英文:
403 error when using my WordPress plugin to delete comments
问题
我最近创建了一个用于WordPress的插件,允许你从前端帖子中删除评论,提供撤销删除功能,而无需每次重新加载页面(使用Ajax)。然而,当我点击删除按钮时,什么都不会发生,而且在Google控制台中出现了“POST /wp-admin/admin-ajax.php 403”错误。
以下是插件的PHP代码:
<?php
/*
Plugin Name: Comment Deleter
Plugin URI: https://example.com/
Description: A plugin for deleting comments with an undo function and using AJAX.
Version: 1.0.0
Author: Alexis Grolot
Author URI: https://example.com/
License: GPL2
*/
function comment_deleter_enqueue_scripts() {
wp_enqueue_script( 'comment-deleter', plugin_dir_url( __FILE__ ) . 'comment-deleter.js', array( 'jquery' ), '1.0.0', true );
wp_localize_script( 'comment-deleter', 'comment_deleter_ajax', array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ) );
}
add_action( 'wp_enqueue_scripts', 'comment_deleter_enqueue_scripts' );
function comment_deleter_delete_comment() {
check_ajax_referer( 'comment_deleter_delete_comment' );
$commentId = isset( $_POST['comment_id'] ) ? intval( $_POST['comment_id'] ) : 0;
$comment = get_comment( $commentId );
if ( $comment ) {
wp_delete_comment( $commentId, true );
wp_send_json_success();
} else {
wp_send_json_error( 'Comment not found' );
}
}
add_action( 'wp_ajax_comment_deleter_delete_comment', 'comment_deleter_delete_comment' );
add_action( 'wp_ajax_nopriv_comment_deleter_delete_comment', 'comment_deleter_delete_comment' );
function comment_deleter_undo_comment() {
check_ajax_referer( 'comment_deleter_undo_comment' );
$commentId = isset( $_POST['comment_id'] ) ? intval( $_POST['comment_id'] ) : 0;
$comment = get_comment( $commentId );
if ( $comment ) {
wp_untrash_comment( $commentId );
wp_send_json_success();
} else {
wp_send_json_error( 'Comment not found' );
}
}
add_action( 'wp_ajax_comment_deleter_undo_comment', 'comment_deleter_undo_comment' );
add_action( 'wp_ajax_nopriv_comment_deleter_undo_comment', 'comment_deleter_undo_comment' );
以下是插件的JavaScript代码:
jQuery( document ).ready( function( $ ) {
$( '.comment-delete' ).click( function( e ) {
e.preventDefault();
var commentId = $( this ).data( 'comment-id' );
var nonce = $( this ).data( 'nonce' );
var data = {
action: 'comment_deleter_delete_comment',
comment_id: commentId,
nonce: nonce
};
$.post( comment_deleter_ajax.ajax_url, data, function( response ) {
if ( response.success ) {
$( '#comment-' + commentId ).fadeOut();
}
} );
} );
} );
jQuery( document ).ready( function( $ ) {
$( '.comment-undo' ).click( function( e ) {
e.preventDefault();
var commentId = $( this ).data( 'comment-id' );
var nonce = $( this ).data( 'nonce' );
var data = {
action: 'comment_deleter_undo_comment',
comment_id: commentId,
nonce: nonce
};
$.post( comment_deleter_ajax.ajax_url, data, function( response ) {
if ( response.success ) {
$( '#comment-' + commentId ).fadeIn();
$( '.comment-delete-undo' ).hide();
}
} );
} );
} );
我怀疑这是由于权限或安全问题引起的,但我不确定问题的确切来源。我已经验证了nonce是有效的,已登录用户具有删除评论的适当权限。我还尝试禁用其他插件以查看是否存在冲突。
你能帮助我解决这个问题,并提供建议,让我的插件正常工作吗?
英文:
I recently created a plugin for WordPress that allows you to delete comments from a front-end post, with an undo delete function and without having to reload the page each time (Ajax). However, when I click on the delete button, nothing happens and I get a "POST /wp-admin/admin-ajax.php 403" error in the Google console.
Here is the PHP code of the plugin:
<?php
/*
Plugin Name: Comment Deleter
Plugin URI: https://example.com/
Description: A plugin for deleting comments with undo function and
using AJAX.
Version: 1.0.0
Author: Alexis Grolot
Author URI: https://example.com/
License: GPL2
*/
function comment_deleter_enqueue_scripts() {
wp_enqueue_script( 'comment-deleter', plugin_dir_url( __FILE__ ) .
'comment-deleter.js', array( 'jquery' ), '1.0.0', true );
wp_localize_script( 'comment-deleter', 'comment_deleter_ajax', array(
'ajax_url' => admin_url( 'admin-ajax.php' ) ) );
}
add_action( 'wp_enqueue_scripts', 'comment_deleter_enqueue_scripts'
);
function comment_deleter_delete_comment() {
check_ajax_referer( 'comment_deleter_delete_comment' );
$commentId = isset( $_POST['comment_id'] ) ? intval(
$_POST['comment_id'] ) : 0;
$comment = get_comment( $commentId );
if ( $comment ) {
wp_delete_comment( $commentId, true );
wp_send_json_success();
} else {
wp_send_json_error( 'Comment not found' );
}
}
add_action( 'wp_ajax_comment_deleter_delete_comment',
'comment_deleter_delete_comment' );
add_action( 'wp_ajax_nopriv_comment_deleter_delete_comment',
'comment_deleter_delete_comment' );
function comment_deleter_undo_comment() {
check_ajax_referer( 'comment_deleter_undo_comment' );
$commentId = isset( $_POST['comment_id'] ) ? intval(
$_POST['comment_id'] ) : 0;
$comment = get_comment( $commentId );
if ( $comment ) {
wp_untrash_comment( $commentId );
wp_send_json_success();
} else {
wp_send_json_error( 'Comment not found' );
}
}
add_action( 'wp_ajax_comment_deleter_undo_comment',
'comment_deleter_undo_comment' );
add_action( 'wp_ajax_nopriv_comment_deleter_undo_comment', '
comment_deleter_undo_comment' );
Here is the plugin's JavaScript code:
<!-- begin snippet: js hide: false console: true babel: false -->
<!-- language: lang-js -->
jQuery( document ).ready( function( $ ) {
$( '.comment-delete' ).click( function( e ) {
e.preventDefault();
var commentId = $( this ).data( 'comment-id' );
var nonce = $( this ).data( 'nonce' );
var data = {
action: 'comment_deleter_delete_comment',
comment_id: commentId,
nonce: nonce
};
$.post( comment_deleter_ajax.ajax_url, data, function( response ) {
if ( response.success ) {
$( '#comment-' + commentId ).fadeOut();
}
} );
} );
} );
jQuery( document ).ready( function( $ ) {
$( '.comment-undo' ).click( function( e ) {
e.preventDefault();
var commentId = $( this ).data( 'comment-id' );
var nonce = $( this ).data( 'nonce' );
var data = {
action: 'comment_deleter_undo_comment',
comment_id: commentId,
nonce: nonce
};
$.post( comment_deleter_ajax.ajax_url, data, function( response ) {
if ( response.success ) {
$( '#comment-' + commentId ).fadeIn();
$( '.comment-delete-undo' ).hide();
}
} );
} );
} );
<!-- end snippet -->
And I add this code in the comments.php file of my theme:
<?php if ( current_user_can( 'manage_options' ) ) : ?>
<a href="#" class="comment-delete" data-comment-id="<?php
comment_ID();
?>" data-nonce="<?php echo wp_create_nonce(
'comment_deleter_delete_comment' ); ?>">Delete</a>
<?php endif; ?>
<span class="comment-delete-undo" style="display: none;">
<a href="#" class="comment-undo" data-comment-id="<?php
comment_ID(); ?>" data-nonce="<?php echo wp_create_nonce(
'comment_deleter_undo_comment' ); ?>">Undo</a>
</span>
I suspect this is due to permissions or security issues, but I'm not sure of the exact source of the problem. I have already verified that the nonce was valid and that the logged in user had the proper permissions to delete comments. I also tried disabling other plugins to see if there were any conflicts.
Can you help me solve this problem and give me advice on what I can do to allow my plugin to work properly?
答案1
得分: 1
以下是翻译好的部分:
"You're sending your nonce but you're not verifying it correctly. check_ajax_referer() needs more parameters."
中文翻译:您发送了您的随机数,但没有正确验证它。check_ajax_referer()需要更多的参数。
"First one is your nonce name so comment_deleter_delete_comment. Second one is the $_REQUEST name, in your case that is nonce."
中文翻译:第一个是您的随机数名称,即comment_deleter_delete_comment。第二个是$_REQUEST的名称,在您的情况下是nonce。
"Resulting in the following: check_ajax_referer('comment_deleter_delete_comment', 'nonce')."
中文翻译:导致以下结果:check_ajax_referer('comment_deleter_delete_comment', 'nonce')。
"If you don't want to add a second parameter you need to rename them in JS to one of the default values (_ajax_nonce or _wpnonce)."
中文翻译:如果您不想添加第二个参数,您需要在JavaScript中将它们重命名为默认值之一(_ajax_nonce或_wpnonce)。
"var data = {
action: 'comment_deleter_delete_comment',
comment_id: commentId,
_ajax_nonce: nonce
};"
中文翻译:变量数据如下:
{
action: 'comment_deleter_delete_comment',
comment_id: commentId,
_ajax_nonce: nonce
}
英文:
You're sending your nonce but you're not verifying it correctly. check_ajax_referer() needs more parameters.
First one is your nonce name so comment_deleter_delete_comment. Second one is the $_REQUEST name, in your case that is nonce.
Resulting in the following: check_ajax_referer('comment_deleter_delete_comment', 'nonce').
If you don't want to add a second parameter you need to rename them in JS to one of the default values (_ajax_nonce or _wpnonce).
var data = {
action: 'comment_deleter_delete_comment',
comment_id: commentId,
_ajax_nonce: nonce
};
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论