[wp-hackers] wp-admin folder and admin-ajax.php

Gavin Pearce Gavin.Pearce at 3seven9.com
Wed Aug 11 16:44:05 UTC 2010


Hi guys,

Nice idea ... but what if you start having more than one AJAX request?

Or from a plugin developers point of view - I can't just "exit;" on AJAX request from my plugin, as there may still be more AJAX requests to run....

Thanks,
Gav

-----Original Message-----
From: wp-hackers-bounces at lists.automattic.com [mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Otto
Sent: 11 August 2010 16:37
To: wp-hackers at lists.automattic.com
Subject: Re: [wp-hackers] wp-admin folder and admin-ajax.php

This is the same basic approach I use.

However, setting the ajaxurl to the home url isn't required, really.
If you're capturing via init, then any URL on the site works, since
init always triggers. So I tend to just use the current page URL.
Simpler.

-Otto



On Wed, Aug 11, 2010 at 6:48 AM, Paul <paul at codehooligans.com> wrote:
> For simple front-end AJAX needs which do not require authenticated access I don't use the admin-ajax.php hook.
>
> Instead I just capture the action via my plugin's init function. Something like
>
> function init()
> {
>        // Normal init code here
>        // blah blah blah
>
>        // Handle front-end AJAX requests.
>        if (isset($_REQUEST['property_display_ajax_action']))
>        {
>                // Process my AJAX here!
>                exit();         // Terminate the request
>        }
> }
>
> You can still use the same code for your JS/AJAX as suggested on http://codex.wordpress.org/AJAX_in_Plugins
> But with one issue. Since this is front-end the 'ajaxurl' is not set. So on your themes wp_footer(); action add it yourself. Mine just calls the front-end site url.
>
> function property_wp_footer()
> {
>        ?>
>        <script type="text/javascript" >
>                var ajaxurl = '<?php echo home_url( '/' );  ?>';
>        </script>
>        <?php
> }
>
>
>
>
>
> On Aug 11, 2010, at 7:18 AM, Gavin Pearce wrote:
>
>> Hi Westi,
>>
>> That would still mean pointing to wp-admin/admin-ajax.php though I believe?
>>
>> Which goes back to the issue of being able to secure the wp-admin folder. Some users, as suggested in the codex, will secure the entire wp-admin folder via IP or htaccess password protection, which would break any front-end AJAX hooking into this.
>>
>> As a plugin developer, automatic installations would obviously fail in this use-case.
>>
>> Cheers,
>> Gav
>>
>> -----Original Message-----
>> From: wp-hackers-bounces at lists.automattic.com [mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Peter Westwood
>> Sent: 11 August 2010 11:49
>> To: wp-hackers at lists.automattic.com
>> Subject: Re: [wp-hackers] wp-admin folder and admin-ajax.php
>>
>>
>> On 11 Aug 2010, at 10:14, Gavin Pearce wrote:
>>
>>> Thanks Westi!
>>>
>>> Out of interest then, and in that case - how would you personally best
>>> handle non-auth, front-end, AJAX (and then having access to the various
>>> WP instances/classes/DB) without hooking into the WordPress AJAX
>>> function at admin-ajax.php?
>>>
>>> All the main guides seem to point towards using admin-ajax ...
>>>
>>
>> Sorry I missed this out my response earlier.
>>
>> For unauthenticated actions use a no_priv action hook.
>>
>> Line 46 of admin-ajax.php
>>
>> do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
>>
>> westi
>> --
>> Peter Westwood
>> http://blog.ftwr.co.uk | http://westi.wordpress.com
>> C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5
>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list