IT Nursery
  • 1010 Avenue of the Moon
    New York, NY 10018 US.
  • Mon - Sat 8.00 - 18.00
    Sunday: Closed
  • Get A Quote
  • WordPress

    • How to call WordPress functions from a form processing script

    • IT Nursery
    • May 11, 2022
    • 0

    I’m working on a plugin which submits data via a form from a custom admin page. This is a simplified version of my form:

    <form action="<?php echo plugin_dir_path(); ?>/process.php" method="post">
    <input type="text" name="keyName">
    <input type="submit" value="Update">
</form>

    The form is inside my main php file for the plugin, so it has access to all the WordPress functions like the plugin_dir_path() I called above.

    However when the user clicks the “submit” button, and the $_POST variable is submitted to the “process.php” script, I lose access to all the WordPress functions in that process script.

    I searched how to add WordPress functions into external scripts and I saw this question: How can I call WordPress core functions in external scripts?

    The answer provided is that I include this line of code at the top of my processing script:

    require_once("wp-load.php");

    However when I do the “wp-load.php” is appended to the end of the current url which results in a 404 type error. I can’t use the “get_site_directory()” function to point to the main WordPress install directory because it’s a WordPress function.

    How can I make this work? Is there an action hook I should be using to submit the form vs my own custom submit button?

    1 Answer
    1

    You should never post anything to plugins files directly. It’s almost always a security flaw and it prevents site owner from hardening the site properly (in perfect situation no requests to PHP files inside wp-content should be necessary at all)

    Good practice is that you use admin_post actions… (similar to admin_ajax).

    So your form should look like so:

    <form action="<?php echo esc_attr('admin-post.php'); ?>" method="post">
    <input type="hidden" name="action" value="my_action" />
    <input type="text" name="keyName">
    <input type="submit" value="Update">
</form>

    And then in your plugin you add your action method:

    add_action( 'admin_post_my_action', 'prefix_admin_my_action' );
add_action( 'admin_post_nopriv_my_action', 'prefix_admin_add_foobar' );

function prefix_admin_my_action() {
    // Handle request then generate response using echo or leaving PHP and using HTML
}

    PS. It’s always a good idea to include some nonces inside that form too.

    Tags:

    Leave a Reply

    Your email address will not be published. Required fields are marked *