38 thoughts on “Authorization and intention/origination verification when using the edit_post hook

  1. Joshua says:

    OK, I guess your_get_value() was just an example of the plugin functionality. I thought it was part of the verification model.

  2. Joshua,

    Yes, all your_*() functions are user functions. For security reasons, when presenting a value in an HTML value attribute, you’d do something like running attribute_escape() on a postmeta value.

  3. Hi Mark,

    So is there no way to pass extra form data using the XML-RPC API? I’m the author of Gengo, a multilingual plugin, and a number of people have expressed a wish to blog in multiple languages using the remote API. At the moment, because of the situation you describe above, the best I can do is set each remotely posted article as being written in the default language… Not a disaster, but not awesome… Though come to think of it, do you know of any remote authoring editors that can even send custom fields?

    Anyway, nice to get official confirmation of this – thought I was going nuts!

    Cheers,

  4. Many thanks for this post! Yesterday I’ve released a tagging plugin which is based on Jerome’s Keywords (see Simple Tagging Plugin) and a user has reported about the issue of removing all tags when editing comments under WP 2.1. Now I’ve implemented your suggestion and it works like a charm :-)

  5. Sorry for an off-topic question, but can you please let me know which technique did you use to post the code snippet in this post? I’ve been struggling with WordPress.com’s posting thing which kills indentation, converts brackets, and does all sorts of other nasty things to code.

    TIA.

  6. Leonid,

    I used <pre> and then manually encoded my entities, like &< for < and &gt; for > See also &quot; for " There are probably online tools that can do this for you.

  7. Привет.
    Продаю персональный сертификат WebMoney за $99.
    Можете проверить: WMID 322973398779 Redfern
    Всё чисто, не одной жалоб. Сделан на утерянные документы. Всё законно.
    Если нужно, то есть сертификаты ещё.
    Стучацо в личную почту на Вебмани.

    Это не спам. Не пишите на мой WMID жалобы в арбитраж Вебмани.

  8. Привет.
    Продаю персональный сертификат WebMoney за $99.

    Можете проверить: WMID 322973398779 Redfern

    Всё чисто, не одной жалоб. Сделан на утерянные документы. Всё законно.
    Если нужно, то есть сертификаты ещё.
    Стучацо в личную почту на Вебмани.

    Это не спам. Не пишите на мой WMID жалобы в арбитраж Вебмани.

  9. Hii sir, this time i’m used blogspot to make some article, and now i would like to make article with wordpress platform. I search with google and i found this site. thanks for your info about wordpress. I think can add my knowledge about this platform

Comments are closed.