Opened 8 years ago
Last modified 2 months ago
#41953 new feature request
Improved Meta Box Save Hook
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | Editor | Keywords: | close |
| Focuses: | Cc: |
Description
Hi,
This is suggestion how to reduce some conditionals for saving meta boxes with function for example. Below is code of meta box save function with all conditions for security and inside that function we always write some core condition for security that can be separated in one or more core functions to do that for us, so we can just call that function.
if ( ! function_exists( 'save_admin_meta_boxes' ) ) {
/**
* Saves admin meta box to postmeta table
*
* @param $post_id int - id of post that meta box is being saved
* @param $post WP_Post - current post object
*/
function save_admin_meta_boxes( $post_id, $post ) {
// If we're doing an auto save, bail
if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) {
return;
}
// If default wp nonce isn't there, bail
if ( ! isset( $_POST['_wpnonce'] ) ) {
return;
}
// If current user can't edit this post, bail
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return;
}
// If current post type are not in list, bail
$post_types = apply_filters( 'wp_allowed_post_types_for_meta_boxes', array( 'post', 'page' ) );
if ( ! in_array( $post->post_type, $post_types ) ) {
return;
}
// If our nonce isn't there, or we can't verify it, bail
$meta_boxes = apply_filters( 'add_meta_boxes_filter', array() );
$nonce_array = array();
if ( is_array( $meta_boxes ) && ! empty( $meta_boxes ) ) {
foreach ( $meta_boxes as $meta_box ) {
$nonce_array[] = 'extensive_vc_meta_box_' . esc_attr( $meta_box ) . '_save';
}
}
if ( is_array( $nonce_array ) && count( $nonce_array ) ) {
foreach ( $nonce_array as $nonce ) {
if ( ! isset( $_POST[ $nonce ] ) || ! wp_verify_nonce( $_POST[ $nonce ], $nonce ) ) {
return;
}
}
}
// Make sure your data is set before trying to save it
global $meta_boxes_options;
foreach ( $meta_boxes_options as $key => $value ) {
$field_key = $_POST[ $key ];
if ( isset( $field_key ) && trim( $field_key !== '' ) ) {
update_post_meta( $post_id, $key, esc_html( $field_key ) );
} else {
delete_post_meta( $post_id, $key );
}
}
}
add_action( 'save_post', 'save_admin_meta_boxes', 10, 2 );
}
Example function with that conditionals
if ( ! function_exists( 'wp_meta_boxes_security_check' ) ) {
/**
* Check is meta box secure and valid for saving
*
* @param $post_id int - id of post that meta box is being saved
* @param $post WP_Post - current post object
*
* @return boolean
*/
function wp_meta_boxes_security_check( $post_id, $post ) {
$return_value = true;
// If we're doing an auto save, bail
if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) {
$return_value = false;
}
// If default wp nonce isn't there, bail
if ( ! isset( $_POST['_wpnonce'] ) ) {
$return_value = false;
}
// If current user can't edit this post, bail
if ( ! current_user_can( 'edit_post', $post_id ) ) {
$return_value = false;
}
// If current post type are not in list, bail
$post_types = apply_filters( 'wp_allowed_post_types_for_meta_boxes', array( 'post', 'page' ) );
if ( ! in_array( $post->post_type, $post_types ) ) {
$return_value = false;
}
return $return_value;
}
}
and then finally code for saving meta boxes will be
if ( ! function_exists( 'save_admin_meta_boxes' ) ) {
/**
* Saves admin meta box to postmeta table
*
* @param $post_id int - id of post that meta box is being saved
* @param $post WP_Post - current post object
*/
function save_admin_meta_boxes( $post_id, $post ) {
// If meta box doesn't paste check, bail
if ( ! wp_meta_boxes_security_check( $post_id, $post ) ) {
return;
}
// If our nonce isn't there, or we can't verify it, bail
$meta_boxes = apply_filters( 'add_meta_boxes_filter', array() );
$nonce_array = array();
if ( is_array( $meta_boxes ) && ! empty( $meta_boxes ) ) {
foreach ( $meta_boxes as $meta_box ) {
$nonce_array[] = 'extensive_vc_meta_box_' . esc_attr( $meta_box ) . '_save';
}
}
if ( is_array( $nonce_array ) && count( $nonce_array ) ) {
foreach ( $nonce_array as $nonce ) {
if ( ! isset( $_POST[ $nonce ] ) || ! wp_verify_nonce( $_POST[ $nonce ], $nonce ) ) {
return;
}
}
}
// Make sure your data is set before trying to save it
global $meta_boxes_options;
foreach ( $meta_boxes_options as $key => $value ) {
$field_key = $_POST[ $key ];
if ( isset( $field_key ) && trim( $field_key !== '' ) ) {
update_post_meta( $post_id, $key, esc_html( $field_key ) );
} else {
delete_post_meta( $post_id, $key );
}
}
}
add_action( 'save_post', 'save_admin_meta_boxes', 10, 2 );
}
Also I added some filter for allowed post types inside that function
$post_types = apply_filters( 'wp_allowed_post_types_for_meta_boxes', array( 'post', 'page' ) );
which allows authors to easily add their own custom post type with meta boxes for saving.
Best regards,
Nenad
Change History (3)
#2
@
2 months ago
- Component changed from Posts, Post Types to Administration
- Focuses administration removed
- Keywords close added
- Version 4.8.2 deleted
Given that the tendency is to avoid adding new features to the old editor I think that this new feature is going to tend to be part of a deprecation process.
I'm going to leave this open for now, but suggest as close unless someone finds there is any future in this proposal that has been stalling for 8 years.
Note: See
TracTickets for help on using
tickets.
Related: #30188