check_ajax_referer()验证AJAX请求以阻止执行来自博客外部的请求

目录

描述

译文

该函数可由插件代替。若插件无法重新定义函数,则使用该函数。

该函数验证AJAX请求以阻止执行来自博客外部的请求。

原文

This function can be replaced via plugins. If plugins do not redefine these functions, then this will be used instead.

Verifies the AJAX request to prevent processing requests external of the blog.

check_ajax_referer() 描述

用法

<?php check_ajax_referer$action$query_arg$die ?>

check_ajax_referer() 用法

参数

$action

(string) (可选) Action nonce

默认值: -1

$query_arg

(string) (可选) where to look for nonce in $_REQUEST (since 2.5)

默认值: false

$die

(boolean) (可选) whether to die if the nonce is invalid

默认值: true

check_ajax_referer() 参数

返回值

(boolean

If parameter $die is set to false this function will return a boolean of true if check passes or false if check fails

check_ajax_referer() 返回值

示例

In your main file, set the nonce like this:

/* ----------------------------------
 * wordpress之魂 © http://wphun.com
 * ---------------------------------- */

<?php
//Set Your Nonce
$ajax_nonce = wp_create_nonce( "my-special-string" );
?>

<script type="text/javascript">
jQuery(document).ready(function($){
	var data = {
		action: 'my_action',
		security: '<?php echo $ajax_nonce; ?>',
		my_string: 'Hello World!'
	};
	$.post(ajaxurl, data, function(response) {
		alert("Response: " + response);
	});
});
</script>

In your ajax file, check the referrer like this:

/* ----------------------------------
 * wordpress之魂 © http://wphun.com
 * ---------------------------------- */

add_action( 'wp_ajax_my_action', 'my_action_function' );
function my_action_function() {
	check_ajax_referer( 'my-special-string', 'security' );
	echo sanitize_text_field( $_POST['my_string'] );
	die;
}

check_ajax_referer() 示例

注意

  • This function can be replaced via plugins. If plugins do not redefine these functions, then this will be used instead.
  • If $query_arg is not specified (i.e. defaults to false), then the function will look for the nonce in '_ajax_nonce'. If that is not set, then it will assume that the nonce is in '_wpnonce', regardless of whether that query arg actually exists.
  • If $die is set to true, execution of the script will be stopped if the nonce cannot be verified, and the output will be '-1'.

check_ajax_referer() 注意

历史

  • 添加于 版本: 2.0.4

check_ajax_referer() 历史

源文件

check_ajax_referer() 函数的代码位于 wp-includes/pluggable.php.

/* ----------------------------------
 * wordpress之魂 © http://wphun.com
 * ---------------------------------- */
/**
 * Verifies the AJAX request to prevent processing requests external of the blog.
 *
 * @since 2.0.3
 *
 * @param int|string   $action    Action nonce.
 * @param false|string $query_arg Optional. Key to check for the nonce in `$_REQUEST` (since 2.5). If false,
 *                                `$_REQUEST` values will be evaluated for '_ajax_nonce', and '_wpnonce'
 *                                (in that order). Default false.
 * @param bool         $die       Optional. Whether to die early when the nonce cannot be verified.
 *                                Default true.
 * @return false|int False if the nonce is invalid, 1 if the nonce is valid and generated between
 *                   0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
 */
function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
	$nonce = '';

	if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
		$nonce = $_REQUEST[ $query_arg ];
	elseif ( isset( $_REQUEST['_ajax_nonce'] ) )
		$nonce = $_REQUEST['_ajax_nonce'];
	elseif ( isset( $_REQUEST['_wpnonce'] ) )
		$nonce = $_REQUEST['_wpnonce'];

	$result = wp_verify_nonce( $nonce, $action );

	if ( $die && false === $result ) {
		if ( defined( 'DOING_AJAX' ) && DOING_AJAX )
			wp_die( -1 );
		else
			die( '-1' );
	}

	/**
	 * Fires once the AJAX request has been validated or not.
	 *
	 * @since 2.1.0
	 *
	 * @param string    $action The AJAX nonce action.
	 * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
	 *                          0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
	 */
	do_action( 'check_ajax_referer', $action, $result );

	return $result;
}
endif;

if ( !function_exists('wp_redirect') ) :

check_ajax_referer() 源文件

相关