I have written a custom plugin (that creates a custom post type) and allows any user to submit a new post from a form on my website. To prevent bots, I have setup an e-mail confirmation code which they must click, where this changes the post status from Draft to Published.
Unfortunately the wp_mail() code shown below seems to be executing this confirmation URL automatically. As soon as the post is submitted, it is set to Draft until it reaches this code, and then it automatically publishes.
Removing this block makes everything work as expected. Does anyone have any idea as to the reason and how to fix it?
$confirm_url = site_url(). '/verification?id=' . $post_id . '&hash=" . $hash;
// Send a verification e-mail to the user to confirm publication
$subject = "Please confirm your Slicer Profile submission';
$body = $confirm_url;
wp_mail( $profile_email, $subject, $body );
Please try the following, I think having a return from the site_url() function could be creating a problem with the $confirm_url variable.
That and you have an unescaped slash in your url.
$site_url = site_url();
$confirm_url = $site_url. '\/verification?id=' . $post_id . '&hash=" . $hash;
// Send a verification e-mail to the user to confirm publication
$subject = "Please confirm your Slicer Profile submission';
$body = $confirm_url;
wp_mail( $profile_email, $subject, $body );
You might need to switch to magic-quotes too, ie:
$site_url = site_url();
$confirm_url = "{$site_url}/verification?id={$post_id}&hash={$hash}";
// Send a verification e-mail to the user to confirm publication
$subject = "Please confirm your Slicer Profile submission";
$body = $confirm_url;
wp_mail( $profile_email, $subject, $body );
The parenthesis around the variables in the double-quotes aren’t necessary, but some devs find them easier to read in long strings.
