pdewouters · February 10, 2013 17:05
diff --git a/meta-data-serialization.php b/meta-data-serialization.php
 <?php
 /**
 * An example function used to demonstrate how to use the `user_can_save` function
 * that provides boilerplate security checks when saving custom post meta data.
 *
 * The ultimate goal is provide a simple helper function to be used in themes and
 * plugins without the need to use a set of complex conditionals and constants.
 *
 * Instead, the aim is to have a simplified function that's easy to read and that uses
 * WordPress APIs.
 *
 * The DocBlocks should provide all information needed to understand how the function works.
 */
 public function save_meta_data( $post_id ) {

 	if( user_can_save( $post_id, 'meta_data_nonce' ) ) {

 		/* ---------------------------------------- */
 		/* -- Actual serialization work occurs here */
 		/* ---------------------------------------- */

    } // end if

 } // end save_meta_data

 /**
 * Determines whether or not the current user has the ability to save meta data associated with this post.
 *
 * @param		int		$post_id	The ID of the post being save
 * @param		bool				Whether or not the user has the ability to save this post.
 */
 function user_can_save( $post_id, $nonce ) {
 	
    $is_autosave = wp_is_post_autosave( $post_id );
    $is_revision = wp_is_post_revision( $post_id );
    $is_valid_nonce = ( isset( $_POST[ $nonce ] ) && wp_verify_nonce( $_POST[ $nonce ], plugin_basename( __FILE__ ) ) ) ? true : false;
    
    // Return true if the user is able to save; otherwise, false.
    return ! ( $is_autosave || $is_revision ) && $is_valid_nonce;

 } // end user_can_save
	<?php
	/**
	* An example function used to demonstrate how to use the `user_can_save` function
	* that provides boilerplate security checks when saving custom post meta data.
	*
	* The ultimate goal is provide a simple helper function to be used in themes and
	* plugins without the need to use a set of complex conditionals and constants.
	*
	* Instead, the aim is to have a simplified function that's easy to read and that uses
	* WordPress APIs.
	*
	* The DocBlocks should provide all information needed to understand how the function works.
	*/
	public function save_meta_data( $post_id ) {

	if( user_can_save( $post_id, 'meta_data_nonce' ) ) {

	/* ---------------------------------------- */
	/* -- Actual serialization work occurs here */
	/* ---------------------------------------- */

	} // end if

	} // end save_meta_data

	/**
	* Determines whether or not the current user has the ability to save meta data associated with this post.
	*
	* @param int $post_id The ID of the post being save
	* @param bool Whether or not the user has the ability to save this post.
	*/
	function user_can_save( $post_id, $nonce ) {

	$is_autosave = wp_is_post_autosave( $post_id );
	$is_revision = wp_is_post_revision( $post_id );
	$is_valid_nonce = ( isset( $_POST[ $nonce ] ) && wp_verify_nonce( $_POST[ $nonce ], plugin_basename( __FILE__ ) ) ) ? true : false;

	// Return true if the user is able to save; otherwise, false.
	return ! ( $is_autosave \|\| $is_revision ) && $is_valid_nonce;

	} // end user_can_save