New Plugin Review

Now I’ve seen your code, I think the reviewer is wrong:

  • they’re talking about the form in agg-as-options.php, which is handled the way I describe below
  • except they’re wrong:
    • the form is processed in the agg_options function, not outside of a function as they say
    • this is only shown and processed on the admin aggregate-options page, i.e. only for admin users on that page and not all visitors.
      (Your bracket indentation isn’t completely clear throughout, but this should be obvious even at first glance.)
  • you are loading agg-as-options.php even if we’re not in admin site, though; you could explicitly put that in an if ( is_admin() ) { test (which means admin site, not admin permissions).

I’d guess it’s something like the code in this question (the first example I could find):

  • you generate a form on the page which posts back to the same page
  • you have some code similar to if ( isset( $_POST['miguels_form'] ) ) { in the plugin that looks for submissions from that form and processes them, where ‘miguels_form’ is a hidden field or submit button value that you’re using to identify submissions from that particular form
  • this code is at the top level in your plugin, i.e. it will run on all pages, not just pages that display your form, at the point that the plugin is loaded.

The approach in the question that I’ve linked is to move the $_POST handler into the shortcode that renders the form in the first place, or into a separate shortcode that just processes the POST and outputs the ‘thank you’ message instead. That should address their comment about this code not being in a function. Or there are probably other theme or hook mechanisms to restrict this to a single page.

The first time I saw this pattern I didn’t like it, but I’m not sure there are many better ways:

  • you can instead write some script to POST the form data as JSON to a new REST API endpoint, or to an old-style admin-ajax endpoint, but that relies on client side script.
  • or you could post to a non-WordPress PHP file, but I don’t really like that either.

So I guess this pattern is OK: they just want you to restrict checking for form POSTs to the page that you’ll be posting to. I’m not aware of any better no-script ways to do this.

(I don’t however buy their comment that this will make your code slow and unwieldy, unless PHP lazy-initializes the $_POST global because it is expensive to do so – and I can’t imagine either that it’s lazy or that it is expensive, except for e.g. file uploads.)

Related Posts:

  1. Disable External Pingacks on WordPress Posts and Only Allow ‘Self Pings’
  2. How to Send Pingbacks for all Posts in WordPress?
  3. Fatal error: Call to undefined function plugin_dir_path()
  4. Dynamic URL to reference custom PHP files
  5. Why is PHP Cookie via plugin only set when logged in as Admin and not regular users? and other questions
  6. Custom plugin issue when trying to use the shortcode twice on a page [closed]
  7. Using wp_get_image_editor in a standalone script
  8. Use template for posts with a particular category grandparent
  9. Making Quote Plugin more efficient
  10. How to access function from outside of a class within this class in WP plugin?
  11. PHP can I add line numbers to file_get_contents()
  12. Query all posts of a custom taxonomy term
  13. Adding Default Settings to Theme My Login plugin
  14. Swapping wp_dropdown_categories function with wp_category_checklist
  15. How to access global variable $menu inside a class function
  16. How can I remove a function that has been added to wordpress with add_filter?
  17. Get post id in a function when edit/add a post
  18. what is the best practice to add new field to an api route
  19. Retrieve $_POST data submitted from external URL in WordPress(NOT API)
  20. wp_trim_words() does not work with my code Am I doing any mistake in my code?
  21. How to call plugin function per site in a multisite?
  22. WordPress Custom field Colors
  23. Redirect to another page using contact form 7? [closed]
  24. Which PHP page is the Default Posts Page
  25. How to obtain the current website URL in my theme?
  26. What exactly do this function declared into functions.php file of a WP theme?
  27. How to use html inside a functions.php code?
  28. Plugin Generate Unexpected output during activation
  29. Function works everywhere, how to keep it to execute when creating a new post
  30. Using data sent via AJAX in multiple functions on a WP plugin
  31. Is it possible to define variables in a wordpress shortcode, and then call the shortcode using a specific variable?
  32. Pagination on Custom Post
  33. Custom meta box values are not getting saved for my custom post type
  34. how to save checkbox data for custom setting?
  35. How to use mysql LIKE with wpdb?
  36. Reading settings in the home page precisely home.php
  37. get post id from wp_insert_post for get_template_part
  38. Call to undefined function error in plugin
  39. Execute Jquery when a specific page in my plugin is loading
  40. send popup after wp_redirect()
  41. remove specificly the last tag in all posts
  42. Using ACF Relationship field to set post type to draft or published status
  43. How to change basename url for wp-admin?
  44. Post form – AJAX won’t upload featured image – Plugin development
  45. Reliable way to add nonce to HTTP Header in WordPress?
  46. Only the first image uploads
  47. Add Pre-Defined Value to Click Counter in WordPress
  48. Illegal string offset checkbox
  49. ssl redirect function is not working
  50. Custom plugin: how do I call a PHP file if settings option is set to true?
  51. posts_per_page displays only 2 posts instead of 4 posts
  52. How can i avoid duplicate same post in wp?
  53. Display a custom name when the user has no name settle in his account
  54. In a foreach loop, how can I add a meta value if it doesn’t exist?
  55. How to override theme’s public static function inside of a trait?
  56. Enqueue sripts and styles only if function is called
  57. post_exists stops working in a scheduled event
  58. Send POST request to Flask app from functions.php file
  59. How to center all text body in single.php at once?
  60. Taxonomy Child Term, Counter is staying on 0
  61. Getting page / post URL on publish and / or update
  62. Displaying POST content with HTML tags and all
  63. PHP get_category() function redeclared
  64. Using Tag Groups: Displaying groups and adjacent tags of current post
  65. How to Request a User to Register on Landing at a Site, Then Automatically Delete the Users Password on Logout?
  66. Setting at job with shortcode not working
  67. How do I get the featured post to share on Social Media and show on Individual Post pages?
  68. Private messaging – Getting and displaying the avatar/url of a message recipient
  69. insert thumbnail image from php script
  70. Can’t put a hyperlink on Featured Post’s Image
  71. Weird Behaviour: Not all WordPress Posts appearing
  72. Published custom posts missing
  73. WordPress get_post_meta issue
  74. Insert wordpress tags below posts via functions.php
  75. Permission error on plugin save
  76. Trying to see if page is category or single and displaying title with appropriate heading tag
  77. Trouble using wordpress functions in a pop-up modal form
  78. Issues separating my Plugin pages into different files
  79. how can I make content from a plugin hidden when user is logged in? [duplicate]
  80. How to modify this function to exclude also the post belonging to a specific category?
  81. How to display the date under the post title?
  82. display php code in header using wp_head()
  83. How do I change the Go To Categories link in the term_updated_messages
  84. WP Custom tables query
  85. Add multiple HTML attributes to an Elementor button
  86. WooCommerce: write featured image dimensions to custom fields in product’
  87. How do I get a function to work in single.php
  88. transition_post_status hook, works – but not if the post is new
  89. Passing the name of selected color from the custom component to `render_callback`
  90. Dynamic Email Handler with ‘header (“Location: …’
  91. Implement OAuth2 in custom plugin
  92. login redirect based on user role not work as expected
  93. redirect user from login page if is logged
  94. How to lock users account until approvation
  95. Variable ++ in query loop
  96. Generate and upload screenshot as featured image for user-submitted post
  97. a problem in class in class-wp-hook.php
  98. WordPress REST API – Custom field not added to pages
  99. change title of page dynamically
  100. Custom plugin doesn’t show in admin menu – when code added, displays an empty page