WordPress 2.7 requires that plugins explicitly white list their options using a couple new functions. WordPress MU has required this security measure for a while, and it’s nice to see an evolved form of it brought to the core code. [Migrating Plugins and Themes to 2.7][1] article in the codex offers some guidance, but here’s how it works:
First, register each option for your plugin during the admin_init action:
``` function myplugin_admin_init(){ register_setting( 'my-options-group', 'my-option-name-1', 'absint' ); register_setting( 'my-options-group', 'my-option-name-2', 'wp_filter_nohtml_kses' ); } add_action( 'admin_init', 'myplugin_admin_init' ); ``` |
In the example above, the value for my-option-name-1
will be filtered by absint
before being saved to the options table. my-option-name-2
will be stripped of any HTML by wp_filter_nohtml_kses
.
Then build a form like this prototype:
```
Web Form Validation With jQueryJosh Bush’s Masked Input Plugin and Paulo P. Marinas’ AlphaNumeric are both jQuery plugins to prevent input of invalid data in web forms. |