admin管理员组文章数量:1122846
Here's what I have so far:
add_action( 'wp_ajax_test_process', 'test_process' );
function test_process( $data ) {
if ( !is_user_logged_in() ) {
return;
}
if ( !current_user_can( 'manage_options' ) ) {
return;
}
test_errorsonoff();
test_process_watch( $data );
test_errorsonoff( 'off' );
}
function test_process_watch( $data ) {
if ( !array_key_exists( 'func', $_GET ) ) {
_e( ' Not Found', 'test-plugin' );
exit();
}
$trash = TEST_PLUGIN_URL . 'images/trash.png';
$tdown = TEST_PLUGIN_URL . 'images/tdown.png';
$tup = TEST_PLUGIN_URL . 'images/tup.png';
$whois = TEST_PLUGIN_URL . 'images/whois.png';
$ip = sanitize_text_field( $_GET['ip'] );
$email = sanitize_email( $_GET['email'] );
$container = sanitize_text_field( $_GET['cont'] );
$func = sanitize_text_field( $_GET['func'] );
$options = test_get_options();
$stats = test_get_stats();
$ansa = array();
switch ( $func ) {
case 'delete_gcache':
$ansa = be_load( 'test_remove_gcache', $ip, $stats, $options );
$show = be_load( 'test_get_gcache', 'x', $stats, $options );
echo $show;
exit();
break;
case 'delete_bcache':
$ansa = be_load( 'test_remove_bcache', $ip, $stats, $options );
$show = be_load( 'test_get_bcache', 'x', $stats, $options );
echo $show;
exit();
break;
case 'add_black':
if ( $container == 'badips' ) {
be_load( 'test_remove_bcache', $ip, $stats, $options );
} else if ( $container == 'goodips' ) {
be_load( 'test_remove_gcache', $ip, $stats, $options );
} else {
be_load( 'test_remove_bcache', $ip, $stats, $options );
be_load( 'test_remove_gcache', $ip, $stats, $options );
}
be_load( 'test_addtoblocklist', $ip, $stats, $options );
break;
case 'add_white':
if ( $container == 'badips' ) {
be_load( 'test_remove_bcache', $ip, $stats, $options );
} else if ( $container == 'goodips' ) {
be_load( 'test_remove_gcache', $ip, $stats, $options );
} else {
be_load( 'test_remove_bcache', $ip, $stats, $options );
be_load( 'test_remove_gcache', $ip, $stats, $options );
}
be_load( 'test_addtoallowlist', $ip, $stats, $options );
break;
case 'delete_wl_row':
$ansa = be_load( 'test_get_alreq', $ip, $stats, $options );
echo $ansa;
exit();
break;
case 'delete_wlip':
$ansa = be_load( 'test_get_alreq', $ip, $stats, $options );
echo $ansa;
exit();
break;
case 'delete_wlem':
$ansa = be_load( 'test_get_alreq', $ip, $stats, $options );
echo $ansa;
exit();
break;
default:
_e( '\r\n\r\nUnrecognized function "' . $func . '"', 'test-plugin' );
exit();
}
$ajaxurl = admin_url( 'admin-ajax.php' );
$cachedel = 'delete_gcache';
switch ( $container ) {
case 'badips':
$show = be_load( 'test_get_bcache', 'x', $stats, $options );
echo $show;
exit();
break;
case 'goodips':
$show = be_load( 'test_get_gcache', 'x', $stats, $options );
echo $show;
exit();
break;
case 'wlreq':
$ansa = be_load( 'test_get_alreq', $ip, $stats, $options );
echo $ansa;
exit();
default:
_e( 'Error ' . $container . ' ', 'test-plugin' );
exit();
}
}
Here's what I have so far:
add_action( 'wp_ajax_test_process', 'test_process' );
function test_process( $data ) {
if ( !is_user_logged_in() ) {
return;
}
if ( !current_user_can( 'manage_options' ) ) {
return;
}
test_errorsonoff();
test_process_watch( $data );
test_errorsonoff( 'off' );
}
function test_process_watch( $data ) {
if ( !array_key_exists( 'func', $_GET ) ) {
_e( ' Not Found', 'test-plugin' );
exit();
}
$trash = TEST_PLUGIN_URL . 'images/trash.png';
$tdown = TEST_PLUGIN_URL . 'images/tdown.png';
$tup = TEST_PLUGIN_URL . 'images/tup.png';
$whois = TEST_PLUGIN_URL . 'images/whois.png';
$ip = sanitize_text_field( $_GET['ip'] );
$email = sanitize_email( $_GET['email'] );
$container = sanitize_text_field( $_GET['cont'] );
$func = sanitize_text_field( $_GET['func'] );
$options = test_get_options();
$stats = test_get_stats();
$ansa = array();
switch ( $func ) {
case 'delete_gcache':
$ansa = be_load( 'test_remove_gcache', $ip, $stats, $options );
$show = be_load( 'test_get_gcache', 'x', $stats, $options );
echo $show;
exit();
break;
case 'delete_bcache':
$ansa = be_load( 'test_remove_bcache', $ip, $stats, $options );
$show = be_load( 'test_get_bcache', 'x', $stats, $options );
echo $show;
exit();
break;
case 'add_black':
if ( $container == 'badips' ) {
be_load( 'test_remove_bcache', $ip, $stats, $options );
} else if ( $container == 'goodips' ) {
be_load( 'test_remove_gcache', $ip, $stats, $options );
} else {
be_load( 'test_remove_bcache', $ip, $stats, $options );
be_load( 'test_remove_gcache', $ip, $stats, $options );
}
be_load( 'test_addtoblocklist', $ip, $stats, $options );
break;
case 'add_white':
if ( $container == 'badips' ) {
be_load( 'test_remove_bcache', $ip, $stats, $options );
} else if ( $container == 'goodips' ) {
be_load( 'test_remove_gcache', $ip, $stats, $options );
} else {
be_load( 'test_remove_bcache', $ip, $stats, $options );
be_load( 'test_remove_gcache', $ip, $stats, $options );
}
be_load( 'test_addtoallowlist', $ip, $stats, $options );
break;
case 'delete_wl_row':
$ansa = be_load( 'test_get_alreq', $ip, $stats, $options );
echo $ansa;
exit();
break;
case 'delete_wlip':
$ansa = be_load( 'test_get_alreq', $ip, $stats, $options );
echo $ansa;
exit();
break;
case 'delete_wlem':
$ansa = be_load( 'test_get_alreq', $ip, $stats, $options );
echo $ansa;
exit();
break;
default:
_e( '\r\n\r\nUnrecognized function "' . $func . '"', 'test-plugin' );
exit();
}
$ajaxurl = admin_url( 'admin-ajax.php' );
$cachedel = 'delete_gcache';
switch ( $container ) {
case 'badips':
$show = be_load( 'test_get_bcache', 'x', $stats, $options );
echo $show;
exit();
break;
case 'goodips':
$show = be_load( 'test_get_gcache', 'x', $stats, $options );
echo $show;
exit();
break;
case 'wlreq':
$ansa = be_load( 'test_get_alreq', $ip, $stats, $options );
echo $ansa;
exit();
default:
_e( 'Error ' . $container . ' ', 'test-plugin' );
exit();
}
}
1 Answer
Reset to default 1The first thing is to inline the nonce so that you can use it in the script that calls the ajax action.
// plugin or theme php file
wp_enqueue_script(
'your-script-handle',
'url/to/your/script.js',
array( 'jquery' ),
null,
true
);
wp_add_inline_script(
'your-script-handle',
'const YourAjaxConfig = ' . json_encode( array(
'ajax' => array(
'url' => admin_url( 'admin-ajax.php' ),
'action' => 'test_process',
'nonce' => wp_create_nonce( 'test_process_nonce' ),
),
) ),
'before'
);
Get the nonce value from the config object and pass it along the ajax call.
// script.js
jQuery.post(
YourAjaxConfig.ajax.url,
{
action: YourAjaxConfig.ajax.action,
_ajax_nonce: YourAjaxConfig.ajax.nonce,
},
function($data) {
// do something with the response
}
);
Then use for example check_ajax_referer() to check that the request has a valid nonce in it.
// ajax handler php file
add_action( 'wp_ajax_test_process', 'test_process' );
function test_process() {
if ( ! check_ajax_referer( 'test_process_nonce', false, false ) ) {
wp_send_json_error( 'Invalid nonce', 400 );
}
// code...
wp_send_json_success( 'test_process done' );
}
P.S. using WP AJAX is a bit old school nowadays. You could consider using WP REST instead. See the handbook for REST nonce example.
本文标签: securityHow to add a nonce check correctly to this specific code
版权声明:本文标题:security - How to add a nonce check correctly to this specific code? 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736310274a1934318.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
add_action( 'wp_ajax_test_process', 'test_process' );. – WPdummy Commented Apr 8, 2024 at 3:11