Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new function eligible_to_save #500

Closed
wants to merge 1 commit into from
Closed

Add new function eligible_to_save #500

wants to merge 1 commit into from

Conversation

jamesgol
Copy link
Contributor

Creates a check to see if a field should be saved based on the attributes set for it. Otherwise fields set to disabled and/or readonly will be written to.

Setting a field to readonly just sets the HTML input form to readonly, it's trivial for someone to pass a different value in and change it.

@jamesgol
Add new function eligible_to_save
0c930d4 
Creats a check to see if a field should be saved based on the attributes set for it.  Otherwise fields set to disabled and/or readonly will
be written to.
@jamesgol
Copy link
Contributor Author

Related to #346

@jrfnl
Copy link
Contributor

jrfnl commented Jan 31, 2016

I would advise against this change as disabled and/or readonly field attributes are often the initial state of a field, with the attribute(s) being removed via javascript if certain conditions apply.

@jtsternberg
Copy link
Member

Sorry @jamesgol, I'm with @jrfnl in that I don't think it's safe to make those assumptions as readonly and disabled attributes are used for specific and varied purposes.

@jtsternberg
Copy link
Member

That being said, I could see using a field attribute, 'save_field', (which mirrors the CMB2 property) which, when set to false, would keep the field from saving.

@jamesgol
Copy link
Contributor Author

Perhaps adding a filter that is checked instead would be a reasonable option? It's been a bit since I worked on the project needing this and I had to change my process completely because there wasn't any way to correct this flaw.

@jtsternberg jtsternberg mentioned this pull request Jun 28, 2016
Closed
@jtsternberg
Copy link
Member

There are several filters which could be leveraged to accomplish this already.

@jamesgol
Copy link
Contributor Author

It has been so long I don't remember the specifics on the use case there, but those filters all happened much to late. It was related to a security issue where the original coder assumed that marking a field as read-only was really read-only and not just set in HTML.

Adding an additional setting is a reasonable solution, if nobody else gets to it first I'll submit a PR for it.

jamesgol added a commit to jamesgol/CMB2 that referenced this pull request Jun 28, 2016
@jamesgol
Add save_field attribute to fields
ab13b90 
Keeps specific fields from being saved.  Defaults to true, if set to false field will be skipped.

Related to CMB2#346 and CMB2#500
jtsternberg added a commit that referenced this pull request Jun 28, 2016
@jtsternberg
Introduce the 'save_field' boolean field property. Closes #346, Closes
f54c262 
 #500

For disabling the saving of a field. Useful if you want to display the
value of another field, or use a disabled/read-only field.

See example in example-functions.php
@jtsternberg
Copy link
Member

@jamesgol oops, I just pushed an update to include this, but please submit your PR and I will merge it in for the unit tests, etc, and will give you props.

jamesgol added a commit to jamesgol/CMB2 that referenced this pull request Jun 28, 2016
@jamesgol
Add unit tests for save_field
16cb1ee 
Related to CMB2#500 and CMB2#346
@jamesgol jamesgol mentioned this pull request Jun 28, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jamesgol @jrfnl @jtsternberg