mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 01:27:36 +01:00
Customizer: Gravefully handle cookie expipration. Prompt for log in in the preview. Props ocean90, koopersmith, nacin. fixes #20876
git-svn-id: http://core.svn.wordpress.org/trunk@21031 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
dce23895de
commit
9115435213
@ -514,3 +514,24 @@ body {
|
|||||||
-webkit-overflow-scrolling: touch;
|
-webkit-overflow-scrolling: touch;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handle cheaters.
|
||||||
|
*/
|
||||||
|
body.cheatin {
|
||||||
|
min-width: 0;
|
||||||
|
background: #f9f9f9;
|
||||||
|
padding: 50px;
|
||||||
|
}
|
||||||
|
|
||||||
|
body.cheatin p {
|
||||||
|
max-width: 700px;
|
||||||
|
margin: 0 auto;
|
||||||
|
padding: 2em;
|
||||||
|
font-size: 14px;
|
||||||
|
|
||||||
|
background: #fff;
|
||||||
|
border: 1px solid #dfdfdf;
|
||||||
|
|
||||||
|
-webkit-border-radius: 3px;
|
||||||
|
border-radius: 3px;
|
||||||
|
}
|
@ -148,6 +148,11 @@ do_action( 'customize_controls_print_scripts' );
|
|||||||
'TB_iframe' => 'true'
|
'TB_iframe' => 'true'
|
||||||
), home_url( '/' ) );
|
), home_url( '/' ) );
|
||||||
|
|
||||||
|
$login_url = add_query_arg( array(
|
||||||
|
'interim-login' => 1,
|
||||||
|
'customize-login' => 1
|
||||||
|
), wp_login_url() );
|
||||||
|
|
||||||
$settings = array(
|
$settings = array(
|
||||||
'theme' => array(
|
'theme' => array(
|
||||||
'stylesheet' => $wp_customize->get_stylesheet(),
|
'stylesheet' => $wp_customize->get_stylesheet(),
|
||||||
@ -162,6 +167,7 @@ do_action( 'customize_controls_print_scripts' );
|
|||||||
'isCrossDomain' => $cross_domain,
|
'isCrossDomain' => $cross_domain,
|
||||||
'fallback' => $fallback_url,
|
'fallback' => $fallback_url,
|
||||||
'home' => esc_url( home_url( '/' ) ),
|
'home' => esc_url( home_url( '/' ) ),
|
||||||
|
'login' => $login_url,
|
||||||
),
|
),
|
||||||
'browser' => array(
|
'browser' => array(
|
||||||
'mobile' => wp_is_mobile(),
|
'mobile' => wp_is_mobile(),
|
||||||
|
@ -334,6 +334,18 @@
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check if the user is not logged in.
|
||||||
|
if ( '0' === response ) {
|
||||||
|
deferred.rejectWith( self, [ 'logged out' ] );
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check for cheaters.
|
||||||
|
if ( '-1' === response ) {
|
||||||
|
deferred.rejectWith( self, [ 'cheatin' ] );
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// Check for a signature in the request.
|
// Check for a signature in the request.
|
||||||
index = response.lastIndexOf( signature );
|
index = response.lastIndexOf( signature );
|
||||||
if ( -1 === index || index < response.lastIndexOf('</html>') ) {
|
if ( -1 === index || index < response.lastIndexOf('</html>') ) {
|
||||||
@ -548,7 +560,52 @@
|
|||||||
this.loading.fail( function( reason, location ) {
|
this.loading.fail( function( reason, location ) {
|
||||||
if ( 'redirect' === reason && location )
|
if ( 'redirect' === reason && location )
|
||||||
self.url( location );
|
self.url( location );
|
||||||
|
|
||||||
|
if ( 'logged out' === reason ) {
|
||||||
|
if ( self.iframe ) {
|
||||||
|
self.iframe.destroy();
|
||||||
|
delete self.iframe;
|
||||||
|
}
|
||||||
|
|
||||||
|
self.login().done( self.refresh );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( 'cheatin' === reason )
|
||||||
|
self.cheatin();
|
||||||
});
|
});
|
||||||
|
},
|
||||||
|
|
||||||
|
login: function() {
|
||||||
|
var previewer = this,
|
||||||
|
deferred, messenger, iframe;
|
||||||
|
|
||||||
|
if ( this._login )
|
||||||
|
return this._login;
|
||||||
|
|
||||||
|
deferred = $.Deferred();
|
||||||
|
this._login = deferred.promise();
|
||||||
|
|
||||||
|
messenger = new api.Messenger({
|
||||||
|
channel: 'login',
|
||||||
|
url: api.settings.url.login
|
||||||
|
});
|
||||||
|
|
||||||
|
iframe = $('<iframe src="' + api.settings.url.login + '" />').appendTo( this.container );
|
||||||
|
|
||||||
|
messenger.targetWindow( iframe[0].contentWindow );
|
||||||
|
|
||||||
|
messenger.bind( 'login', function() {
|
||||||
|
iframe.remove();
|
||||||
|
messenger.destroy();
|
||||||
|
delete previewer._login;
|
||||||
|
deferred.resolve();
|
||||||
|
});
|
||||||
|
|
||||||
|
return this._login;
|
||||||
|
},
|
||||||
|
|
||||||
|
cheatin: function() {
|
||||||
|
$( document.body ).empty().addClass('cheatin').append( '<p>' + api.l10n.cheatin + '</p>' );
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -605,7 +662,8 @@
|
|||||||
nonce: $('#_wpnonce').val(),
|
nonce: $('#_wpnonce').val(),
|
||||||
|
|
||||||
save: function() {
|
save: function() {
|
||||||
var query = $.extend( this.query(), {
|
var self = this,
|
||||||
|
query = $.extend( this.query(), {
|
||||||
action: 'customize_save',
|
action: 'customize_save',
|
||||||
nonce: this.nonce
|
nonce: this.nonce
|
||||||
}),
|
}),
|
||||||
@ -619,7 +677,23 @@
|
|||||||
body.removeClass('saving');
|
body.removeClass('saving');
|
||||||
});
|
});
|
||||||
|
|
||||||
request.done( function() {
|
request.done( function( response ) {
|
||||||
|
// Check if the user is logged out.
|
||||||
|
if ( '0' === response ) {
|
||||||
|
self.iframe.iframe.hide();
|
||||||
|
self.login().done( function() {
|
||||||
|
self.save();
|
||||||
|
self.iframe.iframe.show();
|
||||||
|
});
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check for cheaters.
|
||||||
|
if ( '-1' === response ) {
|
||||||
|
self.cheatin();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
api.trigger( 'saved' );
|
api.trigger( 'saved' );
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -31,6 +31,8 @@ final class WP_Customize_Manager {
|
|||||||
require( ABSPATH . WPINC . '/class-wp-customize-section.php' );
|
require( ABSPATH . WPINC . '/class-wp-customize-section.php' );
|
||||||
require( ABSPATH . WPINC . '/class-wp-customize-control.php' );
|
require( ABSPATH . WPINC . '/class-wp-customize-control.php' );
|
||||||
|
|
||||||
|
add_filter( 'wp_die_handler', array( $this, 'wp_die_handler' ) );
|
||||||
|
|
||||||
add_action( 'setup_theme', array( $this, 'setup_theme' ) );
|
add_action( 'setup_theme', array( $this, 'setup_theme' ) );
|
||||||
add_action( 'wp_loaded', array( $this, 'wp_loaded' ) );
|
add_action( 'wp_loaded', array( $this, 'wp_loaded' ) );
|
||||||
|
|
||||||
@ -52,16 +54,54 @@ final class WP_Customize_Manager {
|
|||||||
add_action( 'customize_controls_enqueue_scripts', array( $this, 'enqueue_control_scripts' ) );
|
add_action( 'customize_controls_enqueue_scripts', array( $this, 'enqueue_control_scripts' ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Start preview and customize theme.
|
* Return true if it's an AJAX request.
|
||||||
*
|
*
|
||||||
* Check if customize query variable exist. Init filters to filter the current theme.
|
* @since 3.4.0
|
||||||
|
*/
|
||||||
|
public function doing_ajax() {
|
||||||
|
return isset( $_POST['customized'] ) || ( defined( 'DOING_AJAX' ) && DOING_AJAX );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Custom wp_die wrapper. Returns either the standard message for UI
|
||||||
|
* or the AJAX message.
|
||||||
|
*
|
||||||
|
* @param mixed $ajax_message AJAX return
|
||||||
|
* @param mixed $message UI message
|
||||||
|
*
|
||||||
|
* @since 3.4.0
|
||||||
|
*/
|
||||||
|
private function wp_die( $ajax_message, $message ) {
|
||||||
|
if ( $this->doing_ajax() )
|
||||||
|
wp_die( $ajax_message );
|
||||||
|
|
||||||
|
wp_die( $message );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return the AJAX wp_die() handler if it's a customized request.
|
||||||
|
*
|
||||||
|
* @since 3.4.0
|
||||||
|
*/
|
||||||
|
public function wp_die_handler() {
|
||||||
|
if ( $this->doing_ajax() )
|
||||||
|
return '_ajax_wp_die_handler';
|
||||||
|
|
||||||
|
return '_default_wp_die_handler';
|
||||||
|
}
|
||||||
|
/**
|
||||||
|
* Start preview and customize theme.
|
||||||
|
*
|
||||||
|
* Check if customize query variable exist. Init filters to filter the current theme.
|
||||||
*
|
*
|
||||||
* @since 3.4.0
|
* @since 3.4.0
|
||||||
*/
|
*/
|
||||||
public function setup_theme() {
|
public function setup_theme() {
|
||||||
if ( is_admin() && ! defined( 'DOING_AJAX' ) )
|
if ( is_admin() && ! $this->doing_ajax() )
|
||||||
auth_redirect();
|
auth_redirect();
|
||||||
|
elseif ( $this->doing_ajax() && ! is_user_logged_in())
|
||||||
|
wp_die( 0 );
|
||||||
|
|
||||||
send_origin_headers();
|
send_origin_headers();
|
||||||
|
|
||||||
@ -71,13 +111,13 @@ final class WP_Customize_Manager {
|
|||||||
|
|
||||||
// You can't preview a theme if it doesn't exist, or if it is not allowed (unless active).
|
// You can't preview a theme if it doesn't exist, or if it is not allowed (unless active).
|
||||||
if ( ! $this->theme->exists() )
|
if ( ! $this->theme->exists() )
|
||||||
wp_die( __( 'Cheatin’ uh?' ) );
|
$this->wp_die( -1, __( 'Cheatin’ uh?' ) );
|
||||||
|
|
||||||
if ( $this->theme->get_stylesheet() != get_stylesheet() && ( ! $this->theme()->is_allowed() || ! current_user_can( 'switch_themes' ) ) )
|
if ( $this->theme->get_stylesheet() != get_stylesheet() && ( ! $this->theme()->is_allowed() || ! current_user_can( 'switch_themes' ) ) )
|
||||||
wp_die( __( 'Cheatin’ uh?' ) );
|
$this->wp_die( -1, __( 'Cheatin’ uh?' ) );
|
||||||
|
|
||||||
if ( ! current_user_can( 'edit_theme_options' ) )
|
if ( ! current_user_can( 'edit_theme_options' ) )
|
||||||
wp_die( __( 'Cheatin’ uh?' ) );
|
$this->wp_die( -1, __( 'Cheatin’ uh?' ) );
|
||||||
|
|
||||||
$this->start_previewing_theme();
|
$this->start_previewing_theme();
|
||||||
show_admin_bar( false );
|
show_admin_bar( false );
|
||||||
@ -949,4 +989,4 @@ function maybe_hash_hex_color( $color ) {
|
|||||||
return '#' . $unhashed;
|
return '#' . $unhashed;
|
||||||
|
|
||||||
return $color;
|
return $color;
|
||||||
}
|
}
|
||||||
|
@ -305,6 +305,7 @@ function wp_default_scripts( &$scripts ) {
|
|||||||
'saved' => __( 'Saved' ),
|
'saved' => __( 'Saved' ),
|
||||||
'cancel' => __( 'Cancel' ),
|
'cancel' => __( 'Cancel' ),
|
||||||
'close' => __( 'Close' ),
|
'close' => __( 'Close' ),
|
||||||
|
'cheatin' => __( 'Cheatin’ uh?' ),
|
||||||
) );
|
) );
|
||||||
|
|
||||||
if ( is_admin() ) {
|
if ( is_admin() ) {
|
||||||
|
41
wp-login.php
41
wp-login.php
@ -39,7 +39,7 @@ if ( force_ssl_admin() && !is_ssl() ) {
|
|||||||
* @param WP_Error $wp_error Optional. WordPress Error Object
|
* @param WP_Error $wp_error Optional. WordPress Error Object
|
||||||
*/
|
*/
|
||||||
function login_header($title = 'Log In', $message = '', $wp_error = '') {
|
function login_header($title = 'Log In', $message = '', $wp_error = '') {
|
||||||
global $error, $interim_login, $current_site;
|
global $error, $interim_login, $current_site, $customize_login;
|
||||||
|
|
||||||
// Don't index any of these forms
|
// Don't index any of these forms
|
||||||
add_action( 'login_head', 'wp_no_robots' );
|
add_action( 'login_head', 'wp_no_robots' );
|
||||||
@ -68,6 +68,9 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
|
|||||||
<meta name="viewport" content="width=320; initial-scale=0.9; maximum-scale=1.0; user-scalable=0;" /><?php
|
<meta name="viewport" content="width=320; initial-scale=0.9; maximum-scale=1.0; user-scalable=0;" /><?php
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ( $customize_login )
|
||||||
|
wp_enqueue_script( 'customize-base' );
|
||||||
|
|
||||||
do_action( 'login_enqueue_scripts' );
|
do_action( 'login_enqueue_scripts' );
|
||||||
do_action( 'login_head' );
|
do_action( 'login_head' );
|
||||||
|
|
||||||
@ -82,6 +85,10 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
|
|||||||
$login_header_url = apply_filters( 'login_headerurl', $login_header_url );
|
$login_header_url = apply_filters( 'login_headerurl', $login_header_url );
|
||||||
$login_header_title = apply_filters( 'login_headertitle', $login_header_title );
|
$login_header_title = apply_filters( 'login_headertitle', $login_header_title );
|
||||||
|
|
||||||
|
// Don't allow interim logins to navigate away from the page.
|
||||||
|
if ( $interim_login )
|
||||||
|
$login_header_url = '#';
|
||||||
|
|
||||||
?>
|
?>
|
||||||
</head>
|
</head>
|
||||||
<body class="login<?php if ( wp_is_mobile() ) echo ' mobile'; ?>">
|
<body class="login<?php if ( wp_is_mobile() ) echo ' mobile'; ?>">
|
||||||
@ -126,8 +133,13 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
|
|||||||
* @param string $input_id Which input to auto-focus
|
* @param string $input_id Which input to auto-focus
|
||||||
*/
|
*/
|
||||||
function login_footer($input_id = '') {
|
function login_footer($input_id = '') {
|
||||||
?>
|
global $interim_login;
|
||||||
|
|
||||||
|
// Don't allow interim logins to navigate away from the page.
|
||||||
|
if ( ! $interim_login ): ?>
|
||||||
<p id="backtoblog"><a href="<?php echo esc_url( home_url( '/' ) ); ?>" title="<?php esc_attr_e( 'Are you lost?' ); ?>"><?php printf( __( '← Back to %s' ), get_bloginfo( 'title', 'display' ) ); ?></a></p>
|
<p id="backtoblog"><a href="<?php echo esc_url( home_url( '/' ) ); ?>" title="<?php esc_attr_e( 'Are you lost?' ); ?>"><?php printf( __( '← Back to %s' ), get_bloginfo( 'title', 'display' ) ); ?></a></p>
|
||||||
|
<?php endif; ?>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<?php if ( !empty($input_id) ) : ?>
|
<?php if ( !empty($input_id) ) : ?>
|
||||||
@ -555,6 +567,7 @@ case 'login' :
|
|||||||
default:
|
default:
|
||||||
$secure_cookie = '';
|
$secure_cookie = '';
|
||||||
$interim_login = isset($_REQUEST['interim-login']);
|
$interim_login = isset($_REQUEST['interim-login']);
|
||||||
|
$customize_login = isset( $_REQUEST['customize-login'] );
|
||||||
|
|
||||||
// If the user wants ssl but the session is not ssl, force a secure cookie.
|
// If the user wants ssl but the session is not ssl, force a secure cookie.
|
||||||
if ( !empty($_POST['log']) && !force_ssl_admin() ) {
|
if ( !empty($_POST['log']) && !force_ssl_admin() ) {
|
||||||
@ -591,11 +604,22 @@ default:
|
|||||||
if ( !is_wp_error($user) && !$reauth ) {
|
if ( !is_wp_error($user) && !$reauth ) {
|
||||||
if ( $interim_login ) {
|
if ( $interim_login ) {
|
||||||
$message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
|
$message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
|
||||||
login_header( '', $message ); ?>
|
login_header( '', $message );
|
||||||
<script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
|
|
||||||
<p class="alignright">
|
if ( ! $customize_login ) : ?>
|
||||||
<input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p>
|
<script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
|
||||||
</div></body></html>
|
<p class="alignright">
|
||||||
|
<input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p>
|
||||||
|
<?php endif;
|
||||||
|
|
||||||
|
?></div><?php
|
||||||
|
|
||||||
|
do_action('login_footer');
|
||||||
|
|
||||||
|
if ( $customize_login ) : ?>
|
||||||
|
<script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
|
||||||
|
<?php endif; ?>
|
||||||
|
</body></html>
|
||||||
<?php exit;
|
<?php exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -666,6 +690,9 @@ default:
|
|||||||
<?php } else { ?>
|
<?php } else { ?>
|
||||||
<input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
|
<input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
<?php if ( $customize_login ) : ?>
|
||||||
|
<input type="hidden" name="customize-login" value="1" />
|
||||||
|
<?php endif; ?>
|
||||||
<input type="hidden" name="testcookie" value="1" />
|
<input type="hidden" name="testcookie" value="1" />
|
||||||
</p>
|
</p>
|
||||||
</form>
|
</form>
|
||||||
|
Loading…
Reference in New Issue
Block a user