admin-ajax.php (4948B)
1 <?php 2 /** 3 * WordPress Ajax Process Execution 4 * 5 * @package WordPress 6 * @subpackage Administration 7 * 8 * @link https://codex.wordpress.org/AJAX_in_Plugins 9 */ 10 11 /** 12 * Executing Ajax process. 13 * 14 * @since 2.1.0 15 */ 16 define( 'DOING_AJAX', true ); 17 if ( ! defined( 'WP_ADMIN' ) ) { 18 define( 'WP_ADMIN', true ); 19 } 20 21 /** Load WordPress Bootstrap */ 22 require_once dirname( __DIR__ ) . '/wp-load.php'; 23 24 /** Allow for cross-domain requests (from the front end). */ 25 send_origin_headers(); 26 27 header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) ); 28 header( 'X-Robots-Tag: noindex' ); 29 30 // Require an action parameter. 31 if ( empty( $_REQUEST['action'] ) ) { 32 wp_die( '0', 400 ); 33 } 34 35 /** Load WordPress Administration APIs */ 36 require_once ABSPATH . 'wp-admin/includes/admin.php'; 37 38 /** Load Ajax Handlers for WordPress Core */ 39 require_once ABSPATH . 'wp-admin/includes/ajax-actions.php'; 40 41 send_nosniff_header(); 42 nocache_headers(); 43 44 /** This action is documented in wp-admin/admin.php */ 45 do_action( 'admin_init' ); 46 47 $core_actions_get = array( 48 'fetch-list', 49 'ajax-tag-search', 50 'wp-compression-test', 51 'imgedit-preview', 52 'oembed-cache', 53 'autocomplete-user', 54 'dashboard-widgets', 55 'logged-in', 56 'rest-nonce', 57 ); 58 59 $core_actions_post = array( 60 'oembed-cache', 61 'image-editor', 62 'delete-comment', 63 'delete-tag', 64 'delete-link', 65 'delete-meta', 66 'delete-post', 67 'trash-post', 68 'untrash-post', 69 'delete-page', 70 'dim-comment', 71 'add-link-category', 72 'add-tag', 73 'get-tagcloud', 74 'get-comments', 75 'replyto-comment', 76 'edit-comment', 77 'add-menu-item', 78 'add-meta', 79 'add-user', 80 'closed-postboxes', 81 'hidden-columns', 82 'update-welcome-panel', 83 'menu-get-metabox', 84 'wp-link-ajax', 85 'menu-locations-save', 86 'menu-quick-search', 87 'meta-box-order', 88 'get-permalink', 89 'sample-permalink', 90 'inline-save', 91 'inline-save-tax', 92 'find_posts', 93 'widgets-order', 94 'save-widget', 95 'delete-inactive-widgets', 96 'set-post-thumbnail', 97 'date_format', 98 'time_format', 99 'wp-remove-post-lock', 100 'dismiss-wp-pointer', 101 'upload-attachment', 102 'get-attachment', 103 'query-attachments', 104 'save-attachment', 105 'save-attachment-compat', 106 'send-link-to-editor', 107 'send-attachment-to-editor', 108 'save-attachment-order', 109 'media-create-image-subsizes', 110 'heartbeat', 111 'get-revision-diffs', 112 'save-user-color-scheme', 113 'update-widget', 114 'query-themes', 115 'parse-embed', 116 'set-attachment-thumbnail', 117 'parse-media-shortcode', 118 'destroy-sessions', 119 'install-plugin', 120 'update-plugin', 121 'crop-image', 122 'generate-password', 123 'save-wporg-username', 124 'delete-plugin', 125 'search-plugins', 126 'search-install-plugins', 127 'activate-plugin', 128 'update-theme', 129 'delete-theme', 130 'install-theme', 131 'get-post-thumbnail-html', 132 'get-community-events', 133 'edit-theme-plugin-file', 134 'wp-privacy-export-personal-data', 135 'wp-privacy-erase-personal-data', 136 'health-check-site-status-result', 137 'health-check-dotorg-communication', 138 'health-check-is-in-debug-mode', 139 'health-check-background-updates', 140 'health-check-loopback-requests', 141 'health-check-get-sizes', 142 'toggle-auto-updates', 143 'send-password-reset', 144 ); 145 146 // Deprecated. 147 $core_actions_post_deprecated = array( 148 'wp-fullscreen-save-post', 149 'press-this-save-post', 150 'press-this-add-category', 151 'health-check-dotorg-communication', 152 'health-check-is-in-debug-mode', 153 'health-check-background-updates', 154 'health-check-loopback-requests', 155 ); 156 $core_actions_post = array_merge( $core_actions_post, $core_actions_post_deprecated ); 157 158 // Register core Ajax calls. 159 if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get, true ) ) { 160 add_action( 'wp_ajax_' . $_GET['action'], 'wp_ajax_' . str_replace( '-', '_', $_GET['action'] ), 1 ); 161 } 162 163 if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post, true ) ) { 164 add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 ); 165 } 166 167 add_action( 'wp_ajax_nopriv_generate-password', 'wp_ajax_nopriv_generate_password' ); 168 169 add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 ); 170 171 $action = ( isset( $_REQUEST['action'] ) ) ? $_REQUEST['action'] : ''; 172 173 if ( is_user_logged_in() ) { 174 // If no action is registered, return a Bad Request response. 175 if ( ! has_action( "wp_ajax_{$action}" ) ) { 176 wp_die( '0', 400 ); 177 } 178 179 /** 180 * Fires authenticated Ajax actions for logged-in users. 181 * 182 * The dynamic portion of the hook name, `$action`, refers 183 * to the name of the Ajax action callback being fired. 184 * 185 * @since 2.1.0 186 */ 187 do_action( "wp_ajax_{$action}" ); 188 } else { 189 // If no action is registered, return a Bad Request response. 190 if ( ! has_action( "wp_ajax_nopriv_{$action}" ) ) { 191 wp_die( '0', 400 ); 192 } 193 194 /** 195 * Fires non-authenticated Ajax actions for logged-out users. 196 * 197 * The dynamic portion of the hook name, `$action`, refers 198 * to the name of the Ajax action callback being fired. 199 * 200 * @since 2.8.0 201 */ 202 do_action( "wp_ajax_nopriv_{$action}" ); 203 } 204 // Default status. 205 wp_die( '0' );