is_protected_ajax_action() WordPress Function
The is_protected_ajax_action() function is used to check whether an AJAX action is protected or not. This function is useful for security purposes, as it can help to prevent malicious users from gaining access to protected AJAX actions.
is_protected_ajax_action() #
Determines whether we are currently handling an Ajax action that should be protected against WSODs.
Return
(bool) True if the current Ajax action should be protected.
Source
File: wp-includes/load.php
function is_protected_ajax_action() {
if ( ! wp_doing_ajax() ) {
return false;
}
if ( ! isset( $_REQUEST['action'] ) ) {
return false;
}
$actions_to_protect = array(
'edit-theme-plugin-file', // Saving changes in the core code editor.
'heartbeat', // Keep the heart beating.
'install-plugin', // Installing a new plugin.
'install-theme', // Installing a new theme.
'search-plugins', // Searching in the list of plugins.
'search-install-plugins', // Searching for a plugin in the plugin install screen.
'update-plugin', // Update an existing plugin.
'update-theme', // Update an existing theme.
);
/**
* Filters the array of protected Ajax actions.
*
* This filter is only fired when doing Ajax and the Ajax request has an 'action' property.
*
* @since 5.2.0
*
* @param string[] $actions_to_protect Array of strings with Ajax actions to protect.
*/
$actions_to_protect = (array) apply_filters( 'wp_protected_ajax_actions', $actions_to_protect );
if ( ! in_array( $_REQUEST['action'], $actions_to_protect, true ) ) {
return false;
}
return true;
}
Expand full source codeCollapse full source codeView on TracView on GitHub
Changelog
| Version | Description |
|---|---|
| 5.2.0 | Introduced. |