The question:
I have created a plugin wherein I have a custom post type. I am using post_content for some simple text. I do not need to offer any fancy editing or insertion of data for this field, so I looked for a way to remove the buttons from the tinyMCE editor.
I never found a very good solution so I removed the editor from the custom post type supports in the register function.
'supports' => array('title','revisions','thumbnail'),
Then to create an area for the content to go I simply echo a textarea in the back end form with the name and id attribute as "content".
<tr>
<th scope="row">
<label for="content">Review body</label>
</th>
<td>
<textarea style="height: 300px; width: 100%" autocomplete="off" cols="40" name="content" id="content">' . $post->post_content . '</textarea>
</td>
</tr>
This works exactly as I want, and is pretty simple.
The question is, am I losing sanitation or skipping security measures by doing this?
The Solutions:
Below are the methods you can try. The first solution is probably the best. Try others if the first one doesn’t work. Senior developers aren’t just copying/pasting – they read the methods carefully & apply them wisely to each case.
Method 1
No need to reinvent the wheel – put your editor support back and tweak the settings:
function wpse_199918_wp_editor_settings( $settings, $editor_id ) {
if ( $editor_id === 'content' && get_current_screen()->post_type === 'custom_post_type' ) {
$settings['tinymce'] = false;
$settings['quicktags'] = false;
$settings['media_buttons'] = false;
}
return $settings;
}
add_filter( 'wp_editor_settings', 'wpse_199918_wp_editor_settings', 10, 2 );
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0