I have written a custom plugin (that creates a custom post type) and allows any user to submit a new post from a form on my website. To prevent bots, I have setup an e-mail confirmation code which they must click, where this changes the post status from Draft to Published.
Unfortunately the wp_mail() code shown below seems to be executing this confirmation URL automatically. As soon as the post is submitted, it is set to Draft until it reaches this code, and then it automatically publishes.
Removing this block makes everything work as expected. Does anyone have any idea as to the reason and how to fix it?
$confirm_url = site_url(). '/verification?id=' . $post_id . '&hash=' . $hash;
// Send a verification e-mail to the user to confirm publication
$subject = 'Please confirm your Slicer Profile submission';
$body = $confirm_url;
wp_mail( $profile_email, $subject, $body );
I have written a custom plugin (that creates a custom post type) and allows any user to submit a new post from a form on my website. To prevent bots, I have setup an e-mail confirmation code which they must click, where this changes the post status from Draft to Published.
Unfortunately the wp_mail() code shown below seems to be executing this confirmation URL automatically. As soon as the post is submitted, it is set to Draft until it reaches this code, and then it automatically publishes.
Removing this block makes everything work as expected. Does anyone have any idea as to the reason and how to fix it?
$confirm_url = site_url(). '/verification?id=' . $post_id . '&hash=' . $hash;
// Send a verification e-mail to the user to confirm publication
$subject = 'Please confirm your Slicer Profile submission';
$body = $confirm_url;
wp_mail( $profile_email, $subject, $body );
- It is not clear at all what does "executed" means, and whether it has anything to do with wordpress. – Mark Kaplun Commented Mar 26, 2018 at 4:56
- Sorry for the confusion. When the link stored in $confirm_url is ran (i.e. /verification?id=1234&hash=abc123xyzd) it changes the post status from Draft to Publish. This is not supposed to happen until the user clicks the link in their e-mail, but this code block is making that happen automatically. As in, when this wp_mail code block is there, it publishes immediately. – Aidan Knight Commented Mar 26, 2018 at 5:03
- I updated the explanation in my original post to make it more clear. – Aidan Knight Commented Mar 26, 2018 at 5:09
- will phrase what I meant differently. How do you know that your code puts it in a draft in the first place, and how do you know it is not the email client that "runs" the link? – Mark Kaplun Commented Mar 26, 2018 at 5:18
- 1 ... you have decided what is the problem with no supporting evidance that that is actually the problem – Mark Kaplun Commented Mar 26, 2018 at 5:19
1 Answer
Reset to default 4Please try the following, I think having a return from the site_url() function could be creating a problem with the $confirm_url variable.
That and you have an unescaped slash in your url.
$site_url = site_url();
$confirm_url = $site_url. '\/verification?id=' . $post_id . '&hash=' . $hash;
// Send a verification e-mail to the user to confirm publication
$subject = 'Please confirm your Slicer Profile submission';
$body = $confirm_url;
wp_mail( $profile_email, $subject, $body );
You might need to switch to magic-quotes too, ie:
$site_url = site_url();
$confirm_url = "{$site_url}/verification?id={$post_id}&hash={$hash}";
// Send a verification e-mail to the user to confirm publication
$subject = "Please confirm your Slicer Profile submission";
$body = $confirm_url;
wp_mail( $profile_email, $subject, $body );
The parenthesis around the variables in the double-quotes aren't necessary, but some devs find them easier to read in long strings.