mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 09:37:42 +01:00
Fix updating of nonces on the Edit Post screen after the log in expires and the user logs in again.
Props iseulde, azaozz. Fixes #33098. Built from https://develop.svn.wordpress.org/trunk@33468 git-svn-id: http://core.svn.wordpress.org/trunk@33435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
49ac027038
commit
fa25fe82ef
@ -58,7 +58,7 @@ add_action( 'update_option_page_on_front', 'update_home_siteurl', 10, 2 );
|
|||||||
|
|
||||||
add_filter( 'heartbeat_received', 'wp_check_locked_posts', 10, 3 );
|
add_filter( 'heartbeat_received', 'wp_check_locked_posts', 10, 3 );
|
||||||
add_filter( 'heartbeat_received', 'wp_refresh_post_lock', 10, 3 );
|
add_filter( 'heartbeat_received', 'wp_refresh_post_lock', 10, 3 );
|
||||||
add_filter( 'heartbeat_received', 'wp_refresh_post_nonces', 10, 3 );
|
add_filter( 'wp_refresh_nonces', 'wp_refresh_post_nonces', 10, 3 );
|
||||||
add_filter( 'heartbeat_received', 'heartbeat_autosave', 500, 2 );
|
add_filter( 'heartbeat_received', 'heartbeat_autosave', 500, 2 );
|
||||||
|
|
||||||
add_filter( 'heartbeat_settings', 'wp_heartbeat_set_suspension' );
|
add_filter( 'heartbeat_settings', 'wp_heartbeat_set_suspension' );
|
||||||
|
@ -2571,26 +2571,35 @@ function wp_ajax_send_link_to_editor() {
|
|||||||
* @since 3.6.0
|
* @since 3.6.0
|
||||||
*/
|
*/
|
||||||
function wp_ajax_heartbeat() {
|
function wp_ajax_heartbeat() {
|
||||||
if ( empty( $_POST['_nonce'] ) )
|
if ( empty( $_POST['_nonce'] ) ) {
|
||||||
wp_send_json_error();
|
wp_send_json_error();
|
||||||
|
|
||||||
$response = array();
|
|
||||||
|
|
||||||
if ( false === wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' ) ) {
|
|
||||||
// User is logged in but nonces have expired.
|
|
||||||
$response['nonces_expired'] = true;
|
|
||||||
wp_send_json($response);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$response = $data = array();
|
||||||
|
$nonce_state = wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' );
|
||||||
|
|
||||||
// screen_id is the same as $current_screen->id and the JS global 'pagenow'.
|
// screen_id is the same as $current_screen->id and the JS global 'pagenow'.
|
||||||
if ( ! empty($_POST['screen_id']) )
|
if ( ! empty( $_POST['screen_id'] ) ) {
|
||||||
$screen_id = sanitize_key($_POST['screen_id']);
|
$screen_id = sanitize_key($_POST['screen_id']);
|
||||||
else
|
} else {
|
||||||
$screen_id = 'front';
|
$screen_id = 'front';
|
||||||
|
}
|
||||||
|
|
||||||
if ( ! empty($_POST['data']) ) {
|
if ( ! empty( $_POST['data'] ) ) {
|
||||||
$data = wp_unslash( (array) $_POST['data'] );
|
$data = wp_unslash( (array) $_POST['data'] );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( 1 !== $nonce_state ) {
|
||||||
|
$response = apply_filters( 'wp_refresh_nonces', $response, $data, $screen_id );
|
||||||
|
|
||||||
|
if ( false === $nonce_state ) {
|
||||||
|
// User is logged in but nonces have expired.
|
||||||
|
$response['nonces_expired'] = true;
|
||||||
|
wp_send_json( $response );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( ! empty( $data ) ) {
|
||||||
/**
|
/**
|
||||||
* Filter the Heartbeat response received.
|
* Filter the Heartbeat response received.
|
||||||
*
|
*
|
||||||
@ -2628,7 +2637,7 @@ function wp_ajax_heartbeat() {
|
|||||||
// Send the current time according to the server
|
// Send the current time according to the server
|
||||||
$response['server_time'] = time();
|
$response['server_time'] = time();
|
||||||
|
|
||||||
wp_send_json($response);
|
wp_send_json( $response );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -771,24 +771,24 @@ function wp_refresh_post_nonces( $response, $data, $screen_id ) {
|
|||||||
$received = $data['wp-refresh-post-nonces'];
|
$received = $data['wp-refresh-post-nonces'];
|
||||||
$response['wp-refresh-post-nonces'] = array( 'check' => 1 );
|
$response['wp-refresh-post-nonces'] = array( 'check' => 1 );
|
||||||
|
|
||||||
if ( ! $post_id = absint( $received['post_id'] ) )
|
if ( ! $post_id = absint( $received['post_id'] ) ) {
|
||||||
return $response;
|
return $response;
|
||||||
|
|
||||||
if ( ! current_user_can( 'edit_post', $post_id ) || empty( $received['post_nonce'] ) )
|
|
||||||
return $response;
|
|
||||||
|
|
||||||
if ( 2 === wp_verify_nonce( $received['post_nonce'], 'update-post_' . $post_id ) ) {
|
|
||||||
$response['wp-refresh-post-nonces'] = array(
|
|
||||||
'replace' => array(
|
|
||||||
'getpermalinknonce' => wp_create_nonce('getpermalink'),
|
|
||||||
'samplepermalinknonce' => wp_create_nonce('samplepermalink'),
|
|
||||||
'closedpostboxesnonce' => wp_create_nonce('closedpostboxes'),
|
|
||||||
'_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ),
|
|
||||||
'_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ),
|
|
||||||
),
|
|
||||||
'heartbeatNonce' => wp_create_nonce( 'heartbeat-nonce' ),
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ( ! current_user_can( 'edit_post', $post_id ) ) {
|
||||||
|
return $response;
|
||||||
|
}
|
||||||
|
|
||||||
|
$response['wp-refresh-post-nonces'] = array(
|
||||||
|
'replace' => array(
|
||||||
|
'getpermalinknonce' => wp_create_nonce('getpermalink'),
|
||||||
|
'samplepermalinknonce' => wp_create_nonce('samplepermalink'),
|
||||||
|
'closedpostboxesnonce' => wp_create_nonce('closedpostboxes'),
|
||||||
|
'_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ),
|
||||||
|
'_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ),
|
||||||
|
),
|
||||||
|
'heartbeatNonce' => wp_create_nonce( 'heartbeat-nonce' ),
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $response;
|
return $response;
|
||||||
|
@ -170,13 +170,13 @@ $(document).on( 'heartbeat-send.refresh-lock', function( e, data ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$(document).on( 'heartbeat-send.wp-refresh-nonces', function( e, data ) {
|
$(document).on( 'heartbeat-send.wp-refresh-nonces', function( e, data ) {
|
||||||
var nonce, post_id;
|
var post_id,
|
||||||
|
$authCheck = $('#wp-auth-check-wrap');
|
||||||
|
|
||||||
if ( check ) {
|
if ( check || ( $authCheck.length && ! $authCheck.hasClass( 'hidden' ) ) ) {
|
||||||
if ( ( post_id = $('#post_ID').val() ) && ( nonce = $('#_wpnonce').val() ) ) {
|
if ( ( post_id = $('#post_ID').val() ) && $('#_wpnonce').val() ) {
|
||||||
data['wp-refresh-post-nonces'] = {
|
data['wp-refresh-post-nonces'] = {
|
||||||
post_id: post_id,
|
post_id: post_id
|
||||||
post_nonce: nonce
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
2
wp-admin/js/post.min.js
vendored
2
wp-admin/js/post.min.js
vendored
File diff suppressed because one or more lines are too long
@ -389,7 +389,6 @@
|
|||||||
|
|
||||||
if ( response.nonces_expired ) {
|
if ( response.nonces_expired ) {
|
||||||
$document.trigger( 'heartbeat-nonces-expired' );
|
$document.trigger( 'heartbeat-nonces-expired' );
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Change the interval from PHP
|
// Change the interval from PHP
|
||||||
|
2
wp-includes/js/heartbeat.min.js
vendored
2
wp-includes/js/heartbeat.min.js
vendored
File diff suppressed because one or more lines are too long
@ -4,7 +4,7 @@
|
|||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '4.3-beta4-33467';
|
$wp_version = '4.3-beta4-33468';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
Loading…
Reference in New Issue
Block a user