mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2025-10-16 12:05:38 +00:00
8f95800d52
WordPress' code just... wasn't. This is now dealt with. Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS. Fixes #41057. git-svn-id: https://develop.svn.wordpress.org/trunk@42343 602fd350-edb4-49c9-b593-d223f7449a82
182 lines
4.3 KiB
PHP
182 lines
4.3 KiB
PHP
<?php
|
|
/**
|
|
* WordPress Ajax Process Execution
|
|
*
|
|
* @package WordPress
|
|
* @subpackage Administration
|
|
*
|
|
* @link https://codex.wordpress.org/AJAX_in_Plugins
|
|
*/
|
|
|
|
/**
|
|
* Executing Ajax process.
|
|
*
|
|
* @since 2.1.0
|
|
*/
|
|
define( 'DOING_AJAX', true );
|
|
if ( ! defined( 'WP_ADMIN' ) ) {
|
|
define( 'WP_ADMIN', true );
|
|
}
|
|
|
|
/** Load WordPress Bootstrap */
|
|
require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
|
|
|
|
/** Allow for cross-domain requests (from the front end). */
|
|
send_origin_headers();
|
|
|
|
// Require an action parameter
|
|
if ( empty( $_REQUEST['action'] ) ) {
|
|
wp_die( '0', 400 );
|
|
}
|
|
|
|
/** Load WordPress Administration APIs */
|
|
require_once( ABSPATH . 'wp-admin/includes/admin.php' );
|
|
|
|
/** Load Ajax Handlers for WordPress Core */
|
|
require_once( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
|
|
|
|
@header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
|
|
@header( 'X-Robots-Tag: noindex' );
|
|
|
|
send_nosniff_header();
|
|
nocache_headers();
|
|
|
|
/** This action is documented in wp-admin/admin.php */
|
|
do_action( 'admin_init' );
|
|
|
|
$core_actions_get = array(
|
|
'fetch-list',
|
|
'ajax-tag-search',
|
|
'wp-compression-test',
|
|
'imgedit-preview',
|
|
'oembed-cache',
|
|
'autocomplete-user',
|
|
'dashboard-widgets',
|
|
'logged-in',
|
|
);
|
|
|
|
$core_actions_post = array(
|
|
'oembed-cache',
|
|
'image-editor',
|
|
'delete-comment',
|
|
'delete-tag',
|
|
'delete-link',
|
|
'delete-meta',
|
|
'delete-post',
|
|
'trash-post',
|
|
'untrash-post',
|
|
'delete-page',
|
|
'dim-comment',
|
|
'add-link-category',
|
|
'add-tag',
|
|
'get-tagcloud',
|
|
'get-comments',
|
|
'replyto-comment',
|
|
'edit-comment',
|
|
'add-menu-item',
|
|
'add-meta',
|
|
'add-user',
|
|
'closed-postboxes',
|
|
'hidden-columns',
|
|
'update-welcome-panel',
|
|
'menu-get-metabox',
|
|
'wp-link-ajax',
|
|
'menu-locations-save',
|
|
'menu-quick-search',
|
|
'meta-box-order',
|
|
'get-permalink',
|
|
'sample-permalink',
|
|
'inline-save',
|
|
'inline-save-tax',
|
|
'find_posts',
|
|
'widgets-order',
|
|
'save-widget',
|
|
'delete-inactive-widgets',
|
|
'set-post-thumbnail',
|
|
'date_format',
|
|
'time_format',
|
|
'wp-remove-post-lock',
|
|
'dismiss-wp-pointer',
|
|
'upload-attachment',
|
|
'get-attachment',
|
|
'query-attachments',
|
|
'save-attachment',
|
|
'save-attachment-compat',
|
|
'send-link-to-editor',
|
|
'send-attachment-to-editor',
|
|
'save-attachment-order',
|
|
'heartbeat',
|
|
'get-revision-diffs',
|
|
'save-user-color-scheme',
|
|
'update-widget',
|
|
'query-themes',
|
|
'parse-embed',
|
|
'set-attachment-thumbnail',
|
|
'parse-media-shortcode',
|
|
'destroy-sessions',
|
|
'install-plugin',
|
|
'update-plugin',
|
|
'crop-image',
|
|
'generate-password',
|
|
'save-wporg-username',
|
|
'delete-plugin',
|
|
'search-plugins',
|
|
'search-install-plugins',
|
|
'activate-plugin',
|
|
'update-theme',
|
|
'delete-theme',
|
|
'install-theme',
|
|
'get-post-thumbnail-html',
|
|
'get-community-events',
|
|
'edit-theme-plugin-file',
|
|
);
|
|
|
|
// Deprecated
|
|
$core_actions_post_deprecated = array( 'wp-fullscreen-save-post', 'press-this-save-post', 'press-this-add-category' );
|
|
$core_actions_post = array_merge( $core_actions_post, $core_actions_post_deprecated );
|
|
|
|
// Register core Ajax calls.
|
|
if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get ) ) {
|
|
add_action( 'wp_ajax_' . $_GET['action'], 'wp_ajax_' . str_replace( '-', '_', $_GET['action'] ), 1 );
|
|
}
|
|
|
|
if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post ) ) {
|
|
add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 );
|
|
}
|
|
|
|
add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 );
|
|
|
|
if ( is_user_logged_in() ) {
|
|
// If no action is registered, return a Bad Request response.
|
|
if ( ! has_action( 'wp_ajax_' . $_REQUEST['action'] ) ) {
|
|
wp_die( '0', 400 );
|
|
}
|
|
|
|
/**
|
|
* Fires authenticated Ajax actions for logged-in users.
|
|
*
|
|
* The dynamic portion of the hook name, `$_REQUEST['action']`,
|
|
* refers to the name of the Ajax action callback being fired.
|
|
*
|
|
* @since 2.1.0
|
|
*/
|
|
do_action( 'wp_ajax_' . $_REQUEST['action'] );
|
|
} else {
|
|
// If no action is registered, return a Bad Request response.
|
|
if ( ! has_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ) ) {
|
|
wp_die( '0', 400 );
|
|
}
|
|
|
|
/**
|
|
* Fires non-authenticated Ajax actions for logged-out users.
|
|
*
|
|
* The dynamic portion of the hook name, `$_REQUEST['action']`,
|
|
* refers to the name of the Ajax action callback being fired.
|
|
*
|
|
* @since 2.8.0
|
|
*/
|
|
do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
|
|
}
|
|
// Default status
|
|
wp_die( '0' );
|