Can a link in WordPress contain a query string that is picked up as $_POST

Looking at the pre_get_posts hook, the problem becomes apparent, the $Format variable is being pulled out of thin air:

function get_all_terms($query) 
{
    if(empty($Format))
      $Format="test 1";

    echo $Format;

This variable is undefined, you cannot declare a variable in one file then use it in in other places like this. To do that you have to declare it as a global variable, and you have to declare this in every place you want to use it.

My recommendation: don’t, there is no need for this variable, take a different approach.

Additionally, there’s a misunderstanding about URLs. WordPress does not know or care what the URL by the time it gets to the pre_get_posts step, and sometimes there is no URL! E.g. in a WP CLI command.

Query variables are just the parameters that WP_Query takes. Rewrite rules convert pretty URLs into lists of query variables, and you can put a query variable in the URL to override most of the time. But query variables isn’t meant to be a representation of what WP thinks the URL is. They can even disagree with the URL!

Instead, if you want to change behaviour based on the URL, just check the URL:

function nora_get_all_terms( \WP_Query $query ) {
    if ( !isset( $_GET['format' ] ) ) {
        return;
    }

Here we check the format URL parameter, and if it is not set, we return early. If it is set, continue the function and use $_GET['format'].

Some notes:

  • get_all_terms is a very generic name, at the very least prefix it or use a more specific name
  • global variables are bad, avoid them
  • Don’t echo out, use a tool such as query monitor to look at the query variables, or better yet, use xdebug + and IDE such as PHPStorm to look at the variables directly with a debugger
  • keep variable names to lowercase, and follow the WP coding standards
  • A decent code editor will automatically indent for you, the codes indenting is broken and this can cause easy mistakes that are impossible when indenting is correct. At a minimum, fix indenting before showing the code to other people as broken indenting makes code difficult to read and understand
  • $_POST and $_GET are populated by PHP, not WordPress. $_POST won’t be populated unless your browser made a POST request
  • Always start with the problem you were trying to solve, don’t fall into the trap of an XY question
  • Consider looking into rewrite rules, you can add a custom query variable, and remove the URL parameter entirely by embedding it in the URL itself with a format/list on the end
  • whitelist and validate the format value, otherwise people can put malicious values in and if the format value is printed anywhere on the page you’ll have a URL injection attack

Related Posts:

  1. Outputting Canonical Resource URLs Across a Multisite Network?
  2. wordpress – load a template based on the URI
  3. Set template based on query in URL
  4. URL / Templating system advice [closed]
  5. Different templates for same content, landing page from different URLs (generic, simple)
  6. How can I get all archive-URLs to use the same template?
  7. How to display custom post type?
  8. Custom Taxonomy Theme file not routing correctly
  9. how to change custom post type search template to output search results in posttype-archive.php
  10. Is there a list of all possible WordPress URL’s?
  11. How do I get the size of an attachment file?
  12. How to get slug of current category in taxonomy template?
  13. Using WordPress templating for HTML emails
  14. I put my blog on a subpage, how do I get page title?
  15. Restrict a search to a custom post type
  16. Test if page is child and has children, if so echo child pages also on grandchild pages
  17. How did you incorporate WooCommerce in your own WordPress theme?
  18. Correct process for a new Page Template?
  19. Templates & CSS – Proper Programming Practice?
  20. A shared custom taxonomy between two custom post types
  21. Creating a custom category page with pagination
  22. Passing & Reading URL Parameters with URL re-writing
  23. New Template — copy existing template and change code? [duplicate]
  24. Same template for all the terms of a taxonomy
  25. Modifying searchform.php and search.php to have two kinds of searches
  26. Create a WordPress template without navigation and footer
  27. Template redirect is_tax() not working
  28. Hide Front-End Admin Bar Including 32 px Spacing
  29. Passing variables to template parts
  30. Show template loaded
  31. Change directory where get_header(), get_footer() and get_sidebar() look for templates
  32. How can I make my custom templates respect permissions?
  33. How to format shortcode’s HTML in external file
  34. How to replace WordPress sidebars (widget areas) with Gutenberg
  35. Unable to include a template
  36. Turning on the 404 page on localhost
  37. Checking for page templates in child theme
  38. Is there an action hook that fires just before a template is loaded?
  39. post edit button on front end
  40. What’s the equivalent of front-page.php for a custom static page?
  41. Remove query string specific key value
  42. Stylesheet comment header: Which header names are mandatory? [duplicate]
  43. How to add posts list to a page template?
  44. Valid HTML in Template Part
  45. Missing ‘Page Attributes’
  46. Why do I get the same excerpt for all items in my RSS feed?
  47. What is this code trying to do? It was the cause of my 20s TTFB
  48. get_post_metadata() undefined when used in loop in RSS template
  49. the_excerpt producing empty output
  50. Problem when linking out to separate file within foreach loop
  51. Conditional tags or Multiple files
  52. Getting term description in single post template
  53. Cannot edit style.css from admin panel, because the template is looking for style.min.css
  54. Can I add a default Block to my custom theme?
  55. Remove post templates from the selection box menu when creating a single post
  56. How to convert the WordPress meta box Page Attributes->Page Template dropdown to radio buttons?
  57. global variables in templates
  58. Real Time Page Template Preview in WP Admin [closed]
  59. Best practice to update the file header.php
  60. page-{slug}.php vs. template-{slug}.php
  61. Understanding the Template hierarchy
  62. wp_enqueue_style and different styles for blog template
  63. Can I have both front-page.php and index.php?
  64. get_header(), get_footer() from plugin template
  65. Problem creating a custom category page with pagination
  66. If Posted After Date
  67. how can I add a “read more” tag directly in the template?
  68. Update template without undoing all my edits?
  69. How to get and set the post tag value within WP Query from URL?
  70. Is it possible to access plugin data from a custom feed template?
  71. How to use a template file to show all post having same metakey
  72. Automate configuration after new/hosted installation
  73. Modify just ONE page based on a template
  74. which template does wp_ tag_ cloud point to?
  75. Pagination problem (plugin wp-pagenavi) with a custom post type?
  76. Add an anchor link to a ‘plain’ HTML file, without over-writing the entire site?
  77. Template part including not working
  78. Parent/Child themes – both CSS files loaded
  79. front-page.php includes a placeholder text field. How to get rid of it?
  80. Display a custom 404 page without a redirect
  81. Why wordpress custom template comments shows Undefined index?
  82. Template and URL parameter problem
  83. get_users by role returns all users
  84. Validating Error with submit button
  85. How can I alter a post?
  86. What is the purpose of the $before and $after arguments on the the_title() function?
  87. Remove ” Browse Category : ” from Archive title
  88. When to use content-pagename.php?
  89. Using external file with WP_USE_THEMES set to false causing 404
  90. Current URL path variable
  91. How to install a wordpress website template on an existing website?
  92. Custom Archive with Content for Custom Post Type
  93. Why is my no-results.php template moving my sidebar and footer into the main container?
  94. Given a page ID, how to display entire page (header/content/footer/sidebars) from a plugin hook
  95. Any way to insert text on page from a query results?
  96. Show page title just from the first child-page in template
  97. How to know which page/file WordPress is expecting?
  98. AJAX requests within templates
  99. How to get the real address from a url (permalink)
  100. Page.php vs Single.php
techhipbettruvabetnorabahisbahis forumuedusedusedusedusedusedueduedusedusedus