Opened 9 years ago
Closed 9 years ago
#35528 closed defect (bug) (invalid)
Settings API output still not escaped
Reported by: | regodon | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.4.1 |
Component: | Options, Meta APIs | Keywords: | |
Focuses: | Cc: |
Description (last modified by )
Change History (4)
#3
follow-up:
↓ 4
@
9 years ago
Hi Again,
It looks like I just needed to escape the field's value in the render callback function with esc_attr.:
<?php add_settings_field('my_setting', 'My setting', 'my_setting_render', 'my_options_group', 'my_setting_section'); function my_setting_render() { $options = get_option('my_option_name'); ?><input name='my_option_name[my_setting]' value="<?php echo esc_attr($options['my_setting']);?>"> <?php }
Not a real bug, sorry. But I find it would be useful if the Settings API had functions for rendering common form fields so developers doesn't have to create their own render functions for basic fields and deal with "low level" html. Should I create a new ticket with the feature request?
Thanks
Note: See
TracTickets for help on using
tickets.
Hi there and welcome to trac!
Can you share some steps to reproduce this, i.e. some sample code and values? Thanks in advance.