Home Forums Newsletter Plugin Support friendly urls, no .php ending

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • #10687
    szepe.viktor
    Participant

    Dear Stefano!

    Please consider the WP-way add_rewrite_rule() etc. instead of
    /wp-content/plugins/newsletter/do/subscribe.php
    calling direct php files.

    It could be e.g. /newsletter/subcribe/ given /newsletter/ is not a pre-existing page.

    Thank you!

    #10699
    Stefano
    Keymaster

    Uhm, but that rule with the add_tag are not to customize the wp_query object? I don’t know if wordpress has a something to register an address that fire an hook… I already checked that in the past without success…

    #10722
    szepe.viktor
    Participant

    The rewritten URLs would be only for the user. These URLs won’t trigger anything.
    This short Codex page is about handling POST requests:
    http://codex.wordpress.org/Plugin_API/Action_Reference/admin_post_%28action%29
    So the forms’ action are always wp-admin/admin-post.php

    As far as I am concerned in PHP security, it is pretty dangerous “to open up” own php files for user interaction.
    All plugin files should begin with

    if (false === defined('ABSPATH')) {
        die();
    }

    or similar.
    I hope that helps making your plugin(s) better.
    Do you need a demo plugin that does POST-ing from a nice URL?

    #10723
    Stefano
    Keymaster

    Hi, any example would be useful, but I must deal with get as well. The activation from an email cannot be a post.

    I’ve taken a look right now to admin post, seeing the “nopriv” is managed for call without a logged in user. It’s a good thing and it seems to manage the GET as well (or better there is no filters).

    So yes, that page should be used instead of a custom one (even if the custom one is lighter because it does not load all administrative API which is not useful in my case).

    The real important advantage is that I can solve the problems with users with file permission problems.

    Thank you!

    #10727
    szepe.viktor
    Participant

    As for the GETs:

    http://www.website.net/newsletter/unsubscribe?n=TOKENBASE64
    http://www.website.net/newsletter/clicktrack?n=TOKENSTRING
    The URL path has the static part: the action,
    the GET contains the dynamic part: the user’s token.

    Please consider using a real (secret) token instead of base64 encoded actual data.

    Let’s see: http://wordpress.stackexchange.com/questions/138610/how-to-handle-post-reqests-the-wordpress-way-without-including-admin-api

    #10728
    Stefano
    Keymaster

    Hi, maybe I’m missing something: how can I merge the custom url with the admin-post.php call?

    They seems two distinct approaches. I’ve already asked on forums if WordPress has a way to register “service URLs”, but I haven’t got answers.

    #10729
    szepe.viktor
    Participant

    Sorry! Those (the nice URL approach and the admin-post.php call) were mixed in my head.

    #10730
    Stefano
    Keymaster

    Don’t worry. The admin-post.php seems the better solution:
    – it’s a standard
    – the page is always there
    – it is almost surely executable (no permission problem like in plugins folder)
    – it activates WordPress in the right way

    The only problem… it loads the server more than need for the subscription… and using it for link tracking could be a problem, actually.

    #10731
    szepe.viktor
    Participant

    You can see here all WP files that reference wp-load:

    #10732
    szepe.viktor
    Participant
    #10733
    szepe.viktor
    Participant

    (click on the link 3 times )

    #10734
    Stefano
    Keymaster

    Three times?

    #10735
    szepe.viktor
    Participant

    Click on the link above then on the anchor text “3 times”

    #10736
    Stefano
    Keymaster

    Ok, sorry, I already know about those files, but no one seems actually made to create services. So on my plugin I use the include wp-load.php, even if they all say it’s not good. I wonder why it’s not good while WordPress does it exactly in wp-comments-post.php to manage the post of a comment from the frontend.

    🙂

Viewing 14 posts - 1 through 14 (of 14 total)
  • You must be logged in to reply to this topic.