2006-03-29 03:51:55 +02:00
|
|
|
<?php
|
2008-08-11 22:26:31 +02:00
|
|
|
/**
|
2016-07-10 02:50:21 +02:00
|
|
|
* WordPress Ajax Process Execution
|
2008-08-11 22:26:31 +02:00
|
|
|
*
|
|
|
|
|
* @package WordPress
|
|
|
|
|
* @subpackage Administration
|
2012-01-23 20:31:15 +01:00
|
|
|
*
|
2015-04-12 23:28:58 +02:00
|
|
|
* @link https://codex.wordpress.org/AJAX_in_Plugins
|
2008-08-11 22:26:31 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/**
|
2016-07-10 02:50:21 +02:00
|
|
|
* Executing Ajax process.
|
2008-08-11 22:26:31 +02:00
|
|
|
*
|
2010-09-05 04:45:39 +02:00
|
|
|
* @since 2.1.0
|
2008-08-11 22:26:31 +02:00
|
|
|
*/
|
2012-01-23 20:12:04 +01:00
|
|
|
define( 'DOING_AJAX', true );
|
2014-05-18 22:41:28 +02:00
|
|
|
if ( ! defined( 'WP_ADMIN' ) ) {
|
|
|
|
|
define( 'WP_ADMIN', true );
|
|
|
|
|
}
|
2008-01-05 00:34:33 +01:00
|
|
|
|
2012-09-25 17:55:32 +02:00
|
|
|
/** Load WordPress Bootstrap */
|
2020-02-06 07:31:22 +01:00
|
|
|
require_once dirname( __DIR__ ) . '/wp-load.php';
|
2012-09-25 17:55:32 +02:00
|
|
|
|
2016-02-25 13:52:33 +01:00
|
|
|
/** Allow for cross-domain requests (from the front end). */
|
2012-09-25 17:55:32 +02:00
|
|
|
send_origin_headers();
|
|
|
|
|
|
2019-07-17 03:10:59 +02:00
|
|
|
header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
|
|
|
|
|
header( 'X-Robots-Tag: noindex' );
|
|
|
|
|
|
2020-01-29 01:43:23 +01:00
|
|
|
// Require an action parameter.
|
2017-12-01 00:09:33 +01:00
|
|
|
if ( empty( $_REQUEST['action'] ) ) {
|
2017-07-23 02:20:37 +02:00
|
|
|
wp_die( '0', 400 );
|
2017-12-01 00:09:33 +01:00
|
|
|
}
|
2010-02-17 13:26:47 +01:00
|
|
|
|
2012-01-23 20:31:15 +01:00
|
|
|
/** Load WordPress Administration APIs */
|
2020-02-06 07:31:22 +01:00
|
|
|
require_once ABSPATH . 'wp-admin/includes/admin.php';
|
2012-01-23 20:31:15 +01:00
|
|
|
|
|
|
|
|
/** Load Ajax Handlers for WordPress Core */
|
2020-02-06 07:31:22 +01:00
|
|
|
require_once ABSPATH . 'wp-admin/includes/ajax-actions.php';
|
2010-05-03 22:26:11 +02:00
|
|
|
|
2012-01-23 20:12:04 +01:00
|
|
|
send_nosniff_header();
|
2012-11-27 17:17:53 +01:00
|
|
|
nocache_headers();
|
2011-09-27 22:52:07 +02:00
|
|
|
|
2013-10-22 19:21:32 +02:00
|
|
|
/** This action is documented in wp-admin/admin.php */
|
2012-01-23 20:12:04 +01:00
|
|
|
do_action( 'admin_init' );
|
2011-09-27 22:52:07 +02:00
|
|
|
|
2012-03-15 14:20:00 +01:00
|
|
|
$core_actions_get = array(
|
2017-12-01 00:09:33 +01:00
|
|
|
'fetch-list',
|
|
|
|
|
'ajax-tag-search',
|
|
|
|
|
'wp-compression-test',
|
|
|
|
|
'imgedit-preview',
|
|
|
|
|
'oembed-cache',
|
|
|
|
|
'autocomplete-user',
|
|
|
|
|
'dashboard-widgets',
|
|
|
|
|
'logged-in',
|
2019-09-23 19:46:33 +02:00
|
|
|
'rest-nonce',
|
2012-03-15 14:20:00 +01:00
|
|
|
);
|
2011-09-27 22:52:07 +02:00
|
|
|
|
2012-01-23 20:12:04 +01:00
|
|
|
$core_actions_post = array(
|
2017-12-01 00:09:33 +01:00
|
|
|
'oembed-cache',
|
|
|
|
|
'image-editor',
|
|
|
|
|
'delete-comment',
|
|
|
|
|
'delete-tag',
|
|
|
|
|
'delete-link',
|
|
|
|
|
'delete-meta',
|
|
|
|
|
'delete-post',
|
|
|
|
|
'trash-post',
|
|
|
|
|
'untrash-post',
|
|
|
|
|
'delete-page',
|
|
|
|
|
'dim-comment',
|
|
|
|
|
'add-link-category',
|
|
|
|
|
'add-tag',
|
|
|
|
|
'get-tagcloud',
|
|
|
|
|
'get-comments',
|
|
|
|
|
'replyto-comment',
|
|
|
|
|
'edit-comment',
|
|
|
|
|
'add-menu-item',
|
|
|
|
|
'add-meta',
|
|
|
|
|
'add-user',
|
|
|
|
|
'closed-postboxes',
|
|
|
|
|
'hidden-columns',
|
|
|
|
|
'update-welcome-panel',
|
|
|
|
|
'menu-get-metabox',
|
|
|
|
|
'wp-link-ajax',
|
|
|
|
|
'menu-locations-save',
|
|
|
|
|
'menu-quick-search',
|
|
|
|
|
'meta-box-order',
|
|
|
|
|
'get-permalink',
|
|
|
|
|
'sample-permalink',
|
|
|
|
|
'inline-save',
|
|
|
|
|
'inline-save-tax',
|
|
|
|
|
'find_posts',
|
|
|
|
|
'widgets-order',
|
|
|
|
|
'save-widget',
|
|
|
|
|
'delete-inactive-widgets',
|
|
|
|
|
'set-post-thumbnail',
|
|
|
|
|
'date_format',
|
|
|
|
|
'time_format',
|
|
|
|
|
'wp-remove-post-lock',
|
|
|
|
|
'dismiss-wp-pointer',
|
|
|
|
|
'upload-attachment',
|
|
|
|
|
'get-attachment',
|
|
|
|
|
'query-attachments',
|
|
|
|
|
'save-attachment',
|
|
|
|
|
'save-attachment-compat',
|
|
|
|
|
'send-link-to-editor',
|
|
|
|
|
'send-attachment-to-editor',
|
|
|
|
|
'save-attachment-order',
|
2019-09-04 03:10:57 +02:00
|
|
|
'media-create-image-subsizes',
|
2017-12-01 00:09:33 +01:00
|
|
|
'heartbeat',
|
|
|
|
|
'get-revision-diffs',
|
|
|
|
|
'save-user-color-scheme',
|
|
|
|
|
'update-widget',
|
|
|
|
|
'query-themes',
|
|
|
|
|
'parse-embed',
|
|
|
|
|
'set-attachment-thumbnail',
|
|
|
|
|
'parse-media-shortcode',
|
|
|
|
|
'destroy-sessions',
|
|
|
|
|
'install-plugin',
|
|
|
|
|
'update-plugin',
|
|
|
|
|
'crop-image',
|
|
|
|
|
'generate-password',
|
|
|
|
|
'save-wporg-username',
|
|
|
|
|
'delete-plugin',
|
|
|
|
|
'search-plugins',
|
|
|
|
|
'search-install-plugins',
|
|
|
|
|
'activate-plugin',
|
|
|
|
|
'update-theme',
|
|
|
|
|
'delete-theme',
|
|
|
|
|
'install-theme',
|
|
|
|
|
'get-post-thumbnail-html',
|
|
|
|
|
'get-community-events',
|
|
|
|
|
'edit-theme-plugin-file',
|
2018-03-28 21:27:59 +02:00
|
|
|
'wp-privacy-export-personal-data',
|
2018-04-19 00:29:59 +02:00
|
|
|
'wp-privacy-erase-personal-data',
|
Admin: Introduce the Site Health screens.
The Site Health tool serves two purposes:
- Provide site owners with information to improve the performance, reliability, and security of their site.
- Collect comprehensive debug information about the site.
By encouraging site owners to maintain their site and adhere to modern best practices, we ultimately improve the software hygeine of both the WordPress ecosystem, and the open internet as a whole.
Props Clorith, hedgefield, melchoyce, xkon, karmatosed, jordesign, earnjam, ianbelanger, wpscholar, desrosj, pedromendonca, peterbooker, jcastaneda, garyj, soean, pento, timothyblynjacobs, zodiac1978, dgroddick, garrett-eclipse, netweb, tobifjellner, pixolin, afercia, joedolson, birgire.
See #46573.
git-svn-id: https://develop.svn.wordpress.org/trunk@44986 602fd350-edb4-49c9-b593-d223f7449a82
2019-03-23 04:54:16 +01:00
|
|
|
'health-check-site-status-result',
|
|
|
|
|
'health-check-dotorg-communication',
|
|
|
|
|
'health-check-is-in-debug-mode',
|
|
|
|
|
'health-check-background-updates',
|
|
|
|
|
'health-check-loopback-requests',
|
2019-04-12 21:23:13 +02:00
|
|
|
'health-check-get-sizes',
|
Security: Add user interface to auto-update themes and plugins.
Building on core update mechanisms, this adds the ability to enable automatic updates for themes and plugins to the WordPress admin.
Fixes: #50052.
Props: afercia, afragen, audrasjb, azaozz, bookdude13, davidperonne, desrosj, gmays, gmays, javiercasares, karmatosed, knutsp, mapk, mukesh27, netweb, nicolaskulka, nielsdeblaauw, paaljoachim, passoniate, pbiron, pedromendonca, whodunitagency, whyisjake, wpamitkumar, and xkon.
git-svn-id: https://develop.svn.wordpress.org/trunk@47835 602fd350-edb4-49c9-b593-d223f7449a82
2020-05-20 20:47:24 +02:00
|
|
|
'toggle-auto-updates',
|
2012-01-23 20:12:04 +01:00
|
|
|
);
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2020-01-29 01:43:23 +01:00
|
|
|
// Deprecated.
|
2017-09-24 16:21:42 +02:00
|
|
|
$core_actions_post_deprecated = array( 'wp-fullscreen-save-post', 'press-this-save-post', 'press-this-add-category' );
|
2017-12-01 00:09:33 +01:00
|
|
|
$core_actions_post = array_merge( $core_actions_post, $core_actions_post_deprecated );
|
2015-06-01 19:37:14 +02:00
|
|
|
|
2012-01-23 20:31:15 +01:00
|
|
|
// Register core Ajax calls.
|
2020-04-05 05:00:44 +02:00
|
|
|
if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get, true ) ) {
|
2012-01-23 20:12:04 +01:00
|
|
|
add_action( 'wp_ajax_' . $_GET['action'], 'wp_ajax_' . str_replace( '-', '_', $_GET['action'] ), 1 );
|
2017-12-01 00:09:33 +01:00
|
|
|
}
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2020-04-05 05:00:44 +02:00
|
|
|
if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post, true ) ) {
|
2012-01-23 20:12:04 +01:00
|
|
|
add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 );
|
2017-12-01 00:09:33 +01:00
|
|
|
}
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2013-02-25 03:32:22 +01:00
|
|
|
add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 );
|
2011-10-11 01:31:36 +02:00
|
|
|
|
2017-12-01 12:35:31 +01:00
|
|
|
$action = ( isset( $_REQUEST['action'] ) ) ? $_REQUEST['action'] : '';
|
|
|
|
|
|
2013-09-21 07:31:09 +02:00
|
|
|
if ( is_user_logged_in() ) {
|
2017-10-18 23:00:39 +02:00
|
|
|
// If no action is registered, return a Bad Request response.
|
2017-12-01 12:35:31 +01:00
|
|
|
if ( ! has_action( "wp_ajax_{$action}" ) ) {
|
2017-10-18 23:00:39 +02:00
|
|
|
wp_die( '0', 400 );
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-21 07:52:06 +02:00
|
|
|
/**
|
2016-07-10 02:50:21 +02:00
|
|
|
* Fires authenticated Ajax actions for logged-in users.
|
2013-09-21 07:31:09 +02:00
|
|
|
*
|
2017-12-01 12:35:31 +01:00
|
|
|
* The dynamic portion of the hook name, `$action`, refers
|
|
|
|
|
* to the name of the Ajax action callback being fired.
|
2013-09-21 07:52:06 +02:00
|
|
|
*
|
|
|
|
|
* @since 2.1.0
|
|
|
|
|
*/
|
2017-12-01 12:35:31 +01:00
|
|
|
do_action( "wp_ajax_{$action}" );
|
2013-09-21 07:31:09 +02:00
|
|
|
} else {
|
2017-10-18 23:00:39 +02:00
|
|
|
// If no action is registered, return a Bad Request response.
|
2017-12-01 12:35:31 +01:00
|
|
|
if ( ! has_action( "wp_ajax_nopriv_{$action}" ) ) {
|
2017-10-18 23:00:39 +02:00
|
|
|
wp_die( '0', 400 );
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-21 07:52:06 +02:00
|
|
|
/**
|
2016-07-10 02:50:21 +02:00
|
|
|
* Fires non-authenticated Ajax actions for logged-out users.
|
2013-09-21 07:31:09 +02:00
|
|
|
*
|
2017-12-01 12:35:31 +01:00
|
|
|
* The dynamic portion of the hook name, `$action`, refers
|
|
|
|
|
* to the name of the Ajax action callback being fired.
|
2013-09-21 07:31:09 +02:00
|
|
|
*
|
2013-09-21 07:52:06 +02:00
|
|
|
* @since 2.8.0
|
|
|
|
|
*/
|
2017-12-01 12:35:31 +01:00
|
|
|
do_action( "wp_ajax_nopriv_{$action}" );
|
2013-09-21 07:31:09 +02:00
|
|
|
}
|
2020-01-29 01:43:23 +01:00
|
|
|
// Default status.
|
2017-10-18 23:00:39 +02:00
|
|
|
wp_die( '0' );
|
