WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 22 months ago

#12969 closed defect (bug) (fixed)

save_post action hook called before post-new.php is loaded

Reported by: duck_ Owned by:
Milestone: WordPress.org Priority: normal
Severity: normal Version: 3.0
Component: Inline Docs Keywords:
Focuses: Cc:

Description

Since r12987 new posts/pages are being saved into database as auto-drafts, this means that the save_post action hook is called as post-new.php is loading ($post = get_default_post_to_edit( $post_type, true ); on line 55).

Unfortunately any plugin or theme following the codex on adding meta boxes may run into trouble with nonce protection. Whenever a user goes to create a new post/page myplugin_save_postdata (function from codex example) will be called (because of the save_post action). However, the custom nonce will not exist since the function to create the meta box hasn't been called.

I guess best fix might be just to change the instructions.

Change History (4)

comment:1 duck_4 years ago

More general description:

save_post action called at a dubious location, because, although post data is technically being inserted into the db, nothing has been saved as far as user and plugin/theme developers are concerned.

comment:2 gvenk4 years ago

  • Cc gvenk added

comment:3 nacin3 years ago

  • Component changed from General to Inline Docs
  • Milestone changed from Awaiting Review to WordPress.org site

save_post also gets called for revisions and autosaves I believe.

That whole Codex example needs to be rewritten from a 3.0 standpoint.

I don't think this is a core issue, and rather is a documentation problem.

Marking for WordPress.org/Inline Docs, which we can fake to be the Codex needing an update.

See also this thread: http://lists.automattic.com/pipermail/wp-hackers/2010-October/035469.html

comment:4 nacin22 months ago

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.