Permalink
Browse files

Fixes for saving and _wpnonce

  • Loading branch information...
1 parent 5b70c67 commit 7fd1efdf9cd06c2e7e290835871a95e7b7b69af5 @sc0ttkclark sc0ttkclark committed Aug 12, 2012
Showing with 30 additions and 13 deletions.
  1. +4 −5 classes/Pods.php
  2. +20 −4 classes/PodsAPI.php
  3. +6 −4 classes/PodsAdmin.php
View
@@ -267,25 +267,24 @@ public function field ( $params, $single = false ) {
pods_no_conflict_off( $this->pod_data[ 'type' ] );
}
else {
- // Not ready yet
- return $value;
-
// Dot-traversal
$pod = $this->pod;
$tbl_row_ids = $this->id();
$all_fields = array();
$lookup = $traverse;
- if ( !empty( $lookup ) )
- unset( $lookup[ 0 ] );
+ //if ( 1 < count( $lookup ) )
+ //unset( $lookup[ 0 ] );
// Get fields matching traversal names
$fields = $this->api->load_fields( array(
'name' => $lookup,
'type' => $tableless_field_types
) );
+ pods_debug( $fields );
+
if ( !empty( $fields ) ) {
foreach ( $fields as $row ) {
$field = $this->api->load_field( array(
View
@@ -1796,7 +1796,9 @@ public function save_pod_item ( $params ) {
$object_type = 'post';
delete_metadata( $object_type, $params->id, $field, true );
- update_metadata( $object_type, $params->id, $field, $values );
+
+ if ( !empty( $values ) )
+ update_metadata( $object_type, $params->id, $field, $values );
}
// File relationships
@@ -1807,6 +1809,9 @@ public function save_pod_item ( $params ) {
$weight = 0;
foreach ( $values as $id ) {
+ if ( empty( $id ) )
+ continue;
+
pods_query( "INSERT INTO `@wp_pods_rel` (`pod_id`, `field_id`, `item_id`, `related_item_id`, `weight`) VALUES (%d, %d, %d, %d, %d)", array(
$params->pod_id,
$field_id,
@@ -1863,6 +1868,9 @@ public function save_pod_item ( $params ) {
$weight = 0;
foreach ( $values as $id ) {
+ if ( empty( $id ) )
+ continue;
+
if ( !empty( $related_pod_id ) && !empty( $related_field_id ) ) {
if ( 'meta' == $related_pod[ 'storage' ] && !in_array( $related_pod[ 'type' ], array( 'taxonomy', 'pod', 'table', '' ) ) ) {
$object_type = $related_pod[ 'type' ];
@@ -3055,18 +3063,23 @@ public function load_fields ( $params, $strict = false ) {
if ( !empty( $params->name ) ) {
$fields = implode( "', '", $params->name );
- $lookup = "`post_name` IN ('{$fields}')";
+ $lookup[] = "`post_name` IN ( '{$fields}' )";
}
if ( !empty( $params->id ) ) {
$fields = implode( ", ", $params->id );
- $lookup = "`ID` IN ({$fields})";
+ $lookup[] = "`ID` IN ( {$fields} )";
}
$lookup = implode( ' AND ', $lookup );
- $result = pods_query( "SELECT `ID`, `post_name, `post_parent` FROM `@wp_posts` WHERE `post_type` = %s AND ( {$lookup} )" );
+ $result = pods_query( "SELECT `ID`, `post_name`, `post_parent` FROM `@wp_posts` WHERE `post_type` = '_pods_field' AND ( {$lookup} )" );
+
+ if ( defined( 'PODS_DEVELOPER' ) && PODS_DEVELOPER ) {
+ pods_debug( $result );
+ pods_debug( $params->type );
+ }
$fields = array();
@@ -3078,6 +3091,9 @@ public function load_fields ( $params, $strict = false ) {
'pod_id' => $field->post_parent
) );
+ if ( defined( 'PODS_DEVELOPER' ) && PODS_DEVELOPER )
+ pods_debug( $field );
+
if ( empty( $params->type ) || in_array( $fields[ 'type' ], $params->type ) )
$fields[ $field[ 'name' ] ] = $field;
}
View
@@ -678,18 +678,20 @@ public function admin_ajax () {
'safe' => null,
'access_pod_specific' => null,
'name' => $params->method,
- 'custom_nonce' => false
+ 'custom_nonce' => null
);
$method = (object) array_merge( $defaults, (array) $methods[ $params->method ] );
+ if ( true !== $method->custom_nonce && ( !isset( $params->_wpnonce ) || false === wp_verify_nonce( $params->_wpnonce, 'pods-' . $params->method ) ) )
+ pods_error( __( 'Unauthorized request', 'pods' ), $this );
+
// Cleaning up $params
unset( $params->action );
unset( $params->method );
- unset( $params->_wpnonce );
- if ( false === $method->custom_nonce && ( !isset( $params->_wpnonce ) || false === wp_verify_nonce( $params->_wpnonce, 'pods-' . $params->method ) ) )
- pods_error( __( 'Unauthorized request', 'pods' ), $this );
+ if ( true !== $method->custom_nonce )
+ unset( $params->_wpnonce );
if ( true === $method->access_pod_specific ) {
$priv_val = false;

0 comments on commit 7fd1efd

Please sign in to comment.