check_ajax_referer() - WordPress 函数参考中文文档

返回介绍

check_ajax_referer()

发布于 2017-09-10 字数10015 浏览 1121 评论 0

check_ajax_referer( int|string $action = -1,  false|string $query_arg = false,  bool $die = true )

Verifies the Ajax request to prevent processing requests external of the blog.


描述


参数

$action

(int|string)
(Optional)
Action nonce.

Default value: -1

$query_arg

(false|string)
(Optional)
Key to check for the nonce in $_REQUEST (since 2.5). If false, $_REQUEST values will be evaluated for ‘_ajax_nonce’, and ‘_wpnonce’ (in that order).

Default value: false

$die

(bool)
(Optional)
Whether to die early when the nonce cannot be verified.

Default value: true


返回值

(false|int) False if the nonce is invalid, 1 if the nonce is valid and generated between 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.


源代码

File: wp-includes/pluggable.php

function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
	if ( -1 == $action ) {
		_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '4.7' );
	}

	$nonce = '';

	if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
		$nonce = $_REQUEST[ $query_arg ];
	elseif ( isset( $_REQUEST['_ajax_nonce'] ) )
		$nonce = $_REQUEST['_ajax_nonce'];
	elseif ( isset( $_REQUEST['_wpnonce'] ) )
		$nonce = $_REQUEST['_wpnonce'];

	$result = wp_verify_nonce( $nonce, $action );

	/**
	 * Fires once the Ajax request has been validated or not.
	 *
	 * @since 2.1.0
	 *
	 * @param string    $action The Ajax nonce action.
	 * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
	 *                          0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
	 */
	do_action( 'check_ajax_referer', $action, $result );

	if ( $die && false === $result ) {
		if ( wp_doing_ajax() ) {
			wp_die( -1, 403 );
		} else {
			die( '-1' );
		}
	}

	return $result;
}

更新日志

Version 描述
2.0.3 Introduced.

相关函数

Uses

  • wp-includes/load.php:
    wp_doing_ajax()
  • wp-includes/l10n.php:
    __()
  • wp-includes/pluggable.php:
    wp_verify_nonce()
  • wp-includes/pluggable.php:
    check_ajax_referer
  • wp-includes/functions.php:
    _doing_it_wrong()
  • wp-includes/functions.php:
    wp_die()
  • wp-includes/plugin.php:
    do_action()
  • Show 2 more uses
    Hide more uses


Used By

  • wp-admin/includes/ajax-actions.php:
    wp_ajax_get_community_events()
  • wp-includes/class-wp-customize-nav-menus.php:
    WP_Customize_Nav_Menus::ajax_insert_auto_draft_post()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_search_install_plugins()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_delete_plugin()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_search_plugins()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_install_theme()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_update_theme()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_delete_theme()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_install_plugin()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_get_post_thumbnail_html()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_save_wporg_username()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_delete_inactive_widgets()
  • wp-includes/class-wp-customize-nav-menus.php:
    WP_Customize_Nav_Menus::ajax_load_available_items()
  • wp-includes/class-wp-customize-nav-menus.php:
    WP_Customize_Nav_Menus::ajax_search_available_items()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_crop_image()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_update_plugin()
  • wp-admin/custom-background.php:
    Custom_Background::ajax_background_add()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_save_attachment_order()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_send_attachment_to_editor()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_send_link_to_editor()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_save_user_color_scheme()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_save_widget()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_upload_attachment()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_image_editor()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_set_post_thumbnail()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_wp_fullscreen_save_post()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_wp_remove_post_lock()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_save_attachment()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_save_attachment_compat()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_add_menu_item()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_add_meta()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_add_user()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_closed_postboxes()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_hidden_columns()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_update_welcome_panel()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_wp_link_ajax()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_menu_locations_save()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_meta_box_order()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_get_permalink()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_sample_permalink()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_inline_save()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_inline_save_tax()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_find_posts()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_widgets_order()
  • wp-admin/includes/ajax-actions.php:
    _wp_ajax_add_hierarchical_term()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_delete_comment()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_delete_tag()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_delete_link()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_delete_meta()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_delete_post()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_trash_post()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_delete_page()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_dim_comment()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_add_link_category()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_add_tag()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_get_comments()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_replyto_comment()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_edit_comment()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_fetch_list()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_wp_compression_test()
  • wp-admin/includes/ajax-actions.php:
    wp_ajax_imgedit_preview()
  • wp-admin/custom-header.php:
    Custom_Image_Header::ajax_header_crop()
  • wp-admin/custom-header.php:
    Custom_Image_Header::ajax_header_add()
  • wp-admin/custom-header.php:
    Custom_Image_Header::ajax_header_remove()
  • wp-includes/class-wp-customize-manager.php:
    WP_Customize_Manager::save()
  • wp-includes/class-wp-customize-manager.php:
    WP_Customize_Manager::setup_theme()
  • wp-includes/class-wp-customize-widgets.php:
    WP_Customize_Widgets::wp_ajax_update_widget()
  • Show 62 more used by
    Hide more used by


User Contributed Notes

  1. Skip to note content

    You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note

    Contributed by Codex

    Example
    In your main file, set the nonce like this:

    
    <?php
    //Set Your Nonce
    $ajax_nonce = wp_create_nonce( "wpdocs-special-string" );
    ?>
    
    <script type="text/javascript">
    jQuery(document).ready(function($){
    	var data = {
    		action: 'wpdocs_action',
    		security: '<?php echo $ajax_nonce; ?>',
    		wpdocs_string: 'Hello World!'
    	};
    	$.post(ajaxurl, data, function(response) {
    		alert("Response: " + response);
    	});
    });
    </script>
    

    In your AJAX file, check the referrer like this:

    
    /**
     * Check the referrer for the AJAX call.
     */
    function wpdocs_action_function() {
    	check_ajax_referer( 'wpdocs-special-string', 'security' );
    	echo sanitize_text_field( $_POST['wpdocs_string'] );
    	die;
    }
    add_action( 'wp_ajax_wpdocs_action', 'wpdocs_action_function' );
    

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

目前还没有任何评论,快来抢沙发吧!