Reading and Rendering Option Values Safely
Option values are global; mistakes propagate site-wide, so retrieval and escaping must be strict.
Practical Use Cases
Use Case 1: Render global support values in header partial
wp-content/themes/your-theme/template-parts/global-support.php
<?php
$phone = get_field('support_hotline', 'option');
$email = get_field('support_email', 'option');
if ($phone) {
echo '<a href="tel:' . esc_attr($phone) . '">' . esc_html($phone) . '</a>';
}
if ($email) {
echo '<a href="mailto:' . esc_attr($email) . '">' . esc_html($email) . '</a>';
}
?>
CLI option retrieval
wp eval 'var_export(get_field("support_hotline", "option"));'
Expected output
'+6565509090'
Use Case 2: Expose selected options in internal REST endpoint
wp-content/plugins/my-plugin/includes/rest-options.php
<?php
add_action('rest_api_init', function () {
register_rest_route('internal/v1', '/site-options', [
'methods' => 'GET',
'permission_callback' => function () { return current_user_can('manage_options'); },
'callback' => function () {
return [
'support_hotline' => get_field('support_hotline', 'option'),
'support_email' => get_field('support_email', 'option'),
];
},
]);
});
?>
CLI route check
wp eval 'global $wp_rest_server; do_action("rest_api_init"); $r=$wp_rest_server->get_routes(); echo isset($r["/internal/v1/site-options"]) ? "route-ok" : "route-missing"; echo PHP_EOL;'
Expected output
route-ok
Hands-On Practice
- Read two option values via
wp evaland compare with template output. - Add escaping checks in global option render partials.
- Register one internal route exposing only approved option keys.
What's Next
- Continue to Managing Option Values via CLI and Automation.
- Review this module context in Module 10 Overview.
- Related lesson: Exposing ACF in REST API Securely.