Validating widget configuration options
The widget configuration panel that was put in place in the previous recipe is functional and allows users to change options and save updated values in the website database. That being said, all WordPress does by default when the user saves a widget is store values directly in the site database. Accepting user data blindly is never a good idea and can lead to functionality problems and security risks if wrong or malicious values are entered. Therefore, it is preferable to add data validation rules through the creation of an
update method that will be able to verify configuration data before it is saved.
You should have already followed the Displaying widget configuration options recipe to have a starting point for this recipe. Alternatively, you can get the resulting code (
ch10/ch10-book-review-widget/ch10-book-review-widget-v2.php) from the book's GitHub page and rename the file to
ch10-book-review-widget.php. You should...