I am trying to create custom welcome panel in dashboard for WP and can’t see where I went wrong. It’s not allowing me to add html.
1 comment
Comments are closed.
I am trying to create custom welcome panel in dashboard for WP and can’t see where I went wrong. It’s not allowing me to add html.
Comments are closed.
Your
update_option
should be inside a hook callback and should check to see if$_POST['custom_welcome_panel']
is set before trying to update the option. Otherwise that could be overwriting your option every time the page loads. And, honestly, as written I could shove anything I wanted into that option value. I’d just have to send a POST request to the site. It is very insecure.Move your
update_option
into your function, check that it is set and not empty before trying to use it, and process it like post content, at least.You should also be using nonces.
It looks like you might be hacking a core file (
options.php
), which is a very bad idea if true. If so, that hack will be overwritten the next time WordPress is updated, and your code stops working.I tried this…
… and the html is inserted just fine and it come back out just fine. So I took a look at the jQuery.
The problem is here:
Imagine what happens with that populated by my HTML:
Notice you have two sets of
"
now. The quotes open before the<p>
then close afterhref=
and open again afteryay
. The problem is that there are stray characters in between. The following works but only if your markup is consistent and always uses"
s around attributes.Using
addslashes
would be more robust:I am not sure how reliable that is going to be. I only spent five minutes testing it.
Put that together and I think that should work. I am not responsible for the security of your project or for the robustness of the solution. I am hacking this together from barely sufficient information, but it is pretty basic stuff.
Reference
http://codex.wordpress.org/Data_Validation