Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: error not showing after post form submission #1510

Open
wants to merge 3 commits into
base: develop
Choose a base branch
from
+22 −22
Open

fix: error not showing after post form submission #1510

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
658947d
fix: error not showing after post form submission
sapayth Feb 6, 2025
accc7ae
enhance existing ajax responses
sapayth Feb 6, 2025
a346304
fix guest post submission with existing email
sapayth Feb 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,6 @@ vendor
phpcs-report.txt
assets/css/admin/subscriptions.min.css
assets/js/subscriptions.min.js
assets/js/frontend-form.min.js
languages
!languages/readme.txt
2 changes: 1 addition & 1 deletion assets/js/frontend-form.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -482,7 +482,7 @@
}

Swal.fire({
html: res.error,
html: res.data.error,
icon: 'warning',
showCancelButton: false,
confirmButtonColor: '#d54e21',
Expand Down
2 changes: 1 addition & 1 deletion assets/js/frontend-form.min.js
View file
Open in desktop

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions includes/Ajax/Frontend_Form_Ajax.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@
if ( strlen( $current_data ) > 0 && strlen( $current_data ) < $restricted_num ) {
wpuf()->ajax->send_error(
sprintf(
__( 'Minimum %d character is required for %s', 'wp-user-frontend' ), $restricted_num, $label

Check failure on line 66 in includes/Ajax/Frontend_Form_Ajax.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

Check failure on line 66 in includes/Ajax/Frontend_Form_Ajax.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Multiple placeholders in translatable strings should be ordered. Expected "%1$d, %2$s", but got "%d, %s" in 'Minimum %d character is required for %s'.
)
);
}
Expand Down Expand Up @@ -336,7 +336,7 @@

$response = $this->send_mail_for_guest( $charging_enabled, $post_id, $form_id, $is_update, $post_author, $meta_vars );
wpuf_clear_buffer();
wp_send_json( $response );
wp_send_json_error( $response );
}
wpuf()->ajax->send_error( __( 'Something went wrong', 'wp-user-frontend' ) );
}
Expand Down Expand Up @@ -509,7 +509,7 @@

if ( $user ) {
// $post_author = $user->ID;
wp_send_json(
wp_send_json_error(
[
'success' => false,
'error' => __( "You already have an account in our site. Please login to continue.\n\nClicking 'OK' will redirect you to the login page and you will lose the form data.\nClick 'Cancel' to stay at this page.", 'wp-user-frontend' ),
Expand Down
2 changes: 1 addition & 1 deletion includes/Frontend/Frontend_Form.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,7 @@
public function draft_post() {
check_ajax_referer( 'wpuf_form_add' );
add_filter( 'wpuf_form_fields', [ $this, 'add_field_settings' ] );
@header( 'Content-Type: application/json; charset=' . get_option( 'blog_charset' ) );

Check warning on line 176 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Silencing errors is strongly discouraged. Use proper error checking instead. Found: @Header( 'Content-Type: application/json; charset=' ...

$form_id = isset( $_POST['form_id'] ) ? intval( wp_unslash( $_POST['form_id'] ) ) : 0;
$form = new Form( $form_id );
Expand All @@ -181,7 +181,7 @@
$this->form_fields = $form->get_fields();
$pay_per_post = $form->is_enabled_pay_per_post();

[ $post_vars, $taxonomy_vars, $meta_vars ] = $this->get_input_fields( $this->form_fields );

Check failure on line 184 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

The shorthand list syntax "[]" to destructure arrays is not available in PHP 7.0 or earlier.

$entry_fields = $form->prepare_entries();
$allowed_tags = wp_kses_allowed_html( 'post' );
Expand Down Expand Up @@ -275,7 +275,7 @@

wpuf_clear_buffer();

echo json_encode(

Check warning on line 278 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

json_encode() is discouraged. Use wp_json_encode() instead.
[
'post_id' => $post_id,
'action' => isset( $_POST['action'] ) ? sanitize_text_field( wp_unslash( $_POST['action'] ) ) : '',
Expand Down Expand Up @@ -309,7 +309,7 @@
$this->form_fields = $form->get_fields();
$this->form_settings = $form->get_settings();
$this->generate_auth_link(); // Translate tag %login% %registration% to login registartion url
[ $user_can_post, $info ] = $form->is_submission_open( $form, $this->form_settings );

Check failure on line 312 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

The shorthand list syntax "[]" to destructure arrays is not available in PHP 7.0 or earlier.
$info = apply_filters( 'wpuf_addpost_notice', $info, $id, $this->form_settings );
$user_can_post = apply_filters( 'wpuf_can_post', $user_can_post, $id, $this->form_settings );

Expand All @@ -330,9 +330,9 @@
* @since 2.5.8
*/
public function publish_guest_post() {
$post_msg = isset( $_GET['post_msg'] ) ? sanitize_text_field( wp_unslash( $_GET['post_msg'] ) ) : '';

Check warning on line 333 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Processing form data without nonce verification.

Check warning on line 333 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Processing form data without nonce verification.
$pid = isset( $_GET['p_id'] ) ? sanitize_text_field( wp_unslash( $_GET['p_id'] ) ) : '';

Check warning on line 334 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Processing form data without nonce verification.

Check warning on line 334 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Processing form data without nonce verification.
$fid = isset( $_GET['f_id'] ) ? sanitize_text_field( wp_unslash( $_GET['f_id'] ) ) : '';

Check warning on line 335 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Processing form data without nonce verification.

Check warning on line 335 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Processing form data without nonce verification.

if ( $post_msg !== 'verified' ) {
return;
Expand Down Expand Up @@ -360,9 +360,9 @@
get_permalink( wpuf_get_option( 'payment_page', 'wpuf_payment' ) )
);

wp_redirect( $response['redirect_to'] );

Check warning on line 363 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
wpuf_clear_buffer();
wp_send_json( $response );
wp_send_json_error( $response );
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

⚠️ Potential issue

🧩 Analysis chain

Breaking change: Response structure modified

The change from wp_send_json to wp_send_json_error modifies the response structure. Clients expecting the response data at the root level will need to access it via the data property instead. This change requires corresponding updates in the frontend code that handles the response.

Let's verify if the frontend code has been updated to handle this change:

🏁 Script executed:

#!/bin/bash
# Search for JavaScript code that handles the response from publish_guest_post
rg -A 5 "publish_guest_post|formSubmit|wpuf_form_submit" --type js

Length of output: 22151

Based on our review, there’s a breaking change on the server side: using wp_send_json_error() returns an object of the form

{
  success: false,
  data: {}
}

instead of just a raw response at the root level. This means that any client code handling the response must now look for the result under the data property. Our initial search of the frontend JS (in assets/js/frontend-form.js) did not reveal any clear handling of the updated structure (for example, checks looking for response.data when processing error responses).

Please verify that the JavaScript handling of the AJAX response (especially in the formSubmit function in assets/js/frontend-form.js) has been updated to expect the payload inside the data property. Any code that was previously accessing the response directly (e.g. via response instead of response.data) will need updating to avoid breaking error handling downstream.

Actionable items:

  • Review and update the AJAX success/error handling in assets/js/frontend-form.js so that error responses properly extract the error details from response.data.
  • Test the guest post submission flow to ensure errors are handled correctly after this backend change.

}
} else {
$p_status = get_post_status( $post_id );
Expand Down Expand Up @@ -437,10 +437,10 @@
public function get_edit_post_link( $url, $post_id ) {
if (
current_user_can( 'edit_post', $post_id )
&& ! current_user_can( 'administrator' )

Check failure on line 440 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Capabilities should be used instead of roles. Found "administrator" in function call to current_user_can()
&& ! current_user_can( 'editor' )

Check failure on line 441 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Capabilities should be used instead of roles. Found "editor" in function call to current_user_can()
&& ! current_user_can( 'author' )

Check failure on line 442 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Capabilities should be used instead of roles. Found "author" in function call to current_user_can()
&& ! current_user_can( 'contributor' )

Check failure on line 443 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Capabilities should be used instead of roles. Found "contributor" in function call to current_user_can()
) {
$post = get_post( $post_id );
$form_id = get_post_meta( $post_id, '_wpuf_form_id', true );
Expand Down Expand Up @@ -497,7 +497,7 @@
* @return void
*/
public function send_mail_to_admin_after_guest_mail_verified() {
$post_id = ! empty( $_GET['p_id'] ) ? wpuf_decryption( sanitize_text_field( wp_unslash( $_GET['p_id'] ) ) ) : 0;

Check warning on line 500 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Processing form data without nonce verification.
$form_id = ! empty( $_GET['f_id'] ) ? wpuf_decryption( sanitize_text_field( wp_unslash( $_GET['f_id'] ) ) ) : 0;

if ( empty( $post_id ) || empty( $form_id ) ) {
Expand Down Expand Up @@ -591,7 +591,7 @@

// custom fields
preg_match_all( '/{custom_([\w-]*)\b}/', $content, $matches );
[ $search, $replace ] = $matches;

Check failure on line 594 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

The shorthand list syntax "[]" to destructure arrays is not available in PHP 7.0 or earlier.

if ( $replace ) {
foreach ( $replace as $index => $meta_key ) {
Expand All @@ -617,7 +617,7 @@
$meta_val = $val;
}
$is_first = false;
} else {

Check failure on line 620 in includes/Frontend/Frontend_Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

If control structure block found as the only statement within an "else" block. Use elseif instead.
if ( get_post_mime_type( (int) $val ) ) {
$meta_val = $meta_val . ', ' . wp_get_attachment_url( $val );
} else {
Expand Down
6 changes: 3 additions & 3 deletions languages/wp-user-frontend.pot
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
# Copyright (C) 2024 weDevs
# Copyright (C) 2025 weDevs
# This file is distributed under the GPL2 or later.
msgid ""
msgstr ""
"Project-Id-Version: WP User Frontend 4.0.14\n"
"Report-Msgid-Bugs-To: https://wedevs.com/contact/\n"
"POT-Creation-Date: 2024-11-23 04:35:17+00:00\n"
"POT-Creation-Date: 2025-02-06 05:05:12+00:00\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2024-MO-DA HO:MI+ZONE\n"
"PO-Revision-Date: 2025-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <EMAIL@ADDRESS>\n"
"Language: en\n"
Expand Down
Loading