/wp-admin/admin-ajax.php

  1. <?php 
  2. /** 
  3. * WordPress Ajax Process Execution 
  4. * 
  5. * @package WordPress 
  6. * @subpackage Administration 
  7. * 
  8. * @link https://codex.wordpress.org/AJAX_in_Plugins 
  9. */ 
  10.  
  11. /** 
  12. * Executing Ajax process. 
  13. * 
  14. * @since 2.1.0 
  15. */ 
  16. define( 'DOING_AJAX', true ); 
  17. if ( ! defined( 'WP_ADMIN' ) ) { 
  18. define( 'WP_ADMIN', true ); 
  19.  
  20. /** Load WordPress Bootstrap */ 
  21. require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' ); 
  22.  
  23. /** Allow for cross-domain requests (from the front end). */ 
  24. send_origin_headers(); 
  25.  
  26. // Require an action parameter 
  27. if ( empty( $_REQUEST['action'] ) ) 
  28. die( '0' ); 
  29.  
  30. /** Load WordPress Administration APIs */ 
  31. require_once( ABSPATH . 'wp-admin/includes/admin.php' ); 
  32.  
  33. /** Load Ajax Handlers for WordPress Core */ 
  34. require_once( ABSPATH . 'wp-admin/includes/ajax-actions.php' ); 
  35.  
  36. @header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) ); 
  37. @header( 'X-Robots-Tag: noindex' ); 
  38.  
  39. send_nosniff_header(); 
  40. nocache_headers(); 
  41.  
  42. /** This action is documented in wp-admin/admin.php */ 
  43. do_action( 'admin_init' ); 
  44.  
  45. $core_actions_get = array( 
  46. 'fetch-list', 'ajax-tag-search', 'wp-compression-test', 'imgedit-preview', 'oembed-cache',  
  47. 'autocomplete-user', 'dashboard-widgets', 'logged-in',  
  48. ); 
  49.  
  50. $core_actions_post = array( 
  51. 'oembed-cache', 'image-editor', 'delete-comment', 'delete-tag', 'delete-link',  
  52. 'delete-meta', 'delete-post', 'trash-post', 'untrash-post', 'delete-page', 'dim-comment',  
  53. 'add-link-category', 'add-tag', 'get-tagcloud', 'get-comments', 'replyto-comment',  
  54. 'edit-comment', 'add-menu-item', 'add-meta', 'add-user', 'closed-postboxes',  
  55. 'hidden-columns', 'update-welcome-panel', 'menu-get-metabox', 'wp-link-ajax',  
  56. 'menu-locations-save', 'menu-quick-search', 'meta-box-order', 'get-permalink',  
  57. 'sample-permalink', 'inline-save', 'inline-save-tax', 'find_posts', 'widgets-order',  
  58. 'save-widget', 'delete-inactive-widgets', 'set-post-thumbnail', 'date_format', 'time_format',  
  59. 'wp-remove-post-lock', 'dismiss-wp-pointer', 'upload-attachment', 'get-attachment',  
  60. 'query-attachments', 'save-attachment', 'save-attachment-compat', 'send-link-to-editor',  
  61. 'send-attachment-to-editor', 'save-attachment-order', 'heartbeat', 'get-revision-diffs',  
  62. 'save-user-color-scheme', 'update-widget', 'query-themes', 'parse-embed', 'set-attachment-thumbnail',  
  63. 'parse-media-shortcode', 'destroy-sessions', 'install-plugin', 'update-plugin', 'press-this-save-post',  
  64. 'press-this-add-category', 'crop-image', 'generate-password', 'save-wporg-username', 'delete-plugin',  
  65. 'search-plugins', 'search-install-plugins', 'activate-plugin', 'update-theme', 'delete-theme',  
  66. 'install-theme', 'get-post-thumbnail-html',  
  67. ); 
  68.  
  69. // Deprecated 
  70. $core_actions_post[] = 'wp-fullscreen-save-post'; 
  71.  
  72. // Register core Ajax calls. 
  73. if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get ) ) 
  74. add_action( 'wp_ajax_' . $_GET['action'], 'wp_ajax_' . str_replace( '-', '_', $_GET['action'] ), 1 ); 
  75.  
  76. if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post ) ) 
  77. add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 ); 
  78.  
  79. add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 ); 
  80.  
  81. if ( is_user_logged_in() ) { 
  82. /** 
  83. * Fires authenticated Ajax actions for logged-in users. 
  84. * 
  85. * The dynamic portion of the hook name, `$_REQUEST['action']`,  
  86. * refers to the name of the Ajax action callback being fired. 
  87. * 
  88. * @since 2.1.0 
  89. */ 
  90. do_action( 'wp_ajax_' . $_REQUEST['action'] ); 
  91. } else { 
  92. /** 
  93. * Fires non-authenticated Ajax actions for logged-out users. 
  94. * 
  95. * The dynamic portion of the hook name, `$_REQUEST['action']`,  
  96. * refers to the name of the Ajax action callback being fired. 
  97. * 
  98. * @since 2.8.0 
  99. */ 
  100. do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ); 
  101. // Default status 
  102. die( '0' ); 
.