From 3ee553c6bc6cfcba03f352cdd53a0d065a947ca0 Mon Sep 17 00:00:00 2001
From: Daryl Koopersmith <dkoopersmith@gmail.com>
Date: Fri, 12 Oct 2012 16:02:45 +0000
Subject: [PATCH] Add a nonce to wp_ajax_save_attachment. see #21390, #21807.

git-svn-id: http://core.svn.wordpress.org/trunk@22212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/ajax-actions.php | 2 ++
 wp-includes/js/media-models.js     | 8 ++++++--
 wp-includes/script-loader.php      | 4 ++++
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/wp-admin/includes/ajax-actions.php b/wp-admin/includes/ajax-actions.php
index 50c7b58a81..b842dfadc3 100644
--- a/wp-admin/includes/ajax-actions.php
+++ b/wp-admin/includes/ajax-actions.php
@@ -1833,6 +1833,8 @@ function wp_ajax_save_attachment() {
 	if ( ! $id = absint( $_REQUEST['id'] ) )
 		wp_send_json_error();
 
+	check_ajax_referer( 'save-attachment', 'nonce' );
+
 	if ( ! current_user_can( 'edit_post', $id ) )
 		wp_send_json_error();
 
diff --git a/wp-includes/js/media-models.js b/wp-includes/js/media-models.js
index 4e15f4f297..c64c4e655a 100644
--- a/wp-includes/js/media-models.js
+++ b/wp-includes/js/media-models.js
@@ -1,7 +1,7 @@
 window.wp = window.wp || {};
 
 (function($){
-	var Attachment, Attachments, Query, compare;
+	var Attachment, Attachments, Query, compare, l10n;
 
 	/**
 	 * wp.media( attributes )
@@ -20,6 +20,9 @@ window.wp = window.wp || {};
 
 	_.extend( media, { model: {}, view: {}, controller: {} });
 
+	// Link any localized strings.
+	l10n = media.model.l10n = _.isUndefined( _wpMediaModelsL10n ) ? {} : _wpMediaModelsL10n;
+
 	/**
 	 * ========================================================================
 	 * UTILITIES
@@ -192,7 +195,8 @@ window.wp = window.wp || {};
 				// Set the action and ID.
 				options.data = _.extend( options.data || {}, {
 					action: 'save-attachment',
-					id: this.id
+					id:     this.id,
+					nonce:  l10n.saveAttachmentNonce
 				});
 
 				// Record the values of the changed attributes.
diff --git a/wp-includes/script-loader.php b/wp-includes/script-loader.php
index 86c0035708..0926dc3796 100644
--- a/wp-includes/script-loader.php
+++ b/wp-includes/script-loader.php
@@ -315,6 +315,10 @@ function wp_default_scripts( &$scripts ) {
 	) );
 
 	$scripts->add( 'media-models', "/wp-includes/js/media-models$suffix.js", array( 'backbone', 'jquery' ), false, 1 );
+	did_action( 'init' ) && $scripts->localize( 'media-models', '_wpMediaModelsL10n', array(
+		'saveAttachmentNonce' => wp_create_nonce( 'save-attachment' ),
+	) );
+
 	$scripts->add( 'media-views',  "/wp-includes/js/media-views$suffix.js",  array( 'media-models', 'wp-plupload' ), false, 1 );
 	did_action( 'init' ) && $scripts->localize( 'media-views', '_wpMediaViewsL10n', array(
 		// Generic