WordPress.org

Make WordPress Core

Ticket #21024: 21024.2.diff

File 21024.2.diff, 779 bytes (added by nacin, 6 years ago)

Option A

  • wp-admin/admin-ajax.php

     
    1717define( 'WP_ADMIN', true );
    1818
    1919// Require an action parameter
    20 if ( empty( $_REQUEST['action'] ) )
     20if ( empty( $_REQUEST['action'] ) && 'OPTIONS' != $_SERVER['REQUEST_METHOD'] )
    2121        die( '0' );
    2222
    2323/** Load WordPress Bootstrap */
    2424require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
    2525
     26/** Allow for cross-domain requests (from the frontend). */
     27send_origin_headers();
     28
     29// Require an action parameter
     30if ( empty( $_REQUEST['action'] ) )
     31        die( '0' );
     32
    2633/** Load WordPress Administration APIs */
    2734require_once( ABSPATH . 'wp-admin/includes/admin.php' );
    2835