|
1 <?php |
|
2 /** |
|
3 * WordPress AJAX Process Execution. |
|
4 * |
|
5 * @package WordPress |
|
6 * @subpackage Administration |
|
7 * |
|
8 * @link http://codex.wordpress.org/AJAX_in_Plugins |
|
9 */ |
|
10 |
|
11 /** |
|
12 * Executing AJAX process. |
|
13 * |
|
14 * @since 2.1.0 |
|
15 */ |
|
16 define( 'DOING_AJAX', true ); |
|
17 define( 'WP_ADMIN', true ); |
|
18 |
|
19 /** Load WordPress Bootstrap */ |
|
20 require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' ); |
|
21 |
|
22 /** Allow for cross-domain requests (from the frontend). */ |
|
23 send_origin_headers(); |
|
24 |
|
25 // Require an action parameter |
|
26 if ( empty( $_REQUEST['action'] ) ) |
|
27 die( '0' ); |
|
28 |
|
29 /** Load WordPress Administration APIs */ |
|
30 require_once( ABSPATH . 'wp-admin/includes/admin.php' ); |
|
31 |
|
32 /** Load Ajax Handlers for WordPress Core */ |
|
33 require_once( ABSPATH . 'wp-admin/includes/ajax-actions.php' ); |
|
34 |
|
35 @header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) ); |
|
36 @header( 'X-Robots-Tag: noindex' ); |
|
37 |
|
38 send_nosniff_header(); |
|
39 nocache_headers(); |
|
40 |
|
41 /** This action is documented in wp-admin/admin.php */ |
|
42 do_action( 'admin_init' ); |
|
43 |
|
44 $core_actions_get = array( |
|
45 'fetch-list', 'ajax-tag-search', 'wp-compression-test', 'imgedit-preview', 'oembed-cache', |
|
46 'autocomplete-user', 'dashboard-widgets', 'logged-in', |
|
47 ); |
|
48 |
|
49 $core_actions_post = array( |
|
50 'oembed-cache', 'image-editor', 'delete-comment', 'delete-tag', 'delete-link', |
|
51 'delete-meta', 'delete-post', 'trash-post', 'untrash-post', 'delete-page', 'dim-comment', |
|
52 'add-link-category', 'add-tag', 'get-tagcloud', 'get-comments', 'replyto-comment', |
|
53 'edit-comment', 'add-menu-item', 'add-meta', 'add-user', 'autosave', 'closed-postboxes', |
|
54 'hidden-columns', 'update-welcome-panel', 'menu-get-metabox', 'wp-link-ajax', |
|
55 'menu-locations-save', 'menu-quick-search', 'meta-box-order', 'get-permalink', |
|
56 'sample-permalink', 'inline-save', 'inline-save-tax', 'find_posts', 'widgets-order', |
|
57 'save-widget', 'set-post-thumbnail', 'date_format', 'time_format', 'wp-fullscreen-save-post', |
|
58 'wp-remove-post-lock', 'dismiss-wp-pointer', 'upload-attachment', 'get-attachment', |
|
59 'query-attachments', 'save-attachment', 'save-attachment-compat', 'send-link-to-editor', |
|
60 'send-attachment-to-editor', 'save-attachment-order', 'heartbeat', 'get-revision-diffs', |
|
61 ); |
|
62 |
|
63 // Register core Ajax calls. |
|
64 if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get ) ) |
|
65 add_action( 'wp_ajax_' . $_GET['action'], 'wp_ajax_' . str_replace( '-', '_', $_GET['action'] ), 1 ); |
|
66 |
|
67 if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post ) ) |
|
68 add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 ); |
|
69 |
|
70 add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 ); |
|
71 |
|
72 if ( is_user_logged_in() ) { |
|
73 /** |
|
74 * Fires authenticated AJAX actions for logged-in users. |
|
75 * |
|
76 * The dynamic portion of the hook name, $_REQUEST['action'], |
|
77 * refers to the name of the AJAX action callback being fired. |
|
78 * |
|
79 * @since 2.1.0 |
|
80 */ |
|
81 do_action( 'wp_ajax_' . $_REQUEST['action'] ); |
|
82 } else { |
|
83 /** |
|
84 * Fires non-authenticated AJAX actions for logged-out users. |
|
85 * |
|
86 * The dynamic portion of the hook name, $_REQUEST['action'], |
|
87 * refers to the name of the AJAX action callback being fired. |
|
88 * |
|
89 * @since 2.8.0 |
|
90 */ |
|
91 do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ); |
|
92 } |
|
93 // Default status |
|
94 die( '0' ); |