enmi-conf.org: comparison wp/wp-admin/includes/ajax-actions.php

equal deleted inserted replaced

-:34716fd837a4
+:be944660c56a
 //
 // No-privilege Ajax handlers.
 //
 /**
-* Ajax handler for the Heartbeat API in
+* Ajax handler for the Heartbeat API in the no-privilege context.
-* the no-privilege context.
 *
 * Runs when the user is not logged in.
 *
 * @since 3.6.0
 */
 			'fields'     => 'names',
 			'hide_empty' => false,
 		)
 	);
-	echo join( "\n", $results );
+	echo implode( "\n", $results );
 	wp_die();
 }
 /**
 * Ajax handler for compression testing.
 * Ajax handler for image editor previews.
 *
 * @since 3.1.0
 */
 function wp_ajax_imgedit_preview() {
-	$post_id = intval( $_GET['postid'] );
+	$post_id = (int) $_GET['postid'];
 	if ( empty( $post_id ) || ! current_user_can( 'edit_post', $post_id ) ) {
 		wp_die( -1 );
 	}
 	check_ajax_referer( "image_editor-$post_id" );
 		 * that corresponds to a latitude/longitude location).
 		 *
 		 * The location is stored network-wide, so that the user doesn't have to set it on each site.
 		 */
 		if ( $ip_changed || $search ) {
-			update_user_option( $user_id, 'community-events-location', $events['location'], true );
+			update_user_meta( $user_id, 'community-events-location', $events['location'] );
 		}
 		wp_send_json_success( $events );
 	}
 }
 	if ( ! $user ) {
 		wp_die( -1 );
 	}
 	if ( is_array( $closed ) ) {
-		update_user_option( $user->ID, "closedpostboxes_$page", $closed, true );
+		update_user_meta( $user->ID, "closedpostboxes_$page", $closed );
 	}
 	if ( is_array( $hidden ) ) {
 		// Postboxes that are always shown.
 		$hidden = array_diff( $hidden, array( 'submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu' ) );
-		update_user_option( $user->ID, "metaboxhidden_$page", $hidden, true );
+		update_user_meta( $user->ID, "metaboxhidden_$page", $hidden );
 	}
 	wp_die( 1 );
 }
 	if ( ! $user ) {
 		wp_die( -1 );
 	}
 	$hidden = ! empty( $_POST['hidden'] ) ? explode( ',', $_POST['hidden'] ) : array();
-	update_user_option( $user->ID, "manage{$page}columnshidden", $hidden, true );
+	update_user_meta( $user->ID, "manage{$page}columnshidden", $hidden );
 	wp_die( 1 );
 }
 /**
 	if ( ! $user ) {
 		wp_die( -1 );
 	}
 	if ( $order ) {
-		update_user_option( $user->ID, "meta-box-order_$page", $order, true );
+		update_user_meta( $user->ID, "meta-box-order_$page", $order );
 	}
 	if ( $page_columns ) {
-		update_user_option( $user->ID, "screen_layout_$page", $page_columns, true );
+		update_user_meta( $user->ID, "screen_layout_$page", $page_columns );
 	}
 	wp_send_json_success();
 }
 *
 * @since 3.1.0
 */
 function wp_ajax_get_permalink() {
 	check_ajax_referer( 'getpermalink', 'getpermalinknonce' );
-	$post_id = isset( $_POST['post_id'] ) ? intval( $_POST['post_id'] ) : 0;
+	$post_id = isset( $_POST['post_id'] ) ? (int) $_POST['post_id'] : 0;
 	wp_die( get_preview_post_link( $post_id ) );
 }
 /**
 * Ajax handler to retrieve a sample permalink.
 *
 * @since 3.1.0
 */
 function wp_ajax_sample_permalink() {
 	check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' );
-	$post_id = isset( $_POST['post_id'] ) ? intval( $_POST['post_id'] ) : 0;
+	$post_id = isset( $_POST['post_id'] ) ? (int) $_POST['post_id'] : 0;
 	$title   = isset( $_POST['new_title'] ) ? $_POST['new_title'] : '';
 	$slug    = isset( $_POST['new_slug'] ) ? $_POST['new_slug'] : null;
 	wp_die( get_sample_permalink_html( $post_id, $title, $slug ) );
 }
 		}
 		if ( '0000-00-00 00:00:00' === $post->post_date ) {
 			$time = '';
 		} else {
-			/* translators: Date format in table columns, see https://www.php.net/date */
+			/* translators: Date format in table columns, see https://www.php.net/manual/datetime.format.php */
 			$time = mysql2date( __( 'Y/m/d' ), $post->post_date );
 		}
 		$html .= '<tr class="' . trim( 'found-posts ' . $alt ) . '"><td class="found-radio"><input type="radio" id="found-' . $post->ID . '" name="found_post_id" value="' . esc_attr( $post->ID ) . '"></td>';
 		$html .= '<td><label for="found-' . $post->ID . '">' . esc_html( $title ) . '</label></td><td class="no-break">' . esc_html( $post_types[ $post->post_type ]->labels->singular_name ) . '</td><td class="no-break">' . esc_html( $time ) . '</td><td class="no-break">' . esc_html( $stat ) . ' </td></tr>' . "\n\n";
 	wp_die();
 }
 /**
-* Ajax handler for saving a widget.
+* Ajax handler for updating a widget.
 *
 * @since 3.9.0
 *
 * @global WP_Customize_Manager $wp_customize
 */
 * Ajax handler for image editing.
 *
 * @since 3.1.0
 */
 function wp_ajax_image_editor() {
-	$attachment_id = intval( $_POST['postid'] );
+	$attachment_id = (int) $_POST['postid'];
 	if ( empty( $attachment_id ) || ! current_user_can( 'edit_post', $attachment_id ) ) {
 		wp_die( -1 );
 	}
 	check_ajax_referer( "image_editor-$attachment_id" );
 	include_once ABSPATH . 'wp-admin/includes/image-edit.php';
 	$msg = false;
 	switch ( $_POST['do'] ) {
 		case 'save':
 			$msg = wp_save_image( $attachment_id );
-			if ( $msg->error ) {
+			if ( ! empty( $msg->error ) ) {
 				wp_send_json_error( $msg );
 			}
 			wp_send_json_success( $msg );
 			break;
 	ob_start();
 	wp_image_editor( $attachment_id, $msg );
 	$html = ob_get_clean();
-	if ( $msg->error ) {
+	if ( ! empty( $msg->error ) ) {
 		wp_send_json_error(
 			array(
 				'message' => $msg,
 				'html'    => $html,
 			)
 * @since 3.1.0
 */
 function wp_ajax_set_post_thumbnail() {
 	$json = ! empty( $_REQUEST['json'] ); // New-style request.
-	$post_ID = intval( $_POST['post_id'] );
+	$post_ID = (int) $_POST['post_id'];
 	if ( ! current_user_can( 'edit_post', $post_ID ) ) {
 		wp_die( -1 );
 	}
-	$thumbnail_id = intval( $_POST['thumbnail_id'] );
+	$thumbnail_id = (int) $_POST['thumbnail_id'];
 	if ( $json ) {
 		check_ajax_referer( "update-post_$post_ID" );
 	} else {
 		check_ajax_referer( "set_post_thumbnail-$post_ID" );
 * Ajax handler for retrieving HTML for the featured image.
 *
 * @since 4.6.0
 */
 function wp_ajax_get_post_thumbnail_html() {
-	$post_ID = intval( $_POST['post_id'] );
+	$post_ID = (int) $_POST['post_id'];
 	check_ajax_referer( "update-post_$post_ID" );
 	if ( ! current_user_can( 'edit_post', $post_ID ) ) {
 		wp_die( -1 );
 	}
-	$thumbnail_id = intval( $_POST['thumbnail_id'] );
+	$thumbnail_id = (int) $_POST['thumbnail_id'];
 	// For backward compatibility, -1 refers to no featured image.
 	if ( -1 === $thumbnail_id ) {
 		$thumbnail_id = null;
 	}
 	 *
 	 * @see WP_Query::parse_query()
 	 *
 	 * @param array $query An array of query variables.
 	 */
-	$query = apply_filters( 'ajax_query_attachments_args', $query );
+	$query             = apply_filters( 'ajax_query_attachments_args', $query );
-	$query = new WP_Query( $query );
+	$attachments_query = new WP_Query( $query );
-	$posts = array_map( 'wp_prepare_attachment_for_js', $query->posts );
+	$posts       = array_map( 'wp_prepare_attachment_for_js', $attachments_query->posts );
-	$posts = array_filter( $posts );
+	$posts       = array_filter( $posts );
+	$total_posts = $attachments_query->found_posts;
+	if ( $total_posts < 1 ) {
+		// Out-of-bounds, run the query again without LIMIT for total count.
+		unset( $query['paged'] );
+		$count_query = new WP_Query();
+		$count_query->query( $query );
+		$total_posts = $count_query->found_posts;
+	}
+	$posts_per_page = (int) $attachments_query->query['posts_per_page'];
+	$max_pages = $posts_per_page ? ceil( $total_posts / $posts_per_page ) : 0;
+	header( 'X-WP-Total: ' . (int) $total_posts );
+	header( 'X-WP-TotalPages: ' . (int) $max_pages );
 	wp_send_json_success( $posts );
 }
 /**
 function wp_ajax_send_attachment_to_editor() {
 	check_ajax_referer( 'media-send-to-editor', 'nonce' );
 	$attachment = wp_unslash( $_POST['attachment'] );
-	$id = intval( $attachment['id'] );
+	$id = (int) $attachment['id'];
 	$post = get_post( $id );
 	if ( ! $post ) {
 		wp_send_json_error();
 	}
 		wp_send_json_error();
 	}
 	if ( current_user_can( 'edit_post', $id ) ) {
 		// If this attachment is unattached, attach it. Primarily a back compat thing.
-		$insert_into_post_id = intval( $_POST['post_id'] );
+		$insert_into_post_id = (int) $_POST['post_id'];
 		if ( 0 == $post->post_parent && $insert_into_post_id ) {
 			wp_update_post(
 				array(
 					'ID'          => $id,
 	if ( empty( $_POST['shortcode'] ) ) {
 		wp_send_json_error();
 	}
-	$post_id = isset( $_POST['post_ID'] ) ? intval( $_POST['post_ID'] ) : 0;
+	$post_id = isset( $_POST['post_ID'] ) ? (int) $_POST['post_ID'] : 0;
 	if ( $post_id > 0 ) {
 		$post = get_post( $post_id );
 		if ( ! $post || ! current_user_can( 'edit_post', $post->ID ) ) {
 	}
 	// Set $content_width so any embeds fit in the destination iframe.
 	if ( isset( $_POST['maxwidth'] ) && is_numeric( $_POST['maxwidth'] ) && $_POST['maxwidth'] > 0 ) {
 		if ( ! isset( $content_width ) ) {
-			$content_width = intval( $_POST['maxwidth'] );
+			$content_width = (int) $_POST['maxwidth'];
 		} else {
-			$content_width = min( $content_width, intval( $_POST['maxwidth'] ) );
+			$content_width = min( $content_width, (int) $_POST['maxwidth'] );
 		}
 	}
 	if ( $url && ! $parsed ) {
 		$parsed = $wp_embed->run_shortcode( $shortcode );
 	if ( has_shortcode( $parsed, 'audio' ) || has_shortcode( $parsed, 'video' ) ) {
 		$styles     = '';
 		$mce_styles = wpview_media_sandbox_styles();
 		foreach ( $mce_styles as $style ) {
-			$styles .= sprintf( '<link rel="stylesheet" href="%s"/>', $style );
+			$styles .= sprintf( '<link rel="stylesheet" href="%s" />', $style );
 		}
 		$html = do_shortcode( $parsed );
 		global $wp_scripts;
 			$cropped = apply_filters( 'wp_create_file_in_uploads', $cropped, $attachment_id ); // For replication.
 			$parent_url = wp_get_attachment_url( $attachment_id );
 			$url        = str_replace( wp_basename( $parent_url ), wp_basename( $cropped ), $parent_url );
-			$size       = @getimagesize( $cropped );
+			$size       = wp_getimagesize( $cropped );
 			$image_type = ( $size ) ? $size['mime'] : 'image/jpeg';
 			$object = array(
 				'post_title'     => wp_basename( $cropped ),
 				'post_content'   => $url,
 * Ajax handler for generating a password.
 *
 * @since 4.4.0
 */
 function wp_ajax_generate_password() {
+	wp_send_json_success( wp_generate_password( 24 ) );
+}
+/**
+* Ajax handler for generating a password in the no-privilege context.
+*
+* @since 5.7.0
+*/
+function wp_ajax_nopriv_generate_password() {
 	wp_send_json_success( wp_generate_password( 24 ) );
 }
 /**
 * Ajax handler for saving the user's WordPress.org username.
 /**
 * Ajax handler for site health checks on server communication.
 *
 * @since 5.2.0
+* @deprecated 5.6.0 Use WP_REST_Site_Health_Controller::test_dotorg_communication()
+* @see WP_REST_Site_Health_Controller::test_dotorg_communication()
 */
 function wp_ajax_health_check_dotorg_communication() {
+	_doing_it_wrong(
+		'wp_ajax_health_check_dotorg_communication',
+		sprintf(
+		// translators: 1: The Site Health action that is no longer used by core. 2: The new function that replaces it.
+			__( 'The Site Health check for %1$s has been replaced with %2$s.' ),
+			'wp_ajax_health_check_dotorg_communication',
+			'WP_REST_Site_Health_Controller::test_dotorg_communication'
+		),
+		'5.6.0'
+	);
 	check_ajax_referer( 'health-check-site-status' );
 	if ( ! current_user_can( 'view_site_health_checks' ) ) {
 		wp_send_json_error();
 	}
 	$site_health = WP_Site_Health::get_instance();
 	wp_send_json_success( $site_health->get_test_dotorg_communication() );
 }
 /**
-* Ajax handler for site health checks on debug mode.
+* Ajax handler for site health checks on background updates.
 *
 * @since 5.2.0
-*/
+* @deprecated 5.6.0 Use WP_REST_Site_Health_Controller::test_background_updates()
-function wp_ajax_health_check_is_in_debug_mode() {
+* @see WP_REST_Site_Health_Controller::test_background_updates()
-	wp_verify_nonce( 'health-check-site-status' );
+*/
+function wp_ajax_health_check_background_updates() {
+	_doing_it_wrong(
+		'wp_ajax_health_check_background_updates',
+		sprintf(
+		// translators: 1: The Site Health action that is no longer used by core. 2: The new function that replaces it.
+			__( 'The Site Health check for %1$s has been replaced with %2$s.' ),
+			'wp_ajax_health_check_background_updates',
+			'WP_REST_Site_Health_Controller::test_background_updates'
+		),
+		'5.6.0'
+	);
+	check_ajax_referer( 'health-check-site-status' );
 	if ( ! current_user_can( 'view_site_health_checks' ) ) {
 		wp_send_json_error();
 	}
 	if ( ! class_exists( 'WP_Site_Health' ) ) {
 		require_once ABSPATH . 'wp-admin/includes/class-wp-site-health.php';
 	}
 	$site_health = WP_Site_Health::get_instance();
-	wp_send_json_success( $site_health->get_test_is_in_debug_mode() );
+	wp_send_json_success( $site_health->get_test_background_updates() );
 }
 /**
-* Ajax handler for site health checks on background updates.
+* Ajax handler for site health checks on loopback requests.
 *
 * @since 5.2.0
-*/
+* @deprecated 5.6.0 Use WP_REST_Site_Health_Controller::test_loopback_requests()
-function wp_ajax_health_check_background_updates() {
+* @see WP_REST_Site_Health_Controller::test_loopback_requests()
+*/
+function wp_ajax_health_check_loopback_requests() {
+	_doing_it_wrong(
+		'wp_ajax_health_check_loopback_requests',
+		sprintf(
+		// translators: 1: The Site Health action that is no longer used by core. 2: The new function that replaces it.
+			__( 'The Site Health check for %1$s has been replaced with %2$s.' ),
+			'wp_ajax_health_check_loopback_requests',
+			'WP_REST_Site_Health_Controller::test_loopback_requests'
+		),
+		'5.6.0'
+	);
 	check_ajax_referer( 'health-check-site-status' );
 	if ( ! current_user_can( 'view_site_health_checks' ) ) {
 		wp_send_json_error();
 	}
 	if ( ! class_exists( 'WP_Site_Health' ) ) {
 		require_once ABSPATH . 'wp-admin/includes/class-wp-site-health.php';
 	}
 	$site_health = WP_Site_Health::get_instance();
-	wp_send_json_success( $site_health->get_test_background_updates() );
+	wp_send_json_success( $site_health->get_test_loopback_requests() );
 }
 /**
-* Ajax handler for site health checks on loopback requests.
+* Ajax handler for site health check to update the result status.
 *
 * @since 5.2.0
 */
-function wp_ajax_health_check_loopback_requests() {
+function wp_ajax_health_check_site_status_result() {
-	check_ajax_referer( 'health-check-site-status' );
+	check_ajax_referer( 'health-check-site-status-result' );
 	if ( ! current_user_can( 'view_site_health_checks' ) ) {
 		wp_send_json_error();
 	}
-	if ( ! class_exists( 'WP_Site_Health' ) ) {
+	set_transient( 'health-check-site-status-result', wp_json_encode( $_POST['counts'] ) );
-		require_once ABSPATH . 'wp-admin/includes/class-wp-site-health.php';
-	}
+	wp_send_json_success();
+}
-	$site_health = WP_Site_Health::get_instance();
-	wp_send_json_success( $site_health->get_test_loopback_requests() );
+/**
-}
+* Ajax handler for site health check to get directories and database sizes.
-/**
-* Ajax handler for site health check to update the result status.
 *
 * @since 5.2.0
-*/
+* @deprecated 5.6.0 Use WP_REST_Site_Health_Controller::get_directory_sizes()
-function wp_ajax_health_check_site_status_result() {
+* @see WP_REST_Site_Health_Controller::get_directory_sizes()
-	check_ajax_referer( 'health-check-site-status-result' );
-	if ( ! current_user_can( 'view_site_health_checks' ) ) {
-		wp_send_json_error();
-	}
-	set_transient( 'health-check-site-status-result', wp_json_encode( $_POST['counts'] ) );
-	wp_send_json_success();
-}
-/**
-* Ajax handler for site health check to get directories and database sizes.
-*
-* @since 5.2.0
 */
 function wp_ajax_health_check_get_sizes() {
+	_doing_it_wrong(
+		'wp_ajax_health_check_get_sizes',
+		sprintf(
+		// translators: 1: The Site Health action that is no longer used by core. 2: The new function that replaces it.
+			__( 'The Site Health check for %1$s has been replaced with %2$s.' ),
+			'wp_ajax_health_check_get_sizes',
+			'WP_REST_Site_Health_Controller::get_directory_sizes'
+		),
+		'5.6.0'
+	);
 	check_ajax_referer( 'health-check-site-status-result' );
 	if ( ! current_user_can( 'view_site_health_checks' ) || is_multisite() ) {
 		wp_send_json_error();
 	}
 	update_site_option( $option, $auto_updates );
 	wp_send_json_success();
 }
+/**
+* Ajax handler sends a password reset link.
+*
+* @since 5.7.0
+*/
+function wp_ajax_send_password_reset() {
+	// Validate the nonce for this action.
+	$user_id = isset( $_POST['user_id'] ) ? (int) $_POST['user_id'] : 0;
+	check_ajax_referer( 'reset-password-for-' . $user_id, 'nonce' );
+	// Verify user capabilities.
+	if ( ! current_user_can( 'edit_user', $user_id ) ) {
+		wp_send_json_error( __( 'Cannot send password reset, permission denied.' ) );
+	}
+	// Send the password reset link.
+	$user    = get_userdata( $user_id );
+	$results = retrieve_password( $user->user_login );
+	if ( true === $results ) {
+		wp_send_json_success(
+			/* translators: %s: User's display name. */
+			sprintf( __( 'A password reset link was emailed to %s.' ), $user->display_name )
+		);
+	} else {
+		wp_send_json_error( $results->get_error_message() );
+	}
+}

changeset 18	be944660c56a
parent 16	a86126ab1dd4
child 19	3d72ae0968f4