Form Post results in 404 Not Found

I am creating a POST-able form on the front-end of WordPress (via a shortcode). If I submit this form without any input, the form submits fine. But as soon as I enter an data in the fields and POST the form, WordPress gives a 404 Not Found error. I’m assuming this is some measure to prevent CSRF, but I cannot find any documentation about how to override the behaviour.

Here is the code dealing with the shortcode:

Read More
/**
 * 
 * @param type $atts
 */
public function shortcode_invoice_sales($atts) {
    extract(shortcode_atts(array(
    ), $atts));

    $error = array();
    $user = wp_get_current_user(); // the viewing user

    if (isset($_GET["id"])) {
        $id = (int)$_GET["id"];
        $invoice = new Bbpp_Invoices_Invoice($id);

        if (!$invoice->numInvoices()) {
            return __("Sorry, this invoice does not exist.", "bbpp_invoices");
        }

        if (!$invoice->canView($user->ID)) {
            return __("Sorry, this invoice does not exist.", "bbpp_invoices");
        }
    } else {
        $invoice = new Bbpp_Invoices_Invoice();
        $invoice->addInvoice(array(
            "user_id" => $user->ID,
            "type" => "sale",
            "invoice_date" => date("d/m/Y"),
            "name" => "",
            "invoice_number" => "",
            "method" => "",
            "pay_date" => "",
            "amount" => "",
            "cis_amount" => "",
            "cis_net" => ""
        ));
    }

    if ($_POST) {
        // save the changes to the database
        $data = stripslashes_deep($_POST);

        $invoice->setInvoice($data);
        $error = $invoice->save();
    }

    $html = "";

    $html .= "<style type="text/css">";
    $html .= ".bbpp-invoices-input + .bbpp-invoices-input { margin-top: 10px; }";
    $html .= ".bbpp-invoices-form label { width: 150px; margin-right: 15px; display: inline-block; text-align: right; }";
    $html .= ".bbpp-invoices-form input { font-size: 13px; padding: 5px; }";
    $html .= ".bbpp-invoices-form input[type=submit] { font-size: 13px; padding: 5px !important; }";
    $html .= ".bbpp-invoices-hint { font-size: 12px; color: #444; margin-left: 5px; display: inline-block; }";
    $html .= ".bbpp-invoices-prefix { display: inline-block; width: 9px; margin-left: -9px; overflow: hidden; }";
    $html .= "input.bbpp-invoices-currency { width: 70px; }";
    $html .= "</style>";

    if ($id) {
        $html .= "<h3>" . __("Edit Invoice", "bbpp_invoices") . "</h3>";
    } else {
        $html .= "<h3>" . __("New Invoice", "bbpp_invoices") . "</h3>";
    }

    $html .= "<form class="bbpp-invoices-form" method="post">";

    $html .= "<div class="bbpp-invoices-input">";
    $html .= "<label for="bbpp-invoices-input-invoice-date">" . __("Invoice Date", "bbpp_invoices") . "</label>";
    $html .= "<input type="text" name="invoice_date" id="bbpp-invoices-input-invoice-date" value="" . esc_attr($invoice->getInvoiceDate()) . "">";
    $html .= "<span class="bbpp-invoices-hint">dd/mm/yyyy</span>";
    $html .= "</div>";

    $html .= "<div class="bbpp-invoices-input">";
    $html .= "<label for="bbpp-invoices-input-name">" . __("Customer Name", "bbpp_invoices") . "</label>";
    $html .= "<input type="text" name="name" id="bbpp-invoices-input-name" value="" . esc_attr($invoice->getName()) . "">";
    $html .= "<span class="bbpp-invoices-hint">" . __("e.g. John Smith", "bbpp_invoices") . "</span>";
    $html .= "</div>";

    $html .= "<div class="bbpp-invoices-input">";
    $html .= "<label for="bbpp-invoices-input-invoice-number">" . __("Invoice Number", "bbpp_invoices") . "</label>";
    $html .= "<input type="text" name="invoice_number" id="bbpp-invoices-input-invoice-number" value="" . esc_attr($invoice->getInvoiceNumber()) . "">";
    $html .= "</div>";

    $html .= "<div class="bbpp-invoices-input">";
    $html .= "<label for="bbpp-invoices-input-method">" . __("Received Method", "bbpp_invoices") . "</label>";
    $html .= "<input type="text" name="method" id="bbpp-invoices-input-method" value="" . esc_attr($invoice->getMethod()) . "">";
    $html .= "</div>";

    $html .= "<div class="bbpp-invoices-input">";
    $html .= "<label for="bbpp-invoices-input-pay-date">" . __("Date Received", "bbpp_invoices") . "</label>";
    $html .= "<input type="text" name="pay_date" id="bbpp-invoices-input-pay-date" value="" . esc_attr($invoice->getPayDate()) . "">";
    $html .= "<span class="bbpp-invoices-hint">dd/mm/yyyy</span>";
    $html .= "</div>";

    $html .= "<div class="bbpp-invoices-input">";
    $html .= "<label for="bbpp-invoices-input-amount">" . __("Invoice Amount", "bbpp_invoices") . "</label>";
    $html .= "<span class="bbpp-invoices-prefix">&pound;</span>";
    $html .= "<input type="text" name="amount" id="bbpp-invoices-input-amount" class="bbpp-invoices-currency" value="" . esc_attr($invoice->getAmount()) . "">";
    $html .= "</div>";

    $html .= "<div class="bbpp-invoices-input">";
    $html .= "<label for="bbpp-invoices-input-cis-amount">" . __("CIS Amount", "bbpp_invoices") . "</label>";
    $html .= "<span class="bbpp-invoices-prefix">&pound;</span>";
    $html .= "<input type="text" name="cis_amount" id="bbpp-invoices-input-cis-amount" class="bbpp-invoices-currency" value="" . esc_attr($invoice->getCisAmount()) . "">";
    $html .= "</div>";

    $html .= "<div class="bbpp-invoices-input">";
    $html .= "<label for="bbpp-invoices-input-cis-net">" . __("CIS Net", "bbpp_invoices") . "</label>";
    $html .= "<span class="bbpp-invoices-prefix">&pound;</span>";
    $html .= "<input type="text" name="cis_net" id="bbpp-invoices-input-cis-net" class="bbpp-invoices-currency" value="" . esc_attr($invoice->getCisNet()) . "">";
    $html .= "</div>";      

    $html .= "<div class="bbpp-invoices-input">";
    $html .= "<label for="bbpp-invoices-input-submit">&nbsp;</label>";
    $html .= "<input type="submit" value="" . __("Add new invoice", "bbpp_invoices") . "">";
    $html .= "</div>";

    $html .= "</form>";

    return $html;
}

Does anybody know of a solution?

Related posts

1 comment

  1. I figured it out. Turns out that using the field name was the culprit. It appears that name and other field names like attachment, attachment_id, etc will cause WordPress to produce a 404 error. There’s a whole list of reserved terms in the Codex.

Comments are closed.