Grab the requested slug from wp_remote_retrieve_body

I’m building an auto-theme updater for self hosted (non repository) based WordPress themes. I’ve built most of my code off Clark’s PHP script.

I’ve made major modification and would love to share them once I’m 100% done, but first…

I’m stuck on this final part with will allow for multiple themes and/or plugins to access one API file. In my update script (inside my theme) I’m sending this:

$prefix = 'theme-name';

$request = array(
	'slug' => $prefix

$url = 'http://url-of-my-api.key/index.php';

$options = array(
	'body' => array( 
		'request' => $prefix, // OR
		//'request' => serialize( $request ),
		'version' => $theme['Version'],
		'wp_version' => $wp_version,
		'php_version' => phpversion(),
		'user-agent' => "WordPress/$wp_version;" . get_bloginfo( 'url' )

$response = wp_remote_post( $url, $options );
$update = wp_remote_retrieve_body( $response );

And in my index.php file located at my API site, I am trying to get the body’s request (which is my theme name). I’ve used $_POST['request'] and $_REQUEST['request'] with no results, any ideas?

Also, sidebar… Trying to deny public access to this file, but I added a preg_match() for PHP_SELF on the index.php file but it was triggered by the wp_remote_retrieve_body. Booo. Know of a better way than show below?

if ( preg_match( "/index.php$/i", $_SERVER['PHP_SELF'] ) ) {
	header( 'Status: 403 Forbidden' );
	header( 'HTTP/1.1 403 Forbidden' );
	die( "You don't have permission to access this file directly." );

πŸ’πŸ½β€β™‚οΈ Husband to Jeana.
⚾️ Dodgers & Brewers.
πŸ’» PHP Engineer.
πŸŒπŸΌβ€β™‚οΈGolfer; ~14 HDC.
🌱 Hydroponic Gardner.
🍿 Plex nerd.
πŸš™ '15 WRX, '22 Model 3 LR, & '66 Corvette C2.

Follow me on Twitter @TheFrosty & Instagram @TheFrosty.

Articles: 292

One comment

  1. did you ever get this working with wp_remote_retrieve_body ? i have it working but without that line afterwords. i also noticed my “user-agent” is Outside the “body” array, like

    $request = array(
    	'slug' => "theme-name",
    	'version' => $theme['Version']
    $options = array(
    	'body' => array(
    		'request' => serialize( $request )
    	'user-agent' => "WordPress/$wp_version; " . get_bloginfo( 'url' )
    $raw_response = wp_remote_post('http://myupdate.url', $options);
    if (!is_wp_error($raw_response) && ($raw_response['response']['code'] == 200))
    	$response = unserialize($raw_response['body']);

    and on the update script index.php side, then you can get the “theme-name” and “version” that is being sent via something like

    $args = unserialize(stripcslashes($_POST['request']));
    if (is_array($args))
    	$args = array_to_object($args);

    so $args->slug = “theme-name” and $args->version = the version running on the site that is checking for an update

Comments are closed.