#33934 closed enhancement (wontfix)
create a SUBMITTING_POST constant
Reported by: | charlyox | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | trivial | Version: | 4.3 |
Component: | Query | Keywords: | |
Focuses: | administration | Cc: |
Description
One can use the DOING_AJAX constant. It could be useful to also have a SUBMITTING_POST constant.
It would be located on wp-admin/admin-post.php just before the do_action( 'admin_init' ); (around line 27) :
require_once(ABSPATH . 'wp-admin/includes/admin.php'); nocache_headers(); // HERE : define( 'SUBMITTING_POST', true ); // END /** This action is documented in wp-admin/admin.php */ do_action( 'admin_init' );
Why :
On "admin_init", we may want to control access and forbid the admin access depending on some conditions. We would absolutely need to allow the admin access on these exceptions: DOING_AJAX (existing) or SUBMITTING_POST.
The WP doc asks any developer to use the admin_post_* and admin_post_nopriv_* to post a form's data.
example :
/** * Redirect back to homepage and not allow access to * WP admin for Subscribers. */ add_action( 'admin_init', 'redirect_admin' ); function redirect_admin(){ if ( ! current_user_can( 'delete_others_posts' ) && ( ! defined('DOING_AJAX') || ! DOING_AJAX ) ){ /** * These conditions would be true if the user was submitting a form via the admin_post_nopriv_* * or admin_post_* hooks and therefore these hooks would not be fired. => the * SUBMITTING_POST constant would be useful there! */ wp_redirect( site_url() ); exit; } }
In wp-admin/admin-ajax.php the DOING_AJAX constant is defined this way (first lines of code) :
/** * Executing AJAX process. * * @since 2.1.0 */ define( 'DOING_AJAX', true ); if ( ! defined( 'WP_ADMIN' ) ) { define( 'WP_ADMIN', true ); }
Thanks a lot for your attention
Charles
Change History (4)
#2
follow-up:
↓ 4
@
9 years ago
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed
#3
@
9 years ago
Hello @obenland,
Thanks a lot for your answer.
You're right! Are there then other places "DOING_AJAX" than admin-ajax.php? If so I can understand the presence of this constant then!
Have a good day!
Charles
#4
in reply to:
↑ 2
@
8 years ago
Replying to obenland:
Hi charlyox, welcome to WordPress Trac!
I would suggest hooking into
admin_init
early and checking whether admin-post is requested to check for that scenario. It's unlikely that a new constant would be introduced here.
I had the same scenario, and I ended up with hook redirect to admin_menu
instead of admin_init
. It seems working, however just feel confused as admin_init
was encouraged by https://codex.wordpress.org/Plugin_API/Action_Reference/admin_init
I would suggest hooking into admin_init early and checking whether admin-post is requested to check for that scenario.
I'm curious about your solution, so just wondering is there any WordPress way to check whether admin-post is requested? Thanks for any response!
Hi charlyox, welcome to WordPress Trac!
I would suggest hooking into
admin_init
early and checking whether admin-post is requested to check for that scenario. It's unlikely that a new constant would be introduced here.