I'm passing the ABSPATH value from a wordpress theme options page to an external page which does not have access to ABSPATH. The problem is that once the value is received in the external file, the slashes are removed. How can I send the value and keep the slashes intact?
I'm passing the value for ABSPATH via a javascript window.open URL parameter like so...
<input type="button" id="templateUpload" value="Add New Template" onclick="window.open('../wp-content/themes/mytheme/myuploader.php?abspath=<?php echo ABSPATH ?>','popup','width=330,height=230,scrollbars=no,resizable=no,toolbar=no,directories=no,location=no,menubar=no,status=no'); return false" />
The view source of the above executed wordpress theme options page reads...
?abspath=C:\xampplite\htdocs\wordpress/
Which is why I believe I'm having an issue
It is the lack of JavaScript string literal escaping that has tripped you up: \x and \h are escapes in strings, so you'd need \\ to get a real backslash.
But that's not all.
<input ... onclick="window.open('.../myuploader.php?abspath=<?php echo ABSPATH ?>',... />
Here you're outputting a value into:
a URL parameter, inside
a JavaScript string literal, inside
an HTML attribute
That means you need three levels of escaping:
$uri= '../wp-content/themes/mytheme/myuploader.php?abspath='.urlencode(ABSPATH);
$jsuri= json_encode($uri);
$htmljsuri= htmlspecialchars($jsuri);
<input ... onclick="window.open(<?php echo $htmljsuri; ?>, 'popup', 'features...')" />
You can reduce that by using the HEX_ options in json_encode to ensure HTML special characters are already escaped out of the way, in PHP 5.3+:
$uri= '../wp-content/themes/mytheme/myuploader.php?abspath='.urlencode(ABSPATH);
$jsuri= json_encode($uri, JSON_HEX_QUOT|JSON_HEX_TAG|JSON_HEX_AMP);
<input ... onclick="window.open(<?php echo $jsuri; ?>, 'popup', 'features...')" />
However, anything involving multiple levels of escaping like this is confusing and generally to be avoided. Kick the JavaScript and the variable out of the markup instead, then you have only one level of escaping to worry about at once:
<input type="button" id="templateUpload" value="Add New Template" />
<script type="text/javascript">
var ABSPATH= <?php echo json_encode(ABSPATH, JSON_HEX_TAG|JSON_HEX_AMP); ?>;
document.getElementById('templateUpload').onclick= function() {
var uri= '../wp-content/themes/mytheme/myuploader.php?abspath='+encodeURIComponent(ABSPATH);
window.open(uri, 'popup', 'width=330, height=230');
};
</script>
I omitted the return false as it isn't needed for a button, which has no default action to prevent. I also removed the stuff about removing browser chrome just due to finding it quite distasteful. ;-)
Related
I am trying to modify WordPress search form, so that after user enters the word in the search bar, that word would be translated and accordingly redirected into external link (for example google). I managed to do translation, redirection, but struggle to get search query in first place.
My code:
<form id="myform" name="myform" role="search" method="get" class="search-form" action="" target="_blank" >
<input type="text" id="SearchText" value="" name="SearchText" placeholder="<?php echo esc_attr($search_text) ;?>" >
<button onclick="go()" type="submit" id="searchsubmit" class="btnsearch"></button>
</form>
Then code for translation needs input for search query $XXXXXXXXXXXXX:
$url = 'https://www.googleapis.com/language/translate/v2?key=' . $apiKey . '&q=' . rawurlencode($XXXXXXXXXXXXX) . '&source=xx&target=en';
$str = $responseDecoded['data']['translations'][0]['translatedText'];
Then I have script that would take translated search query $str:
<script type="text/javascript">
function go() {
document.myform.action = "https://www.google.com/";
document.myform.SearchText.value = "<?php echo $str ?>";
...............
}
</script>
Everything works if I put any word instead $XXXXXXXXXXXXX, but the question what here needs to be entered so that it would take original search entry.
Thank you in advance for any help.
Do you need to receive a request passed in a get parameter? You can use jquery $.get https://api.jquery.com/jquery.get/
I am using Wordpress and framework Gantry 5, I have custom html form added via JS as an innerHTML added to existing container.
I want this form values be submitted to email adress defined in WordPress administration settings. Is there any way i can achieve it?
it depends from the form action, if your form action call a function inside your wordpress (for example in function.php) you can pick the email address
get_option('admin_email')
and use it to send the post data.
If the form action call a function external to you wordpress you can add the email as an hidden field in your form
<input type="hidden" id="email" name="email" value="<?php echo get_option('admin_email'); ?>">
and get the value in the $_POST object.
Because you form is added by javascript you can add the hidden field by javascript before the form submit maybe using jquery (you also can do this in vanilla js).
If you print the script directly inline with php
$("#yourFormID").submit( function(eventObj) {
$("<input />").attr("type", "hidden")
.attr("name", "email")
.attr("value", "<?php echo get_option('admin_email'); ?>" )
.appendTo("#form");
return true;
});
If you put the script in js file you can print the hidden field outside with php and then pick the value with jquery (or also vanilla)
<input type="hidden" id="email" name="email" value="<?php echo get_option('admin_email'); ?>">
$("#yourFormID").submit( function(eventObj) {
$("<input />").attr("type", "hidden")
.attr("name", "email")
.attr("value", $('#email').val() )
.appendTo("#form");
return true;
});
I am developing a WordPress plugin that is inserted onto the page by adding a token to the page content.
So, on the page there is some introductory text with the contents of the plugin below. On postback, I would like to clear the introductory text and just show output from the plugin.
I know I could do this using jQuery by replacing the contents of $(".entry-content").html("plugin output"); but I wanted to ask if there was a WordPress native method of doing this instead.
UPDATE
The following is one of the files from the plugin. It is on the POST (the if condition) that I want to replace the page content, with the output of the function. On the GET (the else condition) I just want to append the output of the function to the content.
<?php
/*
The following code utilizes Heredoc syntax.
It is very important to note that the line with the closing identifier must contain no other characters, except a semicolon (;).
That means especially that the identifier may not be indented, and there may not be any spaces or tabs before or after the semicolon.
It's also important to realize that the first character before the closing identifier must be a newline as defined by the local operating system.
This is \n on UNIX systems, including Mac OS X.
The closing delimiter must also be followed by a newline.
*/
class WHRFContactUs {
function GenerateContactUsForm() {
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$sendgrid = new SendGrid($GLOBALS['MailAPIKey']);
$email = new SendGrid\Email();
$email
->addTo($GLOBALS['MailAPISender'])
->setReplyTo($_POST['Email'])
->setFrom($GLOBALS['MailAPISender'])
->setSubject($_POST['Subject'])
->setHtml($_POST['Message'] . '<br /><hr/>' . $_POST['FullName'] . ' ' . '(' . $_POST['Email'] . ')<br/>' . '<br />')
;
try
{
$sendgrid->send($email);
$html = <<<HTML
Your message has been successfully sent. Thank you for taking the time to provide us your feedback.
<br/><br/>
In the event that your feedback requires a response, a representative will contact you as soon as possible.
HTML;
}
catch(\SendGrid\Exception $ex)
{
echo $ex->getCode();
foreach($ex->getErrors() as $er) {
echo $er;
}
}
}
else
{
$html = <<<HTML
<form method="post" id="ContactUsForm" action="{$_SERVER['REQUEST_URI']}">
<div class="form-group">
<label for="FullName" class="sr-only">Your full name</label>
<input type="text" class="form-control" id="FullName" name="FullName" placeholder="Your full name" data-validation-required="Please enter your full name.">
</div>
<div class="form-group">
<label for="Email" class="sr-only">Your email address</label>
<input type="email" class="form-control" id="Email" name="Email" placeholder="Your email address" data-validation-required="Please enter your email address." data-validation-format="Please enter a valid email address.">
</div>
<div class="form-group">
<label for="Subject" class="sr-only">Subject</label>
<input type="text" class="form-control" id="Subject" name="Subject" placeholder="Subject" data-validation-required="Please enter a subject.">
</div>
<div class="form-group">
<label for="Message" class="sr-only">Message</label>
<textarea class="form-control" id="Message" name="Message" placeholder="Your message..." data-validation-required="Please enter a message." rows="4"></textarea>
</div>
<button type="submit" id="ContactUsFormSubmit" name="ContactUsFormSubmit" class="btn btn-primary">Send message</button>
</form>
<script type="application/javascript" src="{$GLOBALS['WHRFPluginPath']}scripts/whrf-contact-us.js"></script>
HTML;
}
return $html;
}
}
add_shortcode('ContactUsForm', array('WHRFContactUs','GenerateContactUsForm'));
?>
As mentioned in the comments, without knowing how that content is being added it isn't really possible to know how to replace it.
However, there's a possibility of achieving that in a very disruptive and ill-advised way:
Chances are that content is being added by using the filter the_content.
So you could disruptively have a high-priority modification for the content and then remove that filter to stop the other content from being added. As follows:
function my_disruptive_filter($content) {
remove_all_filters('the_content');
return 'my custom content';
}
add_filter( 'the_content', 'my_disruptive_filter', -999, 1);
I'm not 100% sure if a this would work, since I've never tried it.
Also remove_all_filters takes a second parameter that's $priority which is optional. You can target all priorities that are lower that the one using with this hook, via a for loop. But I assume without providing that parameter it would just remove all of them.
Warning
The reason that this is very disruptive is that it would prevent any other code from using that filter. Another developer (or even yourself) might want to use that filter later at some point and it won't work and you have no idea why. Could be a very difficult situation to get out of.
Also this might prevent existing plugin theme from adding their content, so if you wind up using and see missing stuff -- the reason could be this.
Note: this is really a hit-or-miss solution because it depends on how that content is being added.
The function the_content() returns the page content, if you want to overwrite this using your own plugin you should remove this line in whatever page you are (usually page.php/single.php in theme dir) with your custom plugin output.
I have a site that has 2 forms - a short form and a long form. If you look at http://dforbesinsuranceagency.com you'll see the short form next to the masthead photo. The long form is at http://dforbesinsuranceagency.com/request-free-insurance-quotes/
When the user hits Submit on the short form, it kicks them over to the long form page, so that part works fine. The part that gives me fits is that I need the values entered into the short form fields First Name, Last Name, Email Address and Telephone passed to their equivalent fields on the long form.
How do I do this?
This is how I am redirecting the short form to the long form (I added it to the Additional Settings section for the short form):
on_sent_ok: "location = 'http://dforbesinsuranceagency.com//request-free-insurance-quotes';"
Any help would be appreciated.
Hack, hack, hackety, hack hack hack... Without suggesting "not using a form-builder" I don't think there is an elegant solution - you can't use the other PHP method suggested without modifying the plugin itself (and that is a can of worms). I will propose a Javascript solution but there are some caveats (below):
jQuery(document).ready(function($){
$('#quick-quote form:first').submit(function(){
var foo = {};
$(this).find('input[type=text], select').each(function(){
foo[$(this).attr('name')] = $(this).val();
});
document.cookie = 'formData='+JSON.stringify(foo);
});
var ff = $('#container form:first');
if(ff.length){
var data = $.parseJSON(
document.cookie.match('(^|;) ?formData=([^;]*)(;|$)')[2]
);
if(data){
for(var name in data){
ff.find('input[name='+name+'], select[name='+name+']').val(data[name]);
}
}
}
});
What this will essentially do is: on submission, store your mini-form options in a cookie. On page load it will then look for a form in the main body of the page and apply any stored cookie data.
Notes
The jQuery selectors are deliberately ambiguous to avoid any future changes in your admin panel/plugin that will likely screw with the form IDs (thus breaking the script).
I'm not faffing about pairing field/option names - for example the select box in your mini-form is named insurance-type however the matching box in the main form is named ins-type - you will have to ensure they are of the same name.
This also applies to select box values - if there is no matching value, it will be ignored (eg. some of your values in the main form have » » characters in front (and so don't match).
try this.
set the action of our first form to a php file named xyz.php
<form method="post" action="xyz.php">
<input type="text" name="name">
<input type="text" name="email_address">
<input type="submit" value="Go To Step 2">
</form>
the file xyz.php will create a new form for you which in this case is your second form (the big one). Set the action of the form as required. the code of your xyz.php will look something like this.
<form method="post" action="form3.php">
<input type="text" name="name" value="<?php echo $_POST['name']; ?>">
<input type="text" name="email_address" value="<?php echo $_POST['email_address']; ?>">
<input type="radio" group="membership_type" value="Free">
<input type="radio" group="membership_type" value="Normal">
<input type="radio" group="membership_type" value="Deluxe">
<input type="checkbox" name="terms_and_conditions">
<input type="submit" value="Go To Step 3">
</form>
where the input fields of the first form will already be filled with the details given by the user in the first form.
You can create the first form by yourself and let the contact form create the second form for you providing the default values using the method above.
Hope this helps!
I have added within my WordPress 3.1 site, the following code at the bottom of my sidebar.php file:
<div id="search_box">
<form id="searchform" action="http://www.service.com/" method="get" role="search">
<input id="s" type="text" name="s" class="search" value="Search site" size="19" maxlength="80" id="white_box" onfocus="if (this.value=='Search site') this.value = ''"/>
<input id="searchsubmit" type="image" class="submit" value="submit" src="<?php bloginfo( 'template_url' ); ?>/images/search_btn.jpg" />
</form>
</div>
As I have coded this search process myself, when I place a some text within my search text box and press the "Search" button, it looks as if, is is calling the page search.php within my theme and displaying the results.
Questions:
1) where/how does it know when I press the "Search" button to go off and call search.php?
2) if possible only, how can I change it to call a different php file instead of the search.php
Thanks.
Use template filter
add_filter( 'template_include', 'template_include', 10 );
and change the template as
function template_include($template)
{
if(your condition here){
$template = get_template_directory().'/your-template.php';
}
return $template;
}
-1. All requests for a WP site go to a single page that routes them based upon specific criteria. Thus when a search is performed it knows that it is a search and directs to the search.php page.
Specifically it goes to index.php that loads wp-blog-header.php.
-2: Everything you need to know should be right here: http://codex.wordpress.org/Creating_a_Search_Page#Using_the_page.php
Wordpress assumes the request is a search if it sees an 's' GET variable.
You can hook into the template_redirect action (in your theme's functions.php file) and load a different template like so:
add_action('template_redirect', 'my_template_select');
function my_template_select() {
if (is_search()) {
load_template(TEMPLATEPATH . '/foobar.php');
exit;
}
}