[wp-hackers] Removing admin-ajax.php hacks

Brian Layman bulk at thecodecave.com
Thu Jul 1 13:40:29 UTC 2010

Hi Shelby,

I've been faced with making changes to admin-ajax.php before too. It could
probably be reviewed for appropriate new actions in general.

The good news is that you have two options for implementing your hacks.

The first is that you COULD tie into the admin_init action but I don't
recommend that as you have to add too many redundant checks to find the
instance you want.  

The better way to do it is to hook into check_ajax_referer. 

The do_action call looks like this:
  do_action('check_ajax_referer', $action, $result);

So, if the value of $result being passed in is true, then all of the checks
have already passed and you can use the value of $action to determine if you
are in the call you need.

If I were to freestyle some code for this, it would look like this:

add_action('check_ajax_referer', 'ajax_user_can_moderate_comments');

function ajax_user_can_moderate_comments($action, $result) {
	if (($action == 'add-meta') && $result) {
		if ( !current_user_can( 'edit_post', $pid ) &&
!current_user_can( 'moderate_comments' ) ) {
			$result = false;
	return $result;

but that freestyled code might or might not actually work :)

Hope that helps...
Brian Layman
eHermits, Inc.
TheCodeCave.com / RhettandLink.com / twitter.com/BrianLayman /

More information about the wp-hackers mailing list