Make WordPress Core

Opened 9 years ago

Closed 9 years ago

Last modified 8 years ago

#33934 closed enhancement (wontfix)

create a SUBMITTING_POST constant

Reported by: charlyox's profile charlyox Owned by:
Milestone: Priority: normal
Severity: trivial Version: 4.3
Component: Query Keywords:
Focuses: administration Cc:

Description

One can use the DOING_AJAX constant. It could be useful to also have a SUBMITTING_POST constant.

It would be located on wp-admin/admin-post.php just before the do_action( 'admin_init' ); (around line 27) :

require_once(ABSPATH . 'wp-admin/includes/admin.php');

nocache_headers();

// HERE  : 
define( 'SUBMITTING_POST', true );
// END

/** This action is documented in wp-admin/admin.php */
do_action( 'admin_init' );

Why :

On "admin_init", we may want to control access and forbid the admin access depending on some conditions. We would absolutely need to allow the admin access on these exceptions: DOING_AJAX (existing) or SUBMITTING_POST.

The WP doc asks any developer to use the admin_post_* and admin_post_nopriv_* to post a form's data.

example :

/**
 * Redirect back to homepage and not allow access to 
 * WP admin for Subscribers.
 */

add_action( 'admin_init', 'redirect_admin' );
function redirect_admin(){
	if ( ! current_user_can( 'delete_others_posts' ) && ( ! defined('DOING_AJAX') || ! DOING_AJAX )  ){
/** 
* These conditions would be true if the user was submitting a form via the admin_post_nopriv_*
*  or admin_post_* hooks and therefore these hooks would not be fired. => the 
* SUBMITTING_POST constant would be useful there!  
*/
		wp_redirect( site_url() );
		exit;		
	}
}

In wp-admin/admin-ajax.php the DOING_AJAX constant is defined this way (first lines of code) :

/**
 * Executing AJAX process.
 *
 * @since 2.1.0
 */
define( 'DOING_AJAX', true );
if ( ! defined( 'WP_ADMIN' ) ) {
	define( 'WP_ADMIN', true );
}

Thanks a lot for your attention

Charles

Change History (4)

#1 @charlyox
9 years ago

  • Severity changed from normal to trivial

#2 follow-up: @obenland
9 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Hi charlyox, welcome to WordPress Trac!

I would suggest hooking into admin_init early and checking whether admin-post is requested to check for that scenario. It's unlikely that a new constant would be introduced here.

#3 @charlyox
9 years ago

Hello @obenland,

Thanks a lot for your answer.

You're right! Are there then other places "DOING_AJAX" than admin-ajax.php? If so I can understand the presence of this constant then!

Have a good day!

Charles

#4 in reply to: ↑ 2 @librapan
8 years ago

Replying to obenland:

Hi charlyox, welcome to WordPress Trac!

I would suggest hooking into admin_init early and checking whether admin-post is requested to check for that scenario. It's unlikely that a new constant would be introduced here.

I had the same scenario, and I ended up with hook redirect to admin_menu instead of admin_init. It seems working, however just feel confused as admin_init was encouraged by https://codex.wordpress.org/Plugin_API/Action_Reference/admin_init

I would suggest hooking into admin_init early and checking whether admin-post is requested to check for that scenario.

I'm curious about your solution, so just wondering is there any WordPress way to check whether admin-post is requested? Thanks for any response!

Note: See TracTickets for help on using tickets.