Ticket #15327: ajax_die.2.patch
File ajax_die.2.patch, 28.6 KB (added by , 13 years ago) |
---|
-
wordpress/wp-admin/includes/ajax-actions.php
14 14 $id = isset( $_POST['post_ID'] ) ? (int) $_POST['post_ID'] : 0; 15 15 16 16 if ( ! $id ) 17 die('-1');17 wp_die('-1'); 18 18 19 19 $message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="_blank">Please log in again.</a>'), wp_login_url() ); 20 20 $x = new WP_Ajax_Response( array( … … 41 41 42 42 $wp_list_table = _get_list_table( $list_class ); 43 43 if ( ! $wp_list_table ) 44 die( '0' );44 wp_die( '0' ); 45 45 46 46 if ( ! $wp_list_table->ajax_user_can() ) 47 die( '-1' );47 wp_die( '-1' ); 48 48 49 49 $wp_list_table->ajax_response(); 50 50 51 die( '0' );51 wp_die( '0' ); 52 52 } 53 53 function wp_ajax_ajax_tag_search() { 54 54 global $wpdb; … … 57 57 $taxonomy = sanitize_key( $_GET['tax'] ); 58 58 $tax = get_taxonomy( $taxonomy ); 59 59 if ( ! $tax ) 60 die( '0' );60 wp_die( '0' ); 61 61 if ( ! current_user_can( $tax->cap->assign_terms ) ) 62 die( '-1' );62 wp_die( '-1' ); 63 63 } else { 64 die('0');64 wp_die('0'); 65 65 } 66 66 67 67 $s = stripslashes( $_GET['q'] ); … … 82 82 83 83 function wp_ajax_wp_compression_test() { 84 84 if ( !current_user_can( 'manage_options' ) ) 85 die('-1');85 wp_die('-1'); 86 86 87 87 if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) { 88 88 update_site_option('can_compress_scripts', 0); 89 die('0');89 wp_die('0'); 90 90 } 91 91 92 92 if ( isset($_GET['test']) ) { … … 103 103 die; 104 104 } elseif ( 2 == $_GET['test'] ) { 105 105 if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) ) 106 die('-1');106 wp_die('-1'); 107 107 if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) { 108 108 header('Content-Encoding: deflate'); 109 109 $out = gzdeflate( $test_str, 1 ); … … 111 111 header('Content-Encoding: gzip'); 112 112 $out = gzencode( $test_str, 1 ); 113 113 } else { 114 die('-1');114 wp_die('-1'); 115 115 } 116 116 echo $out; 117 117 die; … … 122 122 } 123 123 } 124 124 125 die('0');125 wp_die('0'); 126 126 } 127 127 128 128 function wp_ajax_imgedit_preview() { 129 129 $post_id = intval($_GET['postid']); 130 130 if ( empty($post_id) || !current_user_can('edit_post', $post_id) ) 131 die('-1');131 wp_die('-1'); 132 132 133 133 check_ajax_referer( "image_editor-$post_id" ); 134 134 135 135 include_once( ABSPATH . 'wp-admin/includes/image-edit.php' ); 136 136 if ( ! stream_preview_image($post_id) ) 137 die('-1');137 wp_die('-1'); 138 138 139 die();139 wp_die(''); 140 140 } 141 141 142 142 function wp_ajax_oembed_cache() { 143 143 global $wp_embed; 144 144 145 145 $return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0'; 146 die( $return );146 wp_die( $return ); 147 147 } 148 148 149 149 /* … … 167 167 $url = esc_url_raw( @$_POST['_url'] ); 168 168 // JS didn't send us everything we need to know. Just die with success message 169 169 if ( !$total || !$per_page || !$page || !$url ) 170 die( (string) time() );170 wp_die( (string) time() ); 171 171 172 172 $total += $delta; 173 173 if ( $total < 0 ) … … 217 217 $taxonomy = get_taxonomy(substr($action, 4)); 218 218 check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name ); 219 219 if ( !current_user_can( $taxonomy->cap->edit_terms ) ) 220 die('-1');220 wp_die('-1'); 221 221 $names = explode(',', $_POST['new'.$taxonomy->name]); 222 222 $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0; 223 223 if ( 0 > $parent ) … … 295 295 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; 296 296 297 297 if ( !$comment = get_comment( $id ) ) 298 die( (string) time() );298 wp_die( (string) time() ); 299 299 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) 300 die('-1');300 wp_die('-1'); 301 301 302 302 check_ajax_referer( "delete-comment_$id" ); 303 303 $status = wp_get_comment_status( $comment->comment_ID ); … … 305 305 $delta = -1; 306 306 if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) { 307 307 if ( 'trash' == $status ) 308 die( (string) time() );308 wp_die( (string) time() ); 309 309 $r = wp_trash_comment( $comment->comment_ID ); 310 310 } elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) { 311 311 if ( 'trash' != $status ) 312 die( (string) time() );312 wp_die( (string) time() ); 313 313 $r = wp_untrash_comment( $comment->comment_ID ); 314 314 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'trash' ) // undo trash, not in trash 315 315 $delta = 1; 316 316 } elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) { 317 317 if ( 'spam' == $status ) 318 die( (string) time() );318 wp_die( (string) time() ); 319 319 $r = wp_spam_comment( $comment->comment_ID ); 320 320 } elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) { 321 321 if ( 'spam' != $status ) 322 die( (string) time() );322 wp_die( (string) time() ); 323 323 $r = wp_unspam_comment( $comment->comment_ID ); 324 324 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'spam' ) // undo spam, not in spam 325 325 $delta = 1; 326 326 } elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) { 327 327 $r = wp_delete_comment( $comment->comment_ID ); 328 328 } else { 329 die('-1');329 wp_die('-1'); 330 330 } 331 331 332 332 if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts 333 333 _wp_ajax_delete_comment_response( $comment->comment_ID, $delta ); 334 die( '0' );334 wp_die( '0' ); 335 335 } 336 336 337 337 function wp_ajax_delete_tag() { … … 342 342 $tax = get_taxonomy($taxonomy); 343 343 344 344 if ( !current_user_can( $tax->cap->delete_terms ) ) 345 die('-1');345 wp_die('-1'); 346 346 347 347 $tag = get_term( $tag_id, $taxonomy ); 348 348 if ( !$tag || is_wp_error( $tag ) ) 349 die('1');349 wp_die('1'); 350 350 351 351 if ( wp_delete_term($tag_id, $taxonomy)) 352 die('1');352 wp_die('1'); 353 353 else 354 die('0');354 wp_die('0'); 355 355 } 356 356 357 357 function wp_ajax_delete_link() { … … 359 359 360 360 check_ajax_referer( "delete-bookmark_$id" ); 361 361 if ( !current_user_can( 'manage_links' ) ) 362 die('-1');362 wp_die('-1'); 363 363 364 364 $link = get_bookmark( $id ); 365 365 if ( !$link || is_wp_error( $link ) ) 366 die('1');366 wp_die('1'); 367 367 368 368 if ( wp_delete_link( $id ) ) 369 die('1');369 wp_die('1'); 370 370 else 371 die('0');371 wp_die('0'); 372 372 } 373 373 374 374 function wp_ajax_delete_meta() { … … 376 376 377 377 check_ajax_referer( "delete-meta_$id" ); 378 378 if ( !$meta = get_metadata_by_mid( 'post', $id ) ) 379 die('1');379 wp_die('1'); 380 380 381 381 if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $meta->post_id, $meta->meta_key ) ) 382 die('-1');382 wp_die('-1'); 383 383 if ( delete_meta( $meta->meta_id ) ) 384 die('1');385 die('0');384 wp_die('1'); 385 wp_die('0'); 386 386 } 387 387 388 388 function wp_ajax_delete_post( $action ) { … … 390 390 391 391 check_ajax_referer( "{$action}_$id" ); 392 392 if ( !current_user_can( 'delete_post', $id ) ) 393 die('-1');393 wp_die('-1'); 394 394 395 395 if ( !get_post( $id ) ) 396 die('1');396 wp_die('1'); 397 397 398 398 if ( wp_delete_post( $id ) ) 399 die('1');399 wp_die('1'); 400 400 else 401 die('0');401 wp_die('0'); 402 402 } 403 403 404 404 function wp_ajax_trash_post( $action ) { … … 406 406 407 407 check_ajax_referer( "{$action}_$id" ); 408 408 if ( !current_user_can( 'delete_post', $id ) ) 409 die('-1');409 wp_die('-1'); 410 410 411 411 if ( !get_post( $id ) ) 412 die('1');412 wp_die('1'); 413 413 414 414 if ( 'trash-post' == $action ) 415 415 $done = wp_trash_post( $id ); … … 417 417 $done = wp_untrash_post( $id ); 418 418 419 419 if ( $done ) 420 die('1');420 wp_die('1'); 421 421 422 die('0');422 wp_die('0'); 423 423 } 424 424 425 425 function wp_ajax_untrash_post( $action ) { … … 431 431 432 432 check_ajax_referer( "{$action}_$id" ); 433 433 if ( !current_user_can( 'delete_page', $id ) ) 434 die('-1');434 wp_die('-1'); 435 435 436 436 if ( !get_page( $id ) ) 437 die('1');437 wp_die('1'); 438 438 439 439 if ( wp_delete_post( $id ) ) 440 die('1');440 wp_die('1'); 441 441 else 442 die('0');442 wp_die('0'); 443 443 } 444 444 445 445 function wp_ajax_dim_comment() { … … 454 454 } 455 455 456 456 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) && ! current_user_can( 'moderate_comments' ) ) 457 die('-1');457 wp_die('-1'); 458 458 459 459 $current = wp_get_comment_status( $comment->comment_ID ); 460 460 if ( $_POST['new'] == $current ) 461 die( (string) time() );461 wp_die( (string) time() ); 462 462 463 463 check_ajax_referer( "approve-comment_$id" ); 464 464 if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) … … 476 476 477 477 // Decide if we need to send back '1' or a more complicated response including page links and comment counts 478 478 _wp_ajax_delete_comment_response( $comment->comment_ID ); 479 die( '0' );479 wp_die( '0' ); 480 480 } 481 481 482 482 function wp_ajax_add_link_category( $action ) { 483 483 check_ajax_referer( $action ); 484 484 if ( !current_user_can( 'manage_categories' ) ) 485 die('-1');485 wp_die('-1'); 486 486 $names = explode(',', $_POST['newcat']); 487 487 $x = new WP_Ajax_Response(); 488 488 foreach ( $names as $cat_name ) { … … 516 516 $tax = get_taxonomy($taxonomy); 517 517 518 518 if ( !current_user_can( $tax->cap->edit_terms ) ) 519 die('-1');519 wp_die('-1'); 520 520 521 521 $x = new WP_Ajax_Response(); 522 522 … … 567 567 $taxonomy = sanitize_key( $_POST['tax'] ); 568 568 $tax = get_taxonomy( $taxonomy ); 569 569 if ( ! $tax ) 570 die( '0' );570 wp_die( '0' ); 571 571 if ( ! current_user_can( $tax->cap->assign_terms ) ) 572 die( '-1' );572 wp_die( '-1' ); 573 573 } else { 574 die('0');574 wp_die('0'); 575 575 } 576 576 577 577 $tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) ); 578 578 579 579 if ( empty( $tags ) ) 580 die( isset( $tax->no_tagcloud ) ? $tax->no_tagcloud : __('No tags found!') );580 wp_die( isset( $tax->no_tagcloud ) ? $tax->no_tagcloud : __('No tags found!') ); 581 581 582 582 if ( is_wp_error( $tags ) ) 583 die( $tags->get_error_message() );583 wp_die( $tags->get_error_message() ); 584 584 585 585 foreach ( $tags as $key => $tag ) { 586 586 $tags[ $key ]->link = '#'; … … 591 591 $return = wp_generate_tag_cloud( $tags, array('filter' => 0) ); 592 592 593 593 if ( empty($return) ) 594 die('0');594 wp_die('0'); 595 595 596 596 echo $return; 597 597 598 exit;598 wp_die(''); 599 599 } 600 600 601 601 function wp_ajax_get_comments( $action ) { … … 608 608 $wp_list_table = _get_list_table('WP_Post_Comments_List_Table'); 609 609 610 610 if ( !current_user_can( 'edit_post', $post_id ) ) 611 die('-1');611 wp_die('-1'); 612 612 613 613 $wp_list_table->prepare_items(); 614 614 615 615 if ( !$wp_list_table->has_items() ) 616 die('1');616 wp_die('1'); 617 617 618 618 $x = new WP_Ajax_Response(); 619 619 ob_start(); … … 642 642 643 643 $comment_post_ID = (int) $_POST['comment_post_ID']; 644 644 if ( !current_user_can( 'edit_post', $comment_post_ID ) ) 645 die('-1');645 wp_die('-1'); 646 646 647 647 $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); 648 648 649 649 if ( empty($status) ) 650 die('1');650 wp_die('1'); 651 651 elseif ( in_array($status, array('draft', 'pending', 'trash') ) ) 652 die( __('ERROR: you are replying to a comment on a draft post.') );652 wp_die( __('ERROR: you are replying to a comment on a draft post.') ); 653 653 654 654 $user = wp_get_current_user(); 655 655 if ( $user->ID ) { … … 664 664 } 665 665 } 666 666 } else { 667 die( __('Sorry, you must be logged in to reply to a comment.') );667 wp_die( __('Sorry, you must be logged in to reply to a comment.') ); 668 668 } 669 669 670 670 if ( '' == $comment_content ) 671 die( __('ERROR: please type a comment.') );671 wp_die( __('ERROR: please type a comment.') ); 672 672 673 673 $comment_parent = absint($_POST['comment_ID']); 674 674 $comment_auto_approved = false; … … 676 676 677 677 $comment_id = wp_new_comment( $commentdata ); 678 678 $comment = get_comment($comment_id); 679 if ( ! $comment ) die('1');679 if ( ! $comment ) wp_die('1'); 680 680 681 681 $position = ( isset($_POST['position']) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1'; 682 682 … … 729 729 730 730 $comment_id = (int) $_POST['comment_ID']; 731 731 if ( ! current_user_can( 'edit_comment', $comment_id ) ) 732 die('-1');732 wp_die('-1'); 733 733 734 734 if ( '' == $_POST['content'] ) 735 die( __('ERROR: please type a comment.') );735 wp_die( __('ERROR: please type a comment.') ); 736 736 737 737 $_POST['comment_status'] = $_POST['status']; 738 738 edit_comment(); … … 764 764 765 765 function wp_ajax_add_menu_item() { 766 766 if ( ! current_user_can( 'edit_theme_options' ) ) 767 die('-1');767 wp_die('-1'); 768 768 769 769 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' ); 770 770 … … 802 802 803 803 $item_ids = wp_save_nav_menu_items( 0, $menu_items_data ); 804 804 if ( is_wp_error( $item_ids ) ) 805 die('-1');805 wp_die('-1'); 806 806 807 807 $menu_items = array(); 808 808 … … 835 835 836 836 if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) { 837 837 if ( !current_user_can( 'edit_post', $pid ) ) 838 die('-1');838 wp_die('-1'); 839 839 if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) ) 840 die('1');840 wp_die('1'); 841 841 if ( $post->post_status == 'auto-draft' ) { 842 842 $save_POST = $_POST; // Backup $_POST 843 843 $_POST = array(); // Make it empty for edit_post() … … 858 858 } 859 859 $_POST = $save_POST; // Now we can restore original $_POST again 860 860 if ( !$mid = add_meta( $pid ) ) 861 die(__('Please provide a custom field value.'));861 wp_die(__('Please provide a custom field value.')); 862 862 } else { 863 die('0');863 wp_die('0'); 864 864 } 865 865 } else if ( !$mid = add_meta( $pid ) ) { 866 die(__('Please provide a custom field value.'));866 wp_die(__('Please provide a custom field value.')); 867 867 } 868 868 869 869 $meta = get_metadata_by_mid( 'post', $mid ); … … 881 881 $key = stripslashes( $_POST['meta'][$mid]['key'] ); 882 882 $value = stripslashes( $_POST['meta'][$mid]['value'] ); 883 883 if ( '' == trim($key) ) 884 die(__('Please provide a custom field name.'));884 wp_die(__('Please provide a custom field name.')); 885 885 if ( '' == trim($value) ) 886 die(__('Please provide a custom field value.'));886 wp_die(__('Please provide a custom field value.')); 887 887 if ( ! $meta = get_metadata_by_mid( 'post', $mid ) ) 888 die('0'); // if meta doesn't exist888 wp_die('0'); // if meta doesn't exist 889 889 if ( is_protected_meta( $meta->meta_key, 'post' ) || is_protected_meta( $key, 'post' ) || 890 890 ! current_user_can( 'edit_post_meta', $meta->post_id, $meta->meta_key ) || 891 891 ! current_user_can( 'edit_post_meta', $meta->post_id, $key ) ) 892 die('-1');892 wp_die('-1'); 893 893 if ( $meta->meta_value != $value || $meta->meta_key != $key ) { 894 894 if ( !$u = update_metadata_by_mid( 'post', $mid, $value, $key ) ) 895 die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).895 wp_die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems). 896 896 } 897 897 898 898 $x = new WP_Ajax_Response( array( … … 915 915 916 916 check_ajax_referer( $action ); 917 917 if ( ! current_user_can('create_users') ) 918 die('-1');918 wp_die('-1'); 919 919 if ( ! $user_id = edit_user() ) { 920 die('0');920 wp_die('0'); 921 921 } elseif ( is_wp_error( $user_id ) ) { 922 922 $x = new WP_Ajax_Response( array( 923 923 'what' => 'user', … … 986 986 987 987 if ( 'page' == $post->post_type ) { 988 988 if ( !current_user_can('edit_page', $post_ID) ) 989 die(__('You are not allowed to edit this page.'));989 wp_die(__('You are not allowed to edit this page.')); 990 990 } else { 991 991 if ( !current_user_can('edit_post', $post_ID) ) 992 die(__('You are not allowed to edit this post.'));992 wp_die(__('You are not allowed to edit this post.')); 993 993 } 994 994 995 995 if ( $do_autosave ) { … … 1053 1053 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1054 1054 1055 1055 if ( $page != sanitize_key( $page ) ) 1056 die('0');1056 wp_die('0'); 1057 1057 1058 1058 if ( ! $user = wp_get_current_user() ) 1059 die('-1');1059 wp_die('-1'); 1060 1060 1061 1061 if ( is_array($closed) ) 1062 1062 update_user_option($user->ID, "closedpostboxes_$page", $closed, true); … … 1066 1066 update_user_option($user->ID, "metaboxhidden_$page", $hidden, true); 1067 1067 } 1068 1068 1069 die('1');1069 wp_die('1'); 1070 1070 } 1071 1071 1072 1072 function wp_ajax_hidden_columns() { … … 1076 1076 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1077 1077 1078 1078 if ( $page != sanitize_key( $page ) ) 1079 die('0');1079 wp_die('0'); 1080 1080 1081 1081 if ( ! $user = wp_get_current_user() ) 1082 die('-1');1082 wp_die('-1'); 1083 1083 1084 1084 if ( is_array($hidden) ) 1085 1085 update_user_option($user->ID, "manage{$page}columnshidden", $hidden, true); 1086 1086 1087 die('1');1087 wp_die('1'); 1088 1088 } 1089 1089 1090 1090 function wp_ajax_update_welcome_panel() { 1091 1091 check_ajax_referer( 'welcome-panel-nonce', 'welcomepanelnonce' ); 1092 1092 1093 1093 if ( ! current_user_can( 'edit_theme_options' ) ) 1094 die('-1');1094 wp_die('-1'); 1095 1095 1096 1096 update_user_meta( get_current_user_id(), 'show_welcome_panel', empty( $_POST['visible'] ) ? 0 : 1 ); 1097 1097 1098 die('1');1098 wp_die('1'); 1099 1099 } 1100 1100 1101 1101 function wp_ajax_menu_get_metabox() { 1102 1102 if ( ! current_user_can( 'edit_theme_options' ) ) 1103 die('-1');1103 wp_die('-1'); 1104 1104 1105 1105 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 1106 1106 … … 1135 1135 )); 1136 1136 } 1137 1137 1138 exit;1138 wp_die(''); 1139 1139 } 1140 1140 1141 1141 function wp_ajax_wp_link_ajax() { … … 1151 1151 $results = _WP_Editors::wp_link_query( $args ); 1152 1152 1153 1153 if ( ! isset( $results ) ) 1154 die( '0' );1154 wp_die( '0' ); 1155 1155 1156 1156 echo json_encode( $results ); 1157 1157 echo "\n"; 1158 1158 1159 exit;1159 wp_die(''); 1160 1160 } 1161 1161 1162 1162 function wp_ajax_menu_locations_save() { 1163 1163 if ( ! current_user_can( 'edit_theme_options' ) ) 1164 die('-1');1164 wp_die('-1'); 1165 1165 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' ); 1166 1166 if ( ! isset( $_POST['menu-locations'] ) ) 1167 die('0');1167 wp_die('0'); 1168 1168 set_theme_mod( 'nav_menu_locations', array_map( 'absint', $_POST['menu-locations'] ) ); 1169 die('1');1169 wp_die('1'); 1170 1170 } 1171 1171 1172 1172 function wp_ajax_meta_box_order() { … … 1180 1180 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1181 1181 1182 1182 if ( $page != sanitize_key( $page ) ) 1183 die('0');1183 wp_die('0'); 1184 1184 1185 1185 if ( ! $user = wp_get_current_user() ) 1186 die('-1');1186 wp_die('-1'); 1187 1187 1188 1188 if ( $order ) 1189 1189 update_user_option($user->ID, "meta-box-order_$page", $order, true); … … 1191 1191 if ( $page_columns ) 1192 1192 update_user_option($user->ID, "screen_layout_$page", $page_columns, true); 1193 1193 1194 die('1');1194 wp_die('1'); 1195 1195 } 1196 1196 1197 1197 function wp_ajax_menu_quick_search() { 1198 1198 if ( ! current_user_can( 'edit_theme_options' ) ) 1199 die('-1');1199 wp_die('-1'); 1200 1200 1201 1201 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 1202 1202 1203 1203 _wp_ajax_menu_quick_search( $_POST ); 1204 1204 1205 exit;1205 wp_die(''); 1206 1206 } 1207 1207 1208 1208 function wp_ajax_get_permalink() { 1209 1209 check_ajax_referer( 'getpermalink', 'getpermalinknonce' ); 1210 1210 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; 1211 die(add_query_arg(array('preview' => 'true'), get_permalink($post_id)));1211 wp_die(add_query_arg(array('preview' => 'true'), get_permalink($post_id))); 1212 1212 } 1213 1213 1214 1214 function wp_ajax_sample_permalink() { … … 1216 1216 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; 1217 1217 $title = isset($_POST['new_title'])? $_POST['new_title'] : ''; 1218 1218 $slug = isset($_POST['new_slug'])? $_POST['new_slug'] : null; 1219 die(get_sample_permalink_html($post_id, $title, $slug));1219 wp_die(get_sample_permalink_html($post_id, $title, $slug)); 1220 1220 } 1221 1221 1222 1222 function wp_ajax_inline_save() { … … 1225 1225 check_ajax_referer( 'inlineeditnonce', '_inline_edit' ); 1226 1226 1227 1227 if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) ) 1228 exit;1228 wp_die(''); 1229 1229 1230 1230 if ( 'page' == $_POST['post_type'] ) { 1231 1231 if ( ! current_user_can( 'edit_page', $post_ID ) ) 1232 die( __('You are not allowed to edit this page.') );1232 wp_die( __('You are not allowed to edit this page.') ); 1233 1233 } else { 1234 1234 if ( ! current_user_can( 'edit_post', $post_ID ) ) 1235 die( __('You are not allowed to edit this post.') );1235 wp_die( __('You are not allowed to edit this post.') ); 1236 1236 } 1237 1237 1238 1238 set_current_screen( $_POST['screen'] ); … … 1241 1241 $last_user = get_userdata( $last ); 1242 1242 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); 1243 1243 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) ); 1244 exit;1244 wp_die(''); 1245 1245 } 1246 1246 1247 1247 $data = &$_POST; … … 1277 1277 $mode = $_POST['post_view']; 1278 1278 $wp_list_table->display_rows( array( get_post( $_POST['post_ID'] ) ) ); 1279 1279 1280 exit;1280 wp_die(''); 1281 1281 } 1282 1282 1283 1283 function wp_ajax_inline_save_tax() { … … 1288 1288 $taxonomy = sanitize_key( $_POST['taxonomy'] ); 1289 1289 $tax = get_taxonomy( $taxonomy ); 1290 1290 if ( ! $tax ) 1291 die( '0' );1291 wp_die( '0' ); 1292 1292 1293 1293 if ( ! current_user_can( $tax->cap->edit_terms ) ) 1294 die( '-1' );1294 wp_die( '-1' ); 1295 1295 1296 1296 set_current_screen( 'edit-' . $taxonomy ); 1297 1297 1298 1298 $wp_list_table = _get_list_table('WP_Terms_List_Table'); 1299 1299 1300 1300 if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) 1301 die(-1);1301 wp_die(-1); 1302 1302 1303 1303 $tag = get_term( $id, $taxonomy ); 1304 1304 $_POST['description'] = $tag->description; … … 1308 1308 $tag = get_term( $updated['term_id'], $taxonomy ); 1309 1309 if ( !$tag || is_wp_error( $tag ) ) { 1310 1310 if ( is_wp_error($tag) && $tag->get_error_message() ) 1311 die( $tag->get_error_message() );1312 die( __('Item not updated.') );1311 wp_die( $tag->get_error_message() ); 1312 wp_die( __('Item not updated.') ); 1313 1313 } 1314 1314 1315 1315 echo $wp_list_table->single_row( $tag ); 1316 1316 } else { 1317 1317 if ( is_wp_error($updated) && $updated->get_error_message() ) 1318 die( $updated->get_error_message() );1319 die( __('Item not updated.') );1318 wp_die( $updated->get_error_message() ); 1319 wp_die( __('Item not updated.') ); 1320 1320 } 1321 1321 1322 exit;1322 wp_die(''); 1323 1323 } 1324 1324 1325 1325 function wp_ajax_find_posts() { … … 1328 1328 check_ajax_referer( 'find-posts' ); 1329 1329 1330 1330 if ( empty($_POST['ps']) ) 1331 exit;1331 wp_die(''); 1332 1332 1333 1333 if ( !empty($_POST['post_type']) && in_array( $_POST['post_type'], get_post_types() ) ) 1334 1334 $what = $_POST['post_type']; … … 1400 1400 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1401 1401 1402 1402 if ( !current_user_can('edit_theme_options') ) 1403 die('-1');1403 wp_die('-1'); 1404 1404 1405 1405 unset( $_POST['savewidgets'], $_POST['action'] ); 1406 1406 … … 1421 1421 $sidebars[$key] = $sb; 1422 1422 } 1423 1423 wp_set_sidebars_widgets($sidebars); 1424 die('1');1424 wp_die('1'); 1425 1425 } 1426 1426 1427 die('-1');1427 wp_die('-1'); 1428 1428 } 1429 1429 1430 1430 function wp_ajax_save_widget() { … … 1433 1433 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1434 1434 1435 1435 if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) ) 1436 die('-1');1436 wp_die('-1'); 1437 1437 1438 1438 unset( $_POST['savewidgets'], $_POST['action'] ); 1439 1439 … … 1455 1455 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) { 1456 1456 1457 1457 if ( !isset($wp_registered_widgets[$widget_id]) ) 1458 die($error);1458 wp_die($error); 1459 1459 1460 1460 $sidebar = array_diff( $sidebar, array($widget_id) ); 1461 1461 $_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1'); 1462 1462 } elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) { 1463 1463 if ( !$multi_number ) 1464 die($error);1464 wp_die($error); 1465 1465 1466 1466 $_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) ); 1467 1467 $widget_id = $id_base . '-' . $multi_number; … … 1486 1486 $sidebars[$sidebar_id] = $sidebar; 1487 1487 wp_set_sidebars_widgets($sidebars); 1488 1488 echo "deleted:$widget_id"; 1489 die();1489 wp_die(''); 1490 1490 } 1491 1491 1492 1492 if ( !empty($_POST['add_new']) ) 1493 die();1493 wp_die(''); 1494 1494 1495 1495 if ( $form = $wp_registered_widget_controls[$widget_id] ) 1496 1496 call_user_func_array( $form['callback'], $form['params'] ); 1497 1497 1498 die();1498 wp_die(''); 1499 1499 } 1500 1500 1501 1501 function wp_ajax_image_editor() { 1502 1502 $attachment_id = intval($_POST['postid']); 1503 1503 if ( empty($attachment_id) || !current_user_can('edit_post', $attachment_id) ) 1504 die('-1');1504 wp_die('-1'); 1505 1505 1506 1506 check_ajax_referer( "image_editor-$attachment_id" ); 1507 1507 include_once( ABSPATH . 'wp-admin/includes/image-edit.php' ); … … 1511 1511 case 'save' : 1512 1512 $msg = wp_save_image($attachment_id); 1513 1513 $msg = json_encode($msg); 1514 die($msg);1514 wp_die($msg); 1515 1515 break; 1516 1516 case 'scale' : 1517 1517 $msg = wp_save_image($attachment_id); … … 1522 1522 } 1523 1523 1524 1524 wp_image_editor($attachment_id, $msg); 1525 die();1525 wp_die(''); 1526 1526 } 1527 1527 1528 1528 function wp_ajax_set_post_thumbnail() { 1529 1529 $post_ID = intval( $_POST['post_id'] ); 1530 1530 if ( !current_user_can( 'edit_post', $post_ID ) ) 1531 die( '-1' );1531 wp_die( '-1' ); 1532 1532 $thumbnail_id = intval( $_POST['thumbnail_id'] ); 1533 1533 1534 1534 check_ajax_referer( "set_post_thumbnail-$post_ID" ); 1535 1535 1536 1536 if ( $thumbnail_id == '-1' ) { 1537 1537 if ( delete_post_thumbnail( $post_ID ) ) 1538 die( _wp_post_thumbnail_html() );1538 wp_die( _wp_post_thumbnail_html() ); 1539 1539 else 1540 die( '0' );1540 wp_die( '0' ); 1541 1541 } 1542 1542 1543 1543 if ( set_post_thumbnail( $post_ID, $thumbnail_id ) ) 1544 die( _wp_post_thumbnail_html( $thumbnail_id ) );1545 die( '0' );1544 wp_die( _wp_post_thumbnail_html( $thumbnail_id ) ); 1545 wp_die( '0' ); 1546 1546 } 1547 1547 1548 1548 function wp_ajax_date_format() { 1549 die( date_i18n( sanitize_option( 'date_format', $_POST['date'] ) ) );1549 wp_die( date_i18n( sanitize_option( 'date_format', $_POST['date'] ) ) ); 1550 1550 } 1551 1551 1552 1552 function wp_ajax_time_format() { 1553 die( date_i18n( sanitize_option( 'time_format', $_POST['date'] ) ) );1553 wp_die( date_i18n( sanitize_option( 'time_format', $_POST['date'] ) ) ); 1554 1554 } 1555 1555 1556 1556 function wp_ajax_wp_fullscreen_save_post() { … … 1577 1577 $message = __('Save failed'); 1578 1578 1579 1579 echo json_encode( array( 'message' => $message, 'last_edited' => '' ) ); 1580 die();1580 wp_die(''); 1581 1581 } else { 1582 1582 $message = __('Saved.'); 1583 1583 } … … 1598 1598 } 1599 1599 1600 1600 echo json_encode( array( 'message' => $message, 'last_edited' => $last_edited ) ); 1601 die();1601 wp_die(''); 1602 1602 } 1603 1603 1604 1604 function wp_ajax_wp_remove_post_lock() { 1605 1605 if ( empty( $_POST['post_ID'] ) || empty( $_POST['active_post_lock'] ) ) 1606 die( '0' );1606 wp_die( '0' ); 1607 1607 $post_id = (int) $_POST['post_ID']; 1608 1608 if ( ! $post = get_post( $post_id ) ) 1609 die( '0' );1609 wp_die( '0' ); 1610 1610 1611 1611 check_ajax_referer( 'update-' . $post->post_type . '_' . $post_id ); 1612 1612 1613 1613 if ( ! current_user_can( 'edit_post', $post_id ) ) 1614 die( '-1' );1614 wp_die( '-1' ); 1615 1615 1616 1616 $active_lock = array_map( 'absint', explode( ':', $_POST['active_post_lock'] ) ); 1617 1617 if ( $active_lock[1] != get_current_user_id() ) 1618 die( '0' );1618 wp_die( '0' ); 1619 1619 1620 1620 $new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', AUTOSAVE_INTERVAL * 2 ) + 5 ) . ':' . $active_lock[1]; 1621 1621 update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) ); 1622 die( '1' );1622 wp_die( '1' ); 1623 1623 } 1624 1624 1625 1625 function wp_ajax_dismiss_wp_pointer() { 1626 1626 $pointer = $_POST['pointer']; 1627 1627 if ( $pointer != sanitize_key( $pointer ) ) 1628 die( '0' );1628 wp_die( '0' ); 1629 1629 1630 1630 // check_ajax_referer( 'dismiss-pointer_' . $pointer ); 1631 1631 1632 1632 $dismissed = array_filter( explode( ',', (string) get_user_meta( get_current_user_id(), 'dismissed_wp_pointers', true ) ) ); 1633 1633 1634 1634 if ( in_array( $pointer, $dismissed ) ) 1635 die( '0' );1635 wp_die( '0' ); 1636 1636 1637 1637 $dismissed[] = $pointer; 1638 1638 $dismissed = implode( ',', $dismissed ); 1639 1639 1640 1640 update_user_meta( get_current_user_id(), 'dismissed_wp_pointers', $dismissed ); 1641 die( '1' );1641 wp_die( '1' ); 1642 1642 } 1643 No newline at end of file -
wordpress/wp-includes/class-wp-ajax-response.php
131 131 foreach ( (array) $this->responses as $response ) 132 132 echo $response; 133 133 echo '</wp_ajax>'; 134 die();134 wp_die(''); 135 135 } 136 136 } -
wordpress/wp-includes/functions.php
2044 2044 * @param string|array $args Optional arguments to control behavior. 2045 2045 */ 2046 2046 function wp_die( $message, $title = '', $args = array() ) { 2047 if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) 2048 die('-1'); 2049 2050 if ( function_exists( 'apply_filters' ) ) { 2047 if ( defined( 'DOING_AJAX' ) && DOING_AJAX && function_exists( 'apply_filters' ) ) { 2048 $function = apply_filters( 'wp_die_ajax_handler' , '_default_wp_die_ajax_handler', -1 ); 2049 } elseif ( function_exists( 'apply_filters' ) ) { 2051 2050 $function = apply_filters( 'wp_die_handler', '_default_wp_die_handler'); 2052 2051 } else { 2053 2052 $function = '_default_wp_die_handler'; 2054 2053 } 2055 2056 2054 call_user_func( $function, $message, $title, $args ); 2057 2055 } 2058 2056 2059 2057 /** 2058 * Kill WordPress ajax execution. 2059 * 2060 * @since 3.4.0 2061 * @access private 2062 * 2063 * @param string $message Error message. 2064 * @param string $title Error title. 2065 * @param string|array $args Optional arguments to control behavior. 2066 */ 2067 function _default_wp_die_ajax_handler( $message, $title = '', $args = array() ) { 2068 die( $message ); 2069 } 2070 2071 /** 2060 2072 * Kill WordPress execution and display HTML message with error message. 2061 2073 * 2062 2074 * This is the default handler for wp_die if you want a custom one for your -
wordpress/wp-includes/pluggable.php
830 830 $result = wp_verify_nonce( $nonce, $action ); 831 831 832 832 if ( $die && false == $result ) 833 die('-1');833 wp_die('-1'); 834 834 835 835 do_action('check_ajax_referer', $action, $result); 836 836