Make WordPress Core

Opened 15 years ago

Closed 12 years ago

#12969 closed defect (bug) (fixed)

save_post action hook called before post-new.php is loaded

Reported by: duck_'s profile duck_ Owned by:
Milestone: WordPress.org Priority: normal
Severity: normal Version: 3.0
Component: Inline Docs Keywords:
Focuses: Cc:

Description

Since r12987 new posts/pages are being saved into database as auto-drafts, this means that the save_post action hook is called as post-new.php is loading ($post = get_default_post_to_edit( $post_type, true ); on line 55).

Unfortunately any plugin or theme following the codex on adding meta boxes may run into trouble with nonce protection. Whenever a user goes to create a new post/page myplugin_save_postdata (function from codex example) will be called (because of the save_post action). However, the custom nonce will not exist since the function to create the meta box hasn't been called.

I guess best fix might be just to change the instructions.

Change History (4)

#1 @duck_
15 years ago

More general description:

save_post action called at a dubious location, because, although post data is technically being inserted into the db, nothing has been saved as far as user and plugin/theme developers are concerned.

#2 @gvenk
14 years ago

  • Cc gvenk added

#3 @nacin
14 years ago

  • Component changed from General to Inline Docs
  • Milestone changed from Awaiting Review to WordPress.org site

save_post also gets called for revisions and autosaves I believe.

That whole Codex example needs to be rewritten from a 3.0 standpoint.

I don't think this is a core issue, and rather is a documentation problem.

Marking for WordPress.org/Inline Docs, which we can fake to be the Codex needing an update.

See also this thread: http://lists.automattic.com/pipermail/wp-hackers/2010-October/035469.html

#4 @nacin
12 years ago

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.