Used Tesla.Enjoy Free 888+200 Daily Legal Bonus

Resolved NeoCrash
(@neocrash)

3 years ago
Hi there. Playing around with the free version found some issues.
How can I get in the validation, a $_GET parameter passed originally to the page that renders an update form?

Here the scenario
I use a page to update the posts using the filter post_id. I check for the parameter ?_GET[‘art’]. if founded I use it to load the post in the form.
```
add_filter('acfe/form/load/post_id/form=prop_edit', 'mod_origen_prop', 10, 3);
function mod_origen_prop($post_id, $form, $action){
    if (isset($_GET['art'])) {
        return $_GET['art'];
    } 
}
```
after that, I use the post_arg filter to catch the original post
```
add_filter('acfe/form/submit/post_args/form=prop_edit', 'my_form_post_args', 10, 4);
function my_form_post_args($args, $type, $form, $action){
    if (isset($_GET['art'])) {
        $args['ID'] = $_GET['art'];
    } 
    return $args;
}
```
//So far this works like a charm, if any mistakes while copying and simplifying here please ignore them.

But trying to validate the form, the parameter $_GET[‘art’] is no longer available. I want to validate if the user has permission to edit this post, therefore I used:
add_action(‘acfe/form/validation/form=prop_edit’, ‘valida_edicion’, 10, 2);
```
function valida_edicion($form, $post_id){
    if (isset($_GET['art'])){ //always is negative. $_GET['art']  is not defined
       //Validate permission routine to update here
      
    }
}
```
So finally my question, how can I get in the validation filter, the $_GET[‘art’] parameter passed originally to the page that renders the update form?

Thank you for your time
- This topic was modified 3 years ago by NeoCrash.

Viewing 4 replies - 1 through 4 (of 4 total)

Thread Starter NeoCrash
(@neocrash)

3 years ago
Solution founded while sleeping, I’m sure you all have these epiphanies while sleeping ??

I just need to pass the post_id using a form argument.
I defined the form argument while loading the form
```
add_filter('acfe/form/load/form=prop_edit', 'my_form_settings', 10, 2);
function my_form_settings($form, $post_id){
    
    // Add currently eddited post_ID got it from the URL parameter
    $form['post_id'] = $_GET['art'];
    
    return $form;
    
}
```
Finally, I can use this form argument, during validation, to access to the edited post ID.
```
add_action('acfe/form/validation/form=prop_edit', 'valida_edicion', 10, 2);
function valida_edicion($form, $post_id){
     $id_actualizar = $form['post_id'];

    //Note that $post_id argument only returns the post ID of the page where the form is rendered, not the post_id of the edited post (read original support request post).
   //I call the function that validates if the user is administrator, editor or is the author of the currently edited post. It needs the post_id.

   if (!permiso_modificar($id_actualizar)){
         acfe_add_validation_error('prop_estado', 'No tienes permiso para modificar esta propiedad. Si considera que a ocurrido un error, contacte soporte técnico.');
     }
}
```
Left here the whole history for the next users.
- This reply was modified 3 years ago by NeoCrash.
Plugin Author Konrad Chmielewski
(@hwk-fr)

3 years ago
Hello,

Thanks for the feedback!

I’m glad to hear that you found the solution to your question. Here are few important notes about your code and logic:

– The $_GET['art'] is not passed to the ACF validation process, because that process is handled by ACF with an Ajax Request, which is independant of the current page request (so you don’t have access to $_GET).

– In your first code snippet, you return a value inside an if() statement. Since it’s a filter, it’s important to always return a value, even outside a condition, otherwise you will break the hook. Correct usage example:
```
add_filter('acfe/form/load/post_id/form=prop_edit', 'mod_origen_prop', 10, 3);
function mod_origen_prop($post_id, $form, $action){
    if (isset($_GET['art'])) {
        return $_GET['art'];
    }
    
    // always return a value!
    return $post_id;
}
```
– Generally speaking, when retrieving a value passed as an URL parameter with a $_GET, you should always validate it before using the value in your code logic. So you will avoid users with malicious intent who could try to edit a restricted page. You should always check that the value is a number, check the post type of that ID, and make sure the current user have access to edit it.

– The solution you found to use the acfe/form/load hook is a the good way to pass custom data to the form. But I would recommend to not use the $form['post_id'] argument and leave it as default (managed by ACF/ACF Extended). You can create you own argument like that:
```
$form['art'] = $_GET['art'];
```
And then retrieve it in the acfe/form/validation hook using:
```
$art = $form['art'];
```
You’ll find more info about passing custom data to the form in the documentation here.

Hope it helps!

Have a nice day!

Regards.
Thread Starter NeoCrash
(@neocrash)

3 years ago

Awesome, all understood.

Is true about always returning a value in a function, is coding 101, hehe I missed that.

I′ll modify the argument, as you suggested, so the $form[‘post_id’] is as default, to avoid issues.

Thank you so much

Plugin Author Konrad Chmielewski
(@hwk-fr)

3 years ago

You’re welcome!

If you enjoy this plugin and its support, feel free to submit a review. It always helps and it’s much appreciated ??

Have a nice day!

Regards.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘passing arguments to the validation’ is closed to new replies.