I need to change my one of my plugin's function to use "wp_remote_get" instead of "file_get_contents" and I am having trouble with it even though I found similar threads that have this problem, I still am not able to get it to work with "wp_remote_get". With "file_get_contents", it works perfectly fine but with "wp_remote_get", it doesn't.

This is the code I'm trying to change

private static function geolocate_via_api( $ip_address ){
    $response = file_get_contents( ".gp?ip=" . $ip_address);
    return json_decode( $response, true );  
}

I have tried the code below but it showed an error "Warning: Invalid argument supplied for foreach()" in line 42 which is also shown below.

Error:

foreach ( $data as $key => $value) {
        $mo_data[ str_replace( 'geoplugin_', '', $key ) ] = $value;
    }

Code I tried:

    private static function geolocate_via_api( $ip_address ){
    $response = wp_remote_get( esc_url_raw('.gp?ip=' . $ip_address) );     
    return json_decode( wp_remote_retrieve_body( $response ), true );   
}

Would really appreciate any help I can get. Cheers.

I need to change my one of my plugin's function to use "wp_remote_get" instead of "file_get_contents" and I am having trouble with it even though I found similar threads that have this problem, I still am not able to get it to work with "wp_remote_get". With "file_get_contents", it works perfectly fine but with "wp_remote_get", it doesn't.

This is the code I'm trying to change

private static function geolocate_via_api( $ip_address ){
    $response = file_get_contents( "http://www.geoplugin/json.gp?ip=" . $ip_address);
    return json_decode( $response, true );  
}

I have tried the code below but it showed an error "Warning: Invalid argument supplied for foreach()" in line 42 which is also shown below.

Error:

foreach ( $data as $key => $value) {
        $mo_data[ str_replace( 'geoplugin_', '', $key ) ] = $value;
    }

Code I tried:

    private static function geolocate_via_api( $ip_address ){
    $response = wp_remote_get( esc_url_raw('http://www.geoplugin/json.gp?ip=' . $ip_address) );     
    return json_decode( wp_remote_retrieve_body( $response ), true );   
}

Would really appreciate any help I can get. Cheers.

• plugins

Share Improve this question asked Jun 16, 2020 at 11:00 Heng WHeng W 1 1

• Escaping functions are meant to be used on output, but here I see esc_url_raw being used on a parameter for wp_remote_get, can I ask why? This is very unusual. Keep in mind as well that geolocation is extremely unreliable and easy to spoof. As a UK user I spent 15 years recieving USA websites due to the ISP I used. It's also really annoying if I'm abroad on holiday or for business to find I can't use the UK site, or if i want to purchase or check something for a friend in another country – Tom J Nowell ♦ Commented Jun 16, 2020 at 11:17

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

First, there is no error checking on any of the code, both the file_get_contents code, and the wp_remote_get code. Don't just assume it worked, check!

$response = file_get_contents( "http://www.geoplugin/json.gp?ip=" . $ip_address);
if ( false === $response ) {
    // it failed, abort!

Three steps, first, make the request:

$response = wp_remote_get( $url );

Note that we aren't using esc_url_raw, escaping is for enforcing assumptions on output, this is not browser output. If needed, use urlencode on the IP.

Then, we want to perform error checking. Your code performs no error checking of any kind, even in the file_get_contents example, it just assumes it worked. This is incorrect. Don't just assume functions work, check for error values.

So before we use the result:

if ( is_wp_error( $response ) ) {
    // it's an error! Abort!

Here we can look at the error message in the response object to see what went wrong. Take a look at the WP_Error documentation for how to do that.

Then, look inside the $response to see what the result was. $response contains several items:

• 'headers' (string[]) Array of response headers keyed by their name.
• 'body' (string) Response body.
• 'response' (array) Data about the HTTP response.
• 'code' (int|false) HTTP response code.
• 'message' (string|false) HTTP response message.
• 'cookies' (WP_HTTP_Cookie[]) Array of response cookies.
• 'http_response' (WP_HTTP_Requests_Response|null) Raw HTTP response object.

So to check what the HTTP response code is:

echo $response['code'];

Here, you want the body, and to make it easier, wp_remote_retrieve_body

$body = wp_remote_retrieve_body( $result )
// or..
$body = $result['body'];

Then we can json_decode. Note that I did not nest the function calls, that would make it really difficult to debug, and impossible to perform error checks.

Don't forget that json_decode needs error handling too! Don't just assume it worked.