create a SUBMITTING_POST constant

[charlyox]

One can use the DOING_AJAX constant. It could be useful to also have a SUBMITTING_POST constant.

It would be located on wp-admin/admin-post.php just before the do_action( 'admin_init' ); (around line 27) :

require_once(ABSPATH . 'wp-admin/includes/admin.php');

nocache_headers();

// HERE  : 
define( 'SUBMITTING_POST', true );
// END

/** This action is documented in wp-admin/admin.php */
do_action( 'admin_init' );

Why :

On "admin_init", we may want to control access and forbid the admin access depending on some conditions. We would absolutely need to allow the admin access on these exceptions: DOING_AJAX (existing) or SUBMITTING_POST.

The WP doc asks any developer to use the admin_post_* and admin_post_nopriv_* to post a form's data.

example :

/**
 * Redirect back to homepage and not allow access to 
 * WP admin for Subscribers.
 */

add_action( 'admin_init', 'redirect_admin' );
function redirect_admin(){
	if ( ! current_user_can( 'delete_others_posts' ) && ( ! defined('DOING_AJAX') || ! DOING_AJAX )  ){
/** 
* These conditions would be true if the user was submitting a form via the admin_post_nopriv_*
*  or admin_post_* hooks and therefore these hooks would not be fired. => the 
* SUBMITTING_POST constant would be useful there!  
*/
		wp_redirect( site_url() );
		exit;		
	}
}

In wp-admin/admin-ajax.php the DOING_AJAX constant is defined this way (first lines of code) :

/**
 * Executing AJAX process.
 *
 * @since 2.1.0
 */
define( 'DOING_AJAX', true );
if ( ! defined( 'WP_ADMIN' ) ) {
	define( 'WP_ADMIN', true );
}

Thanks a lot for your attention

Charles

[obenland]

Hi charlyox, welcome to WordPress Trac!

I would suggest hooking into admin_init early and checking whether admin-post is requested to check for that scenario. It's unlikely that a new constant would be introduced here.

[charlyox]

Hello @obenland,

Thanks a lot for your answer.

You're right! Are there then other places "DOING_AJAX" than admin-ajax.php? If so I can understand the presence of this constant then!

Have a good day!

Charles

[librapan]

Replying to obenland:

Hi charlyox, welcome to WordPress Trac!

I would suggest hooking into admin_init early and checking whether admin-post is requested to check for that scenario. It's unlikely that a new constant would be introduced here.

I had the same scenario, and I ended up with hook redirect to admin_menu instead of admin_init. It seems working, however just feel confused as admin_init was encouraged by ​https://codex.wordpress.org/Plugin_API/Action_Reference/admin_init

I would suggest hooking into admin_init early and checking whether admin-post is requested to check for that scenario.

I'm curious about your solution, so just wondering is there any WordPress way to check whether admin-post is requested? Thanks for any response!