WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 10 months ago

#43019 new enhancement

Hook to validate post form data before save

Reported by: henry.wright Owned by:
Milestone: Awaiting Review Priority: normal
Severity: major Version:
Component: Database Keywords: has-patch needs-testing
Focuses: Cc:

Description

There doesn't seem to be a hook available to validate form data before a post is saved. In my case I'm considering using JavaScript to validate the post title, content and meta but would prefer to do this validation server side.

Can we add a hook?

Attachments (2)

43019.diff (535 bytes) - added by danieltj 4 years ago.
Pre insert post hook
43019.2.diff (832 bytes) - added by henry.wright 4 years ago.

Download all attachments as: .zip

Change History (14)

#1 @danieltj
4 years ago

  • Keywords reporter-feedback added

I'm just curious, but why do you need to validate those fields prior to saving as that already happens on post save? Having said that, there is a hook called pre_post_update that is run when something is updated, although not when something is saved for the first time mind you.

Useful links for this hook:

  1. https://core.trac.wordpress.org/browser/tags/4.9/src/wp-includes/post.php#L3371
  2. https://developer.wordpress.org/reference/hooks/pre_post_update/

There are some filter hooks you could use though within the wp_insert_post function if you wanted to check data that is submitted, but like I said; it's validated when run through the function.

If you're wanting to validate custom meta data for a post, you can still use the save_post hook and do your own custom validation there but it depends on your use case as to whether that's helpful or not.

#2 @henry.wright
4 years ago

  • Keywords reporter-feedback removed

Hi @danieltj

I'm just curious, but why do you need to validate those fields prior to saving as that already happens on post save?

Perhaps I should have been more clear. A hook will allow for custom validation to be done. If WordPress validates already then that's great but the key word here is custom.

Having said that, there is a hook called pre_post_update that is run when something is updated

As you mentioned in your comment, the pre_post_update hook will execute only if $update evaluates to true. The hook I'm requesting should apply also to new posts.

If you're wanting to validate custom meta data for a post, you can still use the save_post hook and do your own custom validation there but it depends on your use case as to whether that's helpful or not.

save_post is executed after the post has been saved. This won't be helpful if you need to perform custom validation before the post is added to the database.

#3 @danieltj
4 years ago

  • Keywords has-patch added

Fair enough - I'm all for adding in extra hooks - I was just curious the use-case for it. I'll add a patch for a proposed hook, not sure if anything else is needed apart from the post data being passed through it.

@danieltj
4 years ago

Pre insert post hook

#4 @henry.wright
4 years ago

Thanks for the diff @danieltj

I think we should provide a way of bailing early if the data isn't valid. Please see the incoming 43019.2.diff. Grateful for your thoughts

@henry.wright
4 years ago

#5 @johnbillion
4 years ago

  • Keywords ux-feedback needs-testing added

Thanks for the patch. What does the user journey look like if the data that they've entered is considered invalid? Do they see a generic error message stating "The data supplied isn't valid"? Are the fields repopulated with their invalid data or does their data get lost?

Screenshots or a very short screencast could help.

#6 @henry.wright
4 years ago

Thanks John for the feedback.

The user journey isn't very good with my patch 43019.2.diff. They will see the generic error message you mentioned. I think the patch could be fleshed out to allow the callback to return a custom error message.

I believe currently the field data is lost if it's invalid. I think this should also be changed.

#7 @foresmac
3 years ago

This would be super useful. Maybe the way to do it is to have the callback return an array of WP_Error for each custom field that fails validation? If it's empty, then there are no custom field errors.

This ticket was mentioned in Slack in #design by karmatosed. View the logs.


3 years ago

#9 @karmatosed
3 years ago

  • Keywords ux-feedback removed

I am removing ux-feedback as a keyword because this doesn't need the design team to give feedback right now. This was discussed in this week's design triage meeting.

#10 @eseyfried
15 months ago

I am having the same challenge as @henrywright. I was looking for a similar hook that fires before the post saves and would allow me to halt the save process if my custom validation fails. This patch seems to cover this scenario. I am curious to know if this will be accepted into Core. This thread seemed to have died off. Would someone please post an update?

#11 @rafdizzle86
10 months ago

  • Component changed from General to Database
  • Severity changed from normal to major
  • Version set to 5.6

I've found a "work-around" for updates. You can hook into the filter wp_insert_post_data and return a null or some other falsey value that is not an array. This is because a few lines down there's a call to $wpdb->update( $wpdb->posts, $data, $where ) which does a validation on $data in the first few lines:

if ( ! is_array( $data ) || ! is_array( $where ) ) {
	return false;
}

In the same hook you can update an option with a notification as to why you failed the update - in the following request you can display that notification using the admin_notices hook.

I haven't looked that much into $wpdb->insert() - however it seems more complicated as it calls a _insert_replace_helper method that does some SQL data validation.

Hopefully this helps other folks who are wondering why WordPress and WooCommerce don't have a simple hook for data validation and halting the save. Seems like a rudimentary hook that should be part of any database save process!

WordPress/WooCommerce devs: please include an explicit filter that allows 3rd party developers to validate data and halt the save process if that data is invalid!

Last edited 10 months ago by rafdizzle86 (previous) (diff)

#12 @hellofromTonya
10 months ago

  • Version 5.6 deleted

Removing 5.6 as the Version, as the ticket creation predates the 5.6 release.

Note: See TracTickets for help on using tickets.