Ticket #20876: 20876.5.patch
| File 20876.5.patch, 10.4 KB (added by , 14 years ago) |
|---|
-
wp-login.php
39 39 * @param WP_Error $wp_error Optional. WordPress Error Object 40 40 */ 41 41 function login_header($title = 'Log In', $message = '', $wp_error = '') { 42 global $error, $interim_login, $current_site ;42 global $error, $interim_login, $current_site, $customize_login; 43 43 44 44 // Don't index any of these forms 45 45 add_action( 'login_head', 'wp_no_robots' ); … … 82 82 $login_header_url = apply_filters( 'login_headerurl', $login_header_url ); 83 83 $login_header_title = apply_filters( 'login_headertitle', $login_header_title ); 84 84 85 // Don't allow interim logins to navigate away from the page. 86 if ( $interim_login ) 87 $login_header_url = '#'; 88 85 89 ?> 86 90 </head> 87 91 <body class="login<?php if ( wp_is_mobile() ) echo ' mobile'; ?>"> … … 126 130 * @param string $input_id Which input to auto-focus 127 131 */ 128 132 function login_footer($input_id = '') { 129 ?> 133 global $interim_login; 134 135 // Don't allow interim logins to navigate away from the page. 136 if ( ! $interim_login ): ?> 130 137 <p id="backtoblog"><a href="<?php echo esc_url( home_url( '/' ) ); ?>" title="<?php esc_attr_e( 'Are you lost?' ); ?>"><?php printf( __( '← Back to %s' ), get_bloginfo( 'title', 'display' ) ); ?></a></p> 138 <?php endif; ?> 139 131 140 </div> 132 141 133 142 <?php if ( !empty($input_id) ) : ?> … … 555 564 default: 556 565 $secure_cookie = ''; 557 566 $interim_login = isset($_REQUEST['interim-login']); 567 $customize_login = isset( $_REQUEST['customize-login'] ); 558 568 559 569 // If the user wants ssl but the session is not ssl, force a secure cookie. 560 570 if ( !empty($_POST['log']) && !force_ssl_admin() ) { … … 591 601 if ( !is_wp_error($user) && !$reauth ) { 592 602 if ( $interim_login ) { 593 603 $message = '<p class="message">' . __('You have logged in successfully.') . '</p>'; 594 login_header( '', $message ); ?> 595 <script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script> 596 <p class="alignright"> 597 <input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p> 598 </div></body></html> 604 login_header( '', $message ); 605 606 if ( ! $customize_login ) : ?> 607 <script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script> 608 <p class="alignright"> 609 <input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p> 610 <?php endif; 611 612 ?></div><?php 613 614 if ( $customize_login ) 615 wp_enqueue_script( 'customize-base' ); 616 617 do_action('login_footer'); 618 619 if ( $customize_login ) : ?> 620 <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script> 621 <?php endif; ?> 622 </body></html> 599 623 <?php exit; 600 624 } 601 625 … … 666 690 <?php } else { ?> 667 691 <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" /> 668 692 <?php } ?> 693 <?php if ( $customize_login ) : ?> 694 <input type="hidden" name="customize-login" value="1" /> 695 <?php endif; ?> 669 696 <input type="hidden" name="testcookie" value="1" /> 670 697 </p> 671 698 </form> -
wp-includes/class-wp-customize-manager.php
31 31 require( ABSPATH . WPINC . '/class-wp-customize-section.php' ); 32 32 require( ABSPATH . WPINC . '/class-wp-customize-control.php' ); 33 33 34 add_filter( 'wp_die_handler', array( $this, 'wp_die_handler' ) ); 35 34 36 add_action( 'setup_theme', array( $this, 'setup_theme' ) ); 35 37 add_action( 'wp_loaded', array( $this, 'wp_loaded' ) ); 36 38 … … 53 55 } 54 56 55 57 /** 58 * Return true if it's an AJAX request. 59 * 60 * @since 3.4.0 61 */ 62 public function doing_ajax() { 63 return isset( $_POST['customized'] ) || ( defined( 'DOING_AJAX' ) && DOING_AJAX ); 64 } 65 66 /** 67 * Custom wp_die wrapper. Returns either the standard message for UI 68 * or the AJAX message. 69 * 70 * @param mixed $ajax_message AJAX return 71 * @param mixed $message UI message 72 * 73 * @since 3.4.0 74 */ 75 private function wp_die( $ajax_message, $message ) { 76 if ( $this->doing_ajax() ) 77 wp_die( $ajax_message ); 78 79 wp_die( $message ); 80 } 81 82 /** 83 * Return the AJAX wp_die() handler if it's a customized request. 84 * 85 * @since 3.4.0 86 */ 87 public function wp_die_handler() { 88 if ( $this->doing_ajax() ) 89 return '_ajax_wp_die_handler'; 90 91 return '_default_wp_die_handler'; 92 } 93 94 /** 56 95 * Start preview and customize theme. 57 96 * 58 97 * Check if customize query variable exist. Init filters to filter the current theme. … … 60 99 * @since 3.4.0 61 100 */ 62 101 public function setup_theme() { 63 if ( is_admin() && ! defined( 'DOING_AJAX' ) ) 64 auth_redirect(); 102 if ( is_admin() && ! $this->doing_ajax() ) 103 auth_redirect(); 104 elseif ( $this->doing_ajax() && ! is_user_logged_in()) 105 wp_die( 0 ); 65 106 66 107 send_origin_headers(); 67 108 … … 71 112 72 113 // You can't preview a theme if it doesn't exist, or if it is not allowed (unless active). 73 114 if ( ! $this->theme->exists() ) 74 wp_die(__( 'Cheatin’ uh?' ) );115 $this->wp_die( -1, __( 'Cheatin’ uh?' ) ); 75 116 76 117 if ( $this->theme->get_stylesheet() != get_stylesheet() && ( ! $this->theme()->is_allowed() || ! current_user_can( 'switch_themes' ) ) ) 77 wp_die(__( 'Cheatin’ uh?' ) );118 $this->wp_die( -1, __( 'Cheatin’ uh?' ) ); 78 119 79 120 if ( ! current_user_can( 'edit_theme_options' ) ) 80 wp_die(__( 'Cheatin’ uh?' ) );121 $this->wp_die( -1, __( 'Cheatin’ uh?' ) ); 81 122 82 123 $this->start_previewing_theme(); 83 124 show_admin_bar( false ); … … 949 990 return '#' . $unhashed; 950 991 951 992 return $color; 952 } 953 No newline at end of file 993 } -
wp-includes/script-loader.php
305 305 'saved' => __( 'Saved' ), 306 306 'cancel' => __( 'Cancel' ), 307 307 'close' => __( 'Close' ), 308 'cheatin' => __( 'Cheatin’ uh?' ), 308 309 ) ); 309 310 310 311 if ( is_admin() ) { -
wp-admin/customize.php
7 7 * @since 3.4.0 8 8 */ 9 9 10 define( 'IFRAME_REQUEST', true ); 11 10 12 require_once( './admin.php' ); 11 13 if ( ! current_user_can( 'edit_theme_options' ) ) 12 14 wp_die( __( 'Cheatin’ uh?' ) ); … … 140 142 'TB_iframe' => 'true' 141 143 ), home_url( '/' ) ); 142 144 145 $login_url = add_query_arg( array( 146 'interim-login' => 1, 147 'customize-login' => 1 148 ), wp_login_url() ); 149 143 150 $settings = array( 144 151 'theme' => array( 145 152 'stylesheet' => $wp_customize->get_stylesheet(), … … 153 160 'allowed' => array_map( 'esc_url', $allowed_urls ), 154 161 'isCrossDomain' => $cross_domain, 155 162 'fallback' => $fallback_url, 163 'login' => $login_url, 156 164 ), 157 165 'browser' => array( 158 166 'mobile' => wp_is_mobile(), -
wp-admin/js/customize-controls.dev.js
334 334 return; 335 335 } 336 336 337 // Check if the user is not logged in. 338 if ( '0' === response ) { 339 deferred.rejectWith( self, [ 'logged out' ] ); 340 return; 341 } 342 343 // Check for cheaters. 344 if ( '-1' === response ) { 345 deferred.rejectWith( self, [ 'cheatin' ] ); 346 return; 347 } 348 337 349 // Check for a signature in the request. 338 350 index = response.lastIndexOf( signature ); 339 351 if ( -1 === index || index < response.lastIndexOf('</html>') ) { … … 541 553 this.loading.fail( function( reason, location ) { 542 554 if ( 'redirect' === reason && location ) 543 555 self.url( location ); 556 557 if ( 'logged out' === reason ) { 558 if ( self.iframe ) { 559 self.iframe.destroy(); 560 delete self.iframe; 561 } 562 563 self.login().done( self.refresh ); 564 } 565 566 if ( 'cheatin' === reason ) 567 self.cheatin(); 544 568 }); 569 }, 570 571 login: function() { 572 var previewer = this, 573 deferred, messenger, iframe; 574 575 if ( this._login ) 576 return this._login; 577 578 deferred = $.Deferred(); 579 this._login = deferred.promise(); 580 581 messenger = new api.Messenger({ 582 channel: 'login', 583 url: api.settings.url.login 584 }); 585 586 iframe = $('<iframe src="' + api.settings.url.login + '" />').appendTo( this.container ); 587 588 messenger.targetWindow( iframe[0].contentWindow ); 589 590 messenger.bind( 'login', function() { 591 iframe.remove(); 592 messenger.destroy(); 593 delete previewer._login; 594 deferred.resolve(); 595 }); 596 597 return this._login; 598 }, 599 600 cheatin: function() { 601 $( document.body ).empty().addClass('cheatin').append( '<p>' + api.l10n.cheatin + '</p>' ); 545 602 } 546 603 }); 547 604 … … 598 655 nonce: $('#_wpnonce').val(), 599 656 600 657 save: function() { 601 var query = $.extend( this.query(), { 658 var self = this, 659 query = $.extend( this.query(), { 602 660 action: 'customize_save', 603 661 nonce: this.nonce 604 662 }), … … 612 670 body.removeClass('saving'); 613 671 }); 614 672 615 request.done( function() { 673 request.done( function( response ) { 674 // Check if the user is logged out. 675 if ( '0' === response ) { 676 self.iframe.iframe.hide(); 677 self.login().done( function() { 678 self.save(); 679 self.iframe.iframe.show(); 680 }); 681 return; 682 } 683 684 // Check for cheaters. 685 if ( '-1' === response ) { 686 self.cheatin(); 687 return; 688 } 689 616 690 api.trigger( 'saved' ); 617 691 }); 618 692 } -
wp-admin/css/customize-controls.dev.css
514 514 -webkit-overflow-scrolling: touch; 515 515 } 516 516 517 /** 518 * Handle cheaters. 519 */ 520 body.cheatin { 521 min-width: 0; 522 background: #f9f9f9; 523 padding: 50px; 524 } 525 526 body.cheatin p { 527 max-width: 700px; 528 margin: 0 auto; 529 padding: 2em; 530 font-size: 14px; 531 532 background: #fff; 533 border: 1px solid #dfdfdf; 534 535 -webkit-border-radius: 3px; 536 border-radius: 3px; 537 } 538 No newline at end of file