[wp-trac] [WordPress Trac] #33934: create a SUBMITTING_POST constant

WordPress Trac noreply at wordpress.org
Sun Sep 20 10:30:44 UTC 2015 

#33934: create a SUBMITTING_POST constant
----------------------------+-----------------------------
 Reporter:  charlyox        |      Owner:
     Type:  enhancement     |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  Query           |    Version:  4.3
 Severity:  normal          |   Keywords:
  Focuses:  administration  |
----------------------------+-----------------------------
 One can use the DOING_AJAX constant. It could be useful to also have a
 SUBMITTING_POST constant.

 It would be located on wp-admin/admin-post.php just before the
 ''do_action( 'admin_init' );'' (around line 27) :

 {{{
 require_once(ABSPATH . 'wp-admin/includes/admin.php');

 nocache_headers();

 // HERE  :
 define( 'SUBMITTING_POST', true );
 // END

 /** This action is documented in wp-admin/admin.php */
 do_action( 'admin_init' );

 }}}

 Why :

 On "admin_init", we may want to control access and forbid the admin access
 depending on some conditions.  We would absolutely need to allow the admin
 access on these exceptions: DOING_AJAX (existing) or SUBMITTING_POST.

 The WP doc asks any developer to use the admin_post_* and
 admin_post_nopriv_* to post a form's data.



 example :


 {{{
 /**
  * Redirect back to homepage and not allow access to
  * WP admin for Subscribers.
  */

 add_action( 'admin_init', 'redirect_admin' );
 function redirect_admin(){
         if ( ! current_user_can( 'delete_others_posts' ) && ( !
 defined('DOING_AJAX') || ! DOING_AJAX )  ){
 /**
 * These conditions would be true if the user was submitting a form via the
 admin_post_nopriv_*
 *  or admin_post_* hooks and therefore these hooks would not be fired. =>
 the
 * SUBMITTING_POST constant would be useful there!
 */
                 wp_redirect( site_url() );
                 exit;
         }
 }
 }}}

 In wp-admin/admin-ajax.php the DOING_AJAX constant is defined this way
 (first lines of code) :

 {{{
 /**
  * Executing AJAX process.
  *
  * @since 2.1.0
  */
 define( 'DOING_AJAX', true );
 if ( ! defined( 'WP_ADMIN' ) ) {
         define( 'WP_ADMIN', true );
 }

 }}}


 Thanks a lot for your attention

 Charles

--
Ticket URL: <https://core.trac.wordpress.org/ticket/33934>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list