The credit for this answer really goes to @Wyck who correctly identified the source of the problem. Thank you very much. The reason for the problem is: There is a variance between an import statement in the mainline code versus within a function. In WP or in in any of the plugins if variables aren’t … Read more
1, the nonce lifetime is about 24 hours by default actually. take a look at wp_verify_nonce function. To be more accurate, the lifetime is controlled by filter apply_filters( ‘nonce_life’, DAY_IN_SECONDS ); 2, if the lifetime value makes you doubt if it is “an implementation side-effect”, you may want to add_filter(‘nonce_life’,create_function(‘$v’, ‘return 60*5;’)); to shorten the … Read more
WordPress has a native AJAX file that should do all that you want, and this will ensure that all native WP functions are included. If you require additional functionality from ‘framework/AsyncAction.php’, you can include_once(), as you do with ‘SettingsController.php’. See the Codex for more information and examples – AJAX in Plugins If you wish to … Read more
Check the DOING_AJAX constant: function my_admin_init(){ if( !defined(‘DOING_AJAX’) && !current_user_can(‘administrator’) ){ wp_redirect( home_url() ); exit(); } } add_action(‘admin_init’,’my_admin_init’);
The first thing admin-ajax.php does is define DOING_AJAX. Then, it loads wp-load.php. It does some other stuff, and the first thing it comes across that you have control over is wp-config.php. So if you want to stop all ajax, you can add to following to your wp-config.php file. if( defined( ‘DOING_AJAX’ ) && DOING_AJAX ) … Read more
In wp-config.php: if ( defined( ‘DOING_AJAX’ ) && DOING_AJAX ) define( ‘WP_DEBUG’, false ); else define( ‘WP_DEBUG’, true );
First, the obvious drawback to the first method is that it depends on your specific page, template, and permalink structure to all work correctly. Using admin-ajax.php will work correctly in any context, theme or plugin, where proper WordPress best practices are followed. The less obvious drawback to the first method is that it uses more … Read more
The action should be part of the data object: var formdata = new FormData(); formdata.append(‘name’, ‘This is Name’); formdata.append(‘action’, ‘plugin_save’); $.ajax({ url: ‘admin-ajax.php’, type: ‘POST’, data: formdata, contentType:false, processData:false, success: success, error: error });
Looking at the WordPress source code, I’d say that wp_ajax_nopriv_* fires only if you’re not logged in, and wp_ajax_* fires otherwise. Here’s the relevant bit, in admin-ajax.php, lines 85-115 in version 5.0.3: if ( is_user_logged_in() ) { // If no action is registered, return a Bad Request response. if ( ! has_action( ‘wp_ajax_’ . $_REQUEST[‘action’] … Read more
Sometimes I have a 500 error ( from NGinx ) just because I have a “character” getting outputted before the first header gets written ( or in-between ). Activate WP_DEBUG = true and see what happens. 99% of the case I could spot the error from there. ( and it was nearly all the time … Read more