ID;
}
// Is the user allowed to edit the post or page?
if ( 'page' == $_POST['post_type'] ) {
if ( !current_user_can( 'edit_page', $post->ID ))
return $post->ID;
} else {
if ( !current_user_can( 'edit_post', $post->ID ))
return $post->ID;
}
// Build array from $_POST data
$newdata['_sgr-image'] = $_POST['_sgr-image'];
$newdata['_sgr-desc'] = $_POST['_sgr-desc'];
/* Sanitise data */
// trim whitespace - all options
foreach( $newdata as $key => $value ) {
$input[$key] = trim($value);
}
// Deal with Image
$newdata['_sgr-image'] = esc_url_raw( $newdata['_sgr-image'] );
// Deal with Text
$allowed_html = array( 'a' => array('href' => array(),'title' => array() ), 'br' => array(), 'em' => array(), 'strong' => array() );
$allowed_protocols = array( 'http', 'https', 'mailto', 'feed' );
$newdata['_sgr-desc'] = wp_kses( $newdata['_sgr-desc'], $allowed_html, $allowed_protocols );
// Add values of $newdata as custom fields
foreach ($newdata as $key => $value) {
if( $post->post_type == 'revision' ) return; //don't store custom data twice
$value = implode(',', (array)$value); //if $value is an array, make it a CSV (unlikely)
if(get_post_meta($post->ID, $key, FALSE)) { //if the custom field already has a value
update_post_meta($post->ID, $key, $value);
} else { //if the custom field doesn't have a value
add_post_meta($post->ID, $key, $value);
}
if(!$value) delete_post_meta($post->ID, $key); //delete if any are blank, eg _dfcg-exclude is NULL
}
}