IntenseWebs/WordPress
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Nonce refresh:

Browse Source 
- Update the heartbeat nonce when refreshing nonces on the Edit Post screen.
- After a user logs in from the auth-check dialog, speed up heatrbeat to check/refresh nonces on the Edit Post screen.
- Speeding up heartbeat: bring back the setting how long it should last (how many ticks).
- Add 'heartbeat-nonces-expired' jQuery event when nonces have expired and the user is logged in.
See #23295, see #23216.

git-svn-id: http://core.svn.wordpress.org/trunk@24528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Ozz
2013-06-29 01:31:44 +00:00
parent 7862ae7294
commit b8b66e2cc1
5 changed files with 61 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
wp-admin/includes/ajax-actions.php
View File

@@ -2054,9 +2054,17 @@ function wp_ajax_send_link_to_editor() {
}
function wp_ajax_heartbeat() {
check_ajax_referer( 'heartbeat-nonce', '_nonce' );
if ( empty( $_POST['_nonce'] ) )
wp_send_json_error();
$response = array();
if ( false === wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' ) ) {
// User is logged in but nonces have expired.
$response['nonces_expired'] = true;
wp_send_json($response);
}
// screen_id is the same as $current_screen->id and the JS global 'pagenow'
if ( ! empty($_POST['screen_id']) )
$screen_id = sanitize_key($_POST['screen_id']);
@@ -2076,7 +2084,7 @@ function wp_ajax_heartbeat() {
// Allow the transport to be replaced with long-polling easily
do_action( 'heartbeat_tick', $response, $screen_id );
// send the current time acording to the server
// Send the current time acording to the server
$response['server_time'] = time();
wp_send_json($response);

20
wp-admin/includes/misc.php
View File

@@ -639,21 +639,25 @@ add_filter( 'heartbeat_received', 'wp_refresh_post_lock', 10, 3 );
function wp_refresh_post_nonces( $response, $data, $screen_id ) {
if ( array_key_exists( 'wp-refresh-post-nonces', $data ) ) {
$received = $data['wp-refresh-post-nonces'];
$response['wp-refresh-post-nonces'] = array( 'check' => 1 );
if ( ! $post_id = absint( $received['post_id'] ) )
return $response;
if ( ! current_user_can('edit_post', $post_id) )
if ( ! current_user_can( 'edit_post', $post_id ) || empty( $received['post_nonce'] ) )
return $response;
if ( ! empty( $received['post_nonce'] ) && 2 === wp_verify_nonce( $received['post_nonce'], 'update-post_' . $post_id ) ) {
if ( 2 === wp_verify_nonce( $received['post_nonce'], 'update-post_' . $post_id ) ) {
$response['wp-refresh-post-nonces'] = array(
'replace-autosavenonce' => wp_create_nonce('autosave'),
'replace-getpermalinknonce' => wp_create_nonce('getpermalink'),
'replace-samplepermalinknonce' => wp_create_nonce('samplepermalink'),
'replace-closedpostboxesnonce' => wp_create_nonce('closedpostboxes'),
'replace-_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ),
'replace-_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ),
'replace' => array(
'autosavenonce' => wp_create_nonce('autosave'),
'getpermalinknonce' => wp_create_nonce('getpermalink'),
'samplepermalinknonce' => wp_create_nonce('samplepermalink'),
'closedpostboxesnonce' => wp_create_nonce('closedpostboxes'),
'_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ),
'_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ),
),
'heartbeatNonce' => wp_create_nonce( 'heartbeat-nonce' ),
);
}
}