1
|
|
|
<?php |
2
|
|
|
/** |
3
|
|
|
* WordPress Ajax Process Execution |
4
|
|
|
* |
5
|
|
|
* @package WordPress |
6
|
|
|
* @subpackage Administration |
7
|
|
|
* |
8
|
|
|
* @link https://codex.wordpress.org/AJAX_in_Plugins |
9
|
|
|
*/ |
10
|
|
|
|
11
|
|
|
/** |
12
|
|
|
* Executing Ajax process. |
13
|
|
|
* |
14
|
|
|
* @since 2.1.0 |
15
|
|
|
*/ |
16
|
|
|
define( 'DOING_AJAX', true ); |
17
|
|
|
if ( ! defined( 'WP_ADMIN' ) ) { |
18
|
|
|
define( 'WP_ADMIN', true ); |
19
|
|
|
} |
20
|
|
|
|
21
|
|
|
/** Load WordPress Bootstrap */ |
22
|
|
|
require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' ); |
23
|
|
|
|
24
|
|
|
/** Allow for cross-domain requests (from the front end). */ |
25
|
|
|
send_origin_headers(); |
26
|
|
|
|
27
|
|
|
// Require an action parameter |
28
|
|
|
if ( empty( $_REQUEST['action'] ) ) |
29
|
|
|
die( '0' ); |
30
|
|
|
|
31
|
|
|
/** Load WordPress Administration APIs */ |
32
|
|
|
require_once( ABSPATH . 'wp-admin/includes/admin.php' ); |
33
|
|
|
|
34
|
|
|
/** Load Ajax Handlers for WordPress Core */ |
35
|
|
|
require_once( ABSPATH . 'wp-admin/includes/ajax-actions.php' ); |
36
|
|
|
|
37
|
|
|
@header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) ); |
|
|
|
|
38
|
|
|
@header( 'X-Robots-Tag: noindex' ); |
|
|
|
|
39
|
|
|
|
40
|
|
|
send_nosniff_header(); |
41
|
|
|
nocache_headers(); |
42
|
|
|
|
43
|
|
|
/** This action is documented in wp-admin/admin.php */ |
44
|
|
|
do_action( 'admin_init' ); |
45
|
|
|
|
46
|
|
|
$core_actions_get = array( |
47
|
|
|
'fetch-list', 'ajax-tag-search', 'wp-compression-test', 'imgedit-preview', 'oembed-cache', |
48
|
|
|
'autocomplete-user', 'dashboard-widgets', 'logged-in', |
49
|
|
|
); |
50
|
|
|
|
51
|
|
|
$core_actions_post = array( |
52
|
|
|
'oembed-cache', 'image-editor', 'delete-comment', 'delete-tag', 'delete-link', |
53
|
|
|
'delete-meta', 'delete-post', 'trash-post', 'untrash-post', 'delete-page', 'dim-comment', |
54
|
|
|
'add-link-category', 'add-tag', 'get-tagcloud', 'get-comments', 'replyto-comment', |
55
|
|
|
'edit-comment', 'add-menu-item', 'add-meta', 'add-user', 'closed-postboxes', |
56
|
|
|
'hidden-columns', 'update-welcome-panel', 'menu-get-metabox', 'wp-link-ajax', |
57
|
|
|
'menu-locations-save', 'menu-quick-search', 'meta-box-order', 'get-permalink', |
58
|
|
|
'sample-permalink', 'inline-save', 'inline-save-tax', 'find_posts', 'widgets-order', |
59
|
|
|
'save-widget', 'delete-inactive-widgets', 'set-post-thumbnail', 'date_format', 'time_format', |
60
|
|
|
'wp-remove-post-lock', 'dismiss-wp-pointer', 'upload-attachment', 'get-attachment', |
61
|
|
|
'query-attachments', 'save-attachment', 'save-attachment-compat', 'send-link-to-editor', |
62
|
|
|
'send-attachment-to-editor', 'save-attachment-order', 'heartbeat', 'get-revision-diffs', |
63
|
|
|
'save-user-color-scheme', 'update-widget', 'query-themes', 'parse-embed', 'set-attachment-thumbnail', |
64
|
|
|
'parse-media-shortcode', 'destroy-sessions', 'install-plugin', 'update-plugin', 'press-this-save-post', |
65
|
|
|
'press-this-add-category', 'crop-image', 'generate-password', 'save-wporg-username', 'delete-plugin', |
66
|
|
|
'search-plugins', 'search-install-plugins', 'activate-plugin', 'update-theme', 'delete-theme', |
67
|
|
|
'install-theme', 'get-post-thumbnail-html', 'get-community-events', |
68
|
|
|
); |
69
|
|
|
|
70
|
|
|
// Deprecated |
71
|
|
|
$core_actions_post[] = 'wp-fullscreen-save-post'; |
72
|
|
|
|
73
|
|
|
// Register core Ajax calls. |
74
|
|
View Code Duplication |
if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get ) ) |
75
|
|
|
add_action( 'wp_ajax_' . $_GET['action'], 'wp_ajax_' . str_replace( '-', '_', $_GET['action'] ), 1 ); |
76
|
|
|
|
77
|
|
View Code Duplication |
if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post ) ) |
78
|
|
|
add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 ); |
79
|
|
|
|
80
|
|
|
add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 ); |
81
|
|
|
|
82
|
|
|
if ( is_user_logged_in() ) { |
83
|
|
|
/** |
84
|
|
|
* Fires authenticated Ajax actions for logged-in users. |
85
|
|
|
* |
86
|
|
|
* The dynamic portion of the hook name, `$_REQUEST['action']`, |
87
|
|
|
* refers to the name of the Ajax action callback being fired. |
88
|
|
|
* |
89
|
|
|
* @since 2.1.0 |
90
|
|
|
*/ |
91
|
|
|
do_action( 'wp_ajax_' . $_REQUEST['action'] ); |
92
|
|
|
} else { |
93
|
|
|
/** |
94
|
|
|
* Fires non-authenticated Ajax actions for logged-out users. |
95
|
|
|
* |
96
|
|
|
* The dynamic portion of the hook name, `$_REQUEST['action']`, |
97
|
|
|
* refers to the name of the Ajax action callback being fired. |
98
|
|
|
* |
99
|
|
|
* @since 2.8.0 |
100
|
|
|
*/ |
101
|
|
|
do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ); |
102
|
|
|
} |
103
|
|
|
// Default status |
104
|
|
|
die( '0' ); |
105
|
|
|
|
If you suppress an error, we recommend checking for the error condition explicitly: