--- a/wp/wp-admin/admin-ajax.php Tue Jun 09 11:14:17 2015 +0000
+++ b/wp/wp-admin/admin-ajax.php Mon Oct 14 17:39:30 2019 +0200
@@ -1,6 +1,6 @@
<?php
/**
- * WordPress AJAX Process Execution.
+ * WordPress Ajax Process Execution
*
* @package WordPress
* @subpackage Administration
@@ -9,7 +9,7 @@
*/
/**
- * Executing AJAX process.
+ * Executing Ajax process.
*
* @since 2.1.0
*/
@@ -21,12 +21,12 @@
/** Load WordPress Bootstrap */
require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
-/** Allow for cross-domain requests (from the frontend). */
+/** Allow for cross-domain requests (from the front end). */
send_origin_headers();
// Require an action parameter
if ( empty( $_REQUEST['action'] ) )
- die( '0' );
+ wp_die( '0', 400 );
/** Load WordPress Administration APIs */
require_once( ABSPATH . 'wp-admin/includes/admin.php' );
@@ -56,15 +56,24 @@
'hidden-columns', 'update-welcome-panel', 'menu-get-metabox', 'wp-link-ajax',
'menu-locations-save', 'menu-quick-search', 'meta-box-order', 'get-permalink',
'sample-permalink', 'inline-save', 'inline-save-tax', 'find_posts', 'widgets-order',
- 'save-widget', 'set-post-thumbnail', 'date_format', 'time_format', 'wp-fullscreen-save-post',
+ 'save-widget', 'delete-inactive-widgets', 'set-post-thumbnail', 'date_format', 'time_format',
'wp-remove-post-lock', 'dismiss-wp-pointer', 'upload-attachment', 'get-attachment',
'query-attachments', 'save-attachment', 'save-attachment-compat', 'send-link-to-editor',
'send-attachment-to-editor', 'save-attachment-order', 'heartbeat', 'get-revision-diffs',
'save-user-color-scheme', 'update-widget', 'query-themes', 'parse-embed', 'set-attachment-thumbnail',
- 'parse-media-shortcode', 'destroy-sessions', 'install-plugin', 'update-plugin', 'press-this-save-post',
- 'press-this-add-category',
+ 'parse-media-shortcode', 'destroy-sessions', 'install-plugin', 'update-plugin', 'crop-image',
+ 'generate-password', 'save-wporg-username', 'delete-plugin', 'search-plugins',
+ 'search-install-plugins', 'activate-plugin', 'update-theme', 'delete-theme', 'install-theme',
+ 'get-post-thumbnail-html', 'get-community-events', 'edit-theme-plugin-file',
+ 'wp-privacy-export-personal-data',
+ 'wp-privacy-erase-personal-data',
+ 'update-try-gutenberg-panel',
);
+// Deprecated
+$core_actions_post_deprecated = array( 'wp-fullscreen-save-post', 'press-this-save-post', 'press-this-add-category' );
+$core_actions_post = array_merge( $core_actions_post, $core_actions_post_deprecated );
+
// Register core Ajax calls.
if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get ) )
add_action( 'wp_ajax_' . $_GET['action'], 'wp_ajax_' . str_replace( '-', '_', $_GET['action'] ), 1 );
@@ -75,25 +84,35 @@
add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 );
if ( is_user_logged_in() ) {
+ // If no action is registered, return a Bad Request response.
+ if ( ! has_action( 'wp_ajax_' . $_REQUEST['action'] ) ) {
+ wp_die( '0', 400 );
+ }
+
/**
- * Fires authenticated AJAX actions for logged-in users.
+ * Fires authenticated Ajax actions for logged-in users.
*
* The dynamic portion of the hook name, `$_REQUEST['action']`,
- * refers to the name of the AJAX action callback being fired.
+ * refers to the name of the Ajax action callback being fired.
*
* @since 2.1.0
*/
do_action( 'wp_ajax_' . $_REQUEST['action'] );
} else {
+ // If no action is registered, return a Bad Request response.
+ if ( ! has_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ) ) {
+ wp_die( '0', 400 );
+ }
+
/**
- * Fires non-authenticated AJAX actions for logged-out users.
+ * Fires non-authenticated Ajax actions for logged-out users.
*
* The dynamic portion of the hook name, `$_REQUEST['action']`,
- * refers to the name of the AJAX action callback being fired.
+ * refers to the name of the Ajax action callback being fired.
*
* @since 2.8.0
*/
do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
}
// Default status
-die( '0' );
+wp_die( '0' );