Ajax request 400 bad request

  • Resolved albedo0

    (@albedo0)


    5 years, 3 months ago

    Hi,

    I’m developping a plugin which used to work but stop to work anymore, so i rebuild it from beginning but i still have the same problem with ajax, i always have an error 400.

    My class constructor :

    public function __construct(){
        if(!is_admin()) {
            add_action('init', array($this,'init_button_frontend'));

            add_action('wp_enqueue_scripts', array($this, 'register_css_front'),15);
            add_action('wp_enqueue_scripts', array($this, 'register_js_front'));

            add_action('wp_ajax_nopriv_ajax_send_report', array($this, 'ajax_send_report'));
            add_action('wp_ajax_ajax_send_report', array($this, 'ajax_send_report'));
        }
    }

    My registring function

    function register_js_front() {   
        wp_register_script( 'help2spell-js', plugin_dir_url( __FILE__ ).'js/help2spell.js', array( 'jquery' ));
        wp_enqueue_script( 'help2spell-js' );
	    wp_localize_script('help2spell-js','help2spell', array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ));
    }

    My js :

    var data = {
        'action': 'ajax_send_report',
        'closer_title': closer_title,
        'post_id': post_id,
        'mistake': mistake,
        'correction': correction
    };
jQuery.ajax({
        url: help2spell.ajax_url,
        method: 'post', 
        data: data,
        success: function(response){
            ...
        }
});

    The data are send correctly like i can see in the console :

    action	ajax_send_report
closer_title	
post_id	6509
mistake	emixer,+arrang
correction dsqdqsdqs

    My ajax function :

    public function ajax_send_report(){
        $mistake = $_POST['mistake'];
        $correction = htmlentities($_POST['correction']);
        $post_id = $_POST['post_id'];
        $closer_title = $_POST['closer_title'];
     
        
        $stmt = array();
        if($this->mysql_report_insert($mistake, $correction, $post_id, $closer_title)){
            echo '<span class="help2spell-message-success"><strong>'. __( "Successful registration !", 'help2spell') .'</strong><br/>'. __( "Thank you for your participation.", 'help2spell').'</span>' ;
        } else {
            echo '<span class="help2spell-message-error"><strong>'. __( "Ooops...", 'help2spell').'</strong><br/>'.__( "An error occurred while recording,  please try again !", 'help2spell') .'</span>' ;
        }

        die;
        wp_die();
    }

    Off course i read all other topics with the same problem but i can’t find the problem…
    If anybody have an idea of my mistake it could be very helpful…

    Thanks

Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator bcworkz

    (@bcworkz)

    Try serializing data before making the Ajax request.

    BTW, your code has significant security vulnerabilities. I’ll assume your code is still in development and you plan to add security measures later. Just be sure you do ??

    Thread Starter albedo0

    (@albedo0)

    Hi,

    I tried to serialize like that :

    jQuery.ajax({
        url: help2spell.ajax_url,
        method: 'post', 
        data: 'action=ajax_send_report&closer_title='+closer_title+'&post_id='+post_id+"&mistake="+mistake+"&correction="+correction,
        success: function(response){
            help2spellOptionsReset();
            jQuery("#help2spell-content-info").hide();
            jQuery("#help2spell-content-response>p").html(response);
            jQuery("#help2spell-content-response").show();
        }
    });

    But i have the same error…

    (When you talk about security, you are talking about the lines 2 to 5 of my php function ajax_send_report ?)

    Moderator bcworkz

    (@bcworkz)

    That’s the idea, but manually serializing is prone to error. I’m not even gonna try to decipher what might be wrong there. There’s a better way. Try
    data: jQuery.param( data ),
    keeping the assignment to var data from your OP in place.

    Security in part does involve sanitizing and validating any values from $_POST that you use in SQL. Otherwise you are open to SQL injection attacks. Maybe mysql_report_insert() does this, IDK, but it’s best to sanitize upon initial use.

    You should also create a nonce in PHP that’s passed through wp_localize_script() to jQuery, which is then passed as part of the Ajax data. Your Ajax handler then verifies the passed nonce to ensure the Ajax request comes from a valid source.

    You should also confirm the user’s role/capability is appropriate for modifying data in your DB.

    Thread Starter albedo0

    (@albedo0)

    Thanks @bcworkz for your security advices…

    I have found the solution but i don’t understand why…

    $Help2spell = new Help2spell();
add_action('wp_ajax_nopriv_ajax_send_report', array($Help2spell, 'ajax_send_report'));
add_action('wp_ajax_ajax_send_report', array($Help2spell, 'ajax_send_report'));

    I have put the two lines wp_ajax_nopriv and wp_ajax outside of my PHP class and it works.

    • This reply was modified 5 years, 3 months ago by albedo0.
    Moderator bcworkz

    (@bcworkz)

    You’re welcome. I’ve no explanation either. Adding actions in the class constructor should have been enough. Assuming new Help2spell() had been there all along. As long as you have it working it’s all good ??

    Thread Starter albedo0

    (@albedo0)

    I close my topic… But if anybody understand why i have to add the actions outside the class i’m interested…

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Ajax request 400 bad request’ is closed to new replies.