/**
* Sanitizes values in an one- and multi- dimensional arrays.
*
* Used by post meta-box form before writing post-meta to database
* and by Settings API before writing option to database.
*
* @link https://tommcfarlin.com/input-sanitization-with-the-wordpress-settings-api/
*
* @since 0.4.0
*
* @param array $input The address input.
* @return array $input_clean The sanitized input.
*/
function postscript_sanitize_data($data = array())
{
// Initialize a new array to hold the sanitized values.
$data_clean = array();
// Check for non-empty array.
if (!is_array($data) || !count($data)) {
return array();
}
// Traverse the array and sanitize each value.
foreach ($data as $key => $value) {
// For one-dimensional array.
if (!is_array($value) && !is_object($value)) {
// Remove blank lines and whitespaces.
$value = preg_replace('/^\\h*\\v+/m', '', trim($value));
$value = str_replace(' ', '', $value);
$data_clean[$key] = sanitize_text_field($value);
}
// For multidimensional array.
if (is_array($value)) {
$data_clean[$key] = postscript_sanitize_data($value);
}
}
return $data_clean;
}
/**
* Saves the meta box form data upon submission.
*
* @uses postscript_sanitize_data() Sanitizes $_POST array.
*
* @param int $post_id Post ID.
* @param WP_Post $post Post object.
*/
function postscript_save_post_meta($post_id, $post)
{
// Checks save status
$is_autosave = wp_is_post_autosave($post_id);
$is_revision = wp_is_post_revision($post_id);
$is_valid_nonce = isset($_POST['postscript_meta_nonce']) && wp_verify_nonce($_POST['postscript_meta_nonce'], basename(__FILE__)) ? 'true' : 'false';
// Exits script depending on save status
if ($is_autosave || $is_revision || !$is_valid_nonce) {
return;
}
// Get the post type object (to match with current user capability).
$post_type = get_post_type_object($post->post_type);
// Check if the current user has permission to edit the post.
if (!current_user_can($post_type->cap->edit_post, $post_id)) {
return $post_id;
}
$meta_key = 'postscript_meta';
$meta_value = get_post_meta($post_id, $meta_key, true);
// $form_data = $_POST['postscript_meta'];
// update_post_meta( $post_id, $meta_key, $form_data );
// If any user-submitted form fields have a value.
// (implode() reduces array values to a string to do the check).
if (isset($_POST['postscript_meta']) && implode($_POST['postscript_meta'])) {
$form_data = postscript_sanitize_data($_POST['postscript_meta']);
} else {
$form_data = null;
}
// $form_data = ( isset( $_POST['postscript_meta'] ) && implode( $_POST['postscript_meta'] ) ) ? $_POST['postscript_meta'] : null;
// Add post-meta, if none exists, and if user entered new form data.
if ($form_data && '' == $meta_value) {
add_post_meta($post_id, $meta_key, $form_data, true);
// Update post-meta if user changed existing post-meta values in form.
} elseif ($form_data && $form_data != $meta_value) {
update_post_meta($post_id, $meta_key, $form_data);
// Delete existing post-meta if user cleared all post-meta values from form.
} elseif (null == $form_data && $meta_value) {
delete_post_meta($post_id, $meta_key);
// Any other possibilities?
} else {
return;
}
if (isset($_POST['tax_input'])) {
// Convert array values (term IDs) from number strings to integers.
if (isset($_POST['tax_input']['postscript_styles']) && is_array($_POST['tax_input']['postscript_styles'])) {
$style_ids = array_map('intval', $_POST['tax_input']['postscript_styles']);
wp_set_object_terms($post_id, $style_ids, 'postscripts', false);
}
if (isset($_POST['tax_input']['postscript_scripts']) && is_array($_POST['tax_input']['postscript_scripts'])) {
$script_ids = array_map('intval', $_POST['tax_input']['postscript_scripts']);
wp_set_object_terms($post_id, $script_ids, 'postscripts', false);
}
}
}
