I'm using some code to generate a frontend post editing form. All works great except that the line breaks are stripped and replaced with "rn" and it adds a forward slash if I use an apostrophe.
Example:
It's hard
With line breaks
To get them right
It's difficult.
Shows up as:
It\'s hardrnrnWith line breaksrnTo get them rightrnrnIt\'s difficult.
I have tried various solutions such as nl2br but nothing has worked yet, it may be that I'm not implementing it properly though;) Any help appreciated!
Form code:
<form id="post" class="post-edit front-end-form" method="post" enctype="multipart/form-data">
<input type="hidden" name="post_id" value="<?php the_ID(); ?>" />
<?php wp_nonce_field( 'update_post_'. get_the_ID(), 'update_post_nonce' ); ?>
<p><label for="post_title">Title</label>
<input type="text" id="post_title" name="post_title" value="<?php echo $post->post_title; ?>" /></p>
<p><?php wp_editor( $post->post_content, 'postcontent' ); ?></p>
<p><label for="post_title">Test</label>
<?php $value = get_post_meta(get_the_ID(), 'edit_test', true); ?>
<input type="text" id="edit_test" name="edit_test" value="<?php echo $value; ?>" /></p>
<p><label for="post_title">Test 2</label>
<?php $value = get_post_meta(get_the_ID(), 'edit_test2', true); ?>
<input type="text" id="edit_test2" name="edit_test2" value="<?php echo $value; ?>" /></p>
<input type="submit" id="submit" value="Update" />
</form>
Processing code:
if ( 'POST' == $_SERVER['REQUEST_METHOD'] && ! empty($_POST['post_id']) && ! empty($_POST['post_title']) && isset($_POST['update_post_nonce']) && isset($_POST['postcontent']) )
{
$post_id = $_POST['post_id'];
$post_type = get_post_type($post_id);
$capability = ( 'page' == $post_type ) ? 'edit_page' : 'edit_post';
if ( current_user_can($capability, $post_id) && wp_verify_nonce( $_POST['update_post_nonce'], 'update_post_'. $post_id ) )
{
$post = array(
'ID' => esc_sql($post_id),
'post_content' => esc_sql($_POST['postcontent']),
'post_title' => esc_sql($_POST['post_title'])
);
wp_update_post($post);
if ( isset($_POST['edit_test']) ) update_post_meta($post_id, 'edit_test', esc_sql($_POST['edit_test']) );
if ( isset($_POST['edit_test2']) ) update_post_meta($post_id, 'edit_test2', esc_sql($_POST['edit_test2']) );
}
else
{
wp_die("You can't do that");
}
}
(credit: https://wordpress.stackexchange.com/a/106582 )
Solved it!
Replaced this:
'post_content' => esc_sql($_POST['postcontent']),
'post_title' => esc_sql($_POST['post_title'])
With this:
'post_content' => wp_kses_post($_POST['postcontent']),
'post_title' => wp_strip_all_tags($_POST['post_title'])
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.