/** * Send headers for WC Ajax Requests * @since 2.5.0 */ private static function wc_ajax_headers() { send_origin_headers(); @header('Content-Type: text/html; charset=' . get_option('blog_charset')); @header('X-Robots-Tag: noindex'); send_nosniff_header(); nocache_headers(); status_header(200); }
/** * Start preview and customize theme. * * Check if customize query variable exist. Init filters to filter the current theme. * * @since 3.4.0 */ public function setup_theme() { if (!isset($_REQUEST['customize']) || 'on' != $_REQUEST['customize']) { return; } send_origin_headers(); $this->start_previewing_theme(); show_admin_bar(false); }
/** * Set BSR AJAX constant and headers. * @access public */ public function define_ajax() { if (isset($_GET['bsr-ajax']) && !empty($_GET['bsr-ajax'])) { // Define the WordPress "DOING_AJAX" constant. if (!defined('DOING_AJAX')) { define('DOING_AJAX', true); } // Prevent notices from breaking AJAX functionality. if (!WP_DEBUG || WP_DEBUG && !WP_DEBUG_DISPLAY) { @ini_set('display_errors', 0); } // Send the headers. send_origin_headers(); @header('Content-Type: text/html; charset=' . get_option('blog_charset')); @header('X-Robots-Tag: noindex'); send_nosniff_header(); nocache_headers(); } }
public function endpoint() { global $wp_query; if (!isset($wp_query->query_vars[$this->endpoint])) { return; } do_action('cornerstone_before_endpoint'); send_origin_headers(); if (empty($_REQUEST['action'])) { die('0'); } @header('X-Robots-Tag: noindex'); @header('Cornerstone: true'); send_nosniff_header(); nocache_headers(); $action = is_user_logged_in() ? 'cornerstone_endpoint_' : 'cornerstone_endpoint_nopriv_'; do_action($action . $_REQUEST['action']); die('0'); }
/** * Handles AJAX response * * @since 6.3 * @access public */ public function template_redirect() { $theme_my_login = Theme_My_Login::get_object(); if (Theme_My_Login::is_tml_page() && isset($_GET['ajax'])) { define('DOING_AJAX', true); $instance =& $theme_my_login->get_instance(); $instance->set_option('default_action', !empty($theme_my_login->request_action) ? $theme_my_login->request_action : 'login'); $instance->set_option('gravatar_size', 75); $instance->set_option('before_title', '<h2>'); $instance->set_option('after_title', '</h2>'); $data = $instance->display(); send_origin_headers(); @header('Content-Type: text/html; charset=' . get_option('blog_charset')); @header('X-Robots-Tag: noindex'); send_nosniff_header(); nocache_headers(); $x = new WP_Ajax_Response(array('what' => 'login', 'action' => $theme_my_login->request_action, 'data' => $theme_my_login->errors->get_error_code() ? $theme_my_login->errors : $data, 'supplemental' => array('html' => $data, 'success' => is_user_logged_in()))); $x->send(); exit; } }
/** * Set WC AJAX constant and headers. */ public static function define_ajax() { if (!empty($_GET['wc-ajax'])) { if (!defined('DOING_AJAX')) { define('DOING_AJAX', true); } if (!defined('WC_DOING_AJAX')) { define('WC_DOING_AJAX', true); } // Turn off display_errors during AJAX events to prevent malformed JSON if (!WP_DEBUG || WP_DEBUG && !WP_DEBUG_DISPLAY) { @ini_set('display_errors', 0); } // Send headers like admin-ajax.php send_origin_headers(); @header('Content-Type: text/html; charset=' . get_option('blog_charset')); @header('X-Robots-Tag: noindex'); send_nosniff_header(); nocache_headers(); } }
/** * Executing AJAX process. * * @since 2.1.0 */ define('WP_USE_THEMES', false); define('DOING_AJAX', true); //if (!defined('WP_ADMIN')) { // define('WP_ADMIN', true); //} require_once cred_get_root_path() . 'wp-load.php'; require_once cred_get_root_path() . 'wp-admin/includes/file.php'; require_once cred_get_root_path() . 'wp-admin/includes/media.php'; require_once cred_get_root_path() . 'wp-admin/includes/image.php'; /** Allow for cross-domain requests (from the frontend). */ send_origin_headers(); $data = array(); if (isset($_REQUEST['nonce']) && check_ajax_referer('ajax_nonce', 'nonce', false)) { if (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['file'])) { $file = $_POST['file']; $id = isset($_POST['id']) ? (int) $_POST['id'] : 0; $data = array('result' => true); $local_file = cred_get_local($file); //get all image attachments $attachments = get_children(array('post_parent' => $id, 'post_type' => 'attachment')); //loop through the array if (!empty($attachments)) { foreach ($attachments as $attachment) { $attach_file = strtolower(basename($attachment->guid)); $my_local_file = strtolower(basename($local_file)); if ($attach_file == $my_local_file) {
/** * Start preview and customize theme. * * Check if customize query variable exist. Init filters to filter the current theme. * * @since 3.4.0 */ public function setup_theme() { send_origin_headers(); $doing_ajax_or_is_customized = $this->doing_ajax() || isset($_POST['customized']); if (is_admin() && !$doing_ajax_or_is_customized) { auth_redirect(); } elseif ($doing_ajax_or_is_customized && !is_user_logged_in()) { $this->wp_die(0); } show_admin_bar(false); if (!current_user_can('customize')) { $this->wp_die(-1); } $this->original_stylesheet = get_stylesheet(); $this->theme = wp_get_theme(isset($_REQUEST['theme']) ? $_REQUEST['theme'] : null); if ($this->is_theme_active()) { // Once the theme is loaded, we'll validate it. add_action('after_setup_theme', array($this, 'after_setup_theme')); } else { // If the requested theme is not the active theme and the user doesn't have the // switch_themes cap, bail. if (!current_user_can('switch_themes')) { $this->wp_die(-1); } // If the theme has errors while loading, bail. if ($this->theme()->errors()) { $this->wp_die(-1); } // If the theme isn't allowed per multisite settings, bail. if (!$this->theme()->is_allowed()) { $this->wp_die(-1); } } $this->start_previewing_theme(); }
/** * Start preview and customize theme. * * Check if customize query variable exist. Init filters to filter the current theme. * * @since 3.4.0 */ public function setup_theme() { send_origin_headers(); if (is_admin() && !$this->doing_ajax()) { auth_redirect(); } elseif ($this->doing_ajax() && !is_user_logged_in()) { $this->wp_die(0); } show_admin_bar(false); if (!current_user_can('edit_theme_options')) { $this->wp_die(-1); } $this->original_stylesheet = get_stylesheet(); $this->theme = wp_get_theme(isset($_REQUEST['theme']) ? $_REQUEST['theme'] : null); if ($this->is_theme_active()) { // Once the theme is loaded, we'll validate it. add_action('after_setup_theme', array($this, 'after_setup_theme')); } else { if (!current_user_can('switch_themes')) { $this->wp_die(-1); } // If the theme isn't active, you can't preview it if it is not allowed or has errors. if ($this->theme()->errors()) { $this->wp_die(-1); } if (!$this->theme()->is_allowed()) { $this->wp_die(-1); } } $this->start_previewing_theme(); }
public function handle_page_request() { global $HTTP_RAW_POST_DATA; $route = get_query_var(GFWEBAPI_ROUTE_VAR); if (false == $route) { return; } send_origin_headers(); $settings = get_option('gravityformsaddon_gravityformswebapi_settings'); if (empty($settings) || !$settings['enabled']) { $this->log_debug(__METHOD__ . '(): API not enabled, permission denied.'); $this->die_permission_denied(); } $route_parts = pathinfo($route); $format = rgar($route_parts, 'extension'); if ($format) { $route = str_replace('.' . $format, '', $route); } $path_array = explode('/', $route); $collection = strtolower(rgar($path_array, 0)); $id = rgar($path_array, 1); if (strpos($id, ';') !== false) { $id = explode(';', $id); } $collection2 = strtolower(rgar($path_array, 2)); $id2 = rgar($path_array, 3); if (strpos($id2, ';') !== false) { $id2 = explode(';', $id2); } if (empty($format)) { $format = 'json'; } $schema = strtolower(rgget('schema')); $offset = isset($_GET['paging']['offset']) ? strtolower($_GET['paging']['offset']) : 0; $page_size = isset($_GET['paging']['page_size']) ? strtolower($_GET['paging']['page_size']) : 10; $method = strtoupper($_SERVER['REQUEST_METHOD']); $args = compact('offset', 'page_size', 'schema'); $endpoint = empty($collection2) ? strtolower($method) . '_' . $collection : strtolower($method) . '_' . $collection . '_' . $collection2; // The POST forms/[ID]/submissions endpoint is public and does not require authentication. $authentication_required = $endpoint !== 'post_forms_submissions'; /** * Allows overriding of authentication for all the endpoints of the Web API. * gform_webapi_authentication_required_[end point] * e.g. * gform_webapi_authentication_required_post_form_submissions * * @param bool $authentication_required Whether authentication is required for this endpoint. */ $authentication_required = apply_filters('gform_webapi_authentication_required_' . $endpoint, $authentication_required); if ($authentication_required) { $this->authenticate(); } else { $this->log_debug(__METHOD__ . '(): Authentication not required.'); } $test_mode = rgget('test'); if ($test_mode) { die('test mode'); } if (empty($collection2)) { do_action('gform_webapi_' . $endpoint, $id, $format, $args); } else { do_action('gform_webapi_' . $endpoint, $id, $id2, $format, $args); } if (!isset($HTTP_RAW_POST_DATA)) { $HTTP_RAW_POST_DATA = file_get_contents('php://input'); } $this->log_debug(__METHOD__ . '(): HTTP_RAW_POST_DATA = ' . $HTTP_RAW_POST_DATA); $data = json_decode($HTTP_RAW_POST_DATA, true); switch ($collection) { case 'forms': switch ($collection2) { case 'results': switch ($method) { case 'GET': $this->get_results($id); break; case 'DELETE': case 'PUT': case 'POST': default: $this->die_bad_request(); } break; case 'properties': switch ($method) { case 'PUT': $this->put_forms_properties($data, $id); break; default: $this->die_bad_request(); } break; case 'feeds': if (false == empty($id2)) { $this->die_bad_request(); } switch ($method) { case 'GET': $this->get_feeds(null, $id); break; case 'DELETE': $this->delete_feeds(null, $id); break; case 'PUT': $this->die_not_implemented(); break; case 'POST': $this->post_feeds($data, $id); break; default: $this->die_bad_request(); } break; case 'entries': if (false == empty($id2)) { $this->die_bad_request(); } switch ($method) { case 'GET': $this->get_entries(null, $id, $schema); break; case 'POST': $this->post_entries($data, $id); break; case 'PUT': case 'DELETE': $this->die_not_implemented(); break; default: $this->die_bad_request(); } break; case 'submissions': if (false == empty($id2)) { $this->die_bad_request(); } switch ($method) { case 'POST': $this->submit_form($data, $id); break; case 'GET': case 'PUT': case 'DELETE': $this->die_not_implemented(); break; default: $this->die_bad_request(); } break; case '': switch ($method) { case 'GET': $this->get_forms($id, $schema); break; case 'DELETE': $this->delete_forms($id); break; case 'PUT': $this->put_forms($data, $id, $id2); break; case 'POST': if (false === empty($id)) { $this->die_bad_request(); } $this->post_forms($data, $id); break; default: $this->die_bad_request(); } break; default: $this->die_bad_request(); break; } break; case 'entries': // route = /entries/{id} switch ($method) { case 'GET': switch ($collection2) { case 'fields': // route = /entries/{id}/fields/{id2} $this->get_entries($id, null, $schema, $id2); break; case '': $this->get_entries($id, null, $schema); break; default: $this->die_bad_request(); } break; case 'DELETE': $this->delete_entries($id); break; case 'PUT': switch ($collection2) { case 'properties': // route = /entries/{id}/properties/{id2} $this->put_entry_properties($data, $id); break; case '': $this->put_entries($data, $id); break; } break; case 'POST': if (false === empty($id)) { $this->die_bad_request(); } $this->post_entries($data); break; default: $this->die_bad_request(); } break; case 'feeds': switch ($method) { case 'GET': $this->get_feeds($id); break; case 'DELETE': if (empty($id)) { $this->die_bad_request(); } $this->delete_feeds($id); break; case 'PUT': $this->put_feeds($data, $id); break; case 'POST': if (false === empty($id)) { $this->die_bad_request(); } $this->post_feeds($data); break; default: $this->die_bad_request(); } break; default: $this->die_bad_request(); break; } $this->die_bad_request(); }
/** * Start preview and customize theme. * * Check if customize query variable exist. Init filters to filter the current theme. * * @since 3.4.0 */ public function setup_theme() { if ( is_admin() && ! $this->doing_ajax() ) auth_redirect(); elseif ( $this->doing_ajax() && ! is_user_logged_in()) wp_die( 0 ); send_origin_headers(); $this->original_stylesheet = get_stylesheet(); $this->theme = wp_get_theme( isset( $_REQUEST['theme'] ) ? $_REQUEST['theme'] : null ); // You can't preview a theme if it doesn't exist, or if it is not allowed (unless active). if ( ! $this->theme->exists() ) $this->wp_die( -1, __( 'Cheatin’ uh?' ) ); if ( $this->theme->get_stylesheet() != get_stylesheet() && ( ! $this->theme()->is_allowed() || ! current_user_can( 'switch_themes' ) ) ) $this->wp_die( -1, __( 'Cheatin’ uh?' ) ); if ( ! current_user_can( 'edit_theme_options' ) ) $this->wp_die( -1, __( 'Cheatin’ uh?' ) ); $this->start_previewing_theme(); show_admin_bar( false ); }
/** * Start preview and customize theme. * * Check if customize query variable exist. Init filters to filter the current theme. * * @since 3.4.0 */ public function setup_theme() { global $pagenow; // Check permissions for customize.php access since this method is called before customize.php can run any code, if ('customize.php' === $pagenow && !current_user_can('customize')) { if (!is_user_logged_in()) { auth_redirect(); } else { wp_die('<h1>' . __('Cheatin’ uh?') . '</h1>' . '<p>' . __('Sorry, you are not allowed to customize this site.') . '</p>', 403); } return; } if (!preg_match('/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/', $this->_changeset_uuid)) { $this->wp_die(-1, __('Invalid changeset UUID')); } /* * If unauthenticated then require a valid changeset UUID to load the preview. * In this way, the UUID serves as a secret key. If the messenger channel is present, * then send unauthenticated code to prompt re-auth. */ if (!current_user_can('customize') && !$this->changeset_post_id()) { $this->wp_die($this->messenger_channel ? 0 : -1, __('Non-existent changeset UUID.')); } if (!headers_sent()) { send_origin_headers(); } // Hide the admin bar if we're embedded in the customizer iframe. if ($this->messenger_channel) { show_admin_bar(false); } if ($this->is_theme_active()) { // Once the theme is loaded, we'll validate it. add_action('after_setup_theme', array($this, 'after_setup_theme')); } else { // If the requested theme is not the active theme and the user doesn't have the // switch_themes cap, bail. if (!current_user_can('switch_themes')) { $this->wp_die(-1, __('Sorry, you are not allowed to edit theme options on this site.')); } // If the theme has errors while loading, bail. if ($this->theme()->errors()) { $this->wp_die(-1, $this->theme()->errors()->get_error_message()); } // If the theme isn't allowed per multisite settings, bail. if (!$this->theme()->is_allowed()) { $this->wp_die(-1, __('The requested theme does not exist.')); } } /* * Import theme starter content for fresh installs when landing in the customizer. * Import starter content at after_setup_theme:100 so that any * add_theme_support( 'starter-content' ) calls will have been made. */ if (get_option('fresh_site') && 'customize.php' === $pagenow) { add_action('after_setup_theme', array($this, 'import_theme_starter_content'), 100); } $this->start_previewing_theme(); }
public static function end($status, $response) { $output['status'] = $status; $output['response'] = $response; // PHP > 5.3 if (function_exists('header_remove')) { header_remove('X-Pingback'); } send_origin_headers(); header('Content-Type: application/json; charset=' . get_option('blog_charset'), true); $output_json = json_encode($output); echo $output_json; die; }