{"id":229016,"date":"2022-11-04T10:58:00","date_gmt":"2022-11-04T07:58:00","guid":{"rendered":"https:\/\/wordpress.mediadoma.com\/?p=229016"},"modified":"2022-11-09T05:12:12","modified_gmt":"2022-11-09T02:12:12","slug":"turvaliste-ajaxi-taotluste-saatmine-wordpressis-koos-noncesiga","status":"publish","type":"post","link":"https:\/\/wordpress.mediadoma.com\/et\/turvaliste-ajaxi-taotluste-saatmine-wordpressis-koos-noncesiga\/","title":{"rendered":"Turvaliste Ajaxi taotluste saatmine WordPressis (koos Noncesiga)"},"content":{"rendered":"\n<p>Ma tean, et <a href=\"https:\/\/developer.wordpress.org\/rest-api\/\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">REST API<\/a> on praegu WordPressis tohutu vestlusteema ja seda \u00f5igustatult, kuid ikka on aegu, mil peame erinevatel p\u00f5hjustel kasutama <a href=\"https:\/\/codex.wordpress.org\/AJAX_in_Plugins\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">admin-ajaxi (seda hakatakse tundma).<\/a><\/p>\n<ul>\n<li>V\u00f5ib-olla on see rakendus,<\/li>\n<li>V\u00f5ib-olla ei v\u00f5imalda aeg vajalikke l\u00f5pp-punkte luua,<\/li>\n<li>V\u00f5ib-olla tunnete end paremini koos admin-ajaxiga,<\/li>\n<li>Ja nii edasi.<\/li>\n<\/ul>\n<p>Olenemata p\u00f5hjustest, miks te seda kasutate (mida ma ikka teen, olenemata sellest, mis see t\u00f6\u00f6 on), arvan, et on oluline veenduda, et saadame WordPressis turvalisi Ajaxi p\u00e4ringuid noncesside abil t\u00e4pselt samamoodi nagu traditsioonilise vormi andmete esitamisel. .<\/p>\n<p>\u00d5igusp\u00e4rane reaalajas pilt teie Ajaxi taotlust kandvatest juhtmetest.<\/p>\n<p>Kui otsite veebist tulemusi selle kohta, kuidas seda teha, leiate mitmesuguseid vastuseid ja see on lihtsalt j\u00e4rjekordne tilk vanas\u00f5na \u00e4mbrisse.<\/p>\n<p>Aga kui teil on uudishimulik retsept, kuidas sellega toime tulla, siis teen seda iga kord nii.<\/p>\n<h2>Turvalised Ajaxi taotlused WordPressis<\/h2>\n<p>WordPressi jaoks turvaliste Ajaxi taotluste saatmise protsess toimub j\u00e4rgmiselt:<\/p>\n<ol>\n<li>asetage oma JavaScripti fail j\u00e4rjekorda ja kasutage <a href=\"https:\/\/codex.wordpress.org\/Function_Reference\/wp_localize_script\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">wp_localize_script<\/a> ,<\/li>\n<li>veenduge, et teie JavaScript saadaks turvalisuse kohe,<\/li>\n<li>kontrollige tagasihelistamisel turvav\u00e4\u00e4rtust ja k\u00e4sitlege seda asjakohaselt.<\/li>\n<\/ol>\n<p>Seda arvestades on siin iga \u00fclaltoodu kohta m\u00f5ned p\u00f5hisisu, mis loodetavasti viivad teid turvalisema Ajaxi-p\u00f5hise koodi kirjutamiseni.<\/p>\n<h3>1 Pange JavaScript j\u00e4rjekorda, lokaliseerige oma skript<\/h3>\n<p>Ma tean, et see tundub veider esimene samm, arvestades, et peaksite selle enne j\u00e4rjekorda panemist kirjutama. Ja sa peaksid muidugi. Kuid selle postituse jaoks tahtsin enne detailidesse h\u00fcppamist vajalikku koodi n\u00e4idata.<\/p>\n<p>On m\u00f5ned viisid, kuidas inimesed valivad j\u00e4rjekorda admin-ajax.php, kuid <a href=\"https:\/\/gist.github.com\/tommcfarlin\/a53a5c982b9e6826369e2f37914ad77b#file-00-wp-localize-script-php\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">see on protsess<\/a>, mida j\u00e4rgin nii faili j\u00e4rjekorda seadmisel kui ka admin-ajax.php lisamisel:<\/p>\n<pre><code>&lt;?php\n\nwp_enqueue_script(\n  'acme-security',\n  $this-&gt;plugin_url. 'assets\/js\/plugin.js',\n  [ 'jquery' ],\n  false,\n  true\n);\n\nwp_localize_script(\n  'acme-security',\n  'acme_ajax_object',\n  [\n    'ajax_url'  =&gt; admin_url( 'admin-ajax.php' ),\n    'security'  =&gt; wp_create_nonce( 'acme-security-nonce' ),\n  ]\n);<\/code><\/pre>\n<p>Pange t\u00e4hele \u00fclalolevas koodis, et <a href=\"https:\/\/www.google.com\/url?sa=t&#038;rct=j&#038;q=&#038;esrc=s&#038;source=web&#038;cd=1&#038;ved=0ahUKEwjA9NijppDUAhVIWSYKHTzDAVYQFggnMAA&#038;url=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_enqueue_script%2F&#038;usg=AFQjCNEAqOC2ehwxSG7UntToWhDVHXLVUA&#038;sig2=7VfQ0cL4-Pt1e8oV0mDKRg&#038;cad=rjt\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">wp_enqueue_scripti v\u00e4ljakutse<\/a> n\u00e4eb v\u00e4lja t\u00e4pselt selline, nagu ootate.<\/p>\n<p>Kuid <a href=\"https:\/\/codex.wordpress.org\/Function_Reference\/wp_localize_script\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">wp_localize_script<\/a> on veidi erinev. See teeb j\u00e4rgmist.<\/p>\n<ol>\n<li>See j\u00e4rgneb skripti j\u00e4rjekorda seadmise kutsele (ja j\u00e4rjekord on oluline),<\/li>\n<li>see kasutab sama identifikaatorit, nimelt <strong>acme-security<\/strong> ,<\/li>\n<li>See m\u00e4\u00e4ratleb objekti, mida saame kasutada oma JavaScripti koodis nimega <strong>acme_ajax_object<\/strong>, ja m\u00e4\u00e4ratleb kaks atribuuti.<\/li>\n<li>Atribuut <strong>ajax_url<\/strong> s\u00e4ilitab admin-ajax.php tee.<\/li>\n<li>Turvaatribuut s\u00e4ilitab v\u00e4\u00e4rtuse, mille <a href=\"https:\/\/codex.wordpress.org\/Function_Reference\/wp_create_nonce\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">tagastab<\/a> <strong>wp_create_nonce<\/strong>.<a href=\"https:\/\/codex.wordpress.org\/Function_Reference\/wp_create_nonce\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external\"><\/a><\/li>\n<\/ol>\n<p>Niisiis, kuidas me saame seda k\u00f5ike oma JavaScripti kontekstis \u00e4ra kasutada?<\/p>\n<h3>2 Selle teabe kasutamine JavaScriptis<\/h3>\n<p>Esiteks peame Ajaxi k\u00f5ne tegemisel veenduma, et kasutame \u00fclaltoodud koodis m\u00e4\u00e4ratletud objekti atribuuti <strong>ajax_url .<\/strong> See t\u00e4hendab, et p\u00e4ringu URL tuleks saata aadressile <strong>acme_ajax_object.ajax_url<\/strong>.<\/p>\n<p>Seej\u00e4rel m\u00e4\u00e4rate funktsiooni, mida soovite kutsuda. Sel juhul on see <strong>get_custom_date<\/strong>, mida uurime hetke p\u00e4rast.<\/p>\n<p>Kuid k\u00f5ige olulisem osa tuleb j\u00e4rgmisena: seej\u00e4rel saadame kindlasti turvav\u00e4\u00e4rtuse, mida <strong>s\u00e4ilitab<\/strong> acme_ajax_object <strong>turbeatribuut<\/strong>.<\/p>\n<pre><code>$.get( acme_ajax_object.ajax_url, {\n\n    action:   'get_custom_data',\n    security: acme_ajax_object.security\n\n}, function( response) {\n\n  if (undefined !== response.success &amp;&amp; false === response.success) {\n    return;\n  }\n\n  \/\/ Parse your response here.\n\n});<\/code><\/pre>\n<p>Pange t\u00e4hele, et vastamisfunktsioonis kontrollime, kas vastus on korralikult \u00f5nnestunud, k\u00e4sitleme seda \u00f5igesti ja liigume seej\u00e4rel oma koodiga edasi.<\/p>\n<p>Kuidas siis serveripoolne kood selle jaoks v\u00e4lja n\u00e4eb?<\/p>\n<h3>3 Turvalisuse kontrollimine<\/h3>\n<p>J\u00e4rgmiseks peame teie tagasihelistamisfunktsioonis (millele oleme andnud sobiva nimetuse <strong>get_custom_data<\/strong> ), enne kui midagi muud teeme, kontrollima turvav\u00e4\u00e4rtust.<\/p>\n<p>Kui v\u00e4\u00e4rtus l\u00e4heb m\u00f6\u00f6da, on k\u00f5ik korras; vastasel juhul peame saatma veateate.<\/p>\n<pre><code>&lt;?php\n\npublic function get_custom_data() {\n\n  if (! check_ajax_referer( 'acme-security-nonce', 'security', false)) {\n\n    wp_send_json_error( 'Invalid security token sent.' );\n    wp_die();\n  }\n\n  \/\/ The rest of the function that does actual work.\n\n}<\/code><\/pre>\n<p>Pange t\u00e4hele, et kui kutsume <a href=\"https:\/\/codex.wordpress.org\/Function_Reference\/check_ajax_referer\" target=\"_blank\" rel=\"noopener nofollow\" class=\"external external_icon\">v\u00e4lja check_ajax_referer<\/a>, kasutame failis wp_create_nonce m\u00e4\u00e4ratletud v\u00e4\u00e4rtuse v\u00f5tit ja esimeses etapis m\u00e4\u00e4ratletud objekti atribuudi nime.<\/p>\n<p>Kui see ei registreerita, saadame JSON-i t\u00f5rketeate, mida saame JavaScriptist lugeda, nagu eespool n\u00e4gime. See peaks alati olema esimene samm enne tegeliku t\u00f6\u00f6 tegemist.<\/p>\n<p>Kui k\u00f5ik on kontrollitud, oleme valmis minema.<\/p>\n<h2>Kas see on t\u00f5esti turvaline?<\/h2>\n<p>See on paratamatu k\u00fcsimus, kas pole? Ausalt \u00f6eldes ei taha ma lubada, et see on t\u00e4iesti lollikindel, sest ma ei ole turvaekspert.<\/p>\n<p>Kuid WordPressi sisseehitatud turvafunktsioone v\u00f5imendava nonce-v\u00e4\u00e4rtuse omamine on parem kui andmete pimesi saatmine, ilma et saaks kontrollida saadetava allikat.<\/p>\n<p>Loomulikult peate andmed ka enne nende \u00fclekuulamist, kasutamist, potentsiaalset salvestamist ja nii edasi desinfitseerima. Aga see on hoopis teise postituse sisu.<\/p>\n<p>See annab hoopis retsepti, kuidas saada WordPressis turvalisi Ajaxi p\u00e4ringuid.<\/p>\n<p><div id=\"PostUnique_PostSource\" style=\"padding-top: 50px\">:  <a target=\"_blank\" rel=\"noopener nofollow\" href=\"\/\/tommcfarlin.com\" class=\"external external_icon\">tommcfarlin.com<\/a><\/div><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Siin kirjeldatud kolm sammu annavad retsepti, kuidas saada WordPressis turvalisi Ajaxi taotlusi.<\/p>\n","protected":false},"author":1,"featured_media":166665,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wp_rev_ctl_limit":""},"categories":[718,894,863],"tags":[1165],"class_list":["post-229016","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-arendaja","category-kood","category-wordpress-4","tag-affiai-et"],"_links":{"self":[{"href":"https:\/\/wordpress.mediadoma.com\/et\/wp-json\/wp\/v2\/posts\/229016","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.mediadoma.com\/et\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.mediadoma.com\/et\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.mediadoma.com\/et\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.mediadoma.com\/et\/wp-json\/wp\/v2\/comments?post=229016"}],"version-history":[{"count":0,"href":"https:\/\/wordpress.mediadoma.com\/et\/wp-json\/wp\/v2\/posts\/229016\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wordpress.mediadoma.com\/et\/wp-json\/wp\/v2\/media\/166665"}],"wp:attachment":[{"href":"https:\/\/wordpress.mediadoma.com\/et\/wp-json\/wp\/v2\/media?parent=229016"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.mediadoma.com\/et\/wp-json\/wp\/v2\/categories?post=229016"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.mediadoma.com\/et\/wp-json\/wp\/v2\/tags?post=229016"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}