/** * Display a metabox form & save it on submission * @since 1.0.0 * @param array $meta_box Metabox config array * @param int $object_id Object ID * @param boolean $return Whether to return or echo form * @return string CPMB html form markup */ function cpmb_metabox_form($meta_box, $object_id, $echo = true) { // Make sure that our object type is explicitly set by the metabox config cpmb_Meta_Box::set_object_type(cpmb_Meta_Box::set_mb_type($meta_box)); // Save the metabox if it's been submitted // check permissions // @todo more hardening? if (isset($_POST['submit-cpmb'], $_POST['object_id'], $_POST['wp_meta_box_nonce']) && wp_verify_nonce($_POST['wp_meta_box_nonce'], cpmb_Meta_Box::nonce()) && $_POST['object_id'] == $object_id) { cpmb_save_metabox_fields($meta_box, $object_id); } // Show specific metabox form // Get cpmb form ob_start(); cpmb_print_metabox($meta_box, $object_id); $form = ob_get_contents(); ob_end_clean(); $form_format = apply_filters('cpmb_frontend_form_format', '<form class="cpmb-form" method="post" id="%s" enctype="multipart/form-data" encoding="multipart/form-data"><input type="hidden" name="object_id" value="%s">%s<input type="submit" name="submit-cpmb" value="%s"></form>', $object_id, $meta_box, $form); $form = sprintf($form_format, $meta_box['id'], $object_id, $form, __('Save', 'cpmb')); if ($echo) { echo $form; } return $form; }