Ticket #20876: 20876.4.patch
| File 20876.4.patch, 10.4 KB (added by , 14 years ago) |
|---|
-
wp-login.php
39 39 * @param WP_Error $wp_error Optional. WordPress Error Object 40 40 */ 41 41 function login_header($title = 'Log In', $message = '', $wp_error = '') { 42 global $error, $interim_login, $current_site ;42 global $error, $interim_login, $current_site, $customize_login; 43 43 44 44 // Don't index any of these forms 45 45 add_action( 'login_head', 'wp_no_robots' ); … … 68 68 <meta name="viewport" content="width=320; initial-scale=0.9; maximum-scale=1.0; user-scalable=0;" /><?php 69 69 } 70 70 71 if ( $customize_login ) { 72 error_log('enqueueing'); 73 wp_enqueue_script( 'customize-base' ); 74 } 75 71 76 do_action( 'login_enqueue_scripts' ); 72 77 do_action( 'login_head' ); 73 78 … … 82 87 $login_header_url = apply_filters( 'login_headerurl', $login_header_url ); 83 88 $login_header_title = apply_filters( 'login_headertitle', $login_header_title ); 84 89 90 // Don't allow interim logins to navigate away from the page. 91 if ( $interim_login ) 92 $login_header_url = '#'; 93 85 94 ?> 86 95 </head> 87 96 <body class="login<?php if ( wp_is_mobile() ) echo ' mobile'; ?>"> … … 126 135 * @param string $input_id Which input to auto-focus 127 136 */ 128 137 function login_footer($input_id = '') { 129 ?> 138 global $interim_login; 139 140 // Don't allow interim logins to navigate away from the page. 141 if ( ! $interim_login ): ?> 130 142 <p id="backtoblog"><a href="<?php echo esc_url( home_url( '/' ) ); ?>" title="<?php esc_attr_e( 'Are you lost?' ); ?>"><?php printf( __( '← Back to %s' ), get_bloginfo( 'title', 'display' ) ); ?></a></p> 143 <?php endif; ?> 144 131 145 </div> 132 146 133 147 <?php if ( !empty($input_id) ) : ?> … … 555 569 default: 556 570 $secure_cookie = ''; 557 571 $interim_login = isset($_REQUEST['interim-login']); 572 $customize_login = isset( $_REQUEST['customize-login'] ); 558 573 559 574 // If the user wants ssl but the session is not ssl, force a secure cookie. 560 575 if ( !empty($_POST['log']) && !force_ssl_admin() ) { … … 591 606 if ( !is_wp_error($user) && !$reauth ) { 592 607 if ( $interim_login ) { 593 608 $message = '<p class="message">' . __('You have logged in successfully.') . '</p>'; 594 login_header( '', $message ); ?> 595 <script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script> 596 <p class="alignright"> 597 <input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p> 598 </div></body></html> 609 login_header( '', $message ); 610 611 if ( ! $customize_login ) : ?> 612 <script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script> 613 <p class="alignright"> 614 <input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p> 615 <?php endif; 616 617 ?></div><?php 618 619 do_action('login_footer'); 620 621 if ( $customize_login ) : ?> 622 <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script> 623 <?php endif; ?> 624 </body></html> 599 625 <?php exit; 600 626 } 601 627 … … 666 692 <?php } else { ?> 667 693 <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" /> 668 694 <?php } ?> 695 <?php if ( $customize_login ) : ?> 696 <input type="hidden" name="customize-login" value="1" /> 697 <?php endif; ?> 669 698 <input type="hidden" name="testcookie" value="1" /> 670 699 </p> 671 700 </form> -
wp-includes/class-wp-customize-manager.php
31 31 require( ABSPATH . WPINC . '/class-wp-customize-section.php' ); 32 32 require( ABSPATH . WPINC . '/class-wp-customize-control.php' ); 33 33 34 add_filter( 'wp_die_handler', array( $this, 'wp_die_handler' ) ); 35 34 36 add_action( 'setup_theme', array( $this, 'setup_theme' ) ); 35 37 add_action( 'wp_loaded', array( $this, 'wp_loaded' ) ); 36 38 … … 53 55 } 54 56 55 57 /** 58 * Return true if it's an AJAX request. 59 * 60 * @since 3.4.0 61 */ 62 public function doing_ajax() { 63 return isset( $_POST['customized'] ) || ( defined( 'DOING_AJAX' ) && DOING_AJAX ); 64 } 65 66 /** 67 * Custom wp_die wrapper. Returns either the standard message for UI 68 * or the AJAX message. 69 * 70 * @param mixed $ajax_message AJAX return 71 * @param mixed $message UI message 72 * 73 * @since 3.4.0 74 */ 75 private function wp_die( $ajax_message, $message ) { 76 if ( $this->doing_ajax() ) 77 wp_die( $ajax_message ); 78 79 wp_die( $message ); 80 } 81 82 /** 83 * Return the AJAX wp_die() handler if it's a customized request. 84 * 85 * @since 3.4.0 86 */ 87 public function wp_die_handler() { 88 if ( $this->doing_ajax() ) 89 return '_ajax_wp_die_handler'; 90 91 return '_default_wp_die_handler'; 92 } 93 94 /** 56 95 * Update theme modifications for the current theme. 57 96 * Note: Candidate core function. 58 97 * http://core.trac.wordpress.org/ticket/20091 … … 78 117 * @since 3.4.0 79 118 */ 80 119 public function setup_theme() { 81 if ( is_admin() && ! defined( 'DOING_AJAX' ) ) 82 auth_redirect(); 120 if ( is_admin() && ! $this->doing_ajax() ) 121 auth_redirect(); 122 elseif ( $this->doing_ajax() && ! is_user_logged_in()) 123 wp_die( 0 ); 83 124 84 125 send_origin_headers(); 85 126 … … 89 130 90 131 // You can't preview a theme if it doesn't exist, or if it is not allowed (unless active). 91 132 if ( ! $this->theme->exists() ) 92 wp_die(__( 'Cheatin’ uh?' ) );133 $this->wp_die( -1, __( 'Cheatin’ uh?' ) ); 93 134 94 135 if ( $this->theme->get_stylesheet() != get_stylesheet() && ( ! $this->theme()->is_allowed() || ! current_user_can( 'switch_themes' ) ) ) 95 wp_die(__( 'Cheatin’ uh?' ) );136 $this->wp_die( -1, __( 'Cheatin’ uh?' ) ); 96 137 97 138 if ( ! current_user_can( 'edit_theme_options' ) ) 98 wp_die(__( 'Cheatin’ uh?' ) );139 $this->wp_die( -1, __( 'Cheatin’ uh?' ) ); 99 140 100 141 $this->start_previewing_theme(); 101 142 show_admin_bar( false ); … … 967 1008 return '#' . $unhashed; 968 1009 969 1010 return $color; 970 } 971 No newline at end of file 1011 } -
wp-includes/script-loader.php
305 305 'saved' => __( 'Saved' ), 306 306 'cancel' => __( 'Cancel' ), 307 307 'close' => __( 'Close' ), 308 'cheatin' => __( 'Cheatin’ uh?' ), 308 309 ) ); 309 310 310 311 if ( is_admin() ) { -
wp-admin/customize.php
140 140 'TB_iframe' => 'true' 141 141 ), home_url( '/' ) ); 142 142 143 $login_url = add_query_arg( array( 144 'interim-login' => 1, 145 'customize-login' => 1 146 ), wp_login_url() ); 147 143 148 $settings = array( 144 149 'theme' => array( 145 150 'stylesheet' => $wp_customize->get_stylesheet(), … … 153 158 'allowed' => array_map( 'esc_url', $allowed_urls ), 154 159 'isCrossDomain' => $cross_domain, 155 160 'fallback' => $fallback_url, 161 'login' => $login_url, 156 162 ), 157 163 'browser' => array( 158 164 'mobile' => wp_is_mobile(), -
wp-admin/js/customize-controls.dev.js
334 334 return; 335 335 } 336 336 337 // Check if the user is not logged in. 338 if ( '0' === response ) { 339 deferred.rejectWith( self, [ 'logged out' ] ); 340 return; 341 } 342 343 // Check for cheaters. 344 if ( '-1' === response ) { 345 deferred.rejectWith( self, [ 'cheatin' ] ); 346 return; 347 } 348 337 349 // Check for a signature in the request. 338 350 index = response.lastIndexOf( signature ); 339 351 if ( -1 === index || index < response.lastIndexOf('</html>') ) { … … 541 553 this.loading.fail( function( reason, location ) { 542 554 if ( 'redirect' === reason && location ) 543 555 self.url( location ); 556 557 if ( 'logged out' === reason ) { 558 if ( self.iframe ) { 559 self.iframe.destroy(); 560 delete self.iframe; 561 } 562 563 self.login().done( self.refresh ); 564 } 565 566 if ( 'cheatin' === reason ) 567 self.cheatin(); 544 568 }); 569 }, 570 571 login: function() { 572 var previewer = this, 573 deferred, messenger, iframe; 574 575 if ( this._login ) 576 return this._login; 577 578 deferred = $.Deferred(); 579 this._login = deferred.promise(); 580 581 messenger = new api.Messenger({ 582 channel: 'login', 583 url: api.settings.url.login 584 }); 585 586 iframe = $('<iframe src="' + api.settings.url.login + '" />').appendTo( this.container ); 587 588 messenger.targetWindow( iframe[0].contentWindow ); 589 590 messenger.bind( 'login', function() { 591 iframe.remove(); 592 messenger.destroy(); 593 delete previewer._login; 594 deferred.resolve(); 595 }); 596 597 return this._login; 598 }, 599 600 cheatin: function() { 601 $( document.body ).empty().addClass('cheatin').append( '<p>' + api.l10n.cheatin + '</p>' ); 545 602 } 546 603 }); 547 604 … … 595 652 nonce: $('#_wpnonce').val(), 596 653 597 654 save: function() { 598 var query = $.extend( this.query(), { 655 var self = this, 656 query = $.extend( this.query(), { 599 657 action: 'customize_save', 600 658 nonce: this.nonce 601 659 }), … … 609 667 body.removeClass('saving'); 610 668 }); 611 669 612 request.done( function() { 670 request.done( function( response ) { 671 // Check if the user is logged out. 672 if ( '0' === response ) { 673 self.iframe.iframe.hide(); 674 self.login().done( function() { 675 self.save(); 676 self.iframe.iframe.show(); 677 }); 678 return; 679 } 680 681 // Check for cheaters. 682 if ( '-1' === response ) { 683 self.cheatin(); 684 return; 685 } 686 613 687 api.trigger( 'saved' ); 614 688 }); 615 689 } -
wp-admin/css/customize-controls.dev.css
514 514 -webkit-overflow-scrolling: touch; 515 515 } 516 516 517 /** 518 * Handle cheaters. 519 */ 520 body.cheatin { 521 min-width: 0; 522 background: #f9f9f9; 523 padding: 50px; 524 } 525 526 body.cheatin p { 527 max-width: 700px; 528 margin: 0 auto; 529 padding: 2em; 530 font-size: 14px; 531 532 background: #fff; 533 border: 1px solid #dfdfdf; 534 535 -webkit-border-radius: 3px; 536 border-radius: 3px; 537 } 538 No newline at end of file