mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-02-12 02:44:22 +01:00
Code Issues Actions 24 Packages Projects Releases Wiki Activity

Administration: After [41120], check for a registered action before sending a Bad Request HTTP response status code.

Browse Source 
Props Clorith.
Fixes #42240.

git-svn-id: https://develop.svn.wordpress.org/trunk@41926 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov 2017-10-18 21:00:39 +00:00
parent adfa4cd450
commit ac8bc46b09
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/wp-admin/admin-ajax.php
View File

@ -81,6 +81,11 @@ if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_po
add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 ); add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 );
if ( is_user_logged_in() ) { if ( is_user_logged_in() ) {
// If no action is registered, return a Bad Request response.
if ( ! has_action( 'wp_ajax_' . $_REQUEST['action'] ) ) {
wp_die( '0', 400 );
}
/** /**
* Fires authenticated Ajax actions for logged-in users. * Fires authenticated Ajax actions for logged-in users.
* *
@ -91,6 +96,11 @@ if ( is_user_logged_in() ) {
*/ */
do_action( 'wp_ajax_' . $_REQUEST['action'] ); do_action( 'wp_ajax_' . $_REQUEST['action'] );
} else { } else {
// If no action is registered, return a Bad Request response.
if ( ! has_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ) ) {
wp_die( '0', 400 );
}
/** /**
* Fires non-authenticated Ajax actions for logged-out users. * Fires non-authenticated Ajax actions for logged-out users.
* *
@ -102,4 +112,4 @@ if ( is_user_logged_in() ) {
do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ); do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
} }
// Default status // Default status
wp_die( '0', 400 ); wp_die( '0' );