I found the following code:

php:

function ajax_filter_posts_scripts() { wp_register_script('afp_script', get_template_directory_uri() . '/js/ajax-filter-posts.js', false, null, false); wp_enqueue_script('afp_script'); wp_localize_script( 'afp_script', 'afp_vars', array( 'afp_nonce' => wp_create_nonce( 'afp_nonce' ), 'afp_ajax_url' => admin_url( 'admin-ajax.php' ), ) ); } add_action('wp_enqueue_scripts', 'ajax_filter_posts_scripts', 100); $result = array(); function ajax_filter_get_posts( $taxonomy ) { if( !isset( $_POST['afp_nonce'] ) || !wp_verify_nonce( $_POST['afp_nonce'], 'afp_nonce' ) ) die('Permission denied'); $taxonomy = $_POST['taxonomy']; $args = array( 'tag' => $taxonomy, 'post_type' => 'post', 'posts_per_page' => -1, ); if( !$taxonomy ) { unset( $args['tag'] ); } $query = new WP_Query( $args ); if ( $query->have_posts() ) : while ( $query->have_posts() ) : $query->the_post(); $result['response'][] = '<h2><a href="'.get_permalink().'">'. get_the_title().'</a></h2>' . get_the_excerpt(); $result['status'] = 'success'; endwhile; else: $result['response'] = '<h2>No posts found</h2>'; $result['status'] = '404'; endif; $result = json_encode($result); echo $result; die(); } add_action('wp_ajax_filter_posts', 'ajax_filter_get_posts'); add_action('wp_ajax_nopriv_filter_posts', 'ajax_filter_get_posts');

script:

 jQuery(document).ready(function($) { $('.tax-filter').click( function(event) { if (event.preventDefault) { event.preventDefault(); } else { event.returnValue = false; } var selecetd_taxonomy = $(this).attr('title'); $('.tagged-posts').fadeOut(); data = { action: 'filter_posts', afp_nonce: afp_vars.afp_nonce, taxonomy: selecetd_taxonomy, }; $.ajax({ type: 'post', dataType: 'json', url: afp_vars.afp_ajax_url, data: data, success: function( data, textStatus, XMLHttpRequest ) { $('.tagged-posts').html( data.response ); $('.tagged-posts').fadeIn(); }, error: function( MLHttpRequest, textStatus, errorThrown ) { $('.tagged-posts').html( 'No posts found' ); $('.tagged-posts').fadeIn(); } }) }); });

In the template link, the taxonomy "product-brand" has class="tax-filter" , and in the archives of the post type "product" the code is set: <div class="tagged-posts"><?php ajax_filter_posts_scripts(); ?></div> <div class="tagged-posts"><?php ajax_filter_posts_scripts(); ?></div> . After installation in the code, permission denied appears in the template and that's it.

Further, the code is not executed, blocking everything that is written after, and the script itself does not work. I understand that die() works because of nonce nonvalidation, but I don’t understand why validation fails.

  • so did you generate this nonce ? - alenkins
  • and unless in php at connection of scratches it does not occur? - cooledit
  • According to the logic of your script - it happens. Your example has earned me in the nonce comparison part (I reduced the js-part before sending the key and getting the answer). - alenkins
  • And what is this line for <div class="tagged-posts"><?php ajax_filter_posts_scripts(); ?></div> <div class="tagged-posts"><?php ajax_filter_posts_scripts(); ?></div> ? ajax_filter_posts_scripts() scripts by the ajax_filter_posts_scripts() function should occur when executing wp_head() in the site header. - alenkins
  • With the script, it seems, everything is fine, it connects there. The above line displays the data (in the block with the tagged-posts class). But I have a problem with nonce with a custom post type and taxonomy. - cooledit

0