403错误是指在使用我的WordPress插件删除评论时出现的问题。

huangapple go评论79阅读模式
英文:

403 error when using my WordPress plugin to delete comments

问题

我最近创建了一个用于WordPress的插件,允许你从前端帖子中删除评论,提供撤销删除功能,而无需每次重新加载页面(使用Ajax)。然而,当我点击删除按钮时,什么都不会发生,而且在Google控制台中出现了“POST /wp-admin/admin-ajax.php 403”错误。

以下是插件的PHP代码:

<?php
/*
Plugin Name: Comment Deleter
Plugin URI: https://example.com/
Description: A plugin for deleting comments with an undo function and using AJAX.
Version: 1.0.0
Author: Alexis Grolot
Author URI: https://example.com/
License: GPL2
*/

function comment_deleter_enqueue_scripts() {
    wp_enqueue_script( 'comment-deleter', plugin_dir_url( __FILE__ ) . 'comment-deleter.js', array( 'jquery' ), '1.0.0', true );
    wp_localize_script( 'comment-deleter', 'comment_deleter_ajax', array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ) );
}
add_action( 'wp_enqueue_scripts', 'comment_deleter_enqueue_scripts' );

function comment_deleter_delete_comment() {
    check_ajax_referer( 'comment_deleter_delete_comment' );
    $commentId = isset( $_POST['comment_id'] ) ? intval( $_POST['comment_id'] ) : 0;
    $comment = get_comment( $commentId );
    if ( $comment ) {
        wp_delete_comment( $commentId, true );
        wp_send_json_success();
    } else {
        wp_send_json_error( 'Comment not found' );
    }
}
add_action( 'wp_ajax_comment_deleter_delete_comment', 'comment_deleter_delete_comment' );
add_action( 'wp_ajax_nopriv_comment_deleter_delete_comment', 'comment_deleter_delete_comment' );

function comment_deleter_undo_comment() {
    check_ajax_referer( 'comment_deleter_undo_comment' );
    $commentId = isset( $_POST['comment_id'] ) ? intval( $_POST['comment_id'] ) : 0;
    $comment = get_comment( $commentId );
    if ( $comment ) {
        wp_untrash_comment( $commentId );
        wp_send_json_success();
    } else {
        wp_send_json_error( 'Comment not found' );
    }
}
add_action( 'wp_ajax_comment_deleter_undo_comment', 'comment_deleter_undo_comment' );
add_action( 'wp_ajax_nopriv_comment_deleter_undo_comment', 'comment_deleter_undo_comment' );

以下是插件的JavaScript代码:

jQuery( document ).ready( function( $ ) {
    $( '.comment-delete' ).click( function( e ) {
        e.preventDefault();
        var commentId = $( this ).data( 'comment-id' );
        var nonce = $( this ).data( 'nonce' );
        var data = {
            action: 'comment_deleter_delete_comment',
            comment_id: commentId,
            nonce: nonce
        };
        $.post( comment_deleter_ajax.ajax_url, data, function( response ) {
            if ( response.success ) {
                $( '#comment-' + commentId ).fadeOut();
            }
        } );
    } );
} );

jQuery( document ).ready( function( $ ) {
    $( '.comment-undo' ).click( function( e ) {
        e.preventDefault();
        var commentId = $( this ).data( 'comment-id' );
        var nonce = $( this ).data( 'nonce' );
        var data = {
            action: 'comment_deleter_undo_comment',
            comment_id: commentId,
            nonce: nonce
        };
        $.post( comment_deleter_ajax.ajax_url, data, function( response ) {
            if ( response.success ) {
                $( '#comment-' + commentId ).fadeIn();
                $( '.comment-delete-undo' ).hide();
            }
        } );
    } );
} );

我怀疑这是由于权限或安全问题引起的,但我不确定问题的确切来源。我已经验证了nonce是有效的,已登录用户具有删除评论的适当权限。我还尝试禁用其他插件以查看是否存在冲突。

你能帮助我解决这个问题,并提供建议,让我的插件正常工作吗?

英文:

I recently created a plugin for WordPress that allows you to delete comments from a front-end post, with an undo delete function and without having to reload the page each time (Ajax). However, when I click on the delete button, nothing happens and I get a "POST /wp-admin/admin-ajax.php 403" error in the Google console.

Here is the PHP code of the plugin:

&lt;?php
/*
Plugin Name: Comment Deleter
Plugin URI: https://example.com/
Description: A plugin for deleting comments with undo function and 
using AJAX.
Version: 1.0.0
Author: Alexis Grolot
Author URI: https://example.com/
License: GPL2
*/

function comment_deleter_enqueue_scripts() {
    wp_enqueue_script( &#39;comment-deleter&#39;, plugin_dir_url( __FILE__ ) . 
    &#39;comment-deleter.js&#39;, array( &#39;jquery&#39; ), &#39;1.0.0&#39;, true );
    wp_localize_script( &#39;comment-deleter&#39;, &#39;comment_deleter_ajax&#39;, array( 
    &#39;ajax_url&#39; =&gt; admin_url( &#39;admin-ajax.php&#39; ) ) );
}
add_action( &#39;wp_enqueue_scripts&#39;, &#39;comment_deleter_enqueue_scripts&#39; 
);

function comment_deleter_delete_comment() {
    check_ajax_referer( &#39;comment_deleter_delete_comment&#39; );
    $commentId = isset( $_POST[&#39;comment_id&#39;] ) ? intval( 
    $_POST[&#39;comment_id&#39;] ) : 0;
    $comment = get_comment( $commentId );
    if ( $comment ) {
        wp_delete_comment( $commentId, true );
        wp_send_json_success();
    } else {
        wp_send_json_error( &#39;Comment not found&#39; );
    }
}
add_action( &#39;wp_ajax_comment_deleter_delete_comment&#39;, 
&#39;comment_deleter_delete_comment&#39; );
add_action( &#39;wp_ajax_nopriv_comment_deleter_delete_comment&#39;, 
&#39;comment_deleter_delete_comment&#39; );

function comment_deleter_undo_comment() {
    check_ajax_referer( &#39;comment_deleter_undo_comment&#39; );
    $commentId = isset( $_POST[&#39;comment_id&#39;] ) ? intval( 
    $_POST[&#39;comment_id&#39;] ) : 0;
    $comment = get_comment( $commentId );
    if ( $comment ) {
        wp_untrash_comment( $commentId );
        wp_send_json_success();
    } else {
        wp_send_json_error( &#39;Comment not found&#39; );
    }
}
add_action( &#39;wp_ajax_comment_deleter_undo_comment&#39;, 
&#39;comment_deleter_undo_comment&#39; );
add_action( &#39;wp_ajax_nopriv_comment_deleter_undo_comment&#39;, &#39; 
comment_deleter_undo_comment&#39; );

Here is the plugin's JavaScript code:

<!-- begin snippet: js hide: false console: true babel: false -->

<!-- language: lang-js -->

jQuery( document ).ready( function( $ ) {
    $( &#39;.comment-delete&#39; ).click( function( e ) {
        e.preventDefault();
        var commentId = $( this ).data( &#39;comment-id&#39; );
        var nonce = $( this ).data( &#39;nonce&#39; );
        var data = {
            action: &#39;comment_deleter_delete_comment&#39;,
            comment_id: commentId,
            nonce: nonce
        };
        $.post( comment_deleter_ajax.ajax_url, data, function( response ) {
            if ( response.success ) {
                $( &#39;#comment-&#39; + commentId ).fadeOut();
            }
        } );
    } );
} );

jQuery( document ).ready( function( $ ) {
    $( &#39;.comment-undo&#39; ).click( function( e ) {
        e.preventDefault();
        var commentId = $( this ).data( &#39;comment-id&#39; );
        var nonce = $( this ).data( &#39;nonce&#39; );
        var data = {
            action: &#39;comment_deleter_undo_comment&#39;,
            comment_id: commentId,
            nonce: nonce
        };
        $.post( comment_deleter_ajax.ajax_url, data, function( response ) {
            if ( response.success ) {
                $( &#39;#comment-&#39; + commentId ).fadeIn();
                $( &#39;.comment-delete-undo&#39; ).hide();
            }
        } );
    } );
} );

<!-- end snippet -->

And I add this code in the comments.php file of my theme:

&lt;?php if ( current_user_can( &#39;manage_options&#39; ) ) : ?&gt;
    &lt;a href=&quot;#&quot; class=&quot;comment-delete&quot; data-comment-id=&quot;&lt;?php 
    comment_ID(); 
    ?&gt;&quot; data-nonce=&quot;&lt;?php echo wp_create_nonce( 
    &#39;comment_deleter_delete_comment&#39; ); ?&gt;&quot;&gt;Delete&lt;/a&gt;
&lt;?php endif; ?&gt;
&lt;span class=&quot;comment-delete-undo&quot; style=&quot;display: none;&quot;&gt;
    &lt;a href=&quot;#&quot; class=&quot;comment-undo&quot; data-comment-id=&quot;&lt;?php 
    comment_ID(); ?&gt;&quot; data-nonce=&quot;&lt;?php echo wp_create_nonce( 
    &#39;comment_deleter_undo_comment&#39; ); ?&gt;&quot;&gt;Undo&lt;/a&gt;
&lt;/span&gt;

I suspect this is due to permissions or security issues, but I'm not sure of the exact source of the problem. I have already verified that the nonce was valid and that the logged in user had the proper permissions to delete comments. I also tried disabling other plugins to see if there were any conflicts.

Can you help me solve this problem and give me advice on what I can do to allow my plugin to work properly?

答案1

得分: 1

以下是翻译好的部分:

"You're sending your nonce but you're not verifying it correctly. check_ajax_referer() needs more parameters."

中文翻译:您发送了您的随机数,但没有正确验证它。check_ajax_referer()需要更多的参数。

"First one is your nonce name so comment_deleter_delete_comment. Second one is the $_REQUEST name, in your case that is nonce."

中文翻译:第一个是您的随机数名称,即comment_deleter_delete_comment。第二个是$_REQUEST的名称,在您的情况下是nonce。

"Resulting in the following: check_ajax_referer('comment_deleter_delete_comment', 'nonce')."

中文翻译:导致以下结果:check_ajax_referer('comment_deleter_delete_comment', 'nonce')。

"If you don't want to add a second parameter you need to rename them in JS to one of the default values (_ajax_nonce or _wpnonce)."

中文翻译:如果您不想添加第二个参数,您需要在JavaScript中将它们重命名为默认值之一(_ajax_nonce或_wpnonce)。

"var data = {
action: 'comment_deleter_delete_comment',
comment_id: commentId,
_ajax_nonce: nonce
};"

中文翻译:变量数据如下:

{
  action: 'comment_deleter_delete_comment',
  comment_id: commentId,
  _ajax_nonce: nonce
}
英文:

You're sending your nonce but you're not verifying it correctly. check_ajax_referer() needs more parameters.

First one is your nonce name so comment_deleter_delete_comment. Second one is the $_REQUEST name, in your case that is nonce.

Resulting in the following: check_ajax_referer(&#39;comment_deleter_delete_comment&#39;, &#39;nonce&#39;).

If you don't want to add a second parameter you need to rename them in JS to one of the default values (_ajax_nonce or _wpnonce).

var data = {
  action: &#39;comment_deleter_delete_comment&#39;,
  comment_id: commentId,
  _ajax_nonce: nonce
};

huangapple
  • 本文由 发表于 2023年2月23日 22:28:57
  • 转载请务必保留本文链接:https://go.coder-hub.com/75546182.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定