Last active
November 4, 2022 00:28
-
-
Save tommcfarlin/4468321 to your computer and use it in GitHub Desktop.
Revisions
-
tommcfarlin revised this gist
Feb 26, 2013 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -33,7 +33,7 @@ function user_can_save( $post_id, $nonce ) { $is_autosave = wp_is_post_autosave( $post_id ); $is_revision = wp_is_post_revision( $post_id ); $is_valid_nonce = ( isset( $_POST[ $nonce ] ) && wp_verify_nonce( $_POST[ $nonce ], plugin_basename( __FILE__ ) ) ); // Return true if the user is able to save; otherwise, false. return ! ( $is_autosave || $is_revision ) && $is_valid_nonce; -
Feb 5, 2013 . 1 changed file with 27 additions and 41 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,55 +1,41 @@ <?php /** * An example function used to demonstrate how to use the `user_can_save` function * that provides boilerplate security checks when saving custom post meta data. * * The ultimate goal is provide a simple helper function to be used in themes and * plugins without the need to use a set of complex conditionals and constants. * * Instead, the aim is to have a simplified function that's easy to read and that uses * WordPress APIs. * * The DocBlocks should provide all information needed to understand how the function works. */ public function save_meta_data( $post_id ) { if( user_can_save( $post_id, 'meta_data_nonce' ) ) { /* ---------------------------------------- */ /* -- Actual serialization work occurs here */ /* ---------------------------------------- */ } // end if } // end save_meta_data /** * Determines whether or not the current user has the ability to save meta data associated with this post. * * @param int $post_id The ID of the post being save * @param bool Whether or not the user has the ability to save this post. */ function user_can_save( $post_id, $nonce ) { $is_autosave = wp_is_post_autosave( $post_id ); $is_revision = wp_is_post_revision( $post_id ); $is_valid_nonce = ( isset( $_POST[ $nonce ] ) && wp_verify_nonce( $_POST[ $nonce ], plugin_basename( __FILE__ ) ) ) ? true : false; // Return true if the user is able to save; otherwise, false. return ! ( $is_autosave || $is_revision ) && $is_valid_nonce; } // end user_can_save -
Jan 8, 2013 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,4 @@ <?php /** * An example function used to demonstrate how post meta data is typically saved. * -
Jan 6, 2013 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,54 @@ /** * An example function used to demonstrate how post meta data is typically saved. * * The first part of the function is general boilerplate code that is used in most * WordPress plugins. After speaking with several developers on Twitter, there's a desire * to refactor some of this code into its own private function so that the core * serialization function doesn't include so much boilerplate security code. * * Here, I've provided a sample function that we can use to begin refactoring. It * includes the following: * * - A nonce identified as 'meta_data_nonce.' This is purely for demonstration purposes. * - 'save_meta_data' is also an example function name. It's just for demonstration purposes. * - I've annotated where the actual serialization functionality would occur. * - I've blocked off where the boilerplate security check is concerned * * Once we receive enough contributions to this particular gist, I'd love to publicize it * for the development community in some way so that we can keep our methods smaller, cleaner, * and responsible for doing as few things as possible. * * @param int $post_id The ID of the post for which the meta data is being saved. */ public function save_meta_data( $post_id ) { if( isset( $_POST['meta_data_nonce'] ) && isset( $_POST['post_type'] ) ) { /* ---------- Begin Security Check ---------- */ // Don't save if the user hasn't submitted the changes if( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) { return; } // end if // Verify that the input is coming from the proper form if( ! wp_verify_nonce( $_POST['meta_data_nonce'], plugin_basename( __FILE__ ) ) ) { return; } // end if // Make sure the user has permissions to post if( 'post' == $_POST['post_type'] ) { if( ! current_user_can( 'edit_post', $post_id ) ) { return; } // end if } // end if/else /* ---------- End Security Check ---------- */ /* ---------------------------------------- */ /* -- Actual serialization work occurs here */ /* ---------------------------------------- */ } // end if } // end save_meta_data