meta-data-serialization.php

<?php
/**
 * An example function used to demonstrate how to use the `user_can_save` function
 * that provides boilerplate security checks when saving custom post meta data.
 *
 * The ultimate goal is provide a simple helper function to be used in themes and
 * plugins without the need to use a set of complex conditionals and constants.
 *
 * Instead, the aim is to have a simplified function that's easy to read and that uses
 * WordPress APIs.
 *
 * The DocBlocks should provide all information needed to understand how the function works.
 */
public function save_meta_data( $post_id ) {

	if( user_can_save( $post_id, 'meta_data_nonce' ) ) {

		/* ---------------------------------------- */
		/* -- Actual serialization work occurs here */
		/* ---------------------------------------- */

    } // end if

} // end save_meta_data

/**
 * Determines whether or not the current user has the ability to save meta data associated with this post.
 *
 * @param		int		$post_id	The ID of the post being save
 * @param		bool				Whether or not the user has the ability to save this post.
*/
function user_can_save( $post_id, $nonce ) {
	
    $is_autosave = wp_is_post_autosave( $post_id );
    $is_revision = wp_is_post_revision( $post_id );
    $is_valid_nonce = ( isset( $_POST[ $nonce ] ) && wp_verify_nonce( $_POST[ $nonce ], plugin_basename( __FILE__ ) ) ) ? true : false;
    
    // Return true if the user is able to save; otherwise, false.
    return ! ( $is_autosave || $is_revision ) && $is_valid_nonce;

} // end user_can_save