check_ajax_referer( int|string $action = -1, false|string $query_arg = false, bool $die = true )
Verifies the Ajax request to prevent processing requests external of the blog.
Parameters
- $action
-
(Optional) Action nonce.
Default value: -1
- $query_arg
-
(Optional) Key to check for the nonce in
$_REQUEST
(since WP-2.5). If false,$_REQUEST
values will be evaluated for '_ajax_nonce', and '_wpnonce' (in that order).Default value: false
- $die
-
(Optional) Whether to die early when the nonce cannot be verified.
Default value: true
Return
(false|int) False if the nonce is invalid, 1 if the nonce is valid and generated between 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
Source
File: wp-includes/pluggable.php
function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
if ( -1 == $action ) {
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), 'WP-4.7' );
}
$nonce = '';
if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
$nonce = $_REQUEST[ $query_arg ];
elseif ( isset( $_REQUEST['_ajax_nonce'] ) )
$nonce = $_REQUEST['_ajax_nonce'];
elseif ( isset( $_REQUEST['_wpnonce'] ) )
$nonce = $_REQUEST['_wpnonce'];
$result = wp_verify_nonce( $nonce, $action );
/**
* Fires once the Ajax request has been validated or not.
*
* @since WP-2.1.0
*
* @param string $action The Ajax nonce action.
* @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
*/
do_action( 'check_ajax_referer', $action, $result );
if ( $die && false === $result ) {
if ( wp_doing_ajax() ) {
wp_die( -1, 403 );
} else {
die( '-1' );
}
}
return $result;
}
Related
Uses
Uses | Description |
---|---|
wp-includes/l10n.php: __() |
Retrieve the translation of $text. |
wp-includes/pluggable.php: wp_verify_nonce() |
Verify that correct nonce was used with time limit. |
wp-includes/pluggable.php: check_ajax_referer |
Fires once the Ajax request has been validated or not. |
wp-includes/plugin.php: do_action() |
Execute functions hooked on a specific action hook. |
wp-includes/load.php: wp_doing_ajax() |
Determines whether the current request is a ClassicPress Ajax request. |
wp-includes/functions.php: _doing_it_wrong() |
Mark something as being incorrectly called. |
wp-includes/functions.php: wp_die() |
Kill ClassicPress execution and display HTML message with error message. |
Used By
Used By | Description |
---|---|
wp-includes/class-wp-customize-widgets.php: WP_Customize_Widgets::wp_ajax_update_widget() |
Updates widget settings asynchronously. |
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::handle_override_changeset_lock_request() |
Removes changeset lock when take over request is sent via Ajax. |
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::handle_dismiss_autosave_or_lock_request() |
Delete a given auto-draft changeset or the autosave revision for a given changeset or delete changeset lock. |
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::handle_load_themes_request() |
Load themes into the theme browsing/installation UI. |
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::setup_theme() |
Start preview and customize theme. |
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::save() |
Handle customize_save WP Ajax request to save/update a changeset. |
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::handle_changeset_trash_request() |
Handle request to trash a changeset. |
wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::ajax_insert_auto_draft_post() |
Ajax handler for adding a new auto-draft post. |
wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::ajax_load_available_items() |
Ajax handler for loading available menu items. |
wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::ajax_search_available_items() |
Ajax handler for searching available menu items. |
wp-admin/custom-background.php: Custom_Background::ajax_background_add() |
Ajax handler for adding custom background context to an attachment. |
wp-admin/custom-background.php: Custom_Background::wp_set_background_image() | |
wp-admin/custom-header.php: Custom_Image_Header::ajax_header_crop() |
Gets attachment uploaded by Media Manager, crops it, then saves it as a new object. Returns JSON-encoded object details. |
wp-admin/custom-header.php: Custom_Image_Header::ajax_header_add() |
Given an attachment ID for a header image, updates its “last used” timestamp to now. |
wp-admin/custom-header.php: Custom_Image_Header::ajax_header_remove() |
Given an attachment ID for a header image, unsets it as a user-uploaded header image for the current theme. |
wp-admin/includes/ajax-actions.php: wp_ajax_wp_privacy_erase_personal_data() |
Ajax handler for erasing personal data. |
wp-admin/includes/ajax-actions.php: wp_ajax_search_install_plugins() |
Ajax handler for searching plugins to install. |
wp-admin/includes/ajax-actions.php: wp_ajax_wp_privacy_export_personal_data() |
Ajax handler for exporting a user’s personal data. |
wp-admin/includes/ajax-actions.php: wp_ajax_crop_image() |
Ajax handler for cropping an image. |
wp-admin/includes/ajax-actions.php: wp_ajax_save_wporg_username() |
Ajax handler for saving the user’s WordPress.org username. |
wp-admin/includes/ajax-actions.php: wp_ajax_install_theme() |
Ajax handler for installing a theme. |
wp-admin/includes/ajax-actions.php: wp_ajax_update_theme() |
Ajax handler for updating a theme. |
wp-admin/includes/ajax-actions.php: wp_ajax_delete_theme() |
Ajax handler for deleting a theme. |
wp-admin/includes/ajax-actions.php: wp_ajax_install_plugin() |
Ajax handler for installing a plugin. |
wp-admin/includes/ajax-actions.php: wp_ajax_update_plugin() |
Ajax handler for updating a plugin. |
wp-admin/includes/ajax-actions.php: wp_ajax_delete_plugin() |
Ajax handler for deleting a plugin. |
wp-admin/includes/ajax-actions.php: wp_ajax_search_plugins() |
Ajax handler for searching plugins. |
wp-admin/includes/ajax-actions.php: wp_ajax_save_attachment_order() |
Ajax handler for saving the attachment order. |
wp-admin/includes/ajax-actions.php: wp_ajax_send_attachment_to_editor() |
Ajax handler for sending an attachment to the editor. |
wp-admin/includes/ajax-actions.php: wp_ajax_send_link_to_editor() |
Ajax handler for sending a link to the editor. |
wp-admin/includes/ajax-actions.php: wp_ajax_save_user_color_scheme() |
Ajax handler for auto-saving the selected color scheme for a user’s own profile. |
wp-admin/includes/ajax-actions.php: wp_ajax_wp_fullscreen_save_post() |
Ajax handler for saving posts from the fullscreen editor. |
wp-admin/includes/ajax-actions.php: wp_ajax_wp_remove_post_lock() |
Ajax handler for removing a post lock. |
wp-admin/includes/ajax-actions.php: wp_ajax_save_attachment() |
Ajax handler for updating attachment attributes. |
wp-admin/includes/ajax-actions.php: wp_ajax_save_attachment_compat() |
Ajax handler for saving backward compatible attachment attributes. |
wp-admin/includes/ajax-actions.php: wp_ajax_inline_save_tax() |
Ajax handler for quick edit saving for a term. |
wp-admin/includes/ajax-actions.php: wp_ajax_find_posts() |
Ajax handler for querying posts for the Find Posts modal. |
wp-admin/includes/ajax-actions.php: wp_ajax_widgets_order() |
Ajax handler for saving the widgets order. |
wp-admin/includes/ajax-actions.php: wp_ajax_save_widget() |
Ajax handler for saving a widget. |
wp-admin/includes/ajax-actions.php: wp_ajax_delete_inactive_widgets() |
Ajax handler for removing inactive widgets. |
wp-admin/includes/ajax-actions.php: wp_ajax_upload_attachment() |
Ajax handler for uploading attachments |
wp-admin/includes/ajax-actions.php: wp_ajax_image_editor() |
Ajax handler for image editing. |
wp-admin/includes/ajax-actions.php: wp_ajax_set_post_thumbnail() |
Ajax handler for setting the featured image. |
wp-admin/includes/ajax-actions.php: wp_ajax_get_post_thumbnail_html() |
Ajax handler for retrieving HTML for the featured image. |
wp-admin/includes/ajax-actions.php: wp_ajax_hidden_columns() |
Ajax handler for hidden columns. |
wp-admin/includes/ajax-actions.php: wp_ajax_update_welcome_panel() |
Ajax handler for updating whether to display the welcome panel. |
wp-admin/includes/ajax-actions.php: wp_ajax_wp_link_ajax() |
Ajax handler for internal linking. |
wp-admin/includes/ajax-actions.php: wp_ajax_menu_locations_save() |
Ajax handler for menu locations save. |
wp-admin/includes/ajax-actions.php: wp_ajax_meta_box_order() |
Ajax handler for saving the meta box order. |
wp-admin/includes/ajax-actions.php: wp_ajax_get_permalink() |
Ajax handler to retrieve a permalink. |
wp-admin/includes/ajax-actions.php: wp_ajax_sample_permalink() |
Ajax handler to retrieve a sample permalink. |
wp-admin/includes/ajax-actions.php: wp_ajax_inline_save() |
Ajax handler for Quick Edit saving a post from a list table. |
wp-admin/includes/ajax-actions.php: wp_ajax_replyto_comment() |
Ajax handler for replying to a comment. |
wp-admin/includes/ajax-actions.php: wp_ajax_edit_comment() |
Ajax handler for editing a comment. |
wp-admin/includes/ajax-actions.php: wp_ajax_add_menu_item() |
Ajax handler for adding a menu item. |
wp-admin/includes/ajax-actions.php: wp_ajax_add_meta() |
Ajax handler for adding meta. |
wp-admin/includes/ajax-actions.php: wp_ajax_add_user() |
Ajax handler for adding a user. |
wp-admin/includes/ajax-actions.php: wp_ajax_closed_postboxes() |
Ajax handler for closed post boxes. |
wp-admin/includes/ajax-actions.php: wp_ajax_add_link_category() |
Ajax handler for adding a link category. |
wp-admin/includes/ajax-actions.php: wp_ajax_add_tag() |
Ajax handler to add a tag. |
wp-admin/includes/ajax-actions.php: wp_ajax_get_comments() |
Ajax handler for getting comments. |
wp-admin/includes/ajax-actions.php: _wp_ajax_add_hierarchical_term() |
Ajax handler for adding a hierarchical term. |
wp-admin/includes/ajax-actions.php: wp_ajax_delete_comment() |
Ajax handler for deleting a comment. |
wp-admin/includes/ajax-actions.php: wp_ajax_delete_tag() |
Ajax handler for deleting a tag. |
wp-admin/includes/ajax-actions.php: wp_ajax_delete_link() |
Ajax handler for deleting a link. |
wp-admin/includes/ajax-actions.php: wp_ajax_delete_meta() |
Ajax handler for deleting meta. |
wp-admin/includes/ajax-actions.php: wp_ajax_delete_post() |
Ajax handler for deleting a post. |
wp-admin/includes/ajax-actions.php: wp_ajax_trash_post() |
Ajax handler for sending a post to the trash. |
wp-admin/includes/ajax-actions.php: wp_ajax_delete_page() | |
wp-admin/includes/ajax-actions.php: wp_ajax_dim_comment() |
Ajax handler to dim a comment. |
wp-admin/includes/ajax-actions.php: wp_ajax_fetch_list() |
Ajax handler for fetching a list table. |
wp-admin/includes/ajax-actions.php: wp_ajax_wp_compression_test() |
Ajax handler for compression testing. |
wp-admin/includes/ajax-actions.php: wp_ajax_imgedit_preview() |
Ajax handler for image editor previews. |
Changelog
Version | Description |
---|---|
WP-2.0.3 | Introduced. |