[wp-trac] [WordPress Trac] #43019: Hook to validate post form data before save
WordPress Trac
noreply at wordpress.org
Thu Oct 28 03:18:42 UTC 2021
#43019: Hook to validate post form data before save
-------------------------------------+------------------------------
Reporter: henry.wright | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Database | Version:
Severity: major | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+------------------------------
Comment (by Starbuck):
After research I came here looking for the requested feature.
In option.php, a similar feature was added for ticket:38903, where filter
`pre_update_option` returns a filtered option value, and if that value is
the same as the original, it does not go through the update.
So in my code if there is an issue with user-entered data I reset the
value to the original and set an admin notice. (For better UX the choice
to reset or leave the invalid value is configurable.)
The "side effect" functionality in option.php and post.php, with
`wp_insert_post_data` (and `wp_insert_attachment_data`) as suggested in
comment:11, is adequate but not at all elegant.
@rafdizzle86 was correct that the `$wpdb->update` function returns `false`
if `$data` is null. But a little further down in post.php, if
$update=false I believe `$wpdb->insert` will choke on bad `$data`.
So rather than relying on this side effect, which is subject to break, I'm
proposing a new consistent hook for both post types and options, to be
executed immediately before `$wpdb->update` and `$wpdb->insert`. This will
clearly allow for a final validation of data prior to the write operation:
Ref: https://core.trac.wordpress.org/browser/branches/5.8/src/wp-
includes/option.php#L487
New:
{{{
$verified = apply_filters('final_option_verification', $option,
$update_args);
$result = $verified && $wpdb->update( $wpdb->options, $update_args, array(
'option_name' => $option ) );
if ( ! $result ) { // existing next lines
return false;
}
}}}
Ref: https://core.trac.wordpress.org/browser/branches/5.8/src/wp-
includes/post.php#L4196
New:
{{{
$verified = apply_filters('final_post_verification', $post_ID, $data);
if ( !$verified || false === $wpdb->update( $wpdb->posts, $data, $where )
) { ...
}}}
Ref: https://core.trac.wordpress.org/browser/branches/5.8/src/wp-
includes/post.php#L4219
New:
{{{
$verified = apply_filters('final_post_verification', $post_ID, $data);
if ( !$verified || false === $wpdb->insert( $wpdb->posts, $data ) ) { ...
}}}
A better and consistent naming pattern for the filter might be:
"final_{$type}_verification". Types can include:
- post_insert
- post_update
- attachment_insert
- attachment_update
- post_delete
- post_trash
This would allow the hook to be used for many other purposes in-core, and
can be adopted as a final confirmation standard outside of the core, like
'final_customer_archive_verification'.
This ticket as been waiting for 4 years for processing and might be
resolved with just a few carefully-placed lines of code. I've never
submitted a PR here but I can implement and test this functionality if it
seems worthy, and will read-up on how to properly submit the PR. Thanks.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43019#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list