I'm working on a plugin which submits data via a form from a custom admin page. This is a simplified version of my form:
<form action="<?php echo plugin_dir_path(); ?>/process.php" method="post">
<input type="text" name="keyName">
<input type="submit" value="Update">
</form>
The form is inside my main php file for the plugin, so it has access to all the WordPress functions like the plugin_dir_path() I called above.
However when the user clicks the "submit" button, and the $_POST variable is submitted to the "process.php" script, I lose access to all the WordPress functions in that process script.
I searched how to add WordPress functions into external scripts and I saw this question: How can I call WordPress core functions in external scripts?
The answer provided is that I include this line of code at the top of my processing script:
require_once("wp-load.php");
However when I do the "wp-load.php" is appended to the end of the current url which results in a 404 type error. I can't use the "get_site_directory()" function to point to the main WordPress install directory because it's a WordPress function.
How can I make this work? Is there an action hook I should be using to submit the form vs my own custom submit button?
I'm working on a plugin which submits data via a form from a custom admin page. This is a simplified version of my form:
<form action="<?php echo plugin_dir_path(); ?>/process.php" method="post">
<input type="text" name="keyName">
<input type="submit" value="Update">
</form>
The form is inside my main php file for the plugin, so it has access to all the WordPress functions like the plugin_dir_path() I called above.
However when the user clicks the "submit" button, and the $_POST variable is submitted to the "process.php" script, I lose access to all the WordPress functions in that process script.
I searched how to add WordPress functions into external scripts and I saw this question: How can I call WordPress core functions in external scripts?
The answer provided is that I include this line of code at the top of my processing script:
require_once("wp-load.php");
However when I do the "wp-load.php" is appended to the end of the current url which results in a 404 type error. I can't use the "get_site_directory()" function to point to the main WordPress install directory because it's a WordPress function.
How can I make this work? Is there an action hook I should be using to submit the form vs my own custom submit button?
Share Improve this question edited Nov 18, 2018 at 9:00 Krzysiek Dróżdż 25.6k9 gold badges53 silver badges74 bronze badges asked Nov 18, 2018 at 7:38 YAHsavesYAHsaves 1471 gold badge1 silver badge7 bronze badges1 Answer
Reset to default 8You should never post anything to plugins files directly. It's almost always a security flaw and it prevents site owner from hardening the site properly (in perfect situation no requests to PHP files inside wp-content should be necessary at all)
Good practice is that you use admin_post actions... (similar to admin_ajax).
So your form should look like so:
<form action="<?php echo esc_attr('admin-post.php'); ?>" method="post">
<input type="hidden" name="action" value="my_action" />
<input type="text" name="keyName">
<input type="submit" value="Update">
</form>
And then in your plugin you add your action method:
add_action( 'admin_post_my_action', 'prefix_admin_my_action' );
add_action( 'admin_post_nopriv_my_action', 'prefix_admin_add_foobar' );
function prefix_admin_my_action() {
// Handle request then generate response using echo or leaving PHP and using HTML
}
PS. It's always a good idea to include some nonces inside that form too.