Properly split and document the admin_post* actions into the following four hooks:

* `admin_post_nopriv` – for logged-out requests lacking a supplied action * `admin_post_nopriv_$action – for logged-out requests with a supplied action * `admin_post` – for logged-in requests lacking a supplied action * `admin_post_$action` – for logged-in requests with a supplied action See [28349], [28350], [28351]. See #26869. git-svn-id: https://develop.svn.wordpress.org/trunk@28394 602fd350-edb4-49c9-b593-d223f7449a82
2014-05-13 07:23:35 +00:00 · 2014-05-13 07:23:35 +00:00 · cfc1b74ddb
commit cfc1b74ddb
parent 1954f9b7d4
1 changed files with 40 additions and 27 deletions
--- a/src/wp-admin/admin-post.php
+++ b/src/wp-admin/admin-post.php
@ -26,31 +26,44 @@ nocache_headers();
 /** This action is documented in wp-admin/admin.php */
 do_action( 'admin_init' );

-$action = '';
+$action = empty( $_REQUEST['action'] ) ? '' : $_REQUEST['action'];

-if ( !wp_validate_auth_cookie() )
-	$action .= '_nopriv';
-
-if ( !empty($_REQUEST['action']) )
-	$action .= '_' . $_REQUEST['action'];
-
-/**
- * Fires the requested handler action.
- *
- * The dynamic portion of the hook name, $action, refers to a combination
- * of whether the user is logged-in or not, and the requested handler action.
- *
- * If the user is logged-out, '_nopriv' will be affixed to the
- * base "admin_post" hook name. If a handler action was passed, that action
- * will also be affixed.
- * 
- * For example:
- * Hook combinations fired for logged-out users:
- * `admin_post_nopriv_{$action}` and `admin_post_nopriv` (no action supplied).
- *
- * Hook combinations fired for logged-in users:
- * `admin_post_{$action}` and `admin_post` (no action supplied).
- *
- * @since 2.6.0
- */
-do_action( "admin_post{$action}" );
+if ( ! wp_validate_auth_cookie() ) {
+	if ( empty( $action ) ) {
+		/**
+		 * Fires on a non-authenticated admin post request where no action was supplied.
+		 *
+		 * @since 2.6.0
+		 */
+		do_action( 'admin_post_nopriv' );
+	} else {
+		/**
+		 * Fires on a non-authenticated admin post request for the given action.
+		 *
+		 * The dynamic portion of the hook name, $action, refers to the given
+		 * request action.
+		 *
+		 * @since 2.6.0
+		 */
+		do_action( "admin_post_nopriv_{$action}" );
+	}
+} else {
+	if ( empty( $action ) ) {
+		/**
+		 * Fires on an authenticated admin post request where no action was supplied.
+		 *
+		 * @since 2.6.0
+		 */
+		do_action( 'admin_post' );
+	} else {
+		/**
+		 * Fires on an authenticated admin post request for the given action.
+		 *
+		 * The dynamic portion of the hook name, $action, refers to the given
+		 * request action.
+		 *
+		 * @since 2.6.0
+		 */
+		do_action( "admin_post_{$action}" );
+	}
+}