Skip to content

Instantly share code, notes, and snippets.

@bradpotter

bradpotter/genesis-front-page-manager-functions.php

Last active August 29, 2015 13:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save bradpotter/9088043 to your computer and use it in GitHub Desktop.
Save bradpotter/9088043 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
genesis-front-page-manager-functions.php
<?php
/**
* Genesis Front Page Manager
*
* @package Genesis_Front_Page_Manager
* @author Brad Potter
* @license GPL-2.0+
* @link http://www.bradpotter.com/plugins/genesis-front-page-manager
* @copyright Copyright (c) 2014, Brad Potter
*/
/**
* Add metabox for Front Page Manager
*/
add_action( 'genesis_theme_settings_metaboxes', 'front_page_manager_metaboxes', 10, 1 );
function front_page_manager_metaboxes( $pagehook ) {
add_meta_box( 'front-page-manager', __( 'Front Page Manager', 'genesis-front-page-manager' ), 'front_page_metabox', $pagehook, 'main', 'high' );
}
/**
* Content for the Front Page Manager metabox
*/
function front_page_metabox() {
// set the default selection (if empty)
$frontpageselect = genesis_get_option('front_page_select') ? genesis_get_option('front_page_select') : 'front-page.php';
?>
<p>
<select name="<?php echo GENESIS_SETTINGS_FIELD; ?>[front_page_select]">
<?php
foreach ( glob(CHILD_DIR . "/front-page*.php") as $file ) {
$file = str_replace( CHILD_DIR . '/', '', $file );
?>
<option value="<?php echo esc_attr( $file ); ?>" <?php selected($file, $frontpageselect); ?>><?php echo esc_html( $file ); ?></option>
<?php } ?>
</select>
</p>
<p><span class="description">Select your desired <b>Front Page</b> from the drop down list and save your settings.</span></p>
<?php
}
/**
* Template Redirect
*/
add_action( 'template_redirect', 'front_page_redirect' );
function front_page_redirect() {
if( is_home() || is_front_page() ) {
$frontpagemanager = genesis_get_option( 'front_page_select' );
include (CHILD_DIR . '/' . $frontpagemanager);
exit();
}
}
@markjaquith
Copy link

Using exit() in a template_redirect action isn't a very good practice (unless you're doing an HTTP redirect, obviously). Other things might be hooked in there. Imagine a plugin hooked in at priority 11. Its action will never get run, because you're bailing before WordPress finishes running.

A better hook to use is the template_include filter. Instead of include() and exit(), just return the path to the include file from the callback. WordPress continues to function normally, just using your new template.

You also should pass through the original template value if genesis_get_option( 'front_page_select' ) is empty(), so the user doesn't have errors until they select one.

And in terms of security, you should be verifying that the value you get out of genesis_get_option( 'front_page_select' ) is reasonable. What if it's ../../../../etc/passwd? Could be bad. So I would use regex like so:

<?php

if ( preg_match( '#^[a-z0-9-]+\.php$#', $frontpagemanager ) ) {
    return $frontpagemanager;
} else {
    return $original_template;
}

(Obviously this is assuming you switch to the template_include filter.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment