I ran into a strange Problem today developing a new Plugin.
I set it up as usual, creating the f711-roomprice folder in the Plugindirectory, and creating the f711-roomprice.php as well as an inc directory in there.
Everything worked fine with the activation hook and the included functions, until i created an include:
include('inc/filter-savepost.php');
this file contained the following code:
add_action( 'save_post', 'f711_roomprice_meta_box_save' );
function f711_roomprice_meta_box_save( $post_id ) {
if( !isset( $_POST['f711_roomprice_prices'] ) ) return;
if( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) return;
if( !isset( $_POST['meta_box_nonce'] ) || !wp_verify_nonce( $_POST['meta_box_nonce'], 'f711_roomprice_box_nonce' ) ) return;
if( !current_user_can( 'edit_post', $post_id ) ) return;
foreach( $_POST['f711_roomprice_prices'] as $room => $seasons ) {
foreach( $seasons as $season => $price ) {
f711_roomprice_insert( $room, $season, $price );
}
}
}
After including the file in my main plugin file, I got an Error resulting in a white screen on Saving a post, everything else worked fine.
The function f711_roomprice_meta_box_save is called, confirmed this with an wp_die('f711_roomprice_meta_box_saveis called') in there.
Now the strangest thing is, i placed the code (exactly the same as in the include file) in my main Plugin file, and skipped the include of course. Now it works just as I want it to.
I also tried just adding the save_post action in the main Plugin file and including the function from inc/filter-savepost.php, still got the wrong result as before.
What am I doing wrong here? Is the placement of the Code (Hooks, Functions) really important in a Plugin, or is it just something on my part gone wrong?
2 Answers
I’m not sure if
if( !current_user_can( 'edit_post', $post_id ) ) return;
really works. Maybe the current user isn’t set up there and you’ll have to work around it by passing the user ID in a hidden field, then retrieving it using
$user = get_user_by( 'id', esc_attr( $_POST['user_id'] ) );
wp_set_current_user( $user->user_id );
if ( ! current_user_can( 'edit_post', $post_id )
wp_die( 'Not allowed' );
