[ Index ]

PHP Cross Reference of WordPress

title

Body

[close]

/wp-admin/ -> admin-ajax.php (source)

   1  <?php
   2  /**
   3   * WordPress Ajax Process Execution
   4   *
   5   * @package WordPress
   6   * @subpackage Administration
   7   *
   8   * @link https://codex.wordpress.org/AJAX_in_Plugins
   9   */
  10  
  11  /**
  12   * Executing Ajax process.
  13   *
  14   * @since 2.1.0
  15   */
  16  define( 'DOING_AJAX', true );
  17  if ( ! defined( 'WP_ADMIN' ) ) {
  18      define( 'WP_ADMIN', true );
  19  }
  20  
  21  /** Load WordPress Bootstrap */
  22  require_once dirname( __DIR__ ) . '/wp-load.php';
  23  
  24  /** Allow for cross-domain requests (from the front end). */
  25  send_origin_headers();
  26  
  27  header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
  28  header( 'X-Robots-Tag: noindex' );
  29  
  30  // Require a valid action parameter.
  31  if ( empty( $_REQUEST['action'] ) || ! is_scalar( $_REQUEST['action'] ) ) {
  32      wp_die( '0', 400 );
  33  }
  34  
  35  /** Load WordPress Administration APIs */
  36  require_once  ABSPATH . 'wp-admin/includes/admin.php';
  37  
  38  /** Load Ajax Handlers for WordPress Core */
  39  require_once ABSPATH . 'wp-admin/includes/ajax-actions.php';
  40  
  41  send_nosniff_header();
  42  nocache_headers();
  43  
  44  /** This action is documented in wp-admin/admin.php */
  45  do_action( 'admin_init' );
  46  
  47  $core_actions_get = array(
  48      'fetch-list',
  49      'ajax-tag-search',
  50      'wp-compression-test',
  51      'imgedit-preview',
  52      'oembed-cache',
  53      'autocomplete-user',
  54      'dashboard-widgets',
  55      'logged-in',
  56      'rest-nonce',
  57  );
  58  
  59  $core_actions_post = array(
  60      'oembed-cache',
  61      'image-editor',
  62      'delete-comment',
  63      'delete-tag',
  64      'delete-link',
  65      'delete-meta',
  66      'delete-post',
  67      'trash-post',
  68      'untrash-post',
  69      'delete-page',
  70      'dim-comment',
  71      'add-link-category',
  72      'add-tag',
  73      'get-tagcloud',
  74      'get-comments',
  75      'replyto-comment',
  76      'edit-comment',
  77      'add-menu-item',
  78      'add-meta',
  79      'add-user',
  80      'closed-postboxes',
  81      'hidden-columns',
  82      'update-welcome-panel',
  83      'menu-get-metabox',
  84      'wp-link-ajax',
  85      'menu-locations-save',
  86      'menu-quick-search',
  87      'meta-box-order',
  88      'get-permalink',
  89      'sample-permalink',
  90      'inline-save',
  91      'inline-save-tax',
  92      'find_posts',
  93      'widgets-order',
  94      'save-widget',
  95      'delete-inactive-widgets',
  96      'set-post-thumbnail',
  97      'date_format',
  98      'time_format',
  99      'wp-remove-post-lock',
 100      'dismiss-wp-pointer',
 101      'upload-attachment',
 102      'get-attachment',
 103      'query-attachments',
 104      'save-attachment',
 105      'save-attachment-compat',
 106      'send-link-to-editor',
 107      'send-attachment-to-editor',
 108      'save-attachment-order',
 109      'media-create-image-subsizes',
 110      'heartbeat',
 111      'get-revision-diffs',
 112      'save-user-color-scheme',
 113      'update-widget',
 114      'query-themes',
 115      'parse-embed',
 116      'set-attachment-thumbnail',
 117      'parse-media-shortcode',
 118      'destroy-sessions',
 119      'install-plugin',
 120      'update-plugin',
 121      'crop-image',
 122      'generate-password',
 123      'save-wporg-username',
 124      'delete-plugin',
 125      'search-plugins',
 126      'search-install-plugins',
 127      'activate-plugin',
 128      'update-theme',
 129      'delete-theme',
 130      'install-theme',
 131      'get-post-thumbnail-html',
 132      'get-community-events',
 133      'edit-theme-plugin-file',
 134      'wp-privacy-export-personal-data',
 135      'wp-privacy-erase-personal-data',
 136      'health-check-site-status-result',
 137      'health-check-dotorg-communication',
 138      'health-check-is-in-debug-mode',
 139      'health-check-background-updates',
 140      'health-check-loopback-requests',
 141      'health-check-get-sizes',
 142      'toggle-auto-updates',
 143      'send-password-reset',
 144  );
 145  
 146  // Deprecated.
 147  $core_actions_post_deprecated = array(
 148      'wp-fullscreen-save-post',
 149      'press-this-save-post',
 150      'press-this-add-category',
 151      'health-check-dotorg-communication',
 152      'health-check-is-in-debug-mode',
 153      'health-check-background-updates',
 154      'health-check-loopback-requests',
 155  );
 156  
 157  $core_actions_post = array_merge( $core_actions_post, $core_actions_post_deprecated );
 158  
 159  // Register core Ajax calls.
 160  if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get, true ) ) {
 161      add_action( 'wp_ajax_' . $_GET['action'], 'wp_ajax_' . str_replace( '-', '_', $_GET['action'] ), 1 );
 162  }
 163  
 164  if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post, true ) ) {
 165      add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 );
 166  }
 167  
 168  add_action( 'wp_ajax_nopriv_generate-password', 'wp_ajax_nopriv_generate_password' );
 169  
 170  add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 );
 171  
 172  $action = $_REQUEST['action'];
 173  
 174  if ( is_user_logged_in() ) {
 175      // If no action is registered, return a Bad Request response.
 176      if ( ! has_action( "wp_ajax_{$action}" ) ) {
 177          wp_die( '0', 400 );
 178      }
 179  
 180      /**
 181       * Fires authenticated Ajax actions for logged-in users.
 182       *
 183       * The dynamic portion of the hook name, `$action`, refers
 184       * to the name of the Ajax action callback being fired.
 185       *
 186       * @since 2.1.0
 187       */
 188      do_action( "wp_ajax_{$action}" );
 189  } else {
 190      // If no action is registered, return a Bad Request response.
 191      if ( ! has_action( "wp_ajax_nopriv_{$action}" ) ) {
 192          wp_die( '0', 400 );
 193      }
 194  
 195      /**
 196       * Fires non-authenticated Ajax actions for logged-out users.
 197       *
 198       * The dynamic portion of the hook name, `$action`, refers
 199       * to the name of the Ajax action callback being fired.
 200       *
 201       * @since 2.8.0
 202       */
 203      do_action( "wp_ajax_nopriv_{$action}" );
 204  }
 205  
 206  // Default status.
 207  wp_die( '0' );


Generated: Wed Oct 16 01:00:02 2024 Cross-referenced by PHPXref 0.7.1