2006-03-29 03:51:55 +02:00
|
|
|
<?php
|
2008-08-11 22:26:31 +02:00
|
|
|
/**
|
2016-07-10 02:51:30 +02:00
|
|
|
* WordPress Ajax Process Execution
|
2008-08-11 22:26:31 +02:00
|
|
|
*
|
|
|
|
|
* @package WordPress
|
|
|
|
|
* @subpackage Administration
|
2012-01-23 20:31:15 +01:00
|
|
|
*
|
2015-04-12 23:29:32 +02:00
|
|
|
* @link https://codex.wordpress.org/AJAX_in_Plugins
|
2008-08-11 22:26:31 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/**
|
2016-07-10 02:51:30 +02:00
|
|
|
* Executing Ajax process.
|
2008-08-11 22:26:31 +02:00
|
|
|
*
|
2010-09-05 04:45:39 +02:00
|
|
|
* @since 2.1.0
|
2008-08-11 22:26:31 +02:00
|
|
|
*/
|
2012-01-23 20:12:04 +01:00
|
|
|
define( 'DOING_AJAX', true );
|
2014-05-18 22:42:16 +02:00
|
|
|
if ( ! defined( 'WP_ADMIN' ) ) {
|
|
|
|
|
define( 'WP_ADMIN', true );
|
|
|
|
|
}
|
2008-01-05 00:34:33 +01:00
|
|
|
|
2012-09-25 17:55:32 +02:00
|
|
|
/** Load WordPress Bootstrap */
|
|
|
|
|
require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
|
|
|
|
|
|
2016-02-25 13:53:27 +01:00
|
|
|
/** Allow for cross-domain requests (from the front end). */
|
2012-09-25 17:55:32 +02:00
|
|
|
send_origin_headers();
|
|
|
|
|
|
2019-07-17 03:11:56 +02:00
|
|
|
header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
|
|
|
|
|
header( 'X-Robots-Tag: noindex' );
|
|
|
|
|
|
2012-01-23 20:12:04 +01:00
|
|
|
// Require an action parameter
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( empty( $_REQUEST['action'] ) ) {
|
2017-07-23 02:21:42 +02:00
|
|
|
wp_die( '0', 400 );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2010-02-17 13:26:47 +01:00
|
|
|
|
2012-01-23 20:31:15 +01:00
|
|
|
/** Load WordPress Administration APIs */
|
|
|
|
|
require_once( ABSPATH . 'wp-admin/includes/admin.php' );
|
|
|
|
|
|
|
|
|
|
/** Load Ajax Handlers for WordPress Core */
|
|
|
|
|
require_once( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
|
2010-05-03 22:26:11 +02:00
|
|
|
|
2012-01-23 20:12:04 +01:00
|
|
|
send_nosniff_header();
|
2012-11-27 17:17:53 +01:00
|
|
|
nocache_headers();
|
2011-09-27 22:52:07 +02:00
|
|
|
|
2013-10-25 00:59:20 +02:00
|
|
|
/** This action is documented in wp-admin/admin.php */
|
2012-01-23 20:12:04 +01:00
|
|
|
do_action( 'admin_init' );
|
2011-09-27 22:52:07 +02:00
|
|
|
|
2012-03-15 14:20:00 +01:00
|
|
|
$core_actions_get = array(
|
2017-12-01 00:11:00 +01:00
|
|
|
'fetch-list',
|
|
|
|
|
'ajax-tag-search',
|
|
|
|
|
'wp-compression-test',
|
|
|
|
|
'imgedit-preview',
|
|
|
|
|
'oembed-cache',
|
|
|
|
|
'autocomplete-user',
|
|
|
|
|
'dashboard-widgets',
|
|
|
|
|
'logged-in',
|
2019-09-23 19:47:56 +02:00
|
|
|
'rest-nonce',
|
2012-03-15 14:20:00 +01:00
|
|
|
);
|
2011-09-27 22:52:07 +02:00
|
|
|
|
2012-01-23 20:12:04 +01:00
|
|
|
$core_actions_post = array(
|
2017-12-01 00:11:00 +01:00
|
|
|
'oembed-cache',
|
|
|
|
|
'image-editor',
|
|
|
|
|
'delete-comment',
|
|
|
|
|
'delete-tag',
|
|
|
|
|
'delete-link',
|
|
|
|
|
'delete-meta',
|
|
|
|
|
'delete-post',
|
|
|
|
|
'trash-post',
|
|
|
|
|
'untrash-post',
|
|
|
|
|
'delete-page',
|
|
|
|
|
'dim-comment',
|
|
|
|
|
'add-link-category',
|
|
|
|
|
'add-tag',
|
|
|
|
|
'get-tagcloud',
|
|
|
|
|
'get-comments',
|
|
|
|
|
'replyto-comment',
|
|
|
|
|
'edit-comment',
|
|
|
|
|
'add-menu-item',
|
|
|
|
|
'add-meta',
|
|
|
|
|
'add-user',
|
|
|
|
|
'closed-postboxes',
|
|
|
|
|
'hidden-columns',
|
|
|
|
|
'update-welcome-panel',
|
|
|
|
|
'menu-get-metabox',
|
|
|
|
|
'wp-link-ajax',
|
|
|
|
|
'menu-locations-save',
|
|
|
|
|
'menu-quick-search',
|
|
|
|
|
'meta-box-order',
|
|
|
|
|
'get-permalink',
|
|
|
|
|
'sample-permalink',
|
|
|
|
|
'inline-save',
|
|
|
|
|
'inline-save-tax',
|
|
|
|
|
'find_posts',
|
|
|
|
|
'widgets-order',
|
|
|
|
|
'save-widget',
|
|
|
|
|
'delete-inactive-widgets',
|
|
|
|
|
'set-post-thumbnail',
|
|
|
|
|
'date_format',
|
|
|
|
|
'time_format',
|
|
|
|
|
'wp-remove-post-lock',
|
|
|
|
|
'dismiss-wp-pointer',
|
|
|
|
|
'upload-attachment',
|
|
|
|
|
'get-attachment',
|
|
|
|
|
'query-attachments',
|
|
|
|
|
'save-attachment',
|
|
|
|
|
'save-attachment-compat',
|
|
|
|
|
'send-link-to-editor',
|
|
|
|
|
'send-attachment-to-editor',
|
|
|
|
|
'save-attachment-order',
|
2019-09-04 03:11:54 +02:00
|
|
|
'media-create-image-subsizes',
|
2017-12-01 00:11:00 +01:00
|
|
|
'heartbeat',
|
|
|
|
|
'get-revision-diffs',
|
|
|
|
|
'save-user-color-scheme',
|
|
|
|
|
'update-widget',
|
|
|
|
|
'query-themes',
|
|
|
|
|
'parse-embed',
|
|
|
|
|
'set-attachment-thumbnail',
|
|
|
|
|
'parse-media-shortcode',
|
|
|
|
|
'destroy-sessions',
|
|
|
|
|
'install-plugin',
|
|
|
|
|
'update-plugin',
|
|
|
|
|
'crop-image',
|
|
|
|
|
'generate-password',
|
|
|
|
|
'save-wporg-username',
|
|
|
|
|
'delete-plugin',
|
|
|
|
|
'search-plugins',
|
|
|
|
|
'search-install-plugins',
|
|
|
|
|
'activate-plugin',
|
|
|
|
|
'update-theme',
|
|
|
|
|
'delete-theme',
|
|
|
|
|
'install-theme',
|
|
|
|
|
'get-post-thumbnail-html',
|
|
|
|
|
'get-community-events',
|
|
|
|
|
'edit-theme-plugin-file',
|
2018-03-28 21:28:31 +02:00
|
|
|
'wp-privacy-export-personal-data',
|
2018-04-19 00:30:22 +02:00
|
|
|
'wp-privacy-erase-personal-data',
|
Admin: Introduce the Site Health screens.
The Site Health tool serves two purposes:
- Provide site owners with information to improve the performance, reliability, and security of their site.
- Collect comprehensive debug information about the site.
By encouraging site owners to maintain their site and adhere to modern best practices, we ultimately improve the software hygeine of both the WordPress ecosystem, and the open internet as a whole.
Props Clorith, hedgefield, melchoyce, xkon, karmatosed, jordesign, earnjam, ianbelanger, wpscholar, desrosj, pedromendonca, peterbooker, jcastaneda, garyj, soean, pento, timothyblynjacobs, zodiac1978, dgroddick, garrett-eclipse, netweb, tobifjellner, pixolin, afercia, joedolson, birgire.
See #46573.
Built from https://develop.svn.wordpress.org/trunk@44986
git-svn-id: http://core.svn.wordpress.org/trunk@44817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-23 04:55:53 +01:00
|
|
|
'health-check-site-status-result',
|
|
|
|
|
'health-check-dotorg-communication',
|
|
|
|
|
'health-check-is-in-debug-mode',
|
|
|
|
|
'health-check-background-updates',
|
|
|
|
|
'health-check-loopback-requests',
|
2019-04-12 21:24:51 +02:00
|
|
|
'health-check-get-sizes',
|
2012-01-23 20:12:04 +01:00
|
|
|
);
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2015-06-01 19:38:29 +02:00
|
|
|
// Deprecated
|
2017-09-24 16:22:54 +02:00
|
|
|
$core_actions_post_deprecated = array( 'wp-fullscreen-save-post', 'press-this-save-post', 'press-this-add-category' );
|
2017-12-01 00:11:00 +01:00
|
|
|
$core_actions_post = array_merge( $core_actions_post, $core_actions_post_deprecated );
|
2015-06-01 19:38:29 +02:00
|
|
|
|
2012-01-23 20:31:15 +01:00
|
|
|
// Register core Ajax calls.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get ) ) {
|
2012-01-23 20:12:04 +01:00
|
|
|
add_action( 'wp_ajax_' . $_GET['action'], 'wp_ajax_' . str_replace( '-', '_', $_GET['action'] ), 1 );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post ) ) {
|
2012-01-23 20:12:04 +01:00
|
|
|
add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2013-02-25 03:32:22 +01:00
|
|
|
add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 );
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2017-12-01 12:36:50 +01:00
|
|
|
$action = ( isset( $_REQUEST['action'] ) ) ? $_REQUEST['action'] : '';
|
|
|
|
|
|
2013-09-21 07:32:09 +02:00
|
|
|
if ( is_user_logged_in() ) {
|
2017-10-18 23:01:49 +02:00
|
|
|
// If no action is registered, return a Bad Request response.
|
2017-12-01 12:36:50 +01:00
|
|
|
if ( ! has_action( "wp_ajax_{$action}" ) ) {
|
2017-10-18 23:01:49 +02:00
|
|
|
wp_die( '0', 400 );
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-21 07:53:09 +02:00
|
|
|
/**
|
2016-07-10 02:51:30 +02:00
|
|
|
* Fires authenticated Ajax actions for logged-in users.
|
2013-09-21 07:32:09 +02:00
|
|
|
*
|
2017-12-01 12:36:50 +01:00
|
|
|
* The dynamic portion of the hook name, `$action`, refers
|
|
|
|
|
* to the name of the Ajax action callback being fired.
|
2013-09-21 07:53:09 +02:00
|
|
|
*
|
|
|
|
|
* @since 2.1.0
|
|
|
|
|
*/
|
2017-12-01 12:36:50 +01:00
|
|
|
do_action( "wp_ajax_{$action}" );
|
2013-09-21 07:32:09 +02:00
|
|
|
} else {
|
2017-10-18 23:01:49 +02:00
|
|
|
// If no action is registered, return a Bad Request response.
|
2017-12-01 12:36:50 +01:00
|
|
|
if ( ! has_action( "wp_ajax_nopriv_{$action}" ) ) {
|
2017-10-18 23:01:49 +02:00
|
|
|
wp_die( '0', 400 );
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-21 07:53:09 +02:00
|
|
|
/**
|
2016-07-10 02:51:30 +02:00
|
|
|
* Fires non-authenticated Ajax actions for logged-out users.
|
2013-09-21 07:32:09 +02:00
|
|
|
*
|
2017-12-01 12:36:50 +01:00
|
|
|
* The dynamic portion of the hook name, `$action`, refers
|
|
|
|
|
* to the name of the Ajax action callback being fired.
|
2013-09-21 07:32:09 +02:00
|
|
|
*
|
2013-09-21 07:53:09 +02:00
|
|
|
* @since 2.8.0
|
|
|
|
|
*/
|
2017-12-01 12:36:50 +01:00
|
|
|
do_action( "wp_ajax_nopriv_{$action}" );
|
2013-09-21 07:32:09 +02:00
|
|
|
}
|
2012-01-23 20:12:04 +01:00
|
|
|
// Default status
|
2017-10-18 23:01:49 +02:00
|
|
|
wp_die( '0' );
|
