[wp-hackers] Using the page_options field to create
custom options pages
Stephane Daury
wordpress at tekartist.org
Wed Sep 12 11:41:28 GMT 2007
The standard WP way, yes.
It's usually good enough for me for simple plugins, but when I write
plugins that are tied to security (like my wpDirAuth LDAP plugin),
I'm a bit more anal and pass integers through intval(), all the
fields that do no require HTML through strip_tags(), and so on. If
nothing else, my user base expects it and are prompt to remind me if
not done. ;)
Stephane
---
Stephane - http://tekartist.org/
On Sep 12, 2007, at 5:06, Callum Macdonald wrote:
> Hey Stephane,
>
> I'm assuming the options are parsed in the same way that standard
> options are parsed, aren't they? Do you think extra security is
> required? Feel free to add some notes to the Wiki, I'm not 100%
> clear on what you mean.
>
> Cheers - Callum.
>
> Stephane Daury wrote:
>>
>> And one more for the road.
>>
>> It actually doesn't really... (although that depends on how secure
>> you wanna be).
>>
>> sanitize_option() will only run stripslashes on custom options.
>>
>> I'd probably make a note of that in the codex page.
>>
>> Stephane
>>
>>
>>
>> On Sep 11, 2007, at 21:29, Stephane Daury wrote:
>>
>>>
>>> Scratch that question, I looked it up in /wp-admin/options.php.
>>> It does.
>>>
>>> Stephane
>>>
>>>
>>>
>>> On Sep 11, 2007, at 20:27, Stephane Daury wrote:
>>>
>>>> Oh that is cool, thanks!
>>>>
>>>> Off the top of your head, do you remember if that saving had
>>>> sanitazation too?
>>>>
>>>> Stephane
>>>>
>>>>
>>>> On Sep 11, 2007, at 19:46, Callum Macdonald wrote:
>>>>
>>>>> G'day,
>>>>>
>>>>> I've just added an article to the codex about creating new
>>>>> options pages based on a technique I discovered a few days ago.
>>>>> http://codex.wordpress.org/Creating_Options_Pages
>>>>>
>>>>> I found that if you set the form action to options.php and
>>>>> create a hidden field called page_options with a comma
>>>>> separated list of the fields on the page that should be mapped
>>>>> to options, WordPress will handle all the saving /
>>>>> redirection / permissions / etc for you.
>>>>>
>>>>> If I've missed anything or there's any errors, please let me
>>>>> know. Any feedback would be most welcome.
>>>>>
>>>>> Cheers,
>>>>>
>>>>>
>>>>> Callum.
>>>>>
>>>>> _______________________________________________
>>>>> wp-hackers mailing list
>>>>> wp-hackers at lists.automattic.com
>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>>
>>>> _______________________________________________
>>>> wp-hackers mailing list
>>>> wp-hackers at lists.automattic.com
>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>>
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list