[wp-hackers] How do filters access variables outside of their function?

Otto otto at ottodestruct.com
Fri Aug 27 21:55:30 UTC 2010


Check to see if the variable is set before trying to use it. That
avoids the warning.

if ( !isset( $_POST['my_noncename']  ) || !wp_verify_nonce(
$_POST['my_noncename'], 'secret ') )
   return;

This is basically only needed with warnings on. Most people don't
bother, and most examples don't show it this way either, because
frankly it's kind of pointless unless you're a stickler for
eliminating warnings.

-Otto



On Fri, Aug 27, 2010 at 4:44 PM, Ken <Ken at adcstudio.com> wrote:
> Howdy Hackers,
>
> The apparently recommended way of doing nonce in add_meta_box for custom
> types is something like:
>
> add_action('add_meta_boxes', 'my_add_meta_box');
> add_action('save_post', 'my_save_post'), 10, 2 );
> function my_save_post( $post_ID, $post ) {
>        if ( defined('DOING_AUTOSAVE') && DOING_AUTOSAVE )
>                return;
>        if ( !wp_verify_nonce( $_POST['my_noncename'], 'secret') )
>                return;
>        if ( $post->post_type != 'custom_post_type' )
>                return;
>        if ( !current_user_can('edit_post') )
>                return;
>        $data = array();
>        $data[0] = $_POST['my_field_1'];
>        $data[1] = $_POST['my_field_2'];
>        update_post_meta($post_ID, 'my_post_meta', $data);
> }
> function my_add_meta_box($post) {
>        $value = get_post_meta($post->ID, 'my_post_meta', $data);
>        <input type="hidden" name="my_noncename" id="my_noncename"
> value="<?php echo wp_create_nonce( 'secret' ); ?>" />
>        <input type="text" id="my_field_1" name="my_field_1" value="<?php
> echo $value['my_field_1']; ?>" />
>        <input type="text" id="my_field_2" name="my_field_2" value="<?=@
> $value['my_field_2']; ?>" /> // example suppression
> }
>
> But unfortunately, with WP_DEBUG on, it writes notices (undefined index at
> $_POST line number etc.) on the 'add new' screen and actually breaks the
> "Appearance -> Menus" ajax responses so that you can't "Add to Menu"
> reliably if at all. (If you've got Firebug, the net tab will show the ajax
> request response... starts with "<br />")
>
> @$_POST suppresses on the Add New screen, but with the Menu Admin it isn't
> working as well (I might have some other error I suppose). Seems to work
> just fine and dandy without WP_DEBUG enabled, but it's been suggested to
> develop with it on, so should I just deal with the bugs that debugging
> creates? LOL
>
> Is there better Example code out there? I'd rather do it cleaner then @
> suppression...
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list