Last active
March 26, 2021 15:53
-
-
Save tommcfarlin/555d33058cdc183da7f9e63eba9cb93a to your computer and use it in GitHub Desktop.
[WDS] wp-config.php, Constants, and User Input
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// Enforce capitalization of incoming constant keys. | |
$wp_user_constant = strtoupper( $wp_user_constant ); | |
// Read the constants into an associative array. | |
$constants = \get_defined_constants( true ); | |
// If the constnat is defined, update the value of the constant in the options table. | |
if ( ( defined( $wp_user_constant ) && isset( $constants['user'] ) ) ) { | |
update_option( $option_name, $constants['user'][ $wp_user_constant ] ); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* Read the incoming constant definition key and, if defined, updates the associated option. | |
* | |
* @param string $wp_user_constant The PHP constant to check before saving data from the form. | |
* @param string $option_name The name of the option to serialize the value of the constant. | |
* | |
*/ | |
function acme_constants_update_options( string $wp_user_constant, string $option_name ) { | |
$wp_user_constant = strtoupper( $wp_user_constant ); | |
$constants = \get_defined_constants( true ); | |
if ( ( defined( $wp_user_constant ) && isset( $constants['user'] ) ) ) { | |
update_option( $option_name, $constants['user'][ strtoupper( $wp_user_constant ) ] ); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<input | |
name="acme-homepage-url" | |
type="text" | |
value="<?php esc_attr_e( get_option( 'acme-homepage-url' ) ); ?>" | |
/> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
add_action( 'admin_menu', 'acme_add_options_page' ); | |
/** | |
* Adds the plugin menu item to the 'Settings' menu in the WordPress dashboard. | |
*/ | |
function acme_add_options_page() { | |
add_options_page( | |
esc_html__( 'Acme Theme Settings', 'wds' ), | |
esc_html__( 'Theme Settings', 'wds' ), | |
'manage_options', | |
'acme-options-page', | |
'acme_render_options_page' | |
); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* Renders the options page for the settings. | |
* | |
* This assumes that the options-view.php file is located in a `views` subdirectory. | |
*/ | |
function acme_render_options_page() { | |
require_once 'views/options-view.php'; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<div class="wrap"> | |
<h1><?php esc_html_e( get_admin_page_title() );</h1> | |
<form method="post" action="<?php echo esc_html( admin_url( 'admin-post.php' ) ); ?>"> | |
<p> | |
<label for="acme-homepage-url"> | |
<?php esc_html_e( 'Frontend URL', 'wds' ); ?> | |
<input name="acme-frontend-url" type="text" value="<?php esc_attr_e( get_option( 'acme-frontend-url' ) ); ?>" /> | |
</label> | |
</p> | |
<?php | |
wp_nonce_field( 'acme-settings-save', 'acme-settings-save-nonce' ); | |
submit_button(); | |
?> | |
</form> | |
</div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
add_action( 'admin_post', 'acme_save_options' ); | |
/** | |
* Validates the incoming nonce value, verifies the current user has | |
* permission to save the value from the options page and saves the | |
* option to the database. | |
*/ | |
function acme_save_options() { | |
// First, validate the nonce and verify the user as permission to save. | |
$result = 'true'; | |
if ( ! ( acme_options_has_valid_nonce() && current_user_can( 'manage_options' ) ) ) { | |
$result = 'false'; | |
} | |
// Save the field value in a variable. If it's empty, delete the option. | |
$key = 'acme-frontend-url'; | |
if ( empty( wp_unslash( filter_input( INPUT_POST, $key ) ) ) ) { | |
delete_option( $key ); | |
} | |
// Otherwise, sanitize the value and save the value. | |
update_option( | |
$key, | |
sanitize_text_field( | |
filter_var( | |
filter_input( INPUT_POST, $key ), | |
FILTER_SANITIZE_URL | |
) | |
) | |
); | |
// Now redirect the user back to the options page. | |
acme_render_options_redirect( $result ); | |
} | |
/** | |
* Verifies that the user has permission to save data associated with the settings page. | |
* | |
* @return bool True if the user has permission to save information; otherwise, false. | |
*/ | |
function acme_options_has_valid_nonce() { | |
// If the nonce isn't even in the $_POST array, then it's invalid. | |
if ( null === filter_input( INPUT_POST, 'acme-settings-save-nonce' ) ) { | |
return false; | |
} | |
$field = wp_unslash( filter_input( INPUT_POST, 'acme-settings-save-nonce' ) ); | |
$action = 'acme-settings-save'; | |
return wp_verify_nonce( $field, $action ); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* Redirects the user back to the administration page will a success or failure query string value. | |
* | |
* @param string $result The result of the evaluation of the settings being saved. | |
*/ | |
function acme_render_options_redirect( string $result ) { | |
if ( null === filter_input( INPUT_POST, '_wp_http_referer' ) ) { | |
$_POST['_wp_http_referer'] = wp_login_url(); | |
} | |
// Sanitize the value of the $_POST collection for the Coding Standards. | |
$url = sanitize_text_field( | |
wp_unslash( filter_input( INPUT_POST, '_wp_http_referer' ) ) | |
); | |
// Finally, redirect back to the admin page. | |
wp_safe_redirect( urldecode( add_query_arg( [ 'success' => $result ], urldecode( $url ) ) ) ); | |
exit; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment