I have a plugin that has a submenu. For example: Dashboard, List of recent questions, Settings, Support.
The submenu is added using the add_submenu_page function.
add_submenu_page(
'my-plugin',
'Dashboard',
'Dashboard',
'manageoptions',
'my-plugin&tab=dashboard',
array(
$this,
'get_home_page',
)
);
Depending on the value of $_GET['tab'], I open the template I need.
$tab = ( isset( $_GET['tab'] ) ) ? sanitize_text_field( wp_unslash( $_GET['tab'] ) ) : '';
if ( 'dashbord' === $tab ) {
require_once PLUGIN_DIR . 'templates/dashbord.php';
} elseif ( 'settings' === $tab ) {
require_once PLUGIN_DIR . 'templates/settings.php';
}
When I check my code with a code sniffer with standard=WooCommerce-Core, it complains to me that "WARNING | Processing form data without nonce verification". On the line where I assign to the variable $tab the value of the array $_GET['tab'].
How to add wp nonce for menu link. And is there any common sense in this?
I tried using FILTER_SANITIZE_STRING for sanitizing. But the new version of php complains about it as a deprecated method.