| 
									
										
										
										
											2019-03-12 09:27:46 +00:00
										 |  |  | <?php | 
					
						
							|  |  |  | /** | 
					
						
							|  |  |  |  * WordPress Ajax Process Execution | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * @package WordPress | 
					
						
							|  |  |  |  * @subpackage Administration | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * @link https://codex.wordpress.org/AJAX_in_Plugins | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /** | 
					
						
							|  |  |  |  * Executing Ajax process. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * @since 2.1.0 | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | define( 'DOING_AJAX', true ); | 
					
						
							|  |  |  | if ( ! defined( 'WP_ADMIN' ) ) { | 
					
						
							|  |  |  | 	define( 'WP_ADMIN', true ); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /** Load WordPress Bootstrap */ | 
					
						
							|  |  |  | require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' ); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /** Allow for cross-domain requests (from the front end). */ | 
					
						
							|  |  |  | send_origin_headers(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // Require an action parameter
 | 
					
						
							| 
									
										
										
										
											2019-04-16 20:56:22 +01:00
										 |  |  | if ( empty( $_REQUEST['action'] ) ) { | 
					
						
							| 
									
										
										
										
											2019-03-12 09:27:46 +00:00
										 |  |  | 	wp_die( '0', 400 ); | 
					
						
							| 
									
										
										
										
											2019-04-16 20:56:22 +01:00
										 |  |  | } | 
					
						
							| 
									
										
										
										
											2019-03-12 09:27:46 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | /** Load WordPress Administration APIs */ | 
					
						
							|  |  |  | require_once( ABSPATH . 'wp-admin/includes/admin.php' ); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /** Load Ajax Handlers for WordPress Core */ | 
					
						
							|  |  |  | require_once( ABSPATH . 'wp-admin/includes/ajax-actions.php' ); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | @header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) ); | 
					
						
							|  |  |  | @header( 'X-Robots-Tag: noindex' ); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | send_nosniff_header(); | 
					
						
							|  |  |  | nocache_headers(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /** This action is documented in wp-admin/admin.php */ | 
					
						
							|  |  |  | do_action( 'admin_init' ); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | $core_actions_get = array( | 
					
						
							| 
									
										
										
										
											2019-04-16 20:56:22 +01:00
										 |  |  | 	'fetch-list', | 
					
						
							|  |  |  | 	'ajax-tag-search', | 
					
						
							|  |  |  | 	'wp-compression-test', | 
					
						
							|  |  |  | 	'imgedit-preview', | 
					
						
							|  |  |  | 	'oembed-cache', | 
					
						
							|  |  |  | 	'autocomplete-user', | 
					
						
							|  |  |  | 	'dashboard-widgets', | 
					
						
							|  |  |  | 	'logged-in', | 
					
						
							| 
									
										
										
										
											2019-03-12 09:27:46 +00:00
										 |  |  | ); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | $core_actions_post = array( | 
					
						
							| 
									
										
										
										
											2019-04-16 20:56:22 +01:00
										 |  |  | 	'oembed-cache', | 
					
						
							|  |  |  | 	'image-editor', | 
					
						
							|  |  |  | 	'delete-comment', | 
					
						
							|  |  |  | 	'delete-tag', | 
					
						
							|  |  |  | 	'delete-link', | 
					
						
							|  |  |  | 	'delete-meta', | 
					
						
							|  |  |  | 	'delete-post', | 
					
						
							|  |  |  | 	'trash-post', | 
					
						
							|  |  |  | 	'untrash-post', | 
					
						
							|  |  |  | 	'delete-page', | 
					
						
							|  |  |  | 	'dim-comment', | 
					
						
							|  |  |  | 	'add-link-category', | 
					
						
							|  |  |  | 	'add-tag', | 
					
						
							|  |  |  | 	'get-tagcloud', | 
					
						
							|  |  |  | 	'get-comments', | 
					
						
							|  |  |  | 	'replyto-comment', | 
					
						
							|  |  |  | 	'edit-comment', | 
					
						
							|  |  |  | 	'add-menu-item', | 
					
						
							|  |  |  | 	'add-meta', | 
					
						
							|  |  |  | 	'add-user', | 
					
						
							|  |  |  | 	'closed-postboxes', | 
					
						
							|  |  |  | 	'hidden-columns', | 
					
						
							|  |  |  | 	'update-welcome-panel', | 
					
						
							|  |  |  | 	'menu-get-metabox', | 
					
						
							|  |  |  | 	'wp-link-ajax', | 
					
						
							|  |  |  | 	'menu-locations-save', | 
					
						
							|  |  |  | 	'menu-quick-search', | 
					
						
							|  |  |  | 	'meta-box-order', | 
					
						
							|  |  |  | 	'get-permalink', | 
					
						
							|  |  |  | 	'sample-permalink', | 
					
						
							|  |  |  | 	'inline-save', | 
					
						
							|  |  |  | 	'inline-save-tax', | 
					
						
							|  |  |  | 	'find_posts', | 
					
						
							|  |  |  | 	'widgets-order', | 
					
						
							|  |  |  | 	'save-widget', | 
					
						
							|  |  |  | 	'delete-inactive-widgets', | 
					
						
							|  |  |  | 	'set-post-thumbnail', | 
					
						
							|  |  |  | 	'date_format', | 
					
						
							|  |  |  | 	'time_format', | 
					
						
							|  |  |  | 	'wp-remove-post-lock', | 
					
						
							|  |  |  | 	'dismiss-wp-pointer', | 
					
						
							|  |  |  | 	'upload-attachment', | 
					
						
							|  |  |  | 	'get-attachment', | 
					
						
							|  |  |  | 	'query-attachments', | 
					
						
							|  |  |  | 	'save-attachment', | 
					
						
							|  |  |  | 	'save-attachment-compat', | 
					
						
							|  |  |  | 	'send-link-to-editor', | 
					
						
							|  |  |  | 	'send-attachment-to-editor', | 
					
						
							|  |  |  | 	'save-attachment-order', | 
					
						
							|  |  |  | 	'heartbeat', | 
					
						
							|  |  |  | 	'get-revision-diffs', | 
					
						
							|  |  |  | 	'save-user-color-scheme', | 
					
						
							|  |  |  | 	'update-widget', | 
					
						
							|  |  |  | 	'query-themes', | 
					
						
							|  |  |  | 	'parse-embed', | 
					
						
							|  |  |  | 	'set-attachment-thumbnail', | 
					
						
							|  |  |  | 	'parse-media-shortcode', | 
					
						
							|  |  |  | 	'destroy-sessions', | 
					
						
							|  |  |  | 	'install-plugin', | 
					
						
							|  |  |  | 	'update-plugin', | 
					
						
							|  |  |  | 	'crop-image', | 
					
						
							|  |  |  | 	'generate-password', | 
					
						
							|  |  |  | 	'save-wporg-username', | 
					
						
							|  |  |  | 	'delete-plugin', | 
					
						
							|  |  |  | 	'search-plugins', | 
					
						
							|  |  |  | 	'search-install-plugins', | 
					
						
							|  |  |  | 	'activate-plugin', | 
					
						
							|  |  |  | 	'update-theme', | 
					
						
							|  |  |  | 	'delete-theme', | 
					
						
							|  |  |  | 	'install-theme', | 
					
						
							|  |  |  | 	'get-post-thumbnail-html', | 
					
						
							|  |  |  | 	'get-community-events', | 
					
						
							|  |  |  | 	'edit-theme-plugin-file', | 
					
						
							| 
									
										
										
										
											2019-03-12 09:27:46 +00:00
										 |  |  | 	'wp-privacy-export-personal-data', | 
					
						
							|  |  |  | 	'wp-privacy-erase-personal-data', | 
					
						
							|  |  |  | ); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // Deprecated
 | 
					
						
							|  |  |  | $core_actions_post_deprecated = array( 'wp-fullscreen-save-post', 'press-this-save-post', 'press-this-add-category' ); | 
					
						
							| 
									
										
										
										
											2019-04-16 20:56:22 +01:00
										 |  |  | $core_actions_post            = array_merge( $core_actions_post, $core_actions_post_deprecated ); | 
					
						
							| 
									
										
										
										
											2019-03-12 09:27:46 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | // Register core Ajax calls.
 | 
					
						
							| 
									
										
										
										
											2019-04-16 20:56:22 +01:00
										 |  |  | if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get ) ) { | 
					
						
							| 
									
										
										
										
											2019-03-12 09:27:46 +00:00
										 |  |  | 	add_action( 'wp_ajax_' . $_GET['action'], 'wp_ajax_' . str_replace( '-', '_', $_GET['action'] ), 1 ); | 
					
						
							| 
									
										
										
										
											2019-04-16 20:56:22 +01:00
										 |  |  | } | 
					
						
							| 
									
										
										
										
											2019-03-12 09:27:46 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-04-16 20:56:22 +01:00
										 |  |  | if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post ) ) { | 
					
						
							| 
									
										
										
										
											2019-03-12 09:27:46 +00:00
										 |  |  | 	add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 ); | 
					
						
							| 
									
										
										
										
											2019-04-16 20:56:22 +01:00
										 |  |  | } | 
					
						
							| 
									
										
										
										
											2019-03-12 09:27:46 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 ); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-04-16 20:56:22 +01:00
										 |  |  | $action = ( isset( $_REQUEST['action'] ) ) ? $_REQUEST['action'] : ''; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-03-12 09:27:46 +00:00
										 |  |  | if ( is_user_logged_in() ) { | 
					
						
							|  |  |  | 	// If no action is registered, return a Bad Request response.
 | 
					
						
							| 
									
										
										
										
											2019-04-16 20:56:22 +01:00
										 |  |  | 	if ( ! has_action( "wp_ajax_{$action}" ) ) { | 
					
						
							| 
									
										
										
										
											2019-03-12 09:27:46 +00:00
										 |  |  | 		wp_die( '0', 400 ); | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	/** | 
					
						
							|  |  |  | 	 * Fires authenticated Ajax actions for logged-in users. | 
					
						
							|  |  |  | 	 * | 
					
						
							| 
									
										
										
										
											2019-04-16 20:56:22 +01:00
										 |  |  | 	 * The dynamic portion of the hook name, `$action`, refers | 
					
						
							|  |  |  | 	 * to the name of the Ajax action callback being fired. | 
					
						
							| 
									
										
										
										
											2019-03-12 09:27:46 +00:00
										 |  |  | 	 * | 
					
						
							|  |  |  | 	 * @since 2.1.0 | 
					
						
							|  |  |  | 	 */ | 
					
						
							| 
									
										
										
										
											2019-04-16 20:56:22 +01:00
										 |  |  | 	do_action( "wp_ajax_{$action}" ); | 
					
						
							| 
									
										
										
										
											2019-03-12 09:27:46 +00:00
										 |  |  | } else { | 
					
						
							|  |  |  | 	// If no action is registered, return a Bad Request response.
 | 
					
						
							| 
									
										
										
										
											2019-04-16 20:56:22 +01:00
										 |  |  | 	if ( ! has_action( "wp_ajax_nopriv_{$action}" ) ) { | 
					
						
							| 
									
										
										
										
											2019-03-12 09:27:46 +00:00
										 |  |  | 		wp_die( '0', 400 ); | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	/** | 
					
						
							|  |  |  | 	 * Fires non-authenticated Ajax actions for logged-out users. | 
					
						
							|  |  |  | 	 * | 
					
						
							| 
									
										
										
										
											2019-04-16 20:56:22 +01:00
										 |  |  | 	 * The dynamic portion of the hook name, `$action`, refers | 
					
						
							|  |  |  | 	 * to the name of the Ajax action callback being fired. | 
					
						
							| 
									
										
										
										
											2019-03-12 09:27:46 +00:00
										 |  |  | 	 * | 
					
						
							|  |  |  | 	 * @since 2.8.0 | 
					
						
							|  |  |  | 	 */ | 
					
						
							| 
									
										
										
										
											2019-04-16 20:56:22 +01:00
										 |  |  | 	do_action( "wp_ajax_nopriv_{$action}" ); | 
					
						
							| 
									
										
										
										
											2019-03-12 09:27:46 +00:00
										 |  |  | } | 
					
						
							|  |  |  | // Default status
 | 
					
						
							|  |  |  | wp_die( '0' ); |