我最近为WordPress创建了一个插件,允许你删除前端文章中的评论,它有一个撤销删除功能,而且每次都不必重新加载页面( AJAX )。然而,当我点击删除按钮时,什么也没有发生,我在谷歌控制台中得到了一个“POST/wp-admin/admin-ajax.php 403”错误。
下面是该插件的PHP代码:
<?php
/*
Plugin Name: Comment Deleter
Plugin URI: https://example.com/
Description: A plugin for deleting comments with undo function and
using AJAX.
Version: 1.0.0
Author: Alexis Grolot
Author URI: https://example.com/
License: GPL2
*/
function comment_deleter_enqueue_scripts() {
wp_enqueue_script( 'comment-deleter', plugin_dir_url( __FILE__ ) .
'comment-deleter.js', array( 'jquery' ), '1.0.0', true );
wp_localize_script( 'comment-deleter', 'comment_deleter_ajax', array(
'ajax_url' => admin_url( 'admin-ajax.php' ) ) );
}
add_action( 'wp_enqueue_scripts', 'comment_deleter_enqueue_scripts'
);
function comment_deleter_delete_comment() {
check_ajax_referer( 'comment_deleter_delete_comment' );
$commentId = isset( $_POST['comment_id'] ) ? intval(
$_POST['comment_id'] ) : 0;
$comment = get_comment( $commentId );
if ( $comment ) {
wp_delete_comment( $commentId, true );
wp_send_json_success();
} else {
wp_send_json_error( 'Comment not found' );
}
}
add_action( 'wp_ajax_comment_deleter_delete_comment',
'comment_deleter_delete_comment' );
add_action( 'wp_ajax_nopriv_comment_deleter_delete_comment',
'comment_deleter_delete_comment' );
function comment_deleter_undo_comment() {
check_ajax_referer( 'comment_deleter_undo_comment' );
$commentId = isset( $_POST['comment_id'] ) ? intval(
$_POST['comment_id'] ) : 0;
$comment = get_comment( $commentId );
if ( $comment ) {
wp_untrash_comment( $commentId );
wp_send_json_success();
} else {
wp_send_json_error( 'Comment not found' );
}
}
add_action( 'wp_ajax_comment_deleter_undo_comment',
'comment_deleter_undo_comment' );
add_action( 'wp_ajax_nopriv_comment_deleter_undo_comment', '
comment_deleter_undo_comment' );下面是该插件的JavaScript代码:
jQuery( document ).ready( function( $ ) {
$( '.comment-delete' ).click( function( e ) {
e.preventDefault();
var commentId = $( this ).data( 'comment-id' );
var nonce = $( this ).data( 'nonce' );
var data = {
action: 'comment_deleter_delete_comment',
comment_id: commentId,
nonce: nonce
};
$.post( comment_deleter_ajax.ajax_url, data, function( response ) {
if ( response.success ) {
$( '#comment-' + commentId ).fadeOut();
}
} );
} );
} );
jQuery( document ).ready( function( $ ) {
$( '.comment-undo' ).click( function( e ) {
e.preventDefault();
var commentId = $( this ).data( 'comment-id' );
var nonce = $( this ).data( 'nonce' );
var data = {
action: 'comment_deleter_undo_comment',
comment_id: commentId,
nonce: nonce
};
$.post( comment_deleter_ajax.ajax_url, data, function( response ) {
if ( response.success ) {
$( '#comment-' + commentId ).fadeIn();
$( '.comment-delete-undo' ).hide();
}
} );
} );
} );我把这段代码添加到主题的comments.php文件中:
<?php if ( current_user_can( 'manage_options' ) ) : ?>
<a href="#" class="comment-delete" data-comment-id="<?php
comment_ID();
?>" data-nonce="<?php echo wp_create_nonce(
'comment_deleter_delete_comment' ); ?>">Delete</a>
<?php endif; ?>
<span class="comment-delete-undo" style="display: none;">
<a href="#" class="comment-undo" data-comment-id="<?php
comment_ID(); ?>" data-nonce="<?php echo wp_create_nonce(
'comment_deleter_undo_comment' ); ?>">Undo</a>
</span>我怀疑这是由于权限或安全问题,但我不确定问题的确切来源。我已经验证了nonce是有效的,登录用户有适当的权限删除评论。我还尝试禁用其他插件,看看是否有任何冲突。
你能帮我解决这个问题,并给予我建议,我可以做些什么,让我的插件正常工作?
1条答案
按热度按时间5lhxktic1#
您正在发送随机数,但没有正确验证。check_ajax_referer()需要更多参数。
第一个是你的nonce名
comment_deleter_delete_comment,第二个是$_REQUEST名,在你的例子中是nonce。结果如下:
check_ajax_referer('comment_deleter_delete_comment', 'nonce').如果你不想添加第二个参数,你需要在JS中将它们重命名为一个默认值(
_ajax_nonce或_wpnonce)。