ajax - Should I check for privileges before hooking into `wp_ajax_$handle` or after?

admin管理员组

文章数量:1130349

Should I heck for privileges before even hooking the wp_ajax_hook_name or in the function that I've hooked to it?

The first way:

if( current_user_can( 'manage_options' ) ) {
    add_action( 'wp_ajax_my_hook', array( $this, 'myHookFunction' ) );
}
//It won't even get to the function's code.

The second:

add_action( 'wp_ajax_my_hook', array( $this, 'myHookFunction' ) );
..
..
function myHookFunction() {
    if( current_user_can( 'manage_options' ) ) {
        return;
    }
    //All the code that would normally be executed is now skipped.
}

Here are a few considerations:

1. The myHookFunction is a class, because it's hooked to an AJAX call, it has to be a public function, as such, anyone that's got access to my class can call the function itself.

   1.1. As such, we might encounter situations where a(nother) plugin running from a low-tier user calls my function that is supposed to actually not do anything, under any circumstance if the current calling user's privileges are not met, but remember, we only check for them in the class' __construct when we hook to wp_ajax_$.

2. My concern is that I'm putting too much in a function, I tried my best to separate code from these functions and if I also add checks (even if minimal) for this too, the functions turn into a monster, but I won't sacrifice security over lines of code.

As such, it seems my second method is the best, security wise, but, assuming we're purists and we want clean classes, as well as clean functions, is it really the best? What are my options here?

Should I heck for privileges before even hooking the wp_ajax_hook_name or in the function that I've hooked to it?

The first way:

if( current_user_can( 'manage_options' ) ) {
    add_action( 'wp_ajax_my_hook', array( $this, 'myHookFunction' ) );
}
//It won't even get to the function's code.

The second:

add_action( 'wp_ajax_my_hook', array( $this, 'myHookFunction' ) );
..
..
function myHookFunction() {
    if( current_user_can( 'manage_options' ) ) {
        return;
    }
    //All the code that would normally be executed is now skipped.
}

Here are a few considerations:

1. The myHookFunction is a class, because it's hooked to an AJAX call, it has to be a public function, as such, anyone that's got access to my class can call the function itself.

   1.1. As such, we might encounter situations where a(nother) plugin running from a low-tier user calls my function that is supposed to actually not do anything, under any circumstance if the current calling user's privileges are not met, but remember, we only check for them in the class' __construct when we hook to wp_ajax_$.

2. My concern is that I'm putting too much in a function, I tried my best to separate code from these functions and if I also add checks (even if minimal) for this too, the functions turn into a monster, but I won't sacrifice security over lines of code.

As such, it seems my second method is the best, security wise, but, assuming we're purists and we want clean classes, as well as clean functions, is it really the best? What are my options here?

本文标签： ajaxShould I check for privileges before hooking into wpajaxhandle or after