mirror of
https://github.com/WordPress/WordPress.git
synced 2024-06-30 16:55:02 +02:00
aaf99e6913
WordPress' code just... wasn't. This is now dealt with. Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS. Fixes #41057. Built from https://develop.svn.wordpress.org/trunk@42343 git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
182 lines
4.3 KiB
PHP
182 lines
4.3 KiB
PHP
<?php
|
|
/**
|
|
* WordPress Ajax Process Execution
|
|
*
|
|
* @package WordPress
|
|
* @subpackage Administration
|
|
*
|
|
* @link https://codex.wordpress.org/AJAX_in_Plugins
|
|
*/
|
|
|
|
/**
|
|
* Executing Ajax process.
|
|
*
|
|
* @since 2.1.0
|
|
*/
|
|
define( 'DOING_AJAX', true );
|
|
if ( ! defined( 'WP_ADMIN' ) ) {
|
|
define( 'WP_ADMIN', true );
|
|
}
|
|
|
|
/** Load WordPress Bootstrap */
|
|
require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
|
|
|
|
/** Allow for cross-domain requests (from the front end). */
|
|
send_origin_headers();
|
|
|
|
// Require an action parameter
|
|
if ( empty( $_REQUEST['action'] ) ) {
|
|
wp_die( '0', 400 );
|
|
}
|
|
|
|
/** Load WordPress Administration APIs */
|
|
require_once( ABSPATH . 'wp-admin/includes/admin.php' );
|
|
|
|
/** Load Ajax Handlers for WordPress Core */
|
|
require_once( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
|
|
|
|
@header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
|
|
@header( 'X-Robots-Tag: noindex' );
|
|
|
|
send_nosniff_header();
|
|
nocache_headers();
|
|
|
|
/** This action is documented in wp-admin/admin.php */
|
|
do_action( 'admin_init' );
|
|
|
|
$core_actions_get = array(
|
|
'fetch-list',
|
|
'ajax-tag-search',
|
|
'wp-compression-test',
|
|
'imgedit-preview',
|
|
'oembed-cache',
|
|
'autocomplete-user',
|
|
'dashboard-widgets',
|
|
'logged-in',
|
|
);
|
|
|
|
$core_actions_post = array(
|
|
'oembed-cache',
|
|
'image-editor',
|
|
'delete-comment',
|
|
'delete-tag',
|
|
'delete-link',
|
|
'delete-meta',
|
|
'delete-post',
|
|
'trash-post',
|
|
'untrash-post',
|
|
'delete-page',
|
|
'dim-comment',
|
|
'add-link-category',
|
|
'add-tag',
|
|
'get-tagcloud',
|
|
'get-comments',
|
|
'replyto-comment',
|
|
'edit-comment',
|
|
'add-menu-item',
|
|
'add-meta',
|
|
'add-user',
|
|
'closed-postboxes',
|
|
'hidden-columns',
|
|
'update-welcome-panel',
|
|
'menu-get-metabox',
|
|
'wp-link-ajax',
|
|
'menu-locations-save',
|
|
'menu-quick-search',
|
|
'meta-box-order',
|
|
'get-permalink',
|
|
'sample-permalink',
|
|
'inline-save',
|
|
'inline-save-tax',
|
|
'find_posts',
|
|
'widgets-order',
|
|
'save-widget',
|
|
'delete-inactive-widgets',
|
|
'set-post-thumbnail',
|
|
'date_format',
|
|
'time_format',
|
|
'wp-remove-post-lock',
|
|
'dismiss-wp-pointer',
|
|
'upload-attachment',
|
|
'get-attachment',
|
|
'query-attachments',
|
|
'save-attachment',
|
|
'save-attachment-compat',
|
|
'send-link-to-editor',
|
|
'send-attachment-to-editor',
|
|
'save-attachment-order',
|
|
'heartbeat',
|
|
'get-revision-diffs',
|
|
'save-user-color-scheme',
|
|
'update-widget',
|
|
'query-themes',
|
|
'parse-embed',
|
|
'set-attachment-thumbnail',
|
|
'parse-media-shortcode',
|
|
'destroy-sessions',
|
|
'install-plugin',
|
|
'update-plugin',
|
|
'crop-image',
|
|
'generate-password',
|
|
'save-wporg-username',
|
|
'delete-plugin',
|
|
'search-plugins',
|
|
'search-install-plugins',
|
|
'activate-plugin',
|
|
'update-theme',
|
|
'delete-theme',
|
|
'install-theme',
|
|
'get-post-thumbnail-html',
|
|
'get-community-events',
|
|
'edit-theme-plugin-file',
|
|
);
|
|
|
|
// Deprecated
|
|
$core_actions_post_deprecated = array( 'wp-fullscreen-save-post', 'press-this-save-post', 'press-this-add-category' );
|
|
$core_actions_post = array_merge( $core_actions_post, $core_actions_post_deprecated );
|
|
|
|
// Register core Ajax calls.
|
|
if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get ) ) {
|
|
add_action( 'wp_ajax_' . $_GET['action'], 'wp_ajax_' . str_replace( '-', '_', $_GET['action'] ), 1 );
|
|
}
|
|
|
|
if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post ) ) {
|
|
add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 );
|
|
}
|
|
|
|
add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 );
|
|
|
|
if ( is_user_logged_in() ) {
|
|
// If no action is registered, return a Bad Request response.
|
|
if ( ! has_action( 'wp_ajax_' . $_REQUEST['action'] ) ) {
|
|
wp_die( '0', 400 );
|
|
}
|
|
|
|
/**
|
|
* Fires authenticated Ajax actions for logged-in users.
|
|
*
|
|
* The dynamic portion of the hook name, `$_REQUEST['action']`,
|
|
* refers to the name of the Ajax action callback being fired.
|
|
*
|
|
* @since 2.1.0
|
|
*/
|
|
do_action( 'wp_ajax_' . $_REQUEST['action'] );
|
|
} else {
|
|
// If no action is registered, return a Bad Request response.
|
|
if ( ! has_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ) ) {
|
|
wp_die( '0', 400 );
|
|
}
|
|
|
|
/**
|
|
* Fires non-authenticated Ajax actions for logged-out users.
|
|
*
|
|
* The dynamic portion of the hook name, `$_REQUEST['action']`,
|
|
* refers to the name of the Ajax action callback being fired.
|
|
*
|
|
* @since 2.8.0
|
|
*/
|
|
do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
|
|
}
|
|
// Default status
|
|
wp_die( '0' );
|