Opened 15 years ago
Closed 15 years ago
#12122 closed defect (bug) (fixed)
Unchecked Indexes in admin-ajax.php
Reported by: | miqrogroove | Owned by: | westi |
---|---|---|---|
Milestone: | 3.0 | Priority: | normal |
Severity: | minor | Version: | 2.9 |
Component: | Warnings/Notices | Keywords: | has-patch tested commit |
Focuses: | Cc: |
Description
Notices produced by URL guessing.
Notice: Undefined index: action in /wp-admin/admin-ajax.php on line 25
Notice: Undefined index: action in /wp-admin/admin-ajax.php on line 204
Notice: Undefined index: action in /wp-admin/admin-ajax.php on line 1428
Attachments (2)
Change History (10)
#2
@
15 years ago
umm.. if wp_die() isn't appropriate for AJAX, could we at least put an HTTP status in there?
#3
@
15 years ago
If the server was reached and responded the HTTP status should stay at 200.
I like the proposed patch no need to proceed if action
is not set.
#5
@
15 years ago
- Keywords tested commit added
If we sent any status at all the preferred status would be 400. However to properly send a 400 we would need to move the check after the call to wp-load.php so that we could use status_header() or we end up duplicating code.
Honestly I still prefer to just die with a -1 since that is what we already do when the action is not hooked. Otherwise we start sending inconsistent results back.
#6
@
15 years ago
With this we can probably remove an isset() check or two later in the file.
Also, it looks like we check for !empty() for wp_ajax_nopriv_ but only isset() for wp_ajax_. Standardizing this on !empty() up top would be good. I don't see a reason for firing the literal hook "wp_ajax_" if admin-ajax.php?action is called.
Since admin-ajax.php requires $_REQUESTaction? just die early on if it's not set