Created
May 17, 2022 14:40
-
-
Save jasalt/75e1120b00562cdc12b1ae4f281e4b66 to your computer and use it in GitHub Desktop.
Leftover plugin code doing ajax call securely with nonce and sanitisation. Discarded cause mixed up with existing states in post editor Tags -box.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// html page has a list of possible suggested tags rendered (see php file) which have a button from which they can be added as post tag eg: | |
// <p class="demo_tag">New demo tag<button class="button demo_add_keyword_as_tag_btn " data-nonce="XXX" data-demo_keyword="New demo tag" data-post_id="XXX">+</button></p> | |
// Click handler for buttons and ajax call | |
jQuery('.demo_add_keyword_as_tag_btn').click(function(e) { | |
e.preventDefault(); | |
if (e.target.classList.contains("button-disabled")){ | |
return; | |
}; | |
var payload = { | |
'action': 'demo_add_keyword_as_tag', | |
'security': e.target.dataset['nonce'], | |
'post_id': e.target.dataset['post_id'], | |
'demo_keyword': e.target.dataset['demo_keyword'] | |
}; | |
jQuery.ajax({ | |
url: ajaxurl, | |
type: "POST", | |
data: payload, | |
success: function(response) { | |
e.target.className += "button-disabled"; | |
e.target.textContent = "✔"; | |
// alert("SUCCESS: " + response); | |
}, | |
error: function(response) { // TODO error handling not properly working | |
alert("ERROR: " + response) | |
} | |
}); | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php $ajax_nonce = wp_create_nonce( "demo-keyword-nonce" ); ?> | |
<!-- loop creates bunch of these suggested tags that can be added by pressing them --> | |
<button class="button demo_add_keyword_as_tag_btn <?php if ($keyword_tag_exists) { echo 'button-disabled'; } ?>" | |
data-nonce="<?php echo $ajax_nonce ?>" | |
data-demo_keyword="<?php echo $tag->value ?>" | |
data-post_id="<?php echo $post_id ?>"><?php | |
if ($keyword_tag_exists) { | |
echo '✔'; | |
} else { | |
echo '+'; | |
} ?> | |
</button> | |
<?php | |
/* | |
* Ajax endpoint for adding plugin keyword string as WP post tag. | |
* !!! Leftover plugin code, discarded cause of mixed up states in post editor Tags -box. | |
*/ | |
add_action( 'wp_ajax_demo_add_keyword_as_tag', 'demo_add_keyword_as_tag' ); | |
function demo_add_keyword_as_tag() { | |
check_ajax_referer( 'demo-keyword-nonce', 'security' ); // dies with invalid nonce | |
if (! current_user_can( 'edit_posts' )){ wp_die(); } | |
$demo_keyword_unsafe = $_POST['demo_keyword']; | |
$demo_keyword = sanitize_text_field($demo_keyword_unsafe); | |
if ($demo_keyword === "") { | |
echo "empty string"; | |
wp_die(); | |
} | |
$post_id_unsafe = $_POST['post_id']; | |
$post_id_str = sanitize_text_field($post_id_unsafe); | |
$post_id = intval($post_id_str); | |
// if empty post_id while editing new post (not possible from current ui), | |
// or if tag not already existing, then add | |
wp_set_post_tags( $post_id, $tags=$demo_keyword, true ); // appends new tags, case insensitive, won't allow comma | |
echo '[Added tag ' . $demo_keyword . '] '; // TODO proper response | |
wp_die(); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment