[wp-hackers] wp-config.php, wp-load.php, and ABSPATH

Dion Hulse (dd32) wordpress at dd32.id.au
Sat Sep 12 02:04:05 UTC 2009

admin-post.php would be better suited IMO


add_action('admin_post_myplugin_export_db', 'my_plugin_export_the_db_now');
function my_plugin_export_the_db_now() {
    echo 'Hello World!';

If the user isnt logged in, The hook fired is


So its possible to differentiate between a logged in user, and one that  
has either not been logged in, or more likely, who's admin session has  

Also, Don't forget the nonce proetection on such a URL..

You can use admin-ajax.php, I just prefer to seeadmin-post.php used for  
everything other than Ajaxy things myself..

On Sat, 12 Sep 2009 04:10:10 +1000, Matt Martz <matt at sivel.net> wrote:

> On Fri, Sep 11, 2009 at 2:01 PM, Derek <derek at amphibian.info> wrote:
>> I'm actually encountering this right now ... I'm making a call to:
>> '../../../../wp-load.php'
>> ... from within a subdirectory of my plugin directory.  Obviously, if
>> someone has chosen to move wp-content elsewhere, this breaks.  So,
>> here's a specific example Otto.  ;)
>> What I'm doing is exporting data from my plugin's DB tables into a CSV
>> file from the admin. I can't have any other output to the browser so I
>> can set proper headers for the file.
>> Any ideas as to how I can achieve this from strictly within the WP
>> framework?
>> Best,
>> Derek
> Perhaps one of the best solutions is using admin-ajax.php.
> Take a look at the source, and you will quickly find out how easy it
> is to use and how to use it.

Dion Hulse
e: contact at dd32.id.au
w: http://dd32.id.au/
m: 04 6621 9112 (+614 6621 9112)
WordPressQI: http://wordpressqi.com/

More information about the wp-hackers mailing list