Ticket #12400: 12400.2.diff

Index: wp-includes/link-template.php
===================================================================
--- wp-includes/link-template.php       (revision 13499)
+++ wp-includes/link-template.php       (working copy)
@@ -2015,4 +2015,24 @@
        echo "<link rel='canonical' href='$link' />\n";
 }
 
-?>
+/**
+ * Prints the ajax url on the front end
+ *
+ * @since 3.0
+ **/
+function _wp_ajaxurl() {
+       echo '<script type="text/javascript">',
+               "var ajaxurl = '", site_url('wp-ajax.php'), "';",
+               '</script>';
+}
+
+/**
+ * Hooks _wp_ajaxurl() to wp_head
+ *
+ * @since 3.0
+ **/
+
+function wp_ajaxurl() {
+       add_action('wp_head', '_wp_ajaxurl', 1);
+}
+?>
\ No newline at end of file
Index: wp-ajax.php
===================================================================
--- wp-ajax.php (revision 0)
+++ wp-ajax.php (revision 0)
@@ -0,0 +1,30 @@
+<?php
+/**
+ * Execute an AJAX action.
+ *
+ * To take full advantage of this file, call wp_ajaxurl(); in your theme
+ * or plugin while registering your front-end scripts. Doing so will make
+ * an ajaxurl variable available for use in javascripts. The ajaxurl
+ * variable will point to this file's absolute URL.
+ *
+ * In the admin area, an ajaxurl variable is always available, and points
+ * to wp-admin/admin-ajax.php instead - with slightly different hooks.
+ *
+ * @since 3.0
+ */
+define('DOING_AJAX', true);
+require_once('wp-load.php');
+
+@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
+
+do_action('ajax_init');
+
+$action = !empty($_REQUEST['action']) ? stripslashes($_REQUEST['action']) : false;
+
+if ( !$action || ! has_action('ajax_' . $action) ) {
+       status_header(400); // invalid request
+       exit;
+}
+
+do_action('ajax_' . $action);
+?>
\ No newline at end of file

Property changes on: wp-ajax.php
___________________________________________________________________
Added: svn:eol-style
   + native

Index: wp-admin/admin-ajax.php
===================================================================
--- wp-admin/admin-ajax.php     (revision 13499)
+++ wp-admin/admin-ajax.php     (working copy)
@@ -43,7 +43,7 @@
        }
 
        if ( !empty( $_REQUEST['action'] ) )
-               do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
+               do_action( 'wp_ajax_nopriv_' . stripslashes($_REQUEST['action']) );
 
        die('-1');
 }
@@ -136,7 +136,8 @@
        die( $return );
        break;
 default :
-       do_action( 'wp_ajax_' . $_GET['action'] );
+       if ( !empty($_GET['action']) )
+               do_action( 'wp_ajax_' . stripslashes($_GET['action']) );
        die('0');
        break;
 endswitch;
@@ -1414,7 +1415,8 @@
        }
        die( '0' );
 default :
-       do_action( 'wp_ajax_' . $_POST['action'] );
+       if ( !empty($_POST['action']) )
+               do_action( 'wp_ajax_' . stripslashes($_POST['action']) );
        die('0');
        break;
 endswitch;