WordPress/wp-admin/admin-post.php

<?php
/**
 * WordPress Generic Request (POST/GET) Handler
 *
 * Intended for form submission handling in themes and plugins.
 *
 * @package WordPress
 * @subpackage Administration
 */

/** We are located in WordPress Administration Screens */
if ( ! defined( 'WP_ADMIN' ) ) {
	define( 'WP_ADMIN', true );
}

if ( defined('ABSPATH') )
	require_once(ABSPATH . 'wp-load.php');
else
	require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );

/** Allow for cross-domain requests (from the frontend). */
send_origin_headers();

require_once(ABSPATH . 'wp-admin/includes/admin.php');

nocache_headers();

/** This action is documented in wp-admin/admin.php */
do_action( 'admin_init' );

$action = empty( $_REQUEST['action'] ) ? '' : $_REQUEST['action'];

if ( ! wp_validate_auth_cookie() ) {
	if ( empty( $action ) ) {
		/**
		 * Fires on a non-authenticated admin post request where no action was supplied.
		 *
		 * @since 2.6.0
		 */
		do_action( 'admin_post_nopriv' );
	} else {
		/**
		 * Fires on a non-authenticated admin post request for the given action.
		 *
		 * The dynamic portion of the hook name, $action, refers to the given
		 * request action.
		 *
		 * @since 2.6.0
		 */
		do_action( "admin_post_nopriv_{$action}" );
	}
} else {
	if ( empty( $action ) ) {
		/**
		 * Fires on an authenticated admin post request where no action was supplied.
		 *
		 * @since 2.6.0
		 */
		do_action( 'admin_post' );
	} else {
		/**
		 * Fires on an authenticated admin post request for the given action.
		 *
		 * The dynamic portion of the hook name, $action, refers to the given
		 * request action.
		 *
		 * @since 2.6.0
		 */
		do_action( "admin_post_{$action}" );
	}
}
Generic POST handler. see #7283 git-svn-id: http://svn.automattic.com/wordpress/trunk@8315 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2008-07-11 22:24:35 +02:00			`<?php`
WP-Admin File Level Inline Documentation from santosj. see #7496 git-svn-id: http://svn.automattic.com/wordpress/trunk@8618 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2008-08-11 22:26:31 +02:00			`/**`
Improve file header and description in wp-admin/admin-post.php. Props ericlewis. Fixes #25362. Built from https://develop.svn.wordpress.org/trunk@25561 git-svn-id: http://core.svn.wordpress.org/trunk@25479 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-09-22 07:18:09 +02:00			`* WordPress Generic Request (POST/GET) Handler`
			`*`
			`* Intended for form submission handling in themes and plugins.`
WP-Admin File Level Inline Documentation from santosj. see #7496 git-svn-id: http://svn.automattic.com/wordpress/trunk@8618 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2008-08-11 22:26:31 +02:00			`*`
			`* @package WordPress`
			`* @subpackage Administration`
			`*/`

Switch from Panel/SubPanel to Screen in inline documentation and Codex links. props michaelh, fixes #17265. git-svn-id: http://svn.automattic.com/wordpress/trunk@17748 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2011-04-28 17:24:49 +02:00			`/** We are located in WordPress Administration Screens */`
Because the `WP_ADMIN` constant name can be bound in multiple files, all instances should check `! defined` first. `wp-admin/admin.php` already has this check. See #27881. Built from https://develop.svn.wordpress.org/trunk@28478 git-svn-id: http://core.svn.wordpress.org/trunk@28305 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2014-05-18 22:42:16 +02:00			`if ( ! defined( 'WP_ADMIN' ) ) {`
			`define( 'WP_ADMIN', true );`
			`}`
Generic POST handler. see #7283 git-svn-id: http://svn.automattic.com/wordpress/trunk@8315 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2008-07-11 22:24:35 +02:00
			`if ( defined('ABSPATH') )`
			`require_once(ABSPATH . 'wp-load.php');`
			`else`
Don't rely on include_path to include files. Always use dirname() or, once available, ABSPATH. props ketwaroo, hakre. fixes #17092. Built from https://develop.svn.wordpress.org/trunk@25616 git-svn-id: http://core.svn.wordpress.org/trunk@25533 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-09-25 02:18:11 +02:00			`require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );`
Generic POST handler. see #7283 git-svn-id: http://svn.automattic.com/wordpress/trunk@8315 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2008-07-11 22:24:35 +02:00
send_origin_headers() in admin-post.php. props nickdaugherty, fixes #24600. Built from https://develop.svn.wordpress.org/trunk@25036 git-svn-id: http://core.svn.wordpress.org/trunk@25023 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-08-16 21:59:08 +02:00			`/** Allow for cross-domain requests (from the frontend). */`
			`send_origin_headers();`

Generic POST handler. see #7283 git-svn-id: http://svn.automattic.com/wordpress/trunk@8315 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2008-07-11 22:24:35 +02:00			`require_once(ABSPATH . 'wp-admin/includes/admin.php');`

			`nocache_headers();`

Spell out duplicate hook locations. props DrewAPicture. fixes #25658. Built from https://develop.svn.wordpress.org/trunk@25868 git-svn-id: http://core.svn.wordpress.org/trunk@25868 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-10-25 00:59:20 +02:00			`/** This action is documented in wp-admin/admin.php */`
Inline documentation for hooks in wp-admin/admin-post.php. Props ericlewis, kpdesign. Fixes #25361. Built from https://develop.svn.wordpress.org/trunk@25589 git-svn-id: http://core.svn.wordpress.org/trunk@25506 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-09-24 01:48:09 +02:00			`do_action( 'admin_init' );`
Generic POST handler. see #7283 git-svn-id: http://svn.automattic.com/wordpress/trunk@8315 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2008-07-11 22:24:35 +02:00
Properly split and document the `admin_post` actions into the following four hooks: `admin_post_nopriv` – for logged-out requests lacking a supplied action * `admin_post_nopriv_$action – for logged-out requests with a supplied action * `admin_post` – for logged-in requests lacking a supplied action * `admin_post_$action` – for logged-in requests with a supplied action See [28349], [28350], [28351]. See #26869. Built from https://develop.svn.wordpress.org/trunk@28394 git-svn-id: http://core.svn.wordpress.org/trunk@28222 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2014-05-13 09:24:15 +02:00			`$action = empty( $_REQUEST['action'] ) ? '' : $_REQUEST['action'];`
Revert [28349] in favor of retaining the single dynamic `admin_post*` hook. See #26869. Built from https://develop.svn.wordpress.org/trunk@28350 git-svn-id: http://core.svn.wordpress.org/trunk@28178 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2014-05-08 12:47:15 +02:00
Properly split and document the `admin_post` actions into the following four hooks: `admin_post_nopriv` – for logged-out requests lacking a supplied action * `admin_post_nopriv_$action – for logged-out requests with a supplied action * `admin_post` – for logged-in requests lacking a supplied action * `admin_post_$action` – for logged-in requests with a supplied action See [28349], [28350], [28351]. See #26869. Built from https://develop.svn.wordpress.org/trunk@28394 git-svn-id: http://core.svn.wordpress.org/trunk@28222 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2014-05-13 09:24:15 +02:00			`if ( ! wp_validate_auth_cookie() ) {`
			`if ( empty( $action ) ) {`
			`/**`
			`* Fires on a non-authenticated admin post request where no action was supplied.`
			`*`
			`* @since 2.6.0`
			`*/`
			`do_action( 'admin_post_nopriv' );`
			`} else {`
			`/**`
			`* Fires on a non-authenticated admin post request for the given action.`
			`*`
			`* The dynamic portion of the hook name, $action, refers to the given`
			`* request action.`
			`*`
			`* @since 2.6.0`
			`*/`
			`do_action( "admin_post_nopriv_{$action}" );`
			`}`
			`} else {`
			`if ( empty( $action ) ) {`
			`/**`
			`* Fires on an authenticated admin post request where no action was supplied.`
			`*`
			`* @since 2.6.0`
			`*/`
			`do_action( 'admin_post' );`
			`} else {`
			`/**`
			`* Fires on an authenticated admin post request for the given action.`
			`*`
			`* The dynamic portion of the hook name, $action, refers to the given`
			`* request action.`
			`*`
			`* @since 2.6.0`
			`*/`
			`do_action( "admin_post_{$action}" );`
			`}`
			`}`