admin管理员组

文章数量:1134232

I am trying to develop a plug-in that has a search field and uses WP_List_Table. The plug-in is strictly for the backend and searches the users in the database and returns them along with some other meta from an additional plug-in.

When I do a search for the user the hidden input fields of _wpnonce and _wp_http_referer are added to the url string. The _wpnonce is not that big of a deal but the _wp_http_referer is a problem.

If the person using the plug-in keeps doing multiple searches the _wp_http_referer string becomes so long in the URL that it gives an error: Request-URI Too Large The requested URL's length exceeds the capacity limit for this server.

So how do I either stop the hidden values from appearing in the URL or reset _wp_http_referer each time the search button is clicked?

I am trying to develop a plug-in that has a search field and uses WP_List_Table. The plug-in is strictly for the backend and searches the users in the database and returns them along with some other meta from an additional plug-in.

When I do a search for the user the hidden input fields of _wpnonce and _wp_http_referer are added to the url string. The _wpnonce is not that big of a deal but the _wp_http_referer is a problem.

If the person using the plug-in keeps doing multiple searches the _wp_http_referer string becomes so long in the URL that it gives an error: Request-URI Too Large The requested URL's length exceeds the capacity limit for this server.

So how do I either stop the hidden values from appearing in the URL or reset _wp_http_referer each time the search button is clicked?

  • search
  • nonce
  • wp-list-table
Share Improve this question asked Oct 9, 2012 at 19:54 KenKen 2284 silver badges12 bronze badges 5
  • Which table class you are extending? This doesn't seem like something root WP_List_Table does. – Rarst Commented Oct 9, 2012 at 22:23
  • I am extending the WP_List_Table. I am using the search_box() to search the users in the database. I have this and the display() wrapped in a form with method="get" and action="". Everything works it displays table fine, returns data fine. But I during testing every time I search the _wp_http_referer gets added to the previous one. And appears in the URL. – Ken Commented Oct 10, 2012 at 14:57
  • How much control do you have over the code that's generating the form? Can't you use POST instead of GET? Can't you filter out the '_wp_http_referer' parameter from the previous URL? – Tomas Buteler Commented Oct 12, 2012 at 0:40
  • I tried to follow what the core was using and that was GET. POST kept the url clean but when I tried it would return nothing in the list. – Ken Commented Oct 12, 2012 at 4:17
  • take a look at wp-admin/edit.php it checks for any actions and removes the query arguments then redirects. I've added a filter on the init action to do something similar. – Cristian Commented Nov 21, 2012 at 18:43
Add a comment  | 

2 Answers 2

Reset to default 4

This issue arrises because of a couple of problems:

1) WP_List_Table::search_box() inserts the default _wpnonce and _wp_http_referer fields by using wp_nonce_field() without giving you the ability to override and say "I've already go a nonce field thanks".

2) You need to use GET as your method of form submission when subclassing WP_List_Table because WP_List_Table::print_column_headers() only checks $_GET for the current orderby and order parameters and uses $_SERVER['REQUEST_URI'] for constructing its header links. If you don't use GET as the form method you'll loose the search parameter when sorting a column.

There are a couple of ways to stop the Request-URI Too Large The requested URL's length exceeds the capacity limit for this server error:

A) Because all the nonce checking functions are able to use either a _wp_http_referer request field or fallback to the appropriate header for the referrer you can remove the _wp_http_referer query arg early on in the processing.

Therefore a simple way to resolve this issue is by adding the following very early on in the prepare_items() function of your WP_List_Table subclass.

$_SERVER['REQUEST_URI'] = remove_query_arg( '_wp_http_referer', $_SERVER['REQUEST_URI'] );

B) The arguably better and more secure way would be to switch to the POST form submission method and update $_SERVER['REQUEST_URI'] in prepare_items() with all the parameters you care about once you've compiled them so that WP_List_Table::print_column_headers() functions as expected.

$options = array(
    'blog_id'     => $blog_id,
    's'           => $search,
    'record_type' => $record_type,
    'orderby'     => $orderby,
    'order'       => $order,
);

// Update the current URI with the new options.
$_SERVER['REQUEST_URI'] = add_query_arg( $options, $_SERVER['REQUEST_URI'] );

Add the following code just above the prepare_items() function

if ( ! empty( $_REQUEST['_wp_http_referer'] && ! empty( $_SERVER['REQUEST_URI'] ) ) ) {
    $url = esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) );
    $url = remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), $url );

    wp_safe_redirect( $url );

    exit;
}

本文标签: searchHow to stop wpnonce and wphttpreferer from appearing in URL

版权声明:本文标题:search - How to stop _wpnonce and _wp_http_referer from appearing in URL 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736839588a1955041.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。