Should I heck for privileges before even hooking the wp_ajax_hook_name or in the function that I've hooked to it?
The first way:
if( current_user_can( 'manage_options' ) ) {
add_action( 'wp_ajax_my_hook', array( $this, 'myHookFunction' ) );
}
//It won't even get to the function's code.
The second:
add_action( 'wp_ajax_my_hook', array( $this, 'myHookFunction' ) );
..
..
function myHookFunction() {
if( current_user_can( 'manage_options' ) ) {
return;
}
//All the code that would normally be executed is now skipped.
}
Here are a few considerations:
The
myHookFunctionis a class, because it's hooked to an AJAX call, it has to be a public function, as such, anyone that's got access to my class can call the function itself.1.1. As such, we might encounter situations where a(nother) plugin running from a low-tier user calls my function that is supposed to actually not do anything, under any circumstance if the current calling user's privileges are not met, but remember, we only check for them in the class'
__constructwhen we hook towp_ajax_$.My concern is that I'm putting too much in a function, I tried my best to separate code from these functions and if I also add checks (even if minimal) for this too, the functions turn into a monster, but I won't sacrifice security over lines of code.
As such, it seems my second method is the best, security wise, but, assuming we're purists and we want clean classes, as well as clean functions, is it really the best? What are my options here?