Today we released version 2.6.5 of Easy Digital Downloads, which included a decent set of bug fixes, but more importantly some changes to the way you (as developers) save settings in EDD. I want to go over a few changes that were made to the saving of settings and how they affect your extensions and development going forward.
What changed
Back in EDD 2.6, we updated the function edd_settings_sanitize which was originally designed to be used when saving settings with in the WordPress administration screens. Being that it was designed for the action of administration, when other developers tried to interact directly with the settings via the WordPress get_option and update_option functions, it was simply not running all our sanitization efforts.
In EDD 2.6.5 we’ve fixed that and now, no matter how you save your EDD Settings, sanitization methods are used throughout the entire settings array, not just the ones being saved. This is a great improvement to the process as it provides the best level of making sure the settings are in a format we are expecting and want.
What it means for you
This change wasn’t without some challenges, but overall there are a few things, as developers you should be aware of when integrating settings as an Easy Digital Downloads extension.
1. Checkboxes are now always set in $_POST, so we can validate their status
In previous versions of EDD, if you were using our ‘checkbox’ type, and wanted to do extra validation, you could use a simply run an isset() check on your setting to validate if it existed in the data. Since EDD now sanitizes on every save, no matter what data is passed, we had to implement a new handler of checkboxes, so they always exist in the $_POST data. This means, if you were using isset() it will no longer work.
The good news is, most developers can simply remove their checkbox validation and the new EDD settings sanitization will properly detect the chosen state of the checkbox. To do this, we now send 1 when the checkbox is checked and -1 when a checkbox is unchecked.
If you do need validation to do further work when settings are being saved, you’ll need to change references similar to the following:
if ( isset( $_POST['my_checkbox_setting'] ) ) {
To use this syntax:
if ( isset( $_POST['my_checkbox_setting'] ) && -1 !== $_POST['my_checkbox_setting'] ) {
2. Using get_option and update_option
Since we now fully support the use of the update_option to save EDD settings, and run them through the designed sanitization filters, we want to remind you to always focus on using update_option as few times as possible when saving settings. If you are changing 10 settings, it’s better to modify them all at once and use update_option a single time, instead of 10 times. Now that sanitization is being done on all the settings whenever update_option is called, it’s best to make sure we only run the sanitization a single time, instead of many times.
3. Backwards Compatibility
In EDD 2.5 we introduced our new ‘sub-sections’ for our settings area. This feature makes our settings for EDD much more user friendly and allows extension developers to have a single section dedicated to their own settings. The new Settings Sanitization fully supports this and is completely backwards compatible for people who have not yet updated their extensions or plugins to use the sub-sections.
Conclusion
I’m very excited for this update to the sanitization. It greatly reduced the complexity of this area of the codebase and made it much easier for us and other developers to interact with the EDD settings, while remaining positive that the intended changes were made and sanitized before being entered into the database. If you have any questions, please let us know in the comments below.