2006-03-29 03:51:55 +02:00
|
|
|
<?php
|
2008-08-11 22:26:31 +02:00
|
|
|
/**
|
2016-07-10 02:51:30 +02:00
|
|
|
* WordPress Ajax Process Execution
|
2008-08-11 22:26:31 +02:00
|
|
|
*
|
|
|
|
* @package WordPress
|
|
|
|
* @subpackage Administration
|
2012-01-23 20:31:15 +01:00
|
|
|
*
|
2015-04-12 23:29:32 +02:00
|
|
|
* @link https://codex.wordpress.org/AJAX_in_Plugins
|
2008-08-11 22:26:31 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
2016-07-10 02:51:30 +02:00
|
|
|
* Executing Ajax process.
|
2008-08-11 22:26:31 +02:00
|
|
|
*
|
2010-09-05 04:45:39 +02:00
|
|
|
* @since 2.1.0
|
2008-08-11 22:26:31 +02:00
|
|
|
*/
|
2012-01-23 20:12:04 +01:00
|
|
|
define( 'DOING_AJAX', true );
|
2014-05-18 22:42:16 +02:00
|
|
|
if ( ! defined( 'WP_ADMIN' ) ) {
|
|
|
|
define( 'WP_ADMIN', true );
|
|
|
|
}
|
2008-01-05 00:34:33 +01:00
|
|
|
|
2012-09-25 17:55:32 +02:00
|
|
|
/** Load WordPress Bootstrap */
|
2020-02-06 07:33:11 +01:00
|
|
|
require_once dirname( __DIR__ ) . '/wp-load.php';
|
2012-09-25 17:55:32 +02:00
|
|
|
|
2016-02-25 13:53:27 +01:00
|
|
|
/** Allow for cross-domain requests (from the front end). */
|
2012-09-25 17:55:32 +02:00
|
|
|
send_origin_headers();
|
|
|
|
|
2019-07-17 03:11:56 +02:00
|
|
|
header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
|
|
|
|
header( 'X-Robots-Tag: noindex' );
|
|
|
|
|
2022-03-02 16:00:11 +01:00
|
|
|
// Require a valid action parameter.
|
|
|
|
if ( empty( $_REQUEST['action'] ) || ! is_scalar( $_REQUEST['action'] ) ) {
|
2017-07-23 02:21:42 +02:00
|
|
|
wp_die( '0', 400 );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2010-02-17 13:26:47 +01:00
|
|
|
|
2012-01-23 20:31:15 +01:00
|
|
|
/** Load WordPress Administration APIs */
|
2020-02-06 07:33:11 +01:00
|
|
|
require_once ABSPATH . 'wp-admin/includes/admin.php';
|
2012-01-23 20:31:15 +01:00
|
|
|
|
|
|
|
/** Load Ajax Handlers for WordPress Core */
|
2020-02-06 07:33:11 +01:00
|
|
|
require_once ABSPATH . 'wp-admin/includes/ajax-actions.php';
|
2010-05-03 22:26:11 +02:00
|
|
|
|
2012-01-23 20:12:04 +01:00
|
|
|
send_nosniff_header();
|
2012-11-27 17:17:53 +01:00
|
|
|
nocache_headers();
|
2011-09-27 22:52:07 +02:00
|
|
|
|
2013-10-25 00:59:20 +02:00
|
|
|
/** This action is documented in wp-admin/admin.php */
|
2012-01-23 20:12:04 +01:00
|
|
|
do_action( 'admin_init' );
|
2011-09-27 22:52:07 +02:00
|
|
|
|
2012-03-15 14:20:00 +01:00
|
|
|
$core_actions_get = array(
|
2017-12-01 00:11:00 +01:00
|
|
|
'fetch-list',
|
|
|
|
'ajax-tag-search',
|
|
|
|
'wp-compression-test',
|
|
|
|
'imgedit-preview',
|
|
|
|
'oembed-cache',
|
|
|
|
'autocomplete-user',
|
|
|
|
'dashboard-widgets',
|
|
|
|
'logged-in',
|
2019-09-23 19:47:56 +02:00
|
|
|
'rest-nonce',
|
2012-03-15 14:20:00 +01:00
|
|
|
);
|
2011-09-27 22:52:07 +02:00
|
|
|
|
2012-01-23 20:12:04 +01:00
|
|
|
$core_actions_post = array(
|
2017-12-01 00:11:00 +01:00
|
|
|
'oembed-cache',
|
|
|
|
'image-editor',
|
|
|
|
'delete-comment',
|
|
|
|
'delete-tag',
|
|
|
|
'delete-link',
|
|
|
|
'delete-meta',
|
|
|
|
'delete-post',
|
|
|
|
'trash-post',
|
|
|
|
'untrash-post',
|
|
|
|
'delete-page',
|
|
|
|
'dim-comment',
|
|
|
|
'add-link-category',
|
|
|
|
'add-tag',
|
|
|
|
'get-tagcloud',
|
|
|
|
'get-comments',
|
|
|
|
'replyto-comment',
|
|
|
|
'edit-comment',
|
|
|
|
'add-menu-item',
|
|
|
|
'add-meta',
|
|
|
|
'add-user',
|
|
|
|
'closed-postboxes',
|
|
|
|
'hidden-columns',
|
|
|
|
'update-welcome-panel',
|
|
|
|
'menu-get-metabox',
|
|
|
|
'wp-link-ajax',
|
|
|
|
'menu-locations-save',
|
|
|
|
'menu-quick-search',
|
|
|
|
'meta-box-order',
|
|
|
|
'get-permalink',
|
|
|
|
'sample-permalink',
|
|
|
|
'inline-save',
|
|
|
|
'inline-save-tax',
|
|
|
|
'find_posts',
|
|
|
|
'widgets-order',
|
|
|
|
'save-widget',
|
|
|
|
'delete-inactive-widgets',
|
|
|
|
'set-post-thumbnail',
|
|
|
|
'date_format',
|
|
|
|
'time_format',
|
|
|
|
'wp-remove-post-lock',
|
|
|
|
'dismiss-wp-pointer',
|
|
|
|
'upload-attachment',
|
|
|
|
'get-attachment',
|
|
|
|
'query-attachments',
|
|
|
|
'save-attachment',
|
|
|
|
'save-attachment-compat',
|
|
|
|
'send-link-to-editor',
|
|
|
|
'send-attachment-to-editor',
|
|
|
|
'save-attachment-order',
|
2019-09-04 03:11:54 +02:00
|
|
|
'media-create-image-subsizes',
|
2017-12-01 00:11:00 +01:00
|
|
|
'heartbeat',
|
|
|
|
'get-revision-diffs',
|
|
|
|
'save-user-color-scheme',
|
|
|
|
'update-widget',
|
|
|
|
'query-themes',
|
|
|
|
'parse-embed',
|
|
|
|
'set-attachment-thumbnail',
|
|
|
|
'parse-media-shortcode',
|
|
|
|
'destroy-sessions',
|
|
|
|
'install-plugin',
|
|
|
|
'update-plugin',
|
|
|
|
'crop-image',
|
|
|
|
'generate-password',
|
|
|
|
'save-wporg-username',
|
|
|
|
'delete-plugin',
|
|
|
|
'search-plugins',
|
|
|
|
'search-install-plugins',
|
|
|
|
'activate-plugin',
|
|
|
|
'update-theme',
|
|
|
|
'delete-theme',
|
|
|
|
'install-theme',
|
|
|
|
'get-post-thumbnail-html',
|
|
|
|
'get-community-events',
|
|
|
|
'edit-theme-plugin-file',
|
2018-03-28 21:28:31 +02:00
|
|
|
'wp-privacy-export-personal-data',
|
2018-04-19 00:30:22 +02:00
|
|
|
'wp-privacy-erase-personal-data',
|
Admin: Introduce the Site Health screens.
The Site Health tool serves two purposes:
- Provide site owners with information to improve the performance, reliability, and security of their site.
- Collect comprehensive debug information about the site.
By encouraging site owners to maintain their site and adhere to modern best practices, we ultimately improve the software hygeine of both the WordPress ecosystem, and the open internet as a whole.
Props Clorith, hedgefield, melchoyce, xkon, karmatosed, jordesign, earnjam, ianbelanger, wpscholar, desrosj, pedromendonca, peterbooker, jcastaneda, garyj, soean, pento, timothyblynjacobs, zodiac1978, dgroddick, garrett-eclipse, netweb, tobifjellner, pixolin, afercia, joedolson, birgire.
See #46573.
Built from https://develop.svn.wordpress.org/trunk@44986
git-svn-id: http://core.svn.wordpress.org/trunk@44817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-23 04:55:53 +01:00
|
|
|
'health-check-site-status-result',
|
|
|
|
'health-check-dotorg-communication',
|
|
|
|
'health-check-is-in-debug-mode',
|
|
|
|
'health-check-background-updates',
|
|
|
|
'health-check-loopback-requests',
|
2019-04-12 21:24:51 +02:00
|
|
|
'health-check-get-sizes',
|
Security: Add user interface to auto-update themes and plugins.
Building on core update mechanisms, this adds the ability to enable automatic updates for themes and plugins to the WordPress admin.
Fixes: #50052.
Props: afercia, afragen, audrasjb, azaozz, bookdude13, davidperonne, desrosj, gmays, gmays, javiercasares, karmatosed, knutsp, mapk, mukesh27, netweb, nicolaskulka, nielsdeblaauw, paaljoachim, passoniate, pbiron, pedromendonca, whodunitagency, whyisjake, wpamitkumar, and xkon.
Built from https://develop.svn.wordpress.org/trunk@47835
git-svn-id: http://core.svn.wordpress.org/trunk@47611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-20 20:49:09 +02:00
|
|
|
'toggle-auto-updates',
|
Users: enable admins to send users a reset password link.
Add a feature so Admins can send users a 'password reset' email. This doesn't change the password or force a password change. It only emails the user the password reset link.
The feature appears in several places:
* A "Send Reset Link" button on user profile screen.
* A "Send password reset" option in the user list bulk action dropdown.
* A "Send password reset" quick action when hovering over a username in the user list.
Props Ipstenu, DrewAPicture, eventualo, wonderboymusic, knutsp, ericlewis, afercia, JoshuaWold, johnbillion, paaljoachim, hedgefield.
Fixes #34281.
Built from https://develop.svn.wordpress.org/trunk@50129
git-svn-id: http://core.svn.wordpress.org/trunk@49808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-01 23:13:03 +01:00
|
|
|
'send-password-reset',
|
2012-01-23 20:12:04 +01:00
|
|
|
);
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Deprecated.
|
2020-10-15 04:00:08 +02:00
|
|
|
$core_actions_post_deprecated = array(
|
|
|
|
'wp-fullscreen-save-post',
|
|
|
|
'press-this-save-post',
|
|
|
|
'press-this-add-category',
|
|
|
|
'health-check-dotorg-communication',
|
|
|
|
'health-check-is-in-debug-mode',
|
|
|
|
'health-check-background-updates',
|
|
|
|
'health-check-loopback-requests',
|
|
|
|
);
|
2017-12-01 00:11:00 +01:00
|
|
|
$core_actions_post = array_merge( $core_actions_post, $core_actions_post_deprecated );
|
2015-06-01 19:38:29 +02:00
|
|
|
|
2012-01-23 20:31:15 +01:00
|
|
|
// Register core Ajax calls.
|
2020-04-05 05:02:11 +02:00
|
|
|
if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get, true ) ) {
|
2012-01-23 20:12:04 +01:00
|
|
|
add_action( 'wp_ajax_' . $_GET['action'], 'wp_ajax_' . str_replace( '-', '_', $_GET['action'] ), 1 );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2020-04-05 05:02:11 +02:00
|
|
|
if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post, true ) ) {
|
2012-01-23 20:12:04 +01:00
|
|
|
add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2011-10-11 01:31:36 +02:00
|
|
|
|
Login and Registration: Improve the UX of the Reset Password screen.
Previously, it was unclear that the displayed password is only being suggested and should be saved by clicking the Reset Password button.
This adds separate Generate Password and Save Password buttons, for clarity.
Props xkon, estelaris, jaymanpandya, hedgefield, audrasjb, erichmond, magicroundabout, lukecavanagh, knutsp, tinodidriksen, nico_martin, markhowellsmead, kara.mcnair, e_baker, pixelverbieger, souri_wpaustria, megabyterose, poena, whyisjake.
Fixes #39638.
Built from https://develop.svn.wordpress.org/trunk@50153
git-svn-id: http://core.svn.wordpress.org/trunk@49832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 19:13:04 +01:00
|
|
|
add_action( 'wp_ajax_nopriv_generate-password', 'wp_ajax_nopriv_generate_password' );
|
|
|
|
|
2013-02-25 03:32:22 +01:00
|
|
|
add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 );
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2022-03-02 16:00:11 +01:00
|
|
|
$action = $_REQUEST['action'];
|
2017-12-01 12:36:50 +01:00
|
|
|
|
2013-09-21 07:32:09 +02:00
|
|
|
if ( is_user_logged_in() ) {
|
2017-10-18 23:01:49 +02:00
|
|
|
// If no action is registered, return a Bad Request response.
|
2017-12-01 12:36:50 +01:00
|
|
|
if ( ! has_action( "wp_ajax_{$action}" ) ) {
|
2017-10-18 23:01:49 +02:00
|
|
|
wp_die( '0', 400 );
|
|
|
|
}
|
|
|
|
|
2013-09-21 07:53:09 +02:00
|
|
|
/**
|
2016-07-10 02:51:30 +02:00
|
|
|
* Fires authenticated Ajax actions for logged-in users.
|
2013-09-21 07:32:09 +02:00
|
|
|
*
|
2017-12-01 12:36:50 +01:00
|
|
|
* The dynamic portion of the hook name, `$action`, refers
|
|
|
|
* to the name of the Ajax action callback being fired.
|
2013-09-21 07:53:09 +02:00
|
|
|
*
|
|
|
|
* @since 2.1.0
|
|
|
|
*/
|
2017-12-01 12:36:50 +01:00
|
|
|
do_action( "wp_ajax_{$action}" );
|
2013-09-21 07:32:09 +02:00
|
|
|
} else {
|
2017-10-18 23:01:49 +02:00
|
|
|
// If no action is registered, return a Bad Request response.
|
2017-12-01 12:36:50 +01:00
|
|
|
if ( ! has_action( "wp_ajax_nopriv_{$action}" ) ) {
|
2017-10-18 23:01:49 +02:00
|
|
|
wp_die( '0', 400 );
|
|
|
|
}
|
|
|
|
|
2013-09-21 07:53:09 +02:00
|
|
|
/**
|
2016-07-10 02:51:30 +02:00
|
|
|
* Fires non-authenticated Ajax actions for logged-out users.
|
2013-09-21 07:32:09 +02:00
|
|
|
*
|
2017-12-01 12:36:50 +01:00
|
|
|
* The dynamic portion of the hook name, `$action`, refers
|
|
|
|
* to the name of the Ajax action callback being fired.
|
2013-09-21 07:32:09 +02:00
|
|
|
*
|
2013-09-21 07:53:09 +02:00
|
|
|
* @since 2.8.0
|
|
|
|
*/
|
2017-12-01 12:36:50 +01:00
|
|
|
do_action( "wp_ajax_nopriv_{$action}" );
|
2013-09-21 07:32:09 +02:00
|
|
|
}
|
2022-03-02 16:00:11 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Default status.
|
2017-10-18 23:01:49 +02:00
|
|
|
wp_die( '0' );
|