1

I have written a custom plugin (that creates a custom post type) and allows any user to submit a new post from a form on my website. To prevent bots, I have setup an e-mail confirmation code which they must click, where this changes the post status from Draft to Published.

Unfortunately the wp_mail() code shown below seems to be executing this confirmation URL automatically. As soon as the post is submitted, it is set to Draft until it reaches this code, and then it automatically publishes.

Removing this block however makes everything work as expected. Does anyone have any idea as to the reason and how to fix it?

$confirm_url = site_url(). '/verification?id=' . $post_id . '&hash=' . $hash;

// Send a verification e-mail to the user to confirm publication
$subject = 'Please confirm your Slicer Profile submission';
$body = $confirm_url;
wp_mail( $profile_email, $subject, $body );
Aidan Knight
  • 253
  • 2
  • 11
  • `wp_mail()` does not execute any link in the body. your case is weird. – Thamaraiselvam Mar 26 '18 at 05:10
  • Are you sure? do you not mark it as verified, other than clicking confirmation link? I suspect you mark it as verified while forming the confirm URL or somewhere, check your code base again – Thamaraiselvam Mar 26 '18 at 05:12
  • I pasted the full code of the plugin here https://pastebin.com/4sxZnXyF if you want to take a glance but I have been at it for 6 hours and can't find anywhere that marks it as verified. The slicer_profiles_verification_shortcode() is what runs on the /verification page and slicer_profile_submit() is what handles the form submission data/sends the confirmation e-mail. – Aidan Knight Mar 26 '18 at 05:18
  • How to work with this plugin? you mentioned new items goes to draft but i did not , its published as soon as i click publish – Thamaraiselvam Mar 26 '18 at 05:33
  • @Thamaraiselvam That is the exact problem I am having and trying to solve. If you look at line 263, it inserts the post as Draft, however something after that is making it Publish. – Aidan Knight Mar 26 '18 at 05:38
  • It isn't supposed to publish until the user clicks the link that is e-mailed to them. I am trying to figure out what code is making it Publish before that happens. – Aidan Knight Mar 26 '18 at 05:40
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/167534/discussion-between-thamaraiselvam-and-aidan-knight). – Thamaraiselvam Mar 26 '18 at 05:40

1 Answers1

0

This has been resolved, wanted to share the solution for anyone else that may stumble into this themselves. The site_url() was stored in its own variable and the forward slash in the URL string was not properly escaped, which seemed to have been causing the issue.

This has now been updated to the following and works perfect.

$site_url = site_url();
$confirm_url = $site_url. '\/verification?id=' . $post_id . '&hash=' . $hash;

// Send a verification e-mail to the user to confirm publication
$subject = 'Please confirm your Slicer Profile submission';
$body = $confirm_url;
wp_mail( $profile_email, $subject, $body );
Aidan Knight
  • 253
  • 2
  • 11