/** * Sanitizes values in an one- and multi- dimensional arrays. * * Used by post meta-box form before writing post-meta to database * and by Settings API before writing option to database. * * @link https://tommcfarlin.com/input-sanitization-with-the-wordpress-settings-api/ * * @since 0.4.0 * * @param array $input The address input. * @return array $input_clean The sanitized input. */ function postscript_sanitize_data($data = array()) { // Initialize a new array to hold the sanitized values. $data_clean = array(); // Check for non-empty array. if (!is_array($data) || !count($data)) { return array(); } // Traverse the array and sanitize each value. foreach ($data as $key => $value) { // For one-dimensional array. if (!is_array($value) && !is_object($value)) { // Remove blank lines and whitespaces. $value = preg_replace('/^\\h*\\v+/m', '', trim($value)); $value = str_replace(' ', '', $value); $data_clean[$key] = sanitize_text_field($value); } // For multidimensional array. if (is_array($value)) { $data_clean[$key] = postscript_sanitize_data($value); } } return $data_clean; }
/** * Saves the meta box form data upon submission. * * @uses postscript_sanitize_data() Sanitizes $_POST array. * * @param int $post_id Post ID. * @param WP_Post $post Post object. */ function postscript_save_post_meta($post_id, $post) { // Checks save status $is_autosave = wp_is_post_autosave($post_id); $is_revision = wp_is_post_revision($post_id); $is_valid_nonce = isset($_POST['postscript_meta_nonce']) && wp_verify_nonce($_POST['postscript_meta_nonce'], basename(__FILE__)) ? 'true' : 'false'; // Exits script depending on save status if ($is_autosave || $is_revision || !$is_valid_nonce) { return; } // Get the post type object (to match with current user capability). $post_type = get_post_type_object($post->post_type); // Check if the current user has permission to edit the post. if (!current_user_can($post_type->cap->edit_post, $post_id)) { return $post_id; } $meta_key = 'postscript_meta'; $meta_value = get_post_meta($post_id, $meta_key, true); // $form_data = $_POST['postscript_meta']; // update_post_meta( $post_id, $meta_key, $form_data ); // If any user-submitted form fields have a value. // (implode() reduces array values to a string to do the check). if (isset($_POST['postscript_meta']) && implode($_POST['postscript_meta'])) { $form_data = postscript_sanitize_data($_POST['postscript_meta']); } else { $form_data = null; } // $form_data = ( isset( $_POST['postscript_meta'] ) && implode( $_POST['postscript_meta'] ) ) ? $_POST['postscript_meta'] : null; // Add post-meta, if none exists, and if user entered new form data. if ($form_data && '' == $meta_value) { add_post_meta($post_id, $meta_key, $form_data, true); // Update post-meta if user changed existing post-meta values in form. } elseif ($form_data && $form_data != $meta_value) { update_post_meta($post_id, $meta_key, $form_data); // Delete existing post-meta if user cleared all post-meta values from form. } elseif (null == $form_data && $meta_value) { delete_post_meta($post_id, $meta_key); // Any other possibilities? } else { return; } if (isset($_POST['tax_input'])) { // Convert array values (term IDs) from number strings to integers. if (isset($_POST['tax_input']['postscript_styles']) && is_array($_POST['tax_input']['postscript_styles'])) { $style_ids = array_map('intval', $_POST['tax_input']['postscript_styles']); wp_set_object_terms($post_id, $style_ids, 'postscripts', false); } if (isset($_POST['tax_input']['postscript_scripts']) && is_array($_POST['tax_input']['postscript_scripts'])) { $script_ids = array_map('intval', $_POST['tax_input']['postscript_scripts']); wp_set_object_terms($post_id, $script_ids, 'postscripts', false); } } }