WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Redundant verification in add_meta_box() example (2 posts)

  1. egorpromo
    Member
    Posted 2 years ago #

    Hi!
    The description of add_meta_box() function has one example: http://codex.wordpress.org/Function_Reference/add_meta_box#Example

    Inside myplugin_save_postdata() function I view some verification. I write in it here:

    // verify this came from the our screen and with proper authorization,
      // because save_post can be triggered at other times
    
      if ( !wp_verify_nonce( $_POST['myplugin_noncename'], plugin_basename( __FILE__ ) ) )
          return;
    
      // Check permissions
      if ( 'page' == $_POST['post_type'] )
      {
        if ( !current_user_can( 'edit_page', $post_id ) )
            return;
      }
      else
      {
        if ( !current_user_can( 'edit_post', $post_id ) )
            return;
      }

    I suppose that it is redundant verification and it is not necessary in this function. The data saving will be in secure always. Nonce exists in the form outside metabox which is added in the example. I suppose that user with another capabilities can't save data anyway.
    I think that it is not necessary to use code above for saving in secure. Correct me if i wrong.

  2. egorpromo
    Member
    Posted 2 years ago #

    There is no reply here and I think it is redundant. So I close my topic.

Topic Closed

This topic has been closed to new replies.

About this Topic