2006-03-29 03:51:55 +02:00
|
|
|
<?php
|
2008-08-11 22:26:31 +02:00
|
|
|
/**
|
2016-07-10 02:51:30 +02:00
|
|
|
* WordPress Ajax Process Execution
|
2008-08-11 22:26:31 +02:00
|
|
|
*
|
|
|
|
* @package WordPress
|
|
|
|
* @subpackage Administration
|
2012-01-23 20:31:15 +01:00
|
|
|
*
|
2015-04-12 23:29:32 +02:00
|
|
|
* @link https://codex.wordpress.org/AJAX_in_Plugins
|
2008-08-11 22:26:31 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
2016-07-10 02:51:30 +02:00
|
|
|
* Executing Ajax process.
|
2008-08-11 22:26:31 +02:00
|
|
|
*
|
2010-09-05 04:45:39 +02:00
|
|
|
* @since 2.1.0
|
2008-08-11 22:26:31 +02:00
|
|
|
*/
|
2012-01-23 20:12:04 +01:00
|
|
|
define( 'DOING_AJAX', true );
|
2014-05-18 22:42:16 +02:00
|
|
|
if ( ! defined( 'WP_ADMIN' ) ) {
|
|
|
|
define( 'WP_ADMIN', true );
|
|
|
|
}
|
2008-01-05 00:34:33 +01:00
|
|
|
|
2012-09-25 17:55:32 +02:00
|
|
|
/** Load WordPress Bootstrap */
|
|
|
|
require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
|
|
|
|
|
2016-02-25 13:53:27 +01:00
|
|
|
/** Allow for cross-domain requests (from the front end). */
|
2012-09-25 17:55:32 +02:00
|
|
|
send_origin_headers();
|
|
|
|
|
2012-01-23 20:12:04 +01:00
|
|
|
// Require an action parameter
|
|
|
|
if ( empty( $_REQUEST['action'] ) )
|
2017-07-23 02:21:42 +02:00
|
|
|
wp_die( '0', 400 );
|
2010-02-17 13:26:47 +01:00
|
|
|
|
2012-01-23 20:31:15 +01:00
|
|
|
/** Load WordPress Administration APIs */
|
|
|
|
require_once( ABSPATH . 'wp-admin/includes/admin.php' );
|
|
|
|
|
|
|
|
/** Load Ajax Handlers for WordPress Core */
|
|
|
|
require_once( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
|
2010-05-03 22:26:11 +02:00
|
|
|
|
2012-01-23 20:12:04 +01:00
|
|
|
@header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
|
2012-03-25 14:53:17 +02:00
|
|
|
@header( 'X-Robots-Tag: noindex' );
|
|
|
|
|
2012-01-23 20:12:04 +01:00
|
|
|
send_nosniff_header();
|
2012-11-27 17:17:53 +01:00
|
|
|
nocache_headers();
|
2011-09-27 22:52:07 +02:00
|
|
|
|
2013-10-25 00:59:20 +02:00
|
|
|
/** This action is documented in wp-admin/admin.php */
|
2012-01-23 20:12:04 +01:00
|
|
|
do_action( 'admin_init' );
|
2011-09-27 22:52:07 +02:00
|
|
|
|
2012-03-15 14:20:00 +01:00
|
|
|
$core_actions_get = array(
|
|
|
|
'fetch-list', 'ajax-tag-search', 'wp-compression-test', 'imgedit-preview', 'oembed-cache',
|
2013-06-26 23:06:50 +02:00
|
|
|
'autocomplete-user', 'dashboard-widgets', 'logged-in',
|
2012-03-15 14:20:00 +01:00
|
|
|
);
|
2011-09-27 22:52:07 +02:00
|
|
|
|
2012-01-23 20:12:04 +01:00
|
|
|
$core_actions_post = array(
|
2012-02-14 11:01:00 +01:00
|
|
|
'oembed-cache', 'image-editor', 'delete-comment', 'delete-tag', 'delete-link',
|
2012-01-23 20:12:04 +01:00
|
|
|
'delete-meta', 'delete-post', 'trash-post', 'untrash-post', 'delete-page', 'dim-comment',
|
|
|
|
'add-link-category', 'add-tag', 'get-tagcloud', 'get-comments', 'replyto-comment',
|
2014-01-22 05:56:16 +01:00
|
|
|
'edit-comment', 'add-menu-item', 'add-meta', 'add-user', 'closed-postboxes',
|
2012-01-23 20:12:04 +01:00
|
|
|
'hidden-columns', 'update-welcome-panel', 'menu-get-metabox', 'wp-link-ajax',
|
|
|
|
'menu-locations-save', 'menu-quick-search', 'meta-box-order', 'get-permalink',
|
|
|
|
'sample-permalink', 'inline-save', 'inline-save-tax', 'find_posts', 'widgets-order',
|
2015-10-21 07:23:26 +02:00
|
|
|
'save-widget', 'delete-inactive-widgets', 'set-post-thumbnail', 'date_format', 'time_format',
|
2012-10-11 01:32:48 +02:00
|
|
|
'wp-remove-post-lock', 'dismiss-wp-pointer', 'upload-attachment', 'get-attachment',
|
2012-11-21 17:02:20 +01:00
|
|
|
'query-attachments', 'save-attachment', 'save-attachment-compat', 'send-link-to-editor',
|
2013-06-26 23:06:50 +02:00
|
|
|
'send-attachment-to-editor', 'save-attachment-order', 'heartbeat', 'get-revision-diffs',
|
2014-07-16 00:08:14 +02:00
|
|
|
'save-user-color-scheme', 'update-widget', 'query-themes', 'parse-embed', 'set-attachment-thumbnail',
|
2017-09-24 16:22:54 +02:00
|
|
|
'parse-media-shortcode', 'destroy-sessions', 'install-plugin', 'update-plugin', 'crop-image',
|
|
|
|
'generate-password', 'save-wporg-username', 'delete-plugin', 'search-plugins',
|
|
|
|
'search-install-plugins', 'activate-plugin', 'update-theme', 'delete-theme', 'install-theme',
|
File Editors: Introduce sandboxed live editing of PHP files with rollbacks for both themes and plugins.
* Edits to active plugins which cause PHP fatal errors will no longer auto-deactivate the plugin. Supersedes #39766.
* Introduce sandboxed PHP file edits for active themes, preventing accidental whitescreening of a user's site when introducing a fatal error.
* After writing a change to a PHP file for an active theme or plugin, perform loopback requests on the file editor admin screens and the homepage to check for fatal errors. If a fatal error is encountered, roll back the edited file and display the error to the user to fix and try again.
* Introduce a secure way to scrape PHP fatal errors from a site via `wp_start_scraping_edited_file_errors()` and `wp_finalize_scraping_edited_file_errors()`.
* Moves file modifications from `theme-editor.php` and `plugin-editor.php` to common `wp_edit_theme_plugin_file()` function.
* Refactor themes and plugin editors to submit file changes via Ajax instead of doing full page refreshes when JS is available.
* Use `get` method for theme/plugin dropdowns.
* Improve styling of plugin editors, including width of plugin/theme dropdowns.
* Improve notices API for theme/plugin editor JS component.
* Strip common base directory from plugin file list. See #24048.
* Factor out functions to list editable file types in `wp_get_theme_file_editable_extensions()` and `wp_get_plugin_file_editable_extensions()`.
* Scroll to line in editor that has linting error when attempting to save. See #41886.
* Add checkbox to dismiss lint errors to proceed with saving. See #41887.
* Only style the Update File button as disabled instead of actually disabling it for accessibility reasons.
* Ensure that value from CodeMirror is used instead of `textarea` when CodeMirror is present.
* Add "Are you sure?" check when leaving editor when there are unsaved changes.
Supersedes [41560].
See #39766, #24048, #41886.
Props westonruter, Clorith, melchoyce, johnbillion, jjj, jdgrimes, azaozz.
Fixes #21622, #41887.
Built from https://develop.svn.wordpress.org/trunk@41721
git-svn-id: http://core.svn.wordpress.org/trunk@41555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 02:20:45 +02:00
|
|
|
'get-post-thumbnail-html', 'get-community-events', 'edit-theme-plugin-file',
|
2012-01-23 20:12:04 +01:00
|
|
|
);
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2015-06-01 19:38:29 +02:00
|
|
|
// Deprecated
|
2017-09-24 16:22:54 +02:00
|
|
|
$core_actions_post_deprecated = array( 'wp-fullscreen-save-post', 'press-this-save-post', 'press-this-add-category' );
|
|
|
|
$core_actions_post = array_merge( $core_actions_post, $core_actions_post_deprecated );
|
2015-06-01 19:38:29 +02:00
|
|
|
|
2012-01-23 20:31:15 +01:00
|
|
|
// Register core Ajax calls.
|
2012-01-23 20:12:04 +01:00
|
|
|
if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get ) )
|
|
|
|
add_action( 'wp_ajax_' . $_GET['action'], 'wp_ajax_' . str_replace( '-', '_', $_GET['action'] ), 1 );
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2012-01-23 20:12:04 +01:00
|
|
|
if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post ) )
|
|
|
|
add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 );
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2013-02-25 03:32:22 +01:00
|
|
|
add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 );
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2013-09-21 07:32:09 +02:00
|
|
|
if ( is_user_logged_in() ) {
|
2013-09-21 07:53:09 +02:00
|
|
|
/**
|
2016-07-10 02:51:30 +02:00
|
|
|
* Fires authenticated Ajax actions for logged-in users.
|
2013-09-21 07:32:09 +02:00
|
|
|
*
|
2014-11-30 12:42:24 +01:00
|
|
|
* The dynamic portion of the hook name, `$_REQUEST['action']`,
|
2016-07-10 02:51:30 +02:00
|
|
|
* refers to the name of the Ajax action callback being fired.
|
2013-09-21 07:53:09 +02:00
|
|
|
*
|
|
|
|
* @since 2.1.0
|
|
|
|
*/
|
|
|
|
do_action( 'wp_ajax_' . $_REQUEST['action'] );
|
2013-09-21 07:32:09 +02:00
|
|
|
} else {
|
2013-09-21 07:53:09 +02:00
|
|
|
/**
|
2016-07-10 02:51:30 +02:00
|
|
|
* Fires non-authenticated Ajax actions for logged-out users.
|
2013-09-21 07:32:09 +02:00
|
|
|
*
|
2014-11-30 12:42:24 +01:00
|
|
|
* The dynamic portion of the hook name, `$_REQUEST['action']`,
|
2016-07-10 02:51:30 +02:00
|
|
|
* refers to the name of the Ajax action callback being fired.
|
2013-09-21 07:32:09 +02:00
|
|
|
*
|
2013-09-21 07:53:09 +02:00
|
|
|
* @since 2.8.0
|
|
|
|
*/
|
|
|
|
do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
|
2013-09-21 07:32:09 +02:00
|
|
|
}
|
2012-01-23 20:12:04 +01:00
|
|
|
// Default status
|
2017-07-23 02:21:42 +02:00
|
|
|
wp_die( '0', 400 );
|