I am passing the ABSPATH value from the wordpress theme options page for an exterior page which does not need ABSPATH. However , when the value is received within the exterior file, the slashes are removed. How do i send the worthiness and the slashes intact?

I am passing the worthiness for ABSPATH using a javascript window.open URL parameter like so...

<input type="button" id="templateUpload" value="Add New Template" onclick="window.open('../wp-content/themes/mytheme/myuploader.php?abspath=<?php echo ABSPATH ?>','popup','width=330,height=230,scrollbars=no,resizable=no,toolbar=no,directories=no,location=no,menubar=no,status=no'); return false" />

The vista source of the aforementioned performed wordpress theme options page reads...


And that's why In my opinion I am getting an problem

It's the insufficient JavaScript string literal getting away which has tripped you up: \x and \h are escapes in strings, so you'd need \\ to obtain a real backslash.

But it gets better.

<input ...  onclick="window.open('.../myuploader.php?abspath=<?php echo ABSPATH ?>',... />

Here you are outputting something into:

  1. a URL parameter, inside
  2. a JavaScript string literal, inside
  3. an HTML attribute

Which means you'll need three amounts of getting away:

$uri= '../wp-content/themes/mytheme/myuploader.php?abspath='.urlencode(ABSPATH);
$jsuri= json_encode($uri);
$htmljsuri= htmlspecialchars($jsuri);

<input ... onclick="window.open(<?php echo $htmljsuri; ?>, 'popup', 'features...')" />

You are able to reduce that using the HEX_ options in json_scribe to make sure HTML special figures happen to be steered clear of taken care of, in PHP 5.3+:

$uri= '../wp-content/themes/mytheme/myuploader.php?abspath='.urlencode(ABSPATH);
$jsuri= json_encode($uri, JSON_HEX_QUOT|JSON_HEX_TAG|JSON_HEX_AMP);

<input ... onclick="window.open(<?php echo $jsuri; ?>, 'popup', 'features...')" />

However, anything including multiple amounts of getting away such as this is confusing and usually to become prevented. Kick the JavaScript and also the variable from the markup rather, then you've just one degree of getting away to bother with at the same time:

<input type="button" id="templateUpload" value="Add New Template" />
<script type="text/javascript">
    var ABSPATH= <?php echo json_encode(ABSPATH, JSON_HEX_TAG|JSON_HEX_AMP); ?>;

    document.getElementById('templateUpload').onclick= function() {
        var uri= '../wp-content/themes/mytheme/myuploader.php?abspath='+encodeURIComponent(ABSPATH);
        window.open(uri, 'popup', 'width=330, height=230');

I overlooked the return false because it is not required for a button, without any default action to avoid. I additionally removed the stuff about getting rid of browser chrome just because of discovering it quite distasteful. -)