do is build your own data validation function. Ozh wrote a great tutorial about this earlier, but here’s the gist of it … Assume your options array is called $my_options and it contains three fields, ‘text’, ‘age’, and ‘isauthorized’. You would still register it the same way: register_setting( ‘my_setting’, ‘my_options’, ‘my_validation_function’ … Read more
This behavior is most likely intended, and can be disabled. However it might break other features too. There are a couple of workarounds, that you can try. Break the Image URL and File Name You can pass the arguments to your shortcode in the following way: [theimg path=”https://s.w.org/about/images/logos/” filename=”wordpress-logo-simplified-rgb.png” ] This will prevent the editor … Read more
It is possible to pass an array with allowed protocols to the esc_url() function. For data-URLs this has to contain the data scheme, as this is not whitelisted by wp_allowed_protocols() as default. esc_url( $data_url, array( ‘data’ ) );
Approach 1, disable save button What you can do, is to prevent the user from saving the form if the required fields are not filled. This can be simply done via javascript. function require_fields_script(){ echo ” <script type=”text/javascript”> (function($){ $(‘#submit’).on(‘click’,function(e){ if (!$(‘#email’).val() || !$(‘#nickname’).val()){ e.preventDefault(); if (!$(‘#email’).val()) { window.alert(‘Please enter your email before saving.’); } … Read more
I would do this by hooking into the save_post action, not by javascript. The main idea is to check if both values are there (Your Radiobutton is selected AND the post_thumbnail is present), and set the post to draft if they are not, as well as displaying an Information if the user does not fulfill … Read more
Yes, from the link you posted there are examples for both sanitising and validating the parameters. Validating does a check which can fail and block the API call from running; sanitising just does some operations to clean or interpret the parameter and does not stop the API call from running. An example of validation, taken … Read more
Fairly simple using jQuery and global $typenow ex: add_action(‘admin_print_scripts-post.php’, ‘my_publish_admin_hook’); add_action(‘admin_print_scripts-post-new.php’, ‘my_publish_admin_hook’); function my_publish_admin_hook(){ global $typenow; if (in_array($typenow, array(‘post’,’page’,’mm_photo ‘))){ ?> <script language=”javascript” type=”text/javascript”> jQuery(document).ready(function() { jQuery(‘#post’).submit(function() { if (jQuery(“#set-post-thumbnail”).find(‘img’).size() > 0) { jQuery(‘#ajax-loading’).hide(); jQuery(‘#publish’).removeClass(‘button-primary-disabled’); return true; }else{ alert(“please set a featured image!!!”); jQuery(‘#ajax-loading’).hide(); jQuery(‘#publish’).removeClass(‘button-primary-disabled’); return false; } return false; }); }); </script> <?php } … Read more