Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save pdewouters/4750231 to your computer and use it in GitHub Desktop.
Save pdewouters/4750231 to your computer and use it in GitHub Desktop.
<?php
/**
* An example function used to demonstrate how to use the `user_can_save` function
* that provides boilerplate security checks when saving custom post meta data.
*
* The ultimate goal is provide a simple helper function to be used in themes and
* plugins without the need to use a set of complex conditionals and constants.
*
* Instead, the aim is to have a simplified function that's easy to read and that uses
* WordPress APIs.
*
* The DocBlocks should provide all information needed to understand how the function works.
*/
public function save_meta_data( $post_id ) {
if( user_can_save( $post_id, 'meta_data_nonce' ) ) {
/* ---------------------------------------- */
/* -- Actual serialization work occurs here */
/* ---------------------------------------- */
} // end if
} // end save_meta_data
/**
* Determines whether or not the current user has the ability to save meta data associated with this post.
*
* @param int $post_id The ID of the post being save
* @param bool Whether or not the user has the ability to save this post.
*/
function user_can_save( $post_id, $nonce ) {
$is_autosave = wp_is_post_autosave( $post_id );
$is_revision = wp_is_post_revision( $post_id );
$is_valid_nonce = ( isset( $_POST[ $nonce ] ) && wp_verify_nonce( $_POST[ $nonce ], plugin_basename( __FILE__ ) ) ) ? true : false;
// Return true if the user is able to save; otherwise, false.
return ! ( $is_autosave || $is_revision ) && $is_valid_nonce;
} // end user_can_save
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment