Support » Plugins » Hacks » post.php?

  • I am writing a plugin that will allow my users fill out a form and then create a post using the information provided. I have been reading the source code for wp since I haven’t found any good documentation on the web for this. I believe that posts are saved with post.php since the edit.php form submits to post.php. Could somebody confirm that in order to create a post on wordpress I would need to sumbit a request to post.php with the post information sent via the http POST method, and if so what information must be sent and how must it be formatted to have the post published?

Viewing 2 replies - 1 through 2 (of 2 total)
  • I would pass the form data onto wp_insert_post() ( ) to create new posts.

    Moderator bcworkz


    Of course, you can’t POST form data directly to wp_insert_post(), you’ll need to develop the code to take the data and prepare it to be passed to the function, including data verification, nonce verification, capability verification, etc. It would appear that it would be simpler to format your form so it could be submitted to post.php (yes, this is the file).

    But it’s not that simple. When your browser gets the new post publish form, a draft version of the post already exists, when you publish a post, you’re actually updating and changing the status from draft to publish. It will take some study to properly mimic this process in order to successfully submit posts to post.php. The primary benefit of going this route is it’s security has been proven over time. Creating your own process will likely have security holes, but by taking care you can plug the large ones and be reasonably secure.

    I would say it’s easier to create your own process, and can be reasonably secure. You will get the best security by using post.php, but preparing the data properly will not be trivial.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘post.php?’ is closed to new replies.