I am attempting to repair up my code to fulfill the WordPress VIP Coding Requirements. I am getting a few points that I would prefer to see go away, however i am unsure what the perfect technique is.
The primary concern is when i am verifying a nonce whereas saving metabox information:
$nonce = isset( $_POST['revv_meta_box_nonce'] ) ? $_POST['revv_meta_box_nonce'] : '';
The error i am getting right here is 'Processing information with out nonce verification'. Which is fairly foolish since i am simply storing the nonce in a variable, which I’m then verifying on the subsequent line.
The second concern is when i am storing the info:
$foo = isset($_POST['foo']) ? sanitize_text_field( $_POST['foo'] ) : '';
update_post_meta( $post_id, '_foo', $foo );
On the primary line there, the sniffer is complaining that i am not working wp_unslash on the info earlier than sanitizing it. However the information goes straight into update_post_meta on the subsequent line, which expects that information to not be unslashed.
Any concepts on the perfect technique for eliminating these error messages? Thanks!