Register Now

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Add question

Username* Please type your username .

E-Mail* Please type your E-Mail .

Question Title* Please choose an appropriate title for the question to answer it even easier .

Category Please choose the appropriate category so others can easily search your question.

Tags Please choose suitable Keywords Ex : question , poll .

Poll This question is a poll ? If you want to be doing a poll click here .

Featured image

Browse

Details*

Ask Anonymously Anonymous asks

Video description Do you need a video to description the problem better ?

Video type Choose from here the video type .

Video ID Put here the video id : https://www.youtube.com/watch?v=sdUUx5FdySs EX : 'sdUUx5FdySs'.

Notified Notified by e-mail at incoming answers.

Terms* By asking your question, you agree to the Terms of Service and Privacy Policy.

Captcha*

Login

Register Now

Thank you for registering with WPTricks

plugins – How to be Variables and options must be escaped when echo’d?

Home/ plugins – How to be Variables and options must be escaped when echo’d?

plugins – How to be Variables and options must be escaped when echo’d?

Question

When I submitted my plugin for review it was rejected because “Variables and options must be escaped when echo’d”. How do i escape the following 2 blocks of code?
I am very new to wordpress development. I have visit this https://developer.wordpress.org/apis/security/escaping/ . I am not able to understand how to fix it

<td><input type="color" name="star_color" value="<?php echo get_option( 'star_color' ); " />

full codes are

function sdvts_setings_page() { ?>

        <table class="form-table" role="presentation">

            <tbody>
                <tr>
                    <th scope="row"><label name="star_color" for="star_color">Star Background Color : </label></th>
                    <td><input type="color" name="star_color" value="<?php echo get_option( 'star_color' ); ?>" />
                    </td>
                </tr>
                <tr>
                    <th scope="row"><label name="btn_color" for="btn_color">Video Play button color : </label></th>
                    <td><input type="color" name="btn_color" value="<?php echo get_option( 'btn_color' ); ?>" />
                    </td>
                </tr>

                <tr>
                    <th scope="row"><label name="display_number" for="display_number">Number of word  : </label></th>
                    <td><input type="number" name="display_number" value="<?php echo get_option( 'display_number' ); ?>" />
                        <p class="description">How many word display on a quote</p>
                    </td>
                </tr>

            </tbody>
        </table>
        <input type="hidden" name="action" value="update" />
        <input type="hidden" name="page_options" value="star_color, btn_color, display_number," />
        <input type="submit" name="submit" class="button button-primary"
            value="<?php _e( 'SAVE CHANGES', 'vts' ); ?>" />
    </form >      
</div>

and

echo '<table class="form-table"><tbody>' . $output . '</tbody></table>';

full codes are

public function field_generator( $post ) {
    $output="";
    foreach ( $this->meta_fields as $meta_field ) {
        $label="<label for="" . $meta_field['id'] . '">' . $meta_field['label'] . '</label>';
        $meta_value = get_post_meta( $post->ID, $meta_field['id'], true );
        if ( empty( $meta_value ) ) {
            if ( isset( $meta_field['default'] ) ) {
                $meta_value = $meta_field['default'];
            }
        }
        switch ( $meta_field['type'] ) {
                            case 'select':
                                $input = sprintf(
                                    '<select id="%s" name="%s">',
                                    $meta_field['id'],
                                    $meta_field['id']
                                );
                                foreach ( $meta_field['options'] as $key => $value ) {
                                    $meta_field_value = !is_numeric( $key ) ? $key : $value;
                                    $input .= sprintf(
                                        '<option %s value="%s">%s</option>',
                                        $meta_value === $meta_field_value ? 'selected' : '',
                                        $meta_field_value,
                                        $value
                                    );
                                }
                                $input .= '</select>';
                                break;

            default:
                                $input = sprintf(
                                    '<input %s id="%s" name="%s" type="%s" value="%s">',
                                    $meta_field['type'] !== 'color' ? 'style="width: 100%"' : '',
                                    $meta_field['id'],
                                    $meta_field['id'],
                                    $meta_field['type'],
                                    $meta_value
                                );
        }
        $output .= $this->format_rows( $label, $input );
    }
    echo '<table class="form-table"><tbody>' . $output . '</tbody></table>';
}

0

Sumanta Dhank 2 months 2023-01-28T05:30:37-05:00 2023-01-28T05:30:37-05:00 0 Answers 0 views 0

Leave an answer

Name*

E-Mail*

Website

Attachment

Browse

Featured image

Browse

Answer*

Recent