/** * Verifies the AJAX request to prevent processing requests external of the blog. * * @since 0.0.1 * * @param int|string $action Action nonce. * @param false|string $query_arg Optional. Key to check for the nonce in `$_REQUEST` (since 2.5). If false, * `$_REQUEST` values will be evaluated for '_ajax_nonce', and '_hqnonce' * (in that order). Default false. * @param bool $die Optional. Whether to die early when the nonce cannot be verified. * Default true. * @return false|int False if the nonce is invalid, 1 if the nonce is valid and generated between * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. */ function check_ajax_referer($action = -1, $query_arg = false, $die = true) { $nonce = ''; if ($query_arg && isset($_REQUEST[$query_arg])) { $nonce = $_REQUEST[$query_arg]; } elseif (isset($_REQUEST['_ajax_nonce'])) { $nonce = $_REQUEST['_ajax_nonce']; } elseif (isset($_REQUEST['_hqnonce'])) { $nonce = $_REQUEST['_hqnonce']; } $result = hq_verify_nonce($nonce, $action); if ($die && false === $result) { if (defined('DOING_AJAX') && DOING_AJAX) { hq_die(-1); } else { die('-1'); } } /** * Fires once the AJAX request has been validated or not. * * @since 0.0.1 * * @param string $action The AJAX nonce action. * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. */ do_action('check_ajax_referer', $action, $result); return $result; }
/** * Get the current step. * * @since 0.0.1 * * @return int Current step */ public function step() { if (!isset($_GET['step'])) { return 1; } $step = (int) $_GET['step']; if ($step < 1 || 3 < $step || 2 == $step && !hq_verify_nonce($_REQUEST['_hqnonce-custom-header-upload'], 'custom-header-upload') || 3 == $step && !hq_verify_nonce($_REQUEST['_hqnonce'], 'custom-header-crop-image')) { return 1; } return $step; }