Permalink
Browse files

Fix #248, #249, also [link](http://www.deluxeblogtips.com/forums/view…

…topic.php?id=422)

Shorten checks when saving posts:
- revert check for autosave, using constants. The function `wp_is_post_autosave` is not realiable when current post is Draft
- remove check for user permission, as WP already does that
- remove check for inline-save as verifying nonce is enough

Note: nonce now is verified only, no "permission" nag is displayed when it's invalid. We just return in that case. This won't block other code to execute.
  • Loading branch information...
1 parent 9e7b8d6 commit 6221daa84542386b2031915e147cc03ed1ab7088 @rilwis committed Mar 23, 2013
Showing with 6 additions and 21 deletions.
  1. +6 −21 inc/classes/meta-box.php
View
@@ -418,34 +418,19 @@ static function meta( $meta, $post_id, $saved, $field )
*/
function save_post( $post_id )
{
- $post = get_post( $post_id );
-
- // Get proper post type
- $post_type = null;
- if ( $post )
- $post_type = $post->post_type;
- elseif ( isset( $_POST['post_type'] ) && post_type_exists( $_POST['post_type'] ) )
- $post_type = $_POST['post_type'];
-
- $post_type_object = get_post_type_object( $post_type );
-
// Check whether:
- // - the post is autosaved (including revision), @see wp_is_post_autosave()
- // - current post type is supported
- // - user has proper capability
- // - in Quick edit mode, @see http://wordpress.org/support/topic/quick-edit-not-working-and-problem-located
+ // - form is submitted properly
+ // - the post is autosaved
+ $autosave = defined('DOING_AUTOSAVE') && DOING_AUTOSAVE;
if (
- ( $this->meta_box['autosave'] != (bool) wp_is_post_autosave( $post ) )
- || current_user_can( $post_type_object->cap->edit_post )
- || ( 'inline-save' == $_POST['action'] )
+ empty( $_POST["nonce_{$this->meta_box['id']}"] )
+ || !wp_verify_nonce( $_POST["nonce_{$this->meta_box['id']}"], "rwmb-save-{$this->meta_box['id']}" )
+ || $this->meta_box['autosave'] != $autosave
)
{
return;
}
- // Verify nonce
- check_admin_referer( "rwmb-save-{$this->meta_box['id']}", "nonce_{$this->meta_box['id']}" );
-
// Save post action removed to prevent infinite loops
remove_action( 'save_post', array( $this, 'save_post' ) );

0 comments on commit 6221daa

Please sign in to comment.