is_protected_ajax_action

The timeline below displays how wordpress function is_protected_ajax_action has changed across different WordPress versions. If a version is not listed, refer to the next available version below.

WordPress Version: 6.5

/**
 * Determines whether we are currently handling an Ajax action that should be protected against WSODs.
 *
 * @since 5.2.0
 *
 * @return bool True if the current Ajax action should be protected.
 */
function is_protected_ajax_action()
{
    if (!wp_doing_ajax()) {
        return false;
    }
    if (!isset($_REQUEST['action'])) {
        return false;
    }
    $actions_to_protect = array(
        'edit-theme-plugin-file',
        // Saving changes in the core code editor.
        'heartbeat',
        // Keep the heart beating.
        'install-plugin',
        // Installing a new plugin.
        'install-theme',
        // Installing a new theme.
        'search-plugins',
        // Searching in the list of plugins.
        'search-install-plugins',
        // Searching for a plugin in the plugin install screen.
        'update-plugin',
        // Update an existing plugin.
        'update-theme',
        // Update an existing theme.
        'activate-plugin',
    );
    /**
     * Filters the array of protected Ajax actions.
     *
     * This filter is only fired when doing Ajax and the Ajax request has an 'action' property.
     *
     * @since 5.2.0
     *
     * @param string[] $actions_to_protect Array of strings with Ajax actions to protect.
     */
    $actions_to_protect = (array) apply_filters('wp_protected_ajax_actions', $actions_to_protect);
    if (!in_array($_REQUEST['action'], $actions_to_protect, true)) {
        return false;
    }
    return true;
}

WordPress Version: 5.5

/**
 * Determines whether we are currently handling an Ajax action that should be protected against WSODs.
 *
 * @since 5.2.0
 *
 * @return bool True if the current Ajax action should be protected.
 */
function is_protected_ajax_action()
{
    if (!wp_doing_ajax()) {
        return false;
    }
    if (!isset($_REQUEST['action'])) {
        return false;
    }
    $actions_to_protect = array(
        'edit-theme-plugin-file',
        // Saving changes in the core code editor.
        'heartbeat',
        // Keep the heart beating.
        'install-plugin',
        // Installing a new plugin.
        'install-theme',
        // Installing a new theme.
        'search-plugins',
        // Searching in the list of plugins.
        'search-install-plugins',
        // Searching for a plugin in the plugin install screen.
        'update-plugin',
        // Update an existing plugin.
        'update-theme',
    );
    /**
     * Filters the array of protected Ajax actions.
     *
     * This filter is only fired when doing Ajax and the Ajax request has an 'action' property.
     *
     * @since 5.2.0
     *
     * @param string[] $actions_to_protect Array of strings with Ajax actions to protect.
     */
    $actions_to_protect = (array) apply_filters('wp_protected_ajax_actions', $actions_to_protect);
    if (!in_array($_REQUEST['action'], $actions_to_protect, true)) {
        return false;
    }
    return true;
}

WordPress Version: 5.4

/**
 * Determines whether we are currently handling an AJAX action that should be protected against WSODs.
 *
 * @since 5.2.0
 *
 * @return bool True if the current AJAX action should be protected.
 */
function is_protected_ajax_action()
{
    if (!wp_doing_ajax()) {
        return false;
    }
    if (!isset($_REQUEST['action'])) {
        return false;
    }
    $actions_to_protect = array(
        'edit-theme-plugin-file',
        // Saving changes in the core code editor.
        'heartbeat',
        // Keep the heart beating.
        'install-plugin',
        // Installing a new plugin.
        'install-theme',
        // Installing a new theme.
        'search-plugins',
        // Searching in the list of plugins.
        'search-install-plugins',
        // Searching for a plugin in the plugin install screen.
        'update-plugin',
        // Update an existing plugin.
        'update-theme',
    );
    /**
     * Filters the array of protected AJAX actions.
     *
     * This filter is only fired when doing AJAX and the AJAX request has an 'action' property.
     *
     * @since 5.2.0
     *
     * @param string[] $actions_to_protect Array of strings with AJAX actions to protect.
     */
    $actions_to_protect = (array) apply_filters('wp_protected_ajax_actions', $actions_to_protect);
    if (!in_array($_REQUEST['action'], $actions_to_protect, true)) {
        return false;
    }
    return true;
}

WordPress Version: 5.2

/**
 * Determines whether we are currently handling an AJAX action that should be protected against WSODs.
 *
 * @since 5.2.0
 *
 * @return bool True if the current AJAX action should be protected.
 */
function is_protected_ajax_action()
{
    if (!wp_doing_ajax()) {
        return false;
    }
    if (!isset($_REQUEST['action'])) {
        return false;
    }
    $actions_to_protect = array(
        'edit-theme-plugin-file',
        // Saving changes in the core code editor.
        'heartbeat',
        // Keep the heart beating.
        'install-plugin',
        // Installing a new plugin.
        'install-theme',
        // Installing a new theme.
        'search-plugins',
        // Searching in the list of plugins.
        'search-install-plugins',
        // Searching for a plugin in the plugin install screen.
        'update-plugin',
        // Update an existing plugin.
        'update-theme',
    );
    /**
     * Filters the array of protected AJAX actions.
     *
     * This filter is only fired when doing AJAX and the AJAX request has an 'action' property.
     *
     * @since 5.2.0
     *
     * @param array $actions_to_protect Array of strings with AJAX actions to protect.
     */
    $actions_to_protect = (array) apply_filters('wp_protected_ajax_actions', $actions_to_protect);
    if (!in_array($_REQUEST['action'], $actions_to_protect, true)) {
        return false;
    }
    return true;
}