I looking at the docs for add_meta_box
. They used a nonce.
wp_nonce_field( plugin_basename( __FILE__ ), 'myplugin_noncename' );
I am wondering, probably the save post form itself should already have a nonce so this is redundant?
I looking at the docs for add_meta_box
. They used a nonce.
wp_nonce_field( plugin_basename( __FILE__ ), 'myplugin_noncename' );
I am wondering, probably the save post form itself should already have a nonce so this is redundant?
You must be logged in to post a comment.
Yes, the save action has a nonce already. But you donât know it â so you cannot validate it. Besides that, you may want to fill a meta box from other places like a user profile or the dashboard, and then you need your own nonce anyway.
An example from my current work: There is a custom post type
domicile
with a booking schedule meta box. My client is the agent or broker (English is not my native language â¦) for the domicile and fills the schedule from the editor for the CPT. But the owners of the domiciles can fill the schedule too â from their dashboard. I just load all booking schedules they are assigned to and they edit them without ever seeing the complete data of the domicile.Without separate nonces this would be very awkward.