I am creating a POST-able form on the front-end of WordPress (via a shortcode). If I submit this form without any input, the form submits fine. But as soon as I enter an data in the fields and POST the form, WordPress gives a 404 Not Found error. I’m assuming this is some measure to prevent CSRF, but I cannot find any documentation about how to override the behaviour.
Here is the code dealing with the shortcode:
/**
*
* @param type $atts
*/
public function shortcode_invoice_sales($atts) {
extract(shortcode_atts(array(
), $atts));
$error = array();
$user = wp_get_current_user(); // the viewing user
if (isset($_GET["id"])) {
$id = (int)$_GET["id"];
$invoice = new Bbpp_Invoices_Invoice($id);
if (!$invoice->numInvoices()) {
return __("Sorry, this invoice does not exist.", "bbpp_invoices");
}
if (!$invoice->canView($user->ID)) {
return __("Sorry, this invoice does not exist.", "bbpp_invoices");
}
} else {
$invoice = new Bbpp_Invoices_Invoice();
$invoice->addInvoice(array(
"user_id" => $user->ID,
"type" => "sale",
"invoice_date" => date("d/m/Y"),
"name" => "",
"invoice_number" => "",
"method" => "",
"pay_date" => "",
"amount" => "",
"cis_amount" => "",
"cis_net" => ""
));
}
if ($_POST) {
// save the changes to the database
$data = stripslashes_deep($_POST);
$invoice->setInvoice($data);
$error = $invoice->save();
}
$html = "";
$html .= "<style type="text/css">";
$html .= ".bbpp-invoices-input + .bbpp-invoices-input { margin-top: 10px; }";
$html .= ".bbpp-invoices-form label { width: 150px; margin-right: 15px; display: inline-block; text-align: right; }";
$html .= ".bbpp-invoices-form input { font-size: 13px; padding: 5px; }";
$html .= ".bbpp-invoices-form input[type=submit] { font-size: 13px; padding: 5px !important; }";
$html .= ".bbpp-invoices-hint { font-size: 12px; color: #444; margin-left: 5px; display: inline-block; }";
$html .= ".bbpp-invoices-prefix { display: inline-block; width: 9px; margin-left: -9px; overflow: hidden; }";
$html .= "input.bbpp-invoices-currency { width: 70px; }";
$html .= "</style>";
if ($id) {
$html .= "<h3>" . __("Edit Invoice", "bbpp_invoices") . "</h3>";
} else {
$html .= "<h3>" . __("New Invoice", "bbpp_invoices") . "</h3>";
}
$html .= "<form class="bbpp-invoices-form" method="post">";
$html .= "<div class="bbpp-invoices-input">";
$html .= "<label for="bbpp-invoices-input-invoice-date">" . __("Invoice Date", "bbpp_invoices") . "</label>";
$html .= "<input type="text" name="invoice_date" id="bbpp-invoices-input-invoice-date" value="" . esc_attr($invoice->getInvoiceDate()) . "">";
$html .= "<span class="bbpp-invoices-hint">dd/mm/yyyy</span>";
$html .= "</div>";
$html .= "<div class="bbpp-invoices-input">";
$html .= "<label for="bbpp-invoices-input-name">" . __("Customer Name", "bbpp_invoices") . "</label>";
$html .= "<input type="text" name="name" id="bbpp-invoices-input-name" value="" . esc_attr($invoice->getName()) . "">";
$html .= "<span class="bbpp-invoices-hint">" . __("e.g. John Smith", "bbpp_invoices") . "</span>";
$html .= "</div>";
$html .= "<div class="bbpp-invoices-input">";
$html .= "<label for="bbpp-invoices-input-invoice-number">" . __("Invoice Number", "bbpp_invoices") . "</label>";
$html .= "<input type="text" name="invoice_number" id="bbpp-invoices-input-invoice-number" value="" . esc_attr($invoice->getInvoiceNumber()) . "">";
$html .= "</div>";
$html .= "<div class="bbpp-invoices-input">";
$html .= "<label for="bbpp-invoices-input-method">" . __("Received Method", "bbpp_invoices") . "</label>";
$html .= "<input type="text" name="method" id="bbpp-invoices-input-method" value="" . esc_attr($invoice->getMethod()) . "">";
$html .= "</div>";
$html .= "<div class="bbpp-invoices-input">";
$html .= "<label for="bbpp-invoices-input-pay-date">" . __("Date Received", "bbpp_invoices") . "</label>";
$html .= "<input type="text" name="pay_date" id="bbpp-invoices-input-pay-date" value="" . esc_attr($invoice->getPayDate()) . "">";
$html .= "<span class="bbpp-invoices-hint">dd/mm/yyyy</span>";
$html .= "</div>";
$html .= "<div class="bbpp-invoices-input">";
$html .= "<label for="bbpp-invoices-input-amount">" . __("Invoice Amount", "bbpp_invoices") . "</label>";
$html .= "<span class="bbpp-invoices-prefix">£</span>";
$html .= "<input type="text" name="amount" id="bbpp-invoices-input-amount" class="bbpp-invoices-currency" value="" . esc_attr($invoice->getAmount()) . "">";
$html .= "</div>";
$html .= "<div class="bbpp-invoices-input">";
$html .= "<label for="bbpp-invoices-input-cis-amount">" . __("CIS Amount", "bbpp_invoices") . "</label>";
$html .= "<span class="bbpp-invoices-prefix">£</span>";
$html .= "<input type="text" name="cis_amount" id="bbpp-invoices-input-cis-amount" class="bbpp-invoices-currency" value="" . esc_attr($invoice->getCisAmount()) . "">";
$html .= "</div>";
$html .= "<div class="bbpp-invoices-input">";
$html .= "<label for="bbpp-invoices-input-cis-net">" . __("CIS Net", "bbpp_invoices") . "</label>";
$html .= "<span class="bbpp-invoices-prefix">£</span>";
$html .= "<input type="text" name="cis_net" id="bbpp-invoices-input-cis-net" class="bbpp-invoices-currency" value="" . esc_attr($invoice->getCisNet()) . "">";
$html .= "</div>";
$html .= "<div class="bbpp-invoices-input">";
$html .= "<label for="bbpp-invoices-input-submit"> </label>";
$html .= "<input type="submit" value="" . __("Add new invoice", "bbpp_invoices") . "">";
$html .= "</div>";
$html .= "</form>";
return $html;
}
Does anybody know of a solution?
I figured it out. Turns out that using the field
name
was the culprit. It appears thatname
and other field names likeattachment
,attachment_id
, etc will cause WordPress to produce a 404 error. There’s a whole list of reserved terms in the Codex.