Why does wp_editor remove all my html tags?
This is my code:
/**
* Outputs the content of the meta box.
*/
function prfx_meta_callback( $post ) {
// echo 'This is a meta box';
wp_nonce_field( basename( __FILE__ ), 'prfx_nonce' );
$prfx_stored_meta = get_post_meta( $post->ID );
$field_value = get_post_meta( $post->ID, 'meta-textarea', false );
// Settings that we'll pass to wp_editor
$args = array (
'textarea_rows' => 4,
'teeny' => true,
// 'media_buttons' => false,
);
?>
<p>
<label for="meta-text" class="prfx-row-title"><?php _e( 'Example Text Input', 'prfx-textdomain' )?></label>
<input type="text" name="meta-text" id="meta-text" value="<?php if ( isset ( $prfx_stored_meta['meta-text'] ) ) echo $prfx_stored_meta['meta-text'][0]; ?>" />
</p>
<label for="meta-textarea" class="prfx-row-title"><?php _e( 'Example Textarea Input', 'prfx-textdomain' )?></label>
<?php wp_editor( $field_value[0], 'meta-textarea', $args);?>
<?php
}
/**
* Saves the custom meta input.
*/
function prfx_meta_save( $post_id ) {
// Checks save status
$is_autosave = wp_is_post_autosave( $post_id );
$is_revision = wp_is_post_revision( $post_id );
$is_valid_nonce = ( isset( $_POST[ 'prfx_nonce' ] ) && wp_verify_nonce( $_POST[ 'prfx_nonce' ], basename( __FILE__ ) ) ) ? 'true' : 'false';
// Exits script depending on save status
if ( $is_autosave || $is_revision || !$is_valid_nonce ) {
return;
}
// Checks for input and sanitizes/saves if needed
if( isset( $_POST[ 'meta-text' ] ) ) {
update_post_meta( $post_id, 'meta-text', sanitize_text_field( $_POST[ 'meta-text' ] ) );
}
// Checks for input and sanitizes/saves if needed
if( isset( $_POST[ 'meta-textarea' ] ) ) {
update_post_meta( $post_id, 'meta-textarea', sanitize_text_field( $_POST[ 'meta-textarea' ] ) );
}
}
add_action( 'save_post', 'prfx_meta_save' );
How can I stop it from removing html tags?
For instance I type in this:
<img src="http://xxxx.jpg" alt="10168088_719806568132380_3368979362641476670_n" width="300" height="214" class="alignnone size-medium wp-image-96" />
It removes it.
But if I type in plain text without html tags,
abcde.
It saves it.
Any ideas?
sanitize_text_field()
cleans your input.so replace
with
may solve your problem.
Sanitize a string from user input or from the db.
Checks for invalid UTF-8, Convert single < characters to entity, strip all tags, remove line breaks, tabs and extra white space, strip octets.
try removing the sanitize function from
update_post_meta( $post_id, 'meta-textarea', sanitize_text_field( $_POST[ 'meta-textarea' ] ) );