WordPress.org

Make WordPress Core

Opened 3 years ago

Last modified 4 months ago

#43019 new enhancement

Hook to validate post form data before save

Reported by: henry.wright Owned by:
Milestone: Awaiting Review Priority: normal
Severity: major Version:
Component: Database Keywords: has-patch needs-testing
Focuses: Cc:

Description

There doesn't seem to be a hook available to validate form data before a post is saved. In my case I'm considering using JavaScript to validate the post title, content and meta but would prefer to do this validation server side.

Can we add a hook?

Attachments (2)

43019.diff (535 bytes) - added by danieltj 3 years ago.
Pre insert post hook
43019.2.diff (832 bytes) - added by henry.wright 3 years ago.

Download all attachments as: .zip

Change History (14)

#1 @danieltj
3 years ago

  • Keywords reporter-feedback added

I'm just curious, but why do you need to validate those fields prior to saving as that already happens on post save? Having said that, there is a hook called pre_post_update that is run when something is updated, although not when something is saved for the first time mind you.

Useful links for this hook:

  1. https://core.trac.wordpress.org/browser/tags/4.9/src/wp-includes/post.php#L3371
  2. https://developer.wordpress.org/reference/hooks/pre_post_update/

There are some filter hooks you could use though within the wp_insert_post function if you wanted to check data that is submitted, but like I said; it's validated when run through the function.

If you're wanting to validate custom meta data for a post, you can still use the save_post hook and do your own custom validation there but it depends on your use case as to whether that's helpful or not.

#2 @henry.wright
3 years ago

  • Keywords reporter-feedback removed

Hi @danieltj

I'm just curious, but why do you need to validate those fields prior to saving as that already happens on post save?

Perhaps I should have been more clear. A hook will allow for custom validation to be done. If WordPress validates already then that's great but the key word here is custom.

Having said that, there is a hook called pre_post_update that is run when something is updated

As you mentioned in your comment, the pre_post_update hook will execute only if $update evaluates to true. The hook I'm requesting should apply also to new posts.

If you're wanting to validate custom meta data for a post, you can still use the save_post hook and do your own custom validation there but it depends on your use case as to whether that's helpful or not.

save_post is executed after the post has been saved. This won't be helpful if you need to perform custom validation before the post is added to the database.

#3 @danieltj
3 years ago

  • Keywords has-patch added

Fair enough - I'm all for adding in extra hooks - I was just curious the use-case for it. I'll add a patch for a proposed hook, not sure if anything else is needed apart from the post data being passed through it.

@danieltj
3 years ago

Pre insert post hook

#4 @henry.wright
3 years ago

Thanks for the diff @danieltj

I think we should provide a way of bailing early if the data isn't valid. Please see the incoming 43019.2.diff. Grateful for your thoughts

@henry.wright
3 years ago

#5 @johnbillion
3 years ago

  • Keywords ux-feedback needs-testing added

Thanks for the patch. What does the user journey look like if the data that they've entered is considered invalid? Do they see a generic error message stating "The data supplied isn't valid"? Are the fields repopulated with their invalid data or does their data get lost?

Screenshots or a very short screencast could help.

#6 @henry.wright
3 years ago

Thanks John for the feedback.

The user journey isn't very good with my patch 43019.2.diff. They will see the generic error message you mentioned. I think the patch could be fleshed out to allow the callback to return a custom error message.

I believe currently the field data is lost if it's invalid. I think this should also be changed.

#7 @foresmac
3 years ago

This would be super useful. Maybe the way to do it is to have the callback return an array of WP_Error for each custom field that fails validation? If it's empty, then there are no custom field errors.

This ticket was mentioned in Slack in #design by karmatosed. View the logs.


2 years ago

#9 @karmatosed
2 years ago

  • Keywords ux-feedback removed

I am removing ux-feedback as a keyword because this doesn't need the design team to give feedback right now. This was discussed in this week's design triage meeting.

#10 @eseyfried
9 months ago

I am having the same challenge as @henrywright. I was looking for a similar hook that fires before the post saves and would allow me to halt the save process if my custom validation fails. This patch seems to cover this scenario. I am curious to know if this will be accepted into Core. This thread seemed to have died off. Would someone please post an update?

#11 @rafdizzle86
5 months ago

  • Component changed from General to Database
  • Severity changed from normal to major
  • Version set to 5.6

I've found a "work-around" for updates. You can hook into the filter wp_insert_post_data and return a null or some other falsey value that is not an array. This is because a few lines down there's a call to $wpdb->update( $wpdb->posts, $data, $where ) which does a validation on $data in the first few lines:

if ( ! is_array( $data ) || ! is_array( $where ) ) {
	return false;
}

In the same hook you can update an option with a notification as to why you failed the update - in the following request you can display that notification using the admin_notices hook.

I haven't looked that much into $wpdb->insert() - however it seems more complicated as it calls a _insert_replace_helper method that does some SQL data validation.

Hopefully this helps other folks who are wondering why WordPress and WooCommerce don't have a simple hook for data validation and halting the save. Seems like a rudimentary hook that should be part of any database save process!

WordPress/WooCommerce devs: please include an explicit filter that allows 3rd party developers to validate data and halt the save process if that data is invalid!

Last edited 5 months ago by rafdizzle86 (previous) (diff)

#12 @hellofromTonya
4 months ago

  • Version 5.6 deleted

Removing 5.6 as the Version, as the ticket creation predates the 5.6 release.

Note: See TracTickets for help on using tickets.