tomdaquino
Forum Replies Created
-
I should also point out that my solution above is not the most secure option but it will work for the time being to keep the most casual of tinkerers from messing with my site. An ideal solution would be for some kind of logic in the plugin that disables the submit button if a post is not returned.
Thanks,
TomOk, so I got it worked out. You have to set custom fields to “Unique Custom Fields” in the Gravity Forms Form Editor if you want to be able edit fields with this plugin. In addition, you have to change this line in the Gravity Forms – Update Post plugin code:
$meta = get_post_meta($this->post['ID'], $field['postCustomFieldName']);To
$meta = get_post_meta($this->post['ID'], $field['postCustomFieldName'], true);This line can be found under the comment “// If a custom field is unique, get all the rows and combine them into one”
Thanks to dskvr for originally posting this fix here:
http://wordpress.org/support/topic/plugin-gravity-forms-update-post-what-does-this-plugin-do?replies=15#post-2848742-Tom
Thanks dskvr. Your custom fields fix helped me out a lot.
Best,
TomOk, I’m a doof. The ‘entries’ => true/false parameter determines whether or not the edit form creates a new form entry that can be viewed under the Entries section in the Gravity Forms administration area.
-Tom
So I was mistaken. It turns out that I am seeing the same exact problem. I’ll spare the details as to why I didn’t recognize the behavior the first time around but here’s what I’m seeing now:
I’m using a post form with custom post fields to insert data into several wp_postmeta fields. I have a separate form that I use to edit the post, including the custom post fields. When I update the post, with the edit form, the custom post fields create new meta-key/meta-value fields in wp_postmeta instead of editing the existing meta-key/meta-value data. That’s actually kind of what I would expect given the nature of the wp_postmeta table.
So I changed my post form as follows. On each of the custom post fields I checked the “Unique Custom Field” checkbox. I did not make any changes to the edit post form. When I add a post with the post form everything works fine. If I edit the post the original meta-values in the wp_postmeta table are modified instead of having new meta-key/meta-value pairs added. It should be problem solved but unfortunately, editing the post adds a bunch of unexpected data to the meta-value which totally breaks everything (my browser can’t even render the post afterwards). Here’s an example of the meta-key and meta-value before and after an edit:
Before edit:
key value
wp_year 2010After edit:
key value
wp_year a:1:{i:0;s:5:”2010″;}If I modify the edit post form and set all of the custom post fields to “Unique Custom Field”, I still see the same effect. I have yet to determine why this happens but I’m still testing various configurations.
-Tom
My workaround to this issue is actually quite easy. I added a custom, hidden field to my original post form that adds a value to a custom taxonomy I call “validation”. The hidden field is populated with a default value of {user:user_login} (see the Default Value/Insert Variable option on the Advanced Tab for the field). So with every post created by a form, the user’s login is stored in a custom taxonomy field. I add the same custom, hidden field to my edit post form that pulls the user_login value up when you edit an entry that you have permissions for. If the edit post form does not pull up a value in the validation field, that means the user either did not enter a valid post ID or they entered a post ID they do not have permissions for.
To make use of this validation so that the user cannot submit entries using the edit post form, I did the following:
On the Advanced tab for the Form Settings, check the Enable Conditional Logic checkbox. Enter the condition:
‘Hide’ this form button ‘All’ of the following match:
‘validation’ is /blank/In the second row, ‘validation’ is my custom field that should be populated with the user’s login. By /blank/ I mean leave the condition field empty. If the validation field is empty when the user tries to edit a post, the submit button for the form will not be displayed.
Also, I realized that the ‘entries’ option identified in my previous post is what allows the plugin to add a value to a field that was previously blank so most people will probably need that set as follows:
class GFUpdatePost { public $options = array( 'request_id' => 'gform_post_id' ,'post_status' => 'default' ,'capabilities' => array( 'update' => 'author' ,'delete' => 'disable' ) ,'entries' => true );I’m using tons of custom taxonomies with my posts which are a custom post type and I haven’t seen any issues. Then again maybe I haven’t tested it enough. I’ll bang on my forms a bit and see if I can reproduce the issue you are seeing. What version of WordPress and Gravity Forms are you using?
-Tom
I’m a bit of a noob and I haven’t tried it yet so sorry if this doesn’t help. I think you just have to modify the ‘delete’ line in this portion of the gravity-forms-update-post.php file to allow the delete button to appear:
class GFUpdatePost { public $options = array( 'request_id' => 'gform_post_id' ,'post_status' => 'default' ,'capabilities' => array( 'update' => 'default' ,'delete' => 'disable' ) ,'entries' => true );to:
class GFUpdatePost { public $options = array( 'request_id' => 'gform_post_id' ,'post_status' => 'default' ,'capabilities' => array( 'update' => 'default' ,'delete' => 'enable' ) ,'entries' => true );Hope it helps,
TomIt turns out this was far more simple than I anticipated. Just change the ‘update’ setting from ‘default’ to ‘author’ as shown below:
$gform_update_post = new GFUpdatePost(); class GFUpdatePost { public $options = array( 'request_id' => 'gform_post_id' ,'post_status' => 'default' ,'capabilities' => array( 'update' => 'author' ,'delete' => 'disable'It wasn’t initially obvious to me (but I blame that on my current /scared of PHP status) so maybe this will help someone else out in the future.
Best,
TomSince I last posted this, I have learned that the Gravity Forms Update Post plugin requires filters to limit what users can do while editing posts so the issue I mentioned above really has nothing to do with the Members plugin.
Thanks,
TomOk, I have to apologize for overlooking an important detail on the plugin page. I missed the fact that filters must be applied to restrict editing capabilities to the author only.
Now I just have to understand how the filters work. I’m not much good with PHP beyond very simple editing. Any assistance with creating a filter that restricts editing a post to the post’s author only would be greatly appreciated.
Thanks,
TomOk, some clarification is in order. It seems as though I am running into a bug that exposes a bit of a security hole but I’m not exactly sure where the bug is coming from (i.e. which plugin has introduced it).
I’m using the Gravity Forms plugin to create posts from a form.
I’m using the Gravity Forms + Edit Post plugin to allow posters to edit their posts through a form.If I enter the URL for editing a post through the form and provide a post ID for a post that does not belong to me, I am able to see and make changes to the post through the edit post form.
If I use the standard wp-admin edit post page and provide the ID of a post that does not belong to me, I get a message indicating that I am not allowed to edit the post. So maybe the issue is that the Gravity Forms + Edit Post plugin is somehow bypassing the role permissions established for my user.
Any thoughts would be much appreciated.
-Tom