WordPress.org
Get WordPress
WordPress.org

WordPress Developer Resources

WP_Customize_Manager::save()

WP_Customize_Manager::save()

In this article

Back to top

Handles customize_save WP Ajax request to save/update a changeset.

Source

public function save() {
	if ( ! is_user_logged_in() ) {
		wp_send_json_error( 'unauthenticated' );
	}

	if ( ! $this->is_preview() ) {
		wp_send_json_error( 'not_preview' );
	}

	$action = 'save-customize_' . $this->get_stylesheet();
	if ( ! check_ajax_referer( $action, 'nonce', false ) ) {
		wp_send_json_error( 'invalid_nonce' );
	}

	$changeset_post_id = $this->changeset_post_id();
	$is_new_changeset  = empty( $changeset_post_id );
	if ( $is_new_changeset ) {
		if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->create_posts ) ) {
			wp_send_json_error( 'cannot_create_changeset_post' );
		}
	} else {
		if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->edit_post, $changeset_post_id ) ) {
			wp_send_json_error( 'cannot_edit_changeset_post' );
		}
	}

	if ( ! empty( $_POST['customize_changeset_data'] ) ) {
		$input_changeset_data = json_decode( wp_unslash( $_POST['customize_changeset_data'] ), true );
		if ( ! is_array( $input_changeset_data ) ) {
			wp_send_json_error( 'invalid_customize_changeset_data' );
		}
	} else {
		$input_changeset_data = array();
	}

	// Validate title.
	$changeset_title = null;
	if ( isset( $_POST['customize_changeset_title'] ) ) {
		$changeset_title = sanitize_text_field( wp_unslash( $_POST['customize_changeset_title'] ) );
	}

	// Validate changeset status param.
	$is_publish       = null;
	$changeset_status = null;
	if ( isset( $_POST['customize_changeset_status'] ) ) {
		$changeset_status = wp_unslash( $_POST['customize_changeset_status'] );
		if ( ! get_post_status_object( $changeset_status ) || ! in_array( $changeset_status, array( 'draft', 'pending', 'publish', 'future' ), true ) ) {
			wp_send_json_error( 'bad_customize_changeset_status', 400 );
		}
		$is_publish = ( 'publish' === $changeset_status || 'future' === $changeset_status );
		if ( $is_publish && ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->publish_posts ) ) {
			wp_send_json_error( 'changeset_publish_unauthorized', 403 );
		}
	}

	/*
	 * Validate changeset date param. Date is assumed to be in local time for
	 * the WP if in MySQL format (YYYY-MM-DD HH:MM:SS). Otherwise, the date
	 * is parsed with strtotime() so that ISO date format may be supplied
	 * or a string like "+10 minutes".
	 */
	$changeset_date_gmt = null;
	if ( isset( $_POST['customize_changeset_date'] ) ) {
		$changeset_date = wp_unslash( $_POST['customize_changeset_date'] );
		if ( preg_match( '/^\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d$/', $changeset_date ) ) {
			$mm         = substr( $changeset_date, 5, 2 );
			$jj         = substr( $changeset_date, 8, 2 );
			$aa         = substr( $changeset_date, 0, 4 );
			$valid_date = wp_checkdate( $mm, $jj, $aa, $changeset_date );
			if ( ! $valid_date ) {
				wp_send_json_error( 'bad_customize_changeset_date', 400 );
			}
			$changeset_date_gmt = get_gmt_from_date( $changeset_date );
		} else {
			$timestamp = strtotime( $changeset_date );
			if ( ! $timestamp ) {
				wp_send_json_error( 'bad_customize_changeset_date', 400 );
			}
			$changeset_date_gmt = gmdate( 'Y-m-d H:i:s', $timestamp );
		}
	}

	$lock_user_id = null;
	$autosave     = ! empty( $_POST['customize_changeset_autosave'] );
	if ( ! $is_new_changeset ) {
		$lock_user_id = wp_check_post_lock( $this->changeset_post_id() );
	}

	// Force request to autosave when changeset is locked.
	if ( $lock_user_id && ! $autosave ) {
		$autosave           = true;
		$changeset_status   = null;
		$changeset_date_gmt = null;
	}

	if ( $autosave && ! defined( 'DOING_AUTOSAVE' ) ) { // Back-compat.
		define( 'DOING_AUTOSAVE', true );
	}

	$autosaved = false;
	$r         = $this->save_changeset_post(
		array(
			'status'   => $changeset_status,
			'title'    => $changeset_title,
			'date_gmt' => $changeset_date_gmt,
			'data'     => $input_changeset_data,
			'autosave' => $autosave,
		)
	);
	if ( $autosave && ! is_wp_error( $r ) ) {
		$autosaved = true;
	}

	// If the changeset was locked and an autosave request wasn't itself an error, then now explicitly return with a failure.
	if ( $lock_user_id && ! is_wp_error( $r ) ) {
		$r = new WP_Error(
			'changeset_locked',
			__( 'Changeset is being edited by other user.' ),
			array(
				'lock_user' => $this->get_lock_user_data( $lock_user_id ),
			)
		);
	}

	if ( is_wp_error( $r ) ) {
		$response = array(
			'message' => $r->get_error_message(),
			'code'    => $r->get_error_code(),
		);
		if ( is_array( $r->get_error_data() ) ) {
			$response = array_merge( $response, $r->get_error_data() );
		} else {
			$response['data'] = $r->get_error_data();
		}
	} else {
		$response       = $r;
		$changeset_post = get_post( $this->changeset_post_id() );

		// Dismiss all other auto-draft changeset posts for this user (they serve like autosave revisions), as there should only be one.
		if ( $is_new_changeset ) {
			$this->dismiss_user_auto_draft_changesets();
		}

		// Note that if the changeset status was publish, then it will get set to Trash if revisions are not supported.
		$response['changeset_status'] = $changeset_post->post_status;
		if ( $is_publish && 'trash' === $response['changeset_status'] ) {
			$response['changeset_status'] = 'publish';
		}

		if ( 'publish' !== $response['changeset_status'] ) {
			$this->set_changeset_lock( $changeset_post->ID );
		}

		if ( 'future' === $response['changeset_status'] ) {
			$response['changeset_date'] = $changeset_post->post_date;
		}

		if ( 'publish' === $response['changeset_status'] || 'trash' === $response['changeset_status'] ) {
			$response['next_changeset_uuid'] = wp_generate_uuid4();
		}
	}

	if ( $autosave ) {
		$response['autosaved'] = $autosaved;
	}

	if ( isset( $response['setting_validities'] ) ) {
		$response['setting_validities'] = array_map( array( $this, 'prepare_setting_validity_for_js' ), $response['setting_validities'] );
	}

	/**
	 * Filters response data for a successful customize_save Ajax request.
	 *
	 * This filter does not apply if there was a nonce or authentication failure.
	 *
	 * @since 4.2.0
	 *
	 * @param array                $response Additional information passed back to the 'saved'
	 *                                       event on `wp.customize`.
	 * @param WP_Customize_Manager $manager  WP_Customize_Manager instance.
	 */
	$response = apply_filters( 'customize_save_response', $response, $this );

	if ( is_wp_error( $r ) ) {
		wp_send_json_error( $response );
	} else {
		wp_send_json_success( $response );
	}
}

View all references View on Trac View on GitHub

Hooks

apply_filters( ‘customize_save_response’, array $response, WP_Customize_Manager $manager )

Filters response data for a successful customize_save Ajax request.

UsesDescription
WP_Customize_Manager::get_lock_user_data()wp-includes/class-wp-customize-manager.php

Gets lock user data.

WP_Customize_Manager::is_preview()wp-includes/class-wp-customize-manager.php

Determines whether it is a theme preview or not.

get_post_status_object()wp-includes/post.php

Retrieves a post status object by name.

wp_checkdate()wp-includes/functions.php

Tests if the supplied date is valid for the Gregorian calendar.

get_gmt_from_date()wp-includes/formatting.php

Given a date in the timezone of the site, returns that date in UTC.

WP_Customize_Manager::set_changeset_lock()wp-includes/class-wp-customize-manager.php

Marks the changeset post as being currently edited by the current user.

WP_Customize_Manager::get_stylesheet()wp-includes/class-wp-customize-manager.php

Retrieves the stylesheet name of the previewed theme.

sanitize_text_field()wp-includes/formatting.php

Sanitizes a string from user input or from the database.

WP_Customize_Manager::save_changeset_post()wp-includes/class-wp-customize-manager.php

Saves the post for the loaded changeset.

wp_generate_uuid4()wp-includes/functions.php

Generates a random UUID (version 4).

WP_Customize_Manager::changeset_post_id()wp-includes/class-wp-customize-manager.php

Gets the changeset post ID for the loaded changeset.

WP_Customize_Manager::dismiss_user_auto_draft_changesets()wp-includes/class-wp-customize-manager.php

Dismisses all of the current user’s auto-drafts (other than the present one).

wp_check_post_lock()wp-admin/includes/post.php

Determines whether the post is currently being edited by another user.

apply_filters()wp-includes/plugin.php

Calls the callback functions that have been added to a filter hook.

is_wp_error()wp-includes/load.php

Checks whether the given variable is a WordPress Error.

get_post()wp-includes/post.php

Retrieves post data given a post ID or post object.

get_post_type_object()wp-includes/post.php

Retrieves a post type object by name.

current_user_can()wp-includes/capabilities.php

Returns whether the current user has the specified capability.

wp_send_json_success()wp-includes/functions.php

Sends a JSON response back to an Ajax request, indicating success.

wp_send_json_error()wp-includes/functions.php

Sends a JSON response back to an Ajax request, indicating failure.

check_ajax_referer()wp-includes/pluggable.php

Verifies the Ajax request to prevent processing requests external of the blog.

is_user_logged_in()wp-includes/pluggable.php

Determines whether the current visitor is a logged in user.

wp_unslash()wp-includes/formatting.php

Removes slashes from a string or recursively removes slashes from strings within an array.

__()wp-includes/l10n.php

Retrieves the translation of $text.

WP_Error::__construct()wp-includes/class-wp-error.php

Initializes the error.

Show 20 moreShow less

Changelog

VersionDescription
4.7.0The semantics of this method have changed to update a changeset, optionally to also change the status and other attributes.
3.4.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.