CPT gd_place中的我的Wordpress文本字段package_id应该仅接受已知和受信任值的有限列表中的数据,这些值因用户而异,例如role_one只能输入1,role_two只能输入2,role_tree只能输入3。
我首先编写了此函数,用CSS隐藏了输入字段
function safe_package( $data ) {
if( 'gd_place' != $data['post_type'] ){
return $data;
//This is for one CPT only
}
$user = wp_get_current_user();
if(!is_admin() && !current_user_can('administrator')){
//Does NOT run in the backend and also takes the admin role into account
if(current_user_can('role_one')){
$data['package_id'] = 1;
return $data;
}
else if (current_user_can('role_two')){
$data['package_id'] = 2;
return $data;
}
else if (current_user_can('role_three')){
$data['package_id'] = 3;
return $data;
}
} else {
//do nothing new
return $data;
}
}
add_filter( 'wp_insert_post_data', 'safe_package' );
但是,仅验证用户输入(白名单)和update_post_meta($ post-> ID,'package_id',$ safe_package);
由于每个用户角色的选项是有限的,也许仅仅替换任何错误的输入就有意义...熟悉验证的人吗?