Not able to complete meta box save function and sanitization/validation

Before Coming to this Point I have consulted various times →

  1. Validation Function
  2. On StackOverFlow

Consulted other existing articles Here:

1 WS1

2 WS2

Finally,

I came up with my version →

    function cpmb_add_admin_styles() {
    wp_enqueue_style( 'cpmb-admin', plugins_url( 'b-cpt/css/admin.css' ) );
}
add_action( 'admin_enqueue_scripts', 'cpmb_add_admin_styles' );



function cpmb_add_admin_scripts() {

     /*Get the current screen*/
    $screen = get_current_screen();

    // Compare the current screen's ID with 'post'. If they are equal, enqueue the JavaScript
    if( 'post' == $screen->id ) {
        wp_enqueue_script( 'cpmb-admin', plugins_url( 'b-cpt/js/admin.js' ) );
    }

}
add_action( 'admin_enqueue_scripts', 'cpmb_add_admin_scripts' );




function cpmb_add_meta_box() {
    add_meta_box(
        'cpmb_video',             // The ID for the meta box
        'Add Video URL',          // The title of the meta box
        'cpmb_display_meta_box',  // The function for rendering the markup
        'post',                   // We'll only be displaying this on post pages
        'advanced',               // Where the meta box should appear
        'high'                    // The priority of where the meta box should be displayed
    );
}
add_action( 'add_meta_boxes', 'cpmb_add_meta_box' );




function cpmb_display_meta_box( $post ) {

    // Define the nonce for security purposes
    wp_nonce_field( plugin_basename( __FILE__ ), 'cpmb-nonce-field' );

    // Start the HTML string so that all other strings can be concatenated
    $html = '';


    // Display the 'MP3 File' label and its file input element
    $html .= '<label id="video-url" for="video-url">';
        $html .= 'Video URL';
    $html .= '</label>';
    $html .= '<input type="URL" id="video-url" name="video-url" value="" />';



    $video_type = get_post_meta($post->ID,'my_video_type',true);
    $video_id = get_post_meta($post->ID,'my_meta_box_text',true);


    $html . = '<p>'
    $html . = '<label for="my_meta_box_text">Select video type:</label>'
         <!-- added select for selecting Vedio type -->
    $html . = '<select name="my_video_type" id="my_video_type">  '
    $html . = '<option <?php echo ($video_type == 'youtube') ? "selected='selected'" : "" ;?> value="youtube">Youtube</option>'
    $html . = '<option <?php echo ($video_type == 'vimeo') ? "selected='selected'" : "" ;?> value="vimeo">Vimeo</option>'
    $html . = '</select>'
        <!-- added select for selecting Vedio type -->
    $html . = </p>

    $html . = '<p>'
        $html . = '<label for="my_meta_box_text">Youtube/Vimeo ID:</label>'
        $html . = '<input type="text" name="video-url" id="video-url" value="<?php echo $video_id; ?>" />'
    $html . = '</p>'
    echo $html;



}




function cpmb_save_meta_box_data( $post_id ) {

    // If the user has permission to save data...
    if ( cpmb_user_can_save( $post_id, 'cpmb-nonce-field' ) ) {

        // ...and if the MP3 file is setup, then check to make sure its valid and save it, as well
        if ( isset( $_POST['video-url'] ) && ! empty( $_POST['video-url'] ) ) {

            if ( url_allowed( $_POST['video-url'] ) ) {

                }

        }

    }

}
add_action( 'save_post', 'cpmb_save_meta_box_data' );

function url_allowed( $url ) {
        $allowed_hosts = array(
                        'youtube.com',
                        'vimeo.com'
                        );
        if ( in_array( parse_url( $url, PHP_URL_HOST ), $allowed_hosts ) ) {
            return true;
        }
        return false;
    }

function cpmb_user_can_save( $post_id, $nonce ) {

    $is_autosave = wp_is_post_autosave( $post_id );
    $is_revision = wp_is_post_revision( $post_id );
    $is_valid_nonce = ( isset( $_POST[ $nonce ] ) && wp_verify_nonce( $_POST[ $nonce ], plugin_basename( __FILE__ ) ) );
    return ! ( $is_autosave || $is_revision ) && $is_valid_nonce;

}

But something is incomplete here in the save function:

if ( url_allowed( $_POST['video-url'] ) ) {

                }

        }

Please help me to complete this.

Please also help me to use wp_kses# etc if they can be applied here.

Please also help me to eliminate any bugs here in this piece of code.

Solutions Collecting From Web of "Not able to complete meta box save function and sanitization/validation"

Once validated, you just need to update the post meta with the form input:

 if ( url_allowed( $_POST['video-url'] ) ) {
     update_post_meta( $post_id, 'video-url', esc_url( $_POST['video-url'] ) );
 } else {
     //if user edits entry to remove a url from input, it will be deleted
     delete_post_meta( $post_id, 'video-url' );
 }

If you look at the source of esc_url(), you can see it is using wp_allowed_protocols and wp_kses_normalize_entities().


Side Note:

It is also parsing the url with wp_parse_url(), a wrapper for php’s parse_url(), to check the different parts. Not unlike what we did in the url_allowed() function (in fact I’ll update that answer to use wp_parse_url() if you want).