2006-03-29 03:51:55 +02:00
|
|
|
<?php
|
2008-08-11 22:26:31 +02:00
|
|
|
/**
|
2016-07-10 02:51:30 +02:00
|
|
|
* WordPress Ajax Process Execution
|
2008-08-11 22:26:31 +02:00
|
|
|
*
|
|
|
|
* @package WordPress
|
|
|
|
* @subpackage Administration
|
2012-01-23 20:31:15 +01:00
|
|
|
*
|
2015-04-12 23:29:32 +02:00
|
|
|
* @link https://codex.wordpress.org/AJAX_in_Plugins
|
2008-08-11 22:26:31 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
2016-07-10 02:51:30 +02:00
|
|
|
* Executing Ajax process.
|
2008-08-11 22:26:31 +02:00
|
|
|
*
|
2010-09-05 04:45:39 +02:00
|
|
|
* @since 2.1.0
|
2008-08-11 22:26:31 +02:00
|
|
|
*/
|
2012-01-23 20:12:04 +01:00
|
|
|
define( 'DOING_AJAX', true );
|
2014-05-18 22:42:16 +02:00
|
|
|
if ( ! defined( 'WP_ADMIN' ) ) {
|
|
|
|
define( 'WP_ADMIN', true );
|
|
|
|
}
|
2008-01-05 00:34:33 +01:00
|
|
|
|
2012-09-25 17:55:32 +02:00
|
|
|
/** Load WordPress Bootstrap */
|
2020-02-06 07:33:11 +01:00
|
|
|
require_once dirname( __DIR__ ) . '/wp-load.php';
|
2012-09-25 17:55:32 +02:00
|
|
|
|
2016-02-25 13:53:27 +01:00
|
|
|
/** Allow for cross-domain requests (from the front end). */
|
2012-09-25 17:55:32 +02:00
|
|
|
send_origin_headers();
|
|
|
|
|
2019-07-17 03:11:56 +02:00
|
|
|
header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
|
|
|
|
header( 'X-Robots-Tag: noindex' );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Require an action parameter.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( empty( $_REQUEST['action'] ) ) {
|
2017-07-23 02:21:42 +02:00
|
|
|
wp_die( '0', 400 );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2010-02-17 13:26:47 +01:00
|
|
|
|
2012-01-23 20:31:15 +01:00
|
|
|
/** Load WordPress Administration APIs */
|
2020-02-06 07:33:11 +01:00
|
|
|
require_once ABSPATH . 'wp-admin/includes/admin.php';
|
2012-01-23 20:31:15 +01:00
|
|
|
|
|
|
|
/** Load Ajax Handlers for WordPress Core */
|
2020-02-06 07:33:11 +01:00
|
|
|
require_once ABSPATH . 'wp-admin/includes/ajax-actions.php';
|
2010-05-03 22:26:11 +02:00
|
|
|
|
2012-01-23 20:12:04 +01:00
|
|
|
send_nosniff_header();
|
2012-11-27 17:17:53 +01:00
|
|
|
nocache_headers();
|
2011-09-27 22:52:07 +02:00
|
|
|
|
2013-10-25 00:59:20 +02:00
|
|
|
/** This action is documented in wp-admin/admin.php */
|
2012-01-23 20:12:04 +01:00
|
|
|
do_action( 'admin_init' );
|
2011-09-27 22:52:07 +02:00
|
|
|
|
2012-03-15 14:20:00 +01:00
|
|
|
$core_actions_get = array(
|
2017-12-01 00:11:00 +01:00
|
|
|
'fetch-list',
|
|
|
|
'ajax-tag-search',
|
|
|
|
'wp-compression-test',
|
|
|
|
'imgedit-preview',
|
|
|
|
'oembed-cache',
|
|
|
|
'autocomplete-user',
|
|
|
|
'dashboard-widgets',
|
|
|
|
'logged-in',
|
2019-09-23 19:47:56 +02:00
|
|
|
'rest-nonce',
|
2012-03-15 14:20:00 +01:00
|
|
|
);
|
2011-09-27 22:52:07 +02:00
|
|
|
|
2012-01-23 20:12:04 +01:00
|
|
|
$core_actions_post = array(
|
2017-12-01 00:11:00 +01:00
|
|
|
'oembed-cache',
|
|
|
|
'image-editor',
|
|
|
|
'delete-comment',
|
|
|
|
'delete-tag',
|
|
|
|
'delete-link',
|
|
|
|
'delete-meta',
|
|
|
|
'delete-post',
|
|
|
|
'trash-post',
|
|
|
|
'untrash-post',
|
|
|
|
'delete-page',
|
|
|
|
'dim-comment',
|
|
|
|
'add-link-category',
|
|
|
|
'add-tag',
|
|
|
|
'get-tagcloud',
|
|
|
|
'get-comments',
|
|
|
|
'replyto-comment',
|
|
|
|
'edit-comment',
|
|
|
|
'add-menu-item',
|
|
|
|
'add-meta',
|
|
|
|
'add-user',
|
|
|
|
'closed-postboxes',
|
|
|
|
'hidden-columns',
|
|
|
|
'update-welcome-panel',
|
|
|
|
'menu-get-metabox',
|
|
|
|
'wp-link-ajax',
|
|
|
|
'menu-locations-save',
|
|
|
|
'menu-quick-search',
|
|
|
|
'meta-box-order',
|
|
|
|
'get-permalink',
|
|
|
|
'sample-permalink',
|
|
|
|
'inline-save',
|
|
|
|
'inline-save-tax',
|
|
|
|
'find_posts',
|
|
|
|
'widgets-order',
|
|
|
|
'save-widget',
|
|
|
|
'delete-inactive-widgets',
|
|
|
|
'set-post-thumbnail',
|
|
|
|
'date_format',
|
|
|
|
'time_format',
|
|
|
|
'wp-remove-post-lock',
|
|
|
|
'dismiss-wp-pointer',
|
|
|
|
'upload-attachment',
|
|
|
|
'get-attachment',
|
|
|
|
'query-attachments',
|
|
|
|
'save-attachment',
|
|
|
|
'save-attachment-compat',
|
|
|
|
'send-link-to-editor',
|
|
|
|
'send-attachment-to-editor',
|
|
|
|
'save-attachment-order',
|
2019-09-04 03:11:54 +02:00
|
|
|
'media-create-image-subsizes',
|
2017-12-01 00:11:00 +01:00
|
|
|
'heartbeat',
|
|
|
|
'get-revision-diffs',
|
|
|
|
'save-user-color-scheme',
|
|
|
|
'update-widget',
|
|
|
|
'query-themes',
|
|
|
|
'parse-embed',
|
|
|
|
'set-attachment-thumbnail',
|
|
|
|
'parse-media-shortcode',
|
|
|
|
'destroy-sessions',
|
|
|
|
'install-plugin',
|
|
|
|
'update-plugin',
|
|
|
|
'crop-image',
|
|
|
|
'generate-password',
|
|
|
|
'save-wporg-username',
|
|
|
|
'delete-plugin',
|
|
|
|
'search-plugins',
|
|
|
|
'search-install-plugins',
|
|
|
|
'activate-plugin',
|
|
|
|
'update-theme',
|
|
|
|
'delete-theme',
|
|
|
|
'install-theme',
|
|
|
|
'get-post-thumbnail-html',
|
|
|
|
'get-community-events',
|
|
|
|
'edit-theme-plugin-file',
|
2018-03-28 21:28:31 +02:00
|
|
|
'wp-privacy-export-personal-data',
|
2018-04-19 00:30:22 +02:00
|
|
|
'wp-privacy-erase-personal-data',
|
Admin: Introduce the Site Health screens.
The Site Health tool serves two purposes:
- Provide site owners with information to improve the performance, reliability, and security of their site.
- Collect comprehensive debug information about the site.
By encouraging site owners to maintain their site and adhere to modern best practices, we ultimately improve the software hygeine of both the WordPress ecosystem, and the open internet as a whole.
Props Clorith, hedgefield, melchoyce, xkon, karmatosed, jordesign, earnjam, ianbelanger, wpscholar, desrosj, pedromendonca, peterbooker, jcastaneda, garyj, soean, pento, timothyblynjacobs, zodiac1978, dgroddick, garrett-eclipse, netweb, tobifjellner, pixolin, afercia, joedolson, birgire.
See #46573.
Built from https://develop.svn.wordpress.org/trunk@44986
git-svn-id: http://core.svn.wordpress.org/trunk@44817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-23 04:55:53 +01:00
|
|
|
'health-check-site-status-result',
|
|
|
|
'health-check-dotorg-communication',
|
|
|
|
'health-check-is-in-debug-mode',
|
|
|
|
'health-check-background-updates',
|
|
|
|
'health-check-loopback-requests',
|
2019-04-12 21:24:51 +02:00
|
|
|
'health-check-get-sizes',
|
Security: Add user interface to auto-update themes and plugins.
Building on core update mechanisms, this adds the ability to enable automatic updates for themes and plugins to the WordPress admin.
Fixes: #50052.
Props: afercia, afragen, audrasjb, azaozz, bookdude13, davidperonne, desrosj, gmays, gmays, javiercasares, karmatosed, knutsp, mapk, mukesh27, netweb, nicolaskulka, nielsdeblaauw, paaljoachim, passoniate, pbiron, pedromendonca, whodunitagency, whyisjake, wpamitkumar, and xkon.
Built from https://develop.svn.wordpress.org/trunk@47835
git-svn-id: http://core.svn.wordpress.org/trunk@47611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-20 20:49:09 +02:00
|
|
|
'toggle-auto-updates',
|
2012-01-23 20:12:04 +01:00
|
|
|
);
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Deprecated.
|
2017-09-24 16:22:54 +02:00
|
|
|
$core_actions_post_deprecated = array( 'wp-fullscreen-save-post', 'press-this-save-post', 'press-this-add-category' );
|
2017-12-01 00:11:00 +01:00
|
|
|
$core_actions_post = array_merge( $core_actions_post, $core_actions_post_deprecated );
|
2015-06-01 19:38:29 +02:00
|
|
|
|
2012-01-23 20:31:15 +01:00
|
|
|
// Register core Ajax calls.
|
2020-04-05 05:02:11 +02:00
|
|
|
if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get, true ) ) {
|
2012-01-23 20:12:04 +01:00
|
|
|
add_action( 'wp_ajax_' . $_GET['action'], 'wp_ajax_' . str_replace( '-', '_', $_GET['action'] ), 1 );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2020-04-05 05:02:11 +02:00
|
|
|
if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post, true ) ) {
|
2012-01-23 20:12:04 +01:00
|
|
|
add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2013-02-25 03:32:22 +01:00
|
|
|
add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 );
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2017-12-01 12:36:50 +01:00
|
|
|
$action = ( isset( $_REQUEST['action'] ) ) ? $_REQUEST['action'] : '';
|
|
|
|
|
2013-09-21 07:32:09 +02:00
|
|
|
if ( is_user_logged_in() ) {
|
2017-10-18 23:01:49 +02:00
|
|
|
// If no action is registered, return a Bad Request response.
|
2017-12-01 12:36:50 +01:00
|
|
|
if ( ! has_action( "wp_ajax_{$action}" ) ) {
|
2017-10-18 23:01:49 +02:00
|
|
|
wp_die( '0', 400 );
|
|
|
|
}
|
|
|
|
|
2013-09-21 07:53:09 +02:00
|
|
|
/**
|
2016-07-10 02:51:30 +02:00
|
|
|
* Fires authenticated Ajax actions for logged-in users.
|
2013-09-21 07:32:09 +02:00
|
|
|
*
|
2017-12-01 12:36:50 +01:00
|
|
|
* The dynamic portion of the hook name, `$action`, refers
|
|
|
|
* to the name of the Ajax action callback being fired.
|
2013-09-21 07:53:09 +02:00
|
|
|
*
|
|
|
|
* @since 2.1.0
|
|
|
|
*/
|
2017-12-01 12:36:50 +01:00
|
|
|
do_action( "wp_ajax_{$action}" );
|
2013-09-21 07:32:09 +02:00
|
|
|
} else {
|
2017-10-18 23:01:49 +02:00
|
|
|
// If no action is registered, return a Bad Request response.
|
2017-12-01 12:36:50 +01:00
|
|
|
if ( ! has_action( "wp_ajax_nopriv_{$action}" ) ) {
|
2017-10-18 23:01:49 +02:00
|
|
|
wp_die( '0', 400 );
|
|
|
|
}
|
|
|
|
|
2013-09-21 07:53:09 +02:00
|
|
|
/**
|
2016-07-10 02:51:30 +02:00
|
|
|
* Fires non-authenticated Ajax actions for logged-out users.
|
2013-09-21 07:32:09 +02:00
|
|
|
*
|
2017-12-01 12:36:50 +01:00
|
|
|
* The dynamic portion of the hook name, `$action`, refers
|
|
|
|
* to the name of the Ajax action callback being fired.
|
2013-09-21 07:32:09 +02:00
|
|
|
*
|
2013-09-21 07:53:09 +02:00
|
|
|
* @since 2.8.0
|
|
|
|
*/
|
2017-12-01 12:36:50 +01:00
|
|
|
do_action( "wp_ajax_nopriv_{$action}" );
|
2013-09-21 07:32:09 +02:00
|
|
|
}
|
2020-01-29 01:45:18 +01:00
|
|
|
// Default status.
|
2017-10-18 23:01:49 +02:00
|
|
|
wp_die( '0' );
|