前端提交表单的WP_Nonce不起作用

时间:2016-08-04 作者:Alexander Georgiev

临时工不工作。即使我省略了标题字段,它仍然会提交帖子。有什么想法吗?我只想验证每个字段,如果它是空的,您将收到一条消息(“请填写…”)然后返回页面,不发布任何内容。

function front_end_question_form() { ?>
<form id="usernotes" name="usernotes" method="post" action="">
    <div class="input-field">

    <input type="text" placeholder="Überschrift" class="fancy-input" id="title" value="<?php if ( isset( $_POST[\'title\'] ) ) echo $_POST[\'title\']; ?>" tabindex="1" size="40" name="title"  />       
    </div>

    <div class="input-field">

        <textarea id="description" placeholder="Notiz Inhalt" tabindex="2" name="description" cols="50" rows="6" class="fancy-input"><?php if ( isset( $_POST[\'description\'] ) ) { if ( function_exists( \'stripslashes\' ) ) { echo stripslashes( $_POST[\'description\'] ); } else { echo $_POST[\'description\']; } } ?></textarea>       
    </div>

    <input type="submit" value="Speichern und an meine E-Mail-Adresse senden" tabindex="6" id="submit" name="submit" class="btn btn-primary" />
    <input type="hidden" name="post-type" id="post-type" value="usernotes" />

<?php wp_nonce_field( \'notes_nonce_field\' ); ?>

</form>
<?php

if($_POST){
    submit_notes_form();
}

}
add_shortcode(\'question\',\'front_end_question_form\');

function submit_notes_form() {

$nonce = $_REQUEST[\'_wpnonce\'];
if ( ! wp_verify_nonce( $nonce, \'notes_nonce_field\' ) ) {
  exit; // Get out of here, the nonce is rotten!
}

 else {

    // Do some minor form validation to make sure there is content
    if (isset ($_POST[\'title\'])) {
        $title =  $_POST[\'title\'];
    } else {
        echo \'Bitte, schreibe Überschrift\';
        exit;
    }
    if (isset ($_POST[\'description\'])) {
        $description = $_POST[\'description\'];
    } else {
        echo \'Bitte, schreibe Notiz Inhalt \';
        exit;
    }
    // Add the content of the form to $post as an array
    $post = array(
    \'post_title\' => wp_strip_all_tags( $title ),
    \'post_content\' => $description,
    \'post_status\' => \'publish\',         
    \'post_type\' => $_POST[\'post-type\'] 
    );
    wp_insert_post($post);
$location = site_url()."/notizen/";
    echo "<meta http-equiv=\'refresh\' content=\'0;url=$location\' />"; exit;
} //
    }

?>

1 个回复
最合适的回答,由SO网友:Syed Fakhar Abbas 整理而成

你错过了wp_nonce_field 操作名称。


wp_nonce_field(\'submit-users-note\'\'notes_nonce_field\' );

$nonce = $_POST["notes_nonce_field"];

if ( ! isset($nonce) ! wp_verify_nonce( $nonce, \'submit-users-note\' ) ) {

  exit; // Get out of here, the nonce is rotten!

}

标签: forms   front-end   nonce   小码农  

相关推荐

Forms cut off when on mobile

信用卡处理器生成的表单通过javascript加载。正常加载时,可以看到模板工作良好here, 但是移动用户看到下面的内容,无法滚动。据说表单有一个移动版本,但显然无法加载?使用以下方法将表单加载到页面上:<div id=\"bbox-root\"></div> <script type=\"text/javascript\"> window.bboxInit = function () { bbox.show