Redundant verification in add_meta_box() example

  • Resolved egorpromo

    (@egorpromo)


    13 years, 1 month ago

    Hi!
    The description of add_meta_box() function has one example: https://codex.www.ads-software.com/Function_Reference/add_meta_box#Example

    Inside myplugin_save_postdata() function I view some verification. I write in it here:

    // verify this came from the our screen and with proper authorization,
  // because save_post can be triggered at other times

  if ( !wp_verify_nonce( $_POST['myplugin_noncename'], plugin_basename( __FILE__ ) ) )
      return;

  // Check permissions
  if ( 'page' == $_POST['post_type'] )
  {
    if ( !current_user_can( 'edit_page', $post_id ) )
        return;
  }
  else
  {
    if ( !current_user_can( 'edit_post', $post_id ) )
        return;
  }

    I suppose that it is redundant verification and it is not necessary in this function. The data saving will be in secure always. Nonce exists in the form outside metabox which is added in the example. I suppose that user with another capabilities can’t save data anyway.
    I think that it is not necessary to use code above for saving in secure. Correct me if i wrong.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Redundant verification in add_meta_box() example’ is closed to new replies.