admin管理员组文章数量:1312895
I have a custom file I made called:
/wp-content/plugins/listrak-newsletter-api/listrak-newsletter-api.php
When I try to call it in WordPress, I get redirected to a 404 page. But the file exists 100% at that location. So I'm confused. This is on PHP 7.4 as well.
The php is contacted by a HTML form on the front end. The php just communicates with a 3rd party via soap.
This is the HTML for that:
<div class="block-title"><span>EMAIL NEWSLETTER</span></div>
<div class="tnp tnp-widget">
<form action="/wp-content/plugins/listrak-newsletter-api/listrak-newsletter-api.php" method="post">
<p>Sign up for our free email newsletter</p>
<div class="tnp-field tnp-field-email"><label>Email</label>
<input class="email" name="listrak-email" required="" type="email"></div>
<div class="tnp-field tnp-field-button"><input class="tnp-submit" value="Subscribe now!" type="submit"></div>
<input name="action" id="action" value="subscribe" type="hidden" />
<input name="redirect" id="redirect" value="/email-subscribe-success" type="hidden"/>
</form>
</div>
This is the PHP:
<?php
$host = $_SERVER['HTTP_HOST'];
if (isset($_POST['action'])) {
$email = $_POST['listrak-email']; //obtain email from post, place into $email variable
$email = filter_var($email, FILTER_SANITIZE_EMAIL); //sanitizing email
if ($host == "www.test1" || $host == "test1") { //if host is, login and use listid
$sh_param = array( //setting username & password array
'UserName' => "",
'Password' => ""
);
$authvalues = new SoapVar($sh_param, SOAP_ENC_OBJECT); //encoding username and password array
$headers[] = new SoapHeader("/", 'WSUser', $sh_param);
$soapClient = new SoapClient(".asmx?WSDL", array(
'trace' => 1,
'exceptions' => true,
'cache_wsdl' => WSDL_CACHE_NONE,
'soap_version' => SOAP_1_2
));
$soapClient->__setSoapHeaders($headers);
$params = array( //parameters for soap xml integration with listrak
'WSContact' => array(
'EmailAddress' => $email,
'ListID' => ''
),
'ProfileUpdateType' => 'Overwrite',
'OverrideUnsubscribe' => true
);
try {
$rest = $soapClient->SetContact($params); //using SetContact method, send parameters
}
catch (SoapFault $e) { //if an error occurs, display it
echo '<pre>';
print($e->getMessage());
echo '</pre>';
}
}
}
$redirect = $_POST['redirect'];
header('Location: ' . $redirect);
?>
I have a custom file I made called:
/wp-content/plugins/listrak-newsletter-api/listrak-newsletter-api.php
When I try to call it in WordPress, I get redirected to a 404 page. But the file exists 100% at that location. So I'm confused. This is on PHP 7.4 as well.
The php is contacted by a HTML form on the front end. The php just communicates with a 3rd party via soap.
This is the HTML for that:
<div class="block-title"><span>EMAIL NEWSLETTER</span></div>
<div class="tnp tnp-widget">
<form action="/wp-content/plugins/listrak-newsletter-api/listrak-newsletter-api.php" method="post">
<p>Sign up for our free email newsletter</p>
<div class="tnp-field tnp-field-email"><label>Email</label>
<input class="email" name="listrak-email" required="" type="email"></div>
<div class="tnp-field tnp-field-button"><input class="tnp-submit" value="Subscribe now!" type="submit"></div>
<input name="action" id="action" value="subscribe" type="hidden" />
<input name="redirect" id="redirect" value="/email-subscribe-success" type="hidden"/>
</form>
</div>
This is the PHP:
<?php
$host = $_SERVER['HTTP_HOST'];
if (isset($_POST['action'])) {
$email = $_POST['listrak-email']; //obtain email from post, place into $email variable
$email = filter_var($email, FILTER_SANITIZE_EMAIL); //sanitizing email
if ($host == "www.test1" || $host == "test1") { //if host is, login and use listid
$sh_param = array( //setting username & password array
'UserName' => "",
'Password' => ""
);
$authvalues = new SoapVar($sh_param, SOAP_ENC_OBJECT); //encoding username and password array
$headers[] = new SoapHeader("http://webservices.listrak/v31/", 'WSUser', $sh_param);
$soapClient = new SoapClient("https://webservices.listrak/v31/IntegrationService.asmx?WSDL", array(
'trace' => 1,
'exceptions' => true,
'cache_wsdl' => WSDL_CACHE_NONE,
'soap_version' => SOAP_1_2
));
$soapClient->__setSoapHeaders($headers);
$params = array( //parameters for soap xml integration with listrak
'WSContact' => array(
'EmailAddress' => $email,
'ListID' => ''
),
'ProfileUpdateType' => 'Overwrite',
'OverrideUnsubscribe' => true
);
try {
$rest = $soapClient->SetContact($params); //using SetContact method, send parameters
}
catch (SoapFault $e) { //if an error occurs, display it
echo '<pre>';
print($e->getMessage());
echo '</pre>';
}
}
}
$redirect = $_POST['redirect'];
header('Location: ' . $redirect);
?>
- 3 You should not make direct requests to PHP files in your plugin or theme, it is bad practice, a security risk, and causes issues. Instead there are lots of alternative methods depending on how you plan to use this. E.g. rewrite rules, REST API endpoints, form handlers, etc. What you have here can be used for resource exhaustion and denial of service attacks by snooping on the request with the browser dev tools network tab, then resending it from a script with altered values – Tom J Nowell ♦ Commented Jan 1, 2021 at 23:51
1 Answer
Reset to default 1You don't need to submit the form to the PHP script - the script simply needs to be included or required by PHP - this makes the code within it available to your entire application.
As Tom pointed out in his comments, there are security risks to this approach - but it is also not required - most PHP applications includes hundreds or thousands of files on each page load - the trick here is not find the secure and performant way to include your code in the right part of the page load flow.
As you want to capture POSTED form data, you need to check the $_POST object for the data you have posted from your form, then validate it and run additional sanity checks - and then process it.
本文标签: pluginsMy custom php file keeps 40439ing in WordPress when I call it What am I missing
版权声明:本文标题:plugins - My custom php file keeps 404'ing in WordPress when I call it. What am I missing? 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741872654a2402282.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论