diff -r 3d4e9c994f10 -r a86126ab1dd4 wp/wp-admin/admin-ajax.php --- a/wp/wp-admin/admin-ajax.php Tue Oct 22 16:11:46 2019 +0200 +++ b/wp/wp-admin/admin-ajax.php Tue Dec 15 13:49:49 2020 +0100 @@ -19,24 +19,24 @@ } /** Load WordPress Bootstrap */ -require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' ); +require_once dirname( __DIR__ ) . '/wp-load.php'; /** Allow for cross-domain requests (from the front end). */ send_origin_headers(); -// Require an action parameter +header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) ); +header( 'X-Robots-Tag: noindex' ); + +// Require an action parameter. if ( empty( $_REQUEST['action'] ) ) { wp_die( '0', 400 ); } /** Load WordPress Administration APIs */ -require_once( ABSPATH . 'wp-admin/includes/admin.php' ); +require_once ABSPATH . 'wp-admin/includes/admin.php'; /** Load Ajax Handlers for WordPress Core */ -require_once( ABSPATH . 'wp-admin/includes/ajax-actions.php' ); - -@header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) ); -@header( 'X-Robots-Tag: noindex' ); +require_once ABSPATH . 'wp-admin/includes/ajax-actions.php'; send_nosniff_header(); nocache_headers(); @@ -53,6 +53,7 @@ 'autocomplete-user', 'dashboard-widgets', 'logged-in', + 'rest-nonce', ); $core_actions_post = array( @@ -105,6 +106,7 @@ 'send-link-to-editor', 'send-attachment-to-editor', 'save-attachment-order', + 'media-create-image-subsizes', 'heartbeat', 'get-revision-diffs', 'save-user-color-scheme', @@ -137,18 +139,19 @@ 'health-check-background-updates', 'health-check-loopback-requests', 'health-check-get-sizes', + 'toggle-auto-updates', ); -// Deprecated +// Deprecated. $core_actions_post_deprecated = array( 'wp-fullscreen-save-post', 'press-this-save-post', 'press-this-add-category' ); $core_actions_post = array_merge( $core_actions_post, $core_actions_post_deprecated ); // Register core Ajax calls. -if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get ) ) { +if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get, true ) ) { add_action( 'wp_ajax_' . $_GET['action'], 'wp_ajax_' . str_replace( '-', '_', $_GET['action'] ), 1 ); } -if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post ) ) { +if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post, true ) ) { add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 ); } @@ -187,5 +190,5 @@ */ do_action( "wp_ajax_nopriv_{$action}" ); } -// Default status +// Default status. wp_die( '0' );