Here is the gist of the code that is being used.
add_shortcode('form_sc','form_func');
function form_func() {
$error_msg = '';
if (isset($_POST['form_submit'])) {
$retrieve_nonce=$_REQUEST['_wpnince'];
if (!wp_verify_nonce($retrieved_nonce, 'send-form') ) {
$error_msg = "not sent";
} else {
$email_message = sanitize_text_field($_POST['email_message']);
if ( wp_mail( 'email@email.com', 'subject', $email_message ) == true) {
$error_msg = "email sent";
} else {
$error_msg = "email not sent";
}
}
}
$returnHtml = "<div id='message'>" . $error_msg . "</div><form method='post'>" . wp_nonce_field('send-form') . '<input type="text" name="email_message"><input type="submit" name="form_submit"></form>';
}
So to solve the problem I separated out the emailing part into an INIT action. But as to why I am unable to do this kind of checking in the shortcode function I do not know. So if anyone can possibly explain this that would be appreciated.
I’m unable to replicate the observed behavior. Emailing out of my shortcode only occurs once. There’s something unique about your installation. It’s conceivable your theme or one of your plugins is getting post content for some reason, which triggers the shortcode. Output can be buffered, so lack of output tells us nothing. Since you found a workaround, it’s probably not worth further investigation.
If you wanted to investigate, you could have the code throw a user error, then study the backtrace, assuming the phantom call happens before actual output.
