Renew autosave nonce. Props andy. fixes #6266

git-svn-id: http://svn.automattic.com/wordpress/trunk@7375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-03-18 02:43:20 +00:00
parent be4ff0a9dc
commit 34d67f9907
3 changed files with 52 additions and 16 deletions
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -460,7 +460,7 @@ case 'add-user' :
 	$x->send();
 	break;
 case 'autosave' : // The name of this action is hardcoded in edit_post()
-	check_ajax_referer( 'autosave', 'autosavenonce' );
+	$nonce_age = check_ajax_referer( 'autosave', 'autosavenonce');
 	global $current_user;

 	$_POST['post_status'] = 'draft';
@@ -520,6 +520,9 @@ case 'autosave' : // The name of this action is hardcoded in edit_post()
 	if ( $do_lock && $id && is_numeric($id) )
 		wp_set_post_lock( $id );

+	if ( $nonce_age == 2 )
+		$supplemental['replace-autosavenonce'] = wp_create_nonce('autosave');
+
 	$x = new WP_Ajax_Response( array(
 		'what' => 'autosave',
 		'id' => $id,