I am passing the ABSPATH value from the wordpress theme options page for an exterior page which does not need ABSPATH. However , when the value is received within the exterior file, the slashes are removed. How do i send the worthiness and the slashes intact?
<input type="button" id="templateUpload" value="Add New Template" onclick="window.open('../wp-content/themes/mytheme/myuploader.php?abspath=<?php echo ABSPATH ?>','popup','width=330,height=230,scrollbars=no,resizable=no,toolbar=no,directories=no,location=no,menubar=no,status=no'); return false" />
The vista source of the aforementioned performed wordpress theme options page reads...
And that's why In my opinion I am getting an problem
\h are escapes in strings, so you'd need
\\ to obtain a real backslash.
But it gets better.
<input ... onclick="window.open('.../myuploader.php?abspath=<?php echo ABSPATH ?>',... />
Here you are outputting something into:
- a URL parameter, inside
- an HTML attribute
Which means you'll need three amounts of getting away:
$uri= '../wp-content/themes/mytheme/myuploader.php?abspath='.urlencode(ABSPATH); $jsuri= json_encode($uri); $htmljsuri= htmlspecialchars($jsuri); <input ... onclick="window.open(<?php echo $htmljsuri; ?>, 'popup', 'features...')" />
You are able to reduce that using the HEX_ options in json_scribe to make sure HTML special figures happen to be steered clear of taken care of, in PHP 5.3+:
$uri= '../wp-content/themes/mytheme/myuploader.php?abspath='.urlencode(ABSPATH); $jsuri= json_encode($uri, JSON_HEX_QUOT|JSON_HEX_TAG|JSON_HEX_AMP); <input ... onclick="window.open(<?php echo $jsuri; ?>, 'popup', 'features...')" />
I overlooked the
return false because it is not required for a
button, without any default action to avoid. I additionally removed the stuff about getting rid of browser chrome just because of discovering it quite distasteful. -)