Ticket #22524: 22524.2.diff

wp-includes/js/media-views.js

@@ -3403 +3403 @@
                         'change [data-setting]':          'updateSetting',
                         'change [data-setting] input':    'updateSetting',
                         'change [data-setting] select':   'updateSetting',
-                        'change [data-setting] textarea': 'updateSetting'
+                        'change [data-setting] textarea': 'updateSetting',
+                        'click .delete-attachment':       'deleteAttachment'
+                },
+
+                deleteAttachment: function(event) {
+                        event.preventDefault();
+
+                        if ( confirm( l10n.warnDelete ) )
+                                this.model.destroy();
                 }
         });
 

wp-includes/js/media-models.js

@@ -237 +237 @@
                                 options.data = _.extend( options.data || {}, {
                                         action: 'save-attachment',
                                         id:     this.id,
-                                        nonce:  media.model.settings.saveAttachmentNonce
+                                        nonce : this.get('nonces').update
                                 });
 
                                 // Record the values of the changed attributes.
@@ -251 +251 @@
                                 }
 
                                 return media.ajax( options );
+                        } else if ( 'delete' === method ) {
+                                options = options || {};
+                                options.context = this;
+                                options.data = _.extend( options.data || {}, {
+                                        action: 'delete-post',
+                                        id: this.id,
+                                        _wpnonce: this.get('nonces')['delete']
+                                });
+                                return media.ajax( options );
                         }
                 },
 
@@ -269 +278 @@
 
                         return media.post( 'save-attachment-compat', _.defaults({
                                 id:     this.id,
-                                nonce:  media.model.settings.saveAttachmentNonce
+                                nonce:  this.get('nonces').update
                         }, data ) ).done( function( resp, status, xhr ) {
                                 model.set( model.parse( resp, xhr ), options );
                         });

wp-includes/media.php

@@ -1327 +1327 @@
                 'subtype'     => $subtype,
                 'icon'        => wp_mime_type_icon( $attachment->ID ),
                 'dateFormatted' => mysql2date( get_option('date_format'), $attachment->post_date ),
+                'nonces'      => array(
+                        'update' => wp_create_nonce( 'update-post_' . $attachment->ID ),
+                        'delete' => wp_create_nonce( 'delete-post_' . $attachment->ID ),
+                ),
         );
 
         if ( $meta && 'image' === $type ) {
@@ -1452 +1456 @@
                 'allMediaItems'      => __( 'All media items' ),
                 'insertIntoPost'     => $hier ? __( 'Insert into page' ) : __( 'Insert into post' ),
                 'uploadedToThisPost' => $hier ? __( 'Uploaded to this page' ) : __( 'Uploaded to this post' ),
+                'warnDelete' =>      __( "You are about to permanently delete this item.\n  'Cancel' to stop, 'OK' to delete." ),
 
                 // Embed
                 'embedFromUrlTitle' => __( 'Embed From URL' ),
@@ -1642 +1647 @@
                                 <# if ( 'image' === data.type && ! data.uploading ) { #>
                                         <div class="dimensions">{{ data.width }} &times; {{ data.height }}</div>
                                 <# } #>
+                                <div class="delete-attachment">
+                                        <a href="#"><?php _e( 'Delete Permanently' ); ?></a>
+                                </div>
                         </div>
                         <div class="compat-meta">
                                 <# if ( data.compat && data.compat.meta ) { #>

wp-includes/css/media-views.css

@@ -1185 +1185 @@
         float: left;
 }
 
+.attachment-info .delete-attachment a {
+        color: red;
+        padding: 2px 4px;
+}
+
+.attachment-info .delete-attachment a:hover {
+        color: #fff;
+        background: red;
+}
+
 /**
  * Attachment Display Settings
  */

wp-includes/script-loader.php

@@ -322 +322 @@
         $scripts->add( 'media-models', "/wp-includes/js/media-models$suffix.js", array( 'backbone', 'jquery' ), false, 1 );
         did_action( 'init' ) && $scripts->localize( 'media-models', '_wpMediaModelsL10n', array(
                 'settings' => array(
-                        'saveAttachmentNonce' => wp_create_nonce( 'save-attachment' ),
-                        'ajaxurl' => admin_url( 'admin-ajax.php', 'relative' ),
+                        'ajaxurl' => admin_url( 'admin-ajax.php', 'relative' )
                 ),
         ) );
 

wp-admin/includes/ajax-actions.php

@@ -1843 +1843 @@
         if ( ! $id = absint( $_REQUEST['id'] ) )
                 wp_send_json_error();
 
-        check_ajax_referer( 'save-attachment', 'nonce' );
+        check_ajax_referer( 'update-post_' . $id, 'nonce' );
 
         if ( ! current_user_can( 'edit_post', $id ) )
                 wp_send_json_error();
@@ -1889 +1889 @@
                 wp_send_json_error();
         $attachment_data = $_REQUEST['attachments'][ $id ];
 
-        check_ajax_referer( 'save-attachment', 'nonce' );
+        check_ajax_referer( 'update-post_' . $id, 'nonce' );
 
         if ( ! current_user_can( 'edit_post', $id ) )
                 wp_send_json_error();