WordPress Admin CPT custom action to add_action securley
Question
I write this PHP code in my functions.php but i was wondering if this the correct way to do it (best way and security)
Is this securley?
What about use of wp_nonce_url in the link? (is $_GET request safer with wp_nonce?)
First i create a custom link in edit.php of the CPT “reservaties” with admin ajax to call add_action for do some stuff
function add_new_reservaties_column($columns) {
$columns['goedkeuren'] = 'Bevestigen';
$columns['annuleren'] = 'Annuleren';
return $columns;
}
add_filter('manage_reservaties_posts_columns', 'add_new_reservaties_column');
function add_new_reservaties_admin_column_show_value( $column, $post_id ) {
if ('goedkeuren' == $column) {
printf( '<a class="button" href="'.wp_nonce_url(admin_url( 'admin-ajax.php?action=accepteer_reservatie&post_id='.$post_id ),'reservatie').'">Reservatie bevestigen</a>');
}
if ('annuleren' == $column){
printf( '<a class="button" href="'.wp_nonce_url(admin_url( 'admin-ajax.php?action=annuleer_reservatie&post_id='.$post_id ),'reservatie').'">Reservatie annuleren</a>');
}
}
add_filter('manage_reservaties_posts_custom_column', 'add_new_reservaties_admin_column_show_value', 10, 2);
do some stuff after clicking on custom link
add_action( 'wp_ajax_accepteer_reservatie', 'accepteer_reservatie' );
add_action( 'wp_ajax_annuleer_reservatie', 'accepteer_reservatie' );
function accepteer_reservatie() {
if ( isset ( $_GET['action'] ) && !empty($_GET['action']) && !empty($_GET['post_id'])){
$post_id = $_GET['post_id'];
// get ACF field values from post
$email = get_field( 'e-mail', $post_id );
$naam = get_field( 'naam', $post_id );
$datum_reservatie = get_field( 'datum_reservatie', $post_id );
$uur_reservatie = get_field( 'uur_reservatie', $post_id );
$telefoon = get_field( 'telefoon', $post_id );
$aantal_personen = get_field( 'aantal_personen', $post_id );
$bericht__opmerking = get_field( 'bericht__opmerking', $post_id );
$lunch_of_diner = get_field( 'lunch_of_diner', $post_id );
// convert special HTML variables and mapping with ACF field values
if($_GET['action'] == 'accepteer_reservatie'){
$tekst_email = get_field('reservatie_goedgekeurd', 'option');
$subject = get_field('reservatie_goedgekeurd_onderwerp', 'option');
}
if($_GET['action'] == 'annuleer_reservatie'){
$tekst_email = get_field('reservatie_geannuleerd', 'option');
$subject = get_field('reservatie_geannuleerd_onderwerp', 'option');
}
$tekst_email = str_replace('[NAAM]', $naam, $tekst_email);
$tekst_email = str_replace('[DATUM_RESERVATIE]', $datum_reservatie, $tekst_email);
$tekst_email = str_replace('[UUR_RESERVATIE]', $uur_reservatie, $tekst_email);
$tekst_email = str_replace('[TELEFOON]', $telefoon, $tekst_email);
$tekst_email = str_replace('[AANTAL_PERSONEN]', $aantal_personen, $tekst_email);
$tekst_email = str_replace('[BERICHT]', $bericht__opmerking, $tekst_email);
$tekst_email = str_replace('[EMAIL]', $email, $tekst_email);
$tekst_email = str_replace('[LUNCH_DINER]', $lunch_of_diner, $tekst_email);
// send e-mail to client if accept
$headers = "From: Bistro De Bolle <info@bistrodebolle.be>";
$send_mail = wp_mail($email,$subject,$tekst_email,$headers);
//if mail is send show message
if($send_mail)
{
wp_redirect(admin_url('edit.php?post_type=reservaties¬ice=success'));
}
else{
wp_redirect(admin_url('edit.php?post_type=reservaties¬ice=fail'));
}
}
wp_die(); // this is required to terminate immediately and return a proper response
exit();
}
Thanks for your advice!
0
4 months
0 Answers
17 views
0
Leave an answer
You must login or register to add a new answer .