[wp-hackers] AJAX in plugins and public pages

Heiko Rabe heiko.rabe at code-styling.de
Sun Feb 22 15:28:10 GMT 2009 

May be, but the only way getting admin ajax calls running at a WP 2.6 
based installation is POST, you would loose your backward compatibility!
Here the only processed $_GET inside WP the 2.6 file:

<?php
define('DOING_AJAX', true);

require_once('../wp-load.php');
require_once('includes/admin.php');

if ( !is_user_logged_in() )
    die('-1');

if ( isset($_GET['action']) && 'ajax-tag-search' == $_GET['action'] ) {
    if ( !current_user_can( 'manage_categories' ) )
        die('-1');

    $s = $_GET['q']; // is this slashed already?

    if ( strstr( $s, ',' ) ) {
        $s = explode( ',', $s );
        $s = $s[count( $s ) - 1];
    }
    $s = trim( $s );
    if ( strlen( $s ) < 2 )
     die; // require 2 chars for matching
    $results = $wpdb->get_col( "SELECT name FROM $wpdb->terms WHERE name 
LIKE ('%". $s . "%')" );
    echo join( $results, "\n" );
    die;
}

So you will be not able to get your plugin running related to admin ajax 
calls, if you do GET calls. This will limit your implemantation to 
WordPress 2.7 and above.
If you prefere to combine POST and GET into one public ajax call hook, 
this could also be done.
But it would be a good idea to be able to disable GET based public ajax 
calls because is much more easy to flood the server with ordinary 
clickable links forcing ajax processing
instead of a form or application required to generate the POST call.

regards

Heiko Rabe
(www.code-styling.de)
>
> http://core.trac.wordpress.org/browser/tags/2.7/wp-admin/admin-ajax.php#L60 
>
>
> On Feb 22, 2009, at 10:02 AM, Heiko Rabe wrote:
>
>> The admin-ajax.php *only*! processes POST ajax calls, you can't 
>> request admin ajax content by using GET.
>> I would prefere to permit public ajax requests additional to be 
>> called by GET requests but the standard usage should be POST as done 
>> in admin ajax.
>>
>> regards
>>
>> Heiko Rabe
>> (www.code-styling.de)
>>> On Sun, Feb 22, 2009 at 4:32 PM, Heiko Rabe 
>>> <heiko.rabe at code-styling.de>wrote:
>>>
>>>
>>>> It's much easier to implement it in this way, if core would support 
>>>> it:
>>>>
>>>> add_action('wp_public_post_ajax-myfunction',
>>>> 'my_public_post_ajax_function');
>>>> add_action('wp_public_get_ajax-myfunction',
>>>> 'my_public_post_ajax_function');
>>>>
>>>>
>>>
>>> If it get's implemented, shouldn't there be a single hook that 
>>> handles both
>>> GET and POST request like in admin_ajax.php?
>>>
>>>
>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>

More information about the wp-hackers mailing list