Home › Forums › Newsletter Plugin Support › friendly urls, no .php ending
- This topic has 13 replies, 2 voices, and was last updated 9 years, 8 months ago by
Stefano.
-
AuthorPosts
-
March 14, 2014 at 11:46 am #10687
szepe.viktor
ParticipantDear Stefano!
Please consider the WP-way add_rewrite_rule() etc. instead of
/wp-content/plugins/newsletter/do/subscribe.php
calling direct php files.It could be e.g. /newsletter/subcribe/ given /newsletter/ is not a pre-existing page.
Thank you!
March 16, 2014 at 8:48 am #10699Stefano
KeymasterUhm, but that rule with the add_tag are not to customize the wp_query object? I don’t know if wordpress has a something to register an address that fire an hook… I already checked that in the past without success…
March 19, 2014 at 11:40 pm #10722szepe.viktor
ParticipantThe rewritten URLs would be only for the user. These URLs won’t trigger anything.
This short Codex page is about handling POST requests:
http://codex.wordpress.org/Plugin_API/Action_Reference/admin_post_%28action%29
So the forms’ action are always wp-admin/admin-post.phpAs far as I am concerned in PHP security, it is pretty dangerous “to open up” own php files for user interaction.
All plugin files should begin withif (false === defined('ABSPATH')) { die(); }
or similar.
I hope that helps making your plugin(s) better.
Do you need a demo plugin that does POST-ing from a nice URL?March 20, 2014 at 10:24 am #10723Stefano
KeymasterHi, any example would be useful, but I must deal with get as well. The activation from an email cannot be a post.
I’ve taken a look right now to admin post, seeing the “nopriv” is managed for call without a logged in user. It’s a good thing and it seems to manage the GET as well (or better there is no filters).
So yes, that page should be used instead of a custom one (even if the custom one is lighter because it does not load all administrative API which is not useful in my case).
The real important advantage is that I can solve the problems with users with file permission problems.
Thank you!
March 20, 2014 at 1:00 pm #10727szepe.viktor
ParticipantAs for the GETs:
http://www.website.net/newsletter/unsubscribe?n=TOKENBASE64
http://www.website.net/newsletter/clicktrack?n=TOKENSTRING
The URL path has the static part: the action,
the GET contains the dynamic part: the user’s token.Please consider using a real (secret) token instead of base64 encoded actual data.
March 20, 2014 at 1:56 pm #10728Stefano
KeymasterHi, maybe I’m missing something: how can I merge the custom url with the admin-post.php call?
They seems two distinct approaches. I’ve already asked on forums if WordPress has a way to register “service URLs”, but I haven’t got answers.
March 20, 2014 at 2:05 pm #10729szepe.viktor
ParticipantSorry! Those (the nice URL approach and the admin-post.php call) were mixed in my head.
March 20, 2014 at 2:09 pm #10730Stefano
KeymasterDon’t worry. The admin-post.php seems the better solution:
– it’s a standard
– the page is always there
– it is almost surely executable (no permission problem like in plugins folder)
– it activates WordPress in the right wayThe only problem… it loads the server more than need for the subscription… and using it for link tracking could be a problem, actually.
March 20, 2014 at 3:24 pm #10731szepe.viktor
ParticipantMarch 20, 2014 at 3:24 pm #10732March 20, 2014 at 3:25 pm #10733szepe.viktor
Participant(click on the link 3 times )
March 20, 2014 at 3:37 pm #10734Stefano
KeymasterThree times?
March 20, 2014 at 4:26 pm #10735szepe.viktor
ParticipantClick on the link above then on the anchor text “3 times”
March 20, 2014 at 4:35 pm #10736Stefano
KeymasterOk, sorry, I already know about those files, but no one seems actually made to create services. So on my plugin I use the include wp-load.php, even if they all say it’s not good. I wonder why it’s not good while WordPress does it exactly in wp-comments-post.php to manage the post of a comment from the frontend.
🙂
-
AuthorPosts
- You must be logged in to reply to this topic.