/** * Takes $_POST data and saves it to, calling save_to_post_meta() once validation is passed * When using Fieldmanager as an API, do not call this function directly, call save_to_post_meta() * @param int $post_id * @return void */ public function save_fields_for_quickedit($post_id) { // Make sure this field is attached to the post type being saved. if (!isset($_POST['post_type']) || defined('DOING_AUTOSAVE') && DOING_AUTOSAVE || $_POST['action'] != 'inline-save') { return; } $use_this_post_type = false; foreach ($this->post_types as $type) { if ($type == $_POST['post_type']) { $use_this_post_type = true; break; } } if (!$use_this_post_type) { return; } // Ensure that the nonce is set and valid if (!$this->is_valid_nonce()) { return; } // Make sure the current user can save this post if ($_POST['post_type'] == 'post') { if (!current_user_can('edit_post', $post_id)) { $this->fm->_unauthorized_access(__('User cannot edit this post', 'fieldmanager')); return; } } $this->save_to_post_meta($post_id); }
/** * Saves custom term fields * @access public * @param int $term_id * @param int $tt_id * @param string $taxonomy * @return void */ public function save_term_fields($term_id, $tt_id, $taxonomy) { // Make sure this field is attached to the taxonomy being saved and this is the appropriate action if (!in_array($taxonomy, $this->taxonomies)) { return; } // Make sure that our nonce field arrived intact if (!$this->is_valid_nonce()) { return; } // Make sure the current user can save this post $tax_obj = get_taxonomy($taxonomy); if (!current_user_can($tax_obj->cap->manage_terms)) { $this->fm->_unauthorized_access(__('User cannot edit this term', 'fieldmanager')); return; } // Save the data $this->save_to_term_meta($term_id, $taxonomy); }
/** * Takes $_POST data and saves it to, calling save_to_post_meta() once validation is passed * When using Fieldmanager as an API, do not call this function directly, call save_to_post_meta() * @param int $post_id * @return void */ public function save_fields_for_post($post_id) { // Make sure this field is attached to the post type being saved. if (empty($_POST['post_ID']) || defined('DOING_AUTOSAVE') && DOING_AUTOSAVE || $_POST['action'] != 'editpost') { return; } // Make sure this hook fired on the post being saved, not a side-effect post for which the $_POST context is invalid. if ($post_id !== absint($_POST['post_ID'])) { return; } // Prevent saving the same post twice; FM does not yet use revisions. if (get_post_type($post_id) == 'revision') { return; } // Make sure this post type is intended for handling by this FM context. if (!in_array(get_post_type($post_id), $this->post_types)) { return; } // Do not handle quickedit in this context. if ($_POST['action'] == 'inline-save') { return; } // Verify nonce is present and valid. If present but not valid, this // throws an exception, but if it's absent we can assume our data is // not present. if (!$this->is_valid_nonce()) { return; } // Make sure the current user is authorized to save this post. if ($_POST['post_type'] == 'post') { if (!current_user_can('edit_post', $post_id)) { $this->fm->_unauthorized_access(__('User cannot edit this post', 'fieldmanager')); return; } } $this->save_to_post_meta($post_id); }