WordPress breaks hyperlinks stored with the Options API

2 Views

I have a WordPress theme that stores a copyright line in a WordPress option using the update_option function. In the text, I am including a link back to my website. 

Copyright &copy; 2015 ABC Company, Inc.  Site design by <a href="http://www.example.com">My Company</a>.

That information is then retrieved in the theme’s footer.

Read More
<p id="footer-copyright"><?php echo get_option('copyright'); ?></p>

However, the link appears as http://www.blogsite.com/"http://www.example.com/". I am assuming that internally WordPress is trying to create an absolute url from what it believes to be a page slug. How can I stop this behavior? I have examined the get_options function defined in wp-includes/options.php and determined that it is not the problem. The problem is occurring later in the theme processing.

Edit:

Per David’s suggestion, I have check the DB. The value of this option is being altered before being written. HTML entities are being parsed and quotes are being escaped. Here is the actual value in the DB. 

Copyright © 2015 ABC Company, Inc.  All rights reserved. Site design by <a href="http://www.example.com">My Company</a>.

When I manually correct this in the DB, it displays fine. WordPress is performing some sort of post processing or parsing before writing the option value to the DB.

Post Views: 2

Related posts

1 comment

  1. WordPress unnecessarily escapes quotes in the option value during it’s sanitizing process. The easiest solution is to use the pre_update_option_(option name) hook to process and remove the unnecessary escape characters before the value is written to the database. This hook can be implemented in your theme’s functions.php file. (NAME in all caps should be replaced by the name of the option defined elsewhere in the update_option function.

    function myplugin_update_option_NAME( $new_value, $old_value ) {
    $new_value = str_replace('"', '"', $new_value);   // replaces " with "
    return $new_value;
}

function myplugin_init() {
    add_filter( 'pre_update_option_NAME', 'myplugin_update_option_NAME', 10, 2 );
}

add_action( 'init', 'myplugin_init' );

    I’ve intentionally avoided using PHP’s stripslashes function in order to keep the code simple and avoid checking for magic quotes.

    WordPress is not actually prepending anything to the hyperlink destination. However, because the hyperlink is not recognized with escaped quotes, it is treated as though it were a relative link causing the described behavior.

Comments are closed.