Ticket #22524: 22524.3.diff
| File 22524.3.diff, 5.7 KB (added by , 12 years ago) |
|---|
-
wp-admin/includes/ajax-actions.php
1843 1843 if ( ! $id = absint( $_REQUEST['id'] ) ) 1844 1844 wp_send_json_error(); 1845 1845 1846 check_ajax_referer( ' save-attachment', 'nonce' );1846 check_ajax_referer( 'update-post_' . $id, 'nonce' ); 1847 1847 1848 1848 if ( ! current_user_can( 'edit_post', $id ) ) 1849 1849 wp_send_json_error(); … … 1889 1889 wp_send_json_error(); 1890 1890 $attachment_data = $_REQUEST['attachments'][ $id ]; 1891 1891 1892 check_ajax_referer( ' save-attachment', 'nonce' );1892 check_ajax_referer( 'update-post_' . $id, 'nonce' ); 1893 1893 1894 1894 if ( ! current_user_can( 'edit_post', $id ) ) 1895 1895 wp_send_json_error(); -
wp-includes/css/media-views.css
1185 1185 float: left; 1186 1186 } 1187 1187 1188 .attachment-info .delete-attachment a { 1189 color: red; 1190 padding: 2px 4px; 1191 margin: -2px -4px; 1192 text-decoration: none; 1193 } 1194 1195 .attachment-info .delete-attachment a:hover { 1196 color: #fff; 1197 background: red; 1198 } 1199 1188 1200 /** 1189 1201 * Attachment Display Settings 1190 1202 */ -
wp-includes/js/media-models.js
218 218 */ 219 219 Attachment = media.model.Attachment = Backbone.Model.extend({ 220 220 sync: function( method, model, options ) { 221 // If the attachment does not yet have an `id`, return an instantly 222 // rejected promise. Otherwise, all of our requests will fail. 223 if ( _.isUndefined( this.id ) ) 224 return $.Deferred().reject().promise(); 225 221 226 // Overload the `read` request so Attachment.fetch() functions correctly. 222 227 if ( 'read' === method ) { 223 228 options = options || {}; … … 237 242 options.data = _.extend( options.data || {}, { 238 243 action: 'save-attachment', 239 244 id: this.id, 240 nonce: media.model.settings.saveAttachmentNonce245 nonce: this.get('nonces').update 241 246 }); 242 247 243 248 // Record the values of the changed attributes. … … 251 256 } 252 257 253 258 return media.ajax( options ); 259 260 // Overload the `delete` request so attachments can be removed. 261 // This will permanently delete an attachment. 262 } else if ( 'delete' === method ) { 263 options = options || {}; 264 options.context = this; 265 options.data = _.extend( options.data || {}, { 266 action: 'delete-post', 267 id: this.id, 268 _wpnonce: this.get('nonces')['delete'] 269 }); 270 return media.ajax( options ); 254 271 } 255 272 }, 256 273 … … 269 286 270 287 return media.post( 'save-attachment-compat', _.defaults({ 271 288 id: this.id, 272 nonce: media.model.settings.saveAttachmentNonce289 nonce: this.get('nonces').update 273 290 }, data ) ).done( function( resp, status, xhr ) { 274 291 model.set( model.parse( resp, xhr ), options ); 275 292 }); -
wp-includes/js/media-views.js
3403 3403 'change [data-setting]': 'updateSetting', 3404 3404 'change [data-setting] input': 'updateSetting', 3405 3405 'change [data-setting] select': 'updateSetting', 3406 'change [data-setting] textarea': 'updateSetting' 3406 'change [data-setting] textarea': 'updateSetting', 3407 'click .delete-attachment': 'deleteAttachment' 3408 }, 3409 3410 deleteAttachment: function(event) { 3411 event.preventDefault(); 3412 3413 if ( confirm( l10n.warnDelete ) ) 3414 this.model.destroy(); 3407 3415 } 3408 3416 }); 3409 3417 -
wp-includes/media.php
1327 1327 'subtype' => $subtype, 1328 1328 'icon' => wp_mime_type_icon( $attachment->ID ), 1329 1329 'dateFormatted' => mysql2date( get_option('date_format'), $attachment->post_date ), 1330 'nonces' => array( 1331 'update' => wp_create_nonce( 'update-post_' . $attachment->ID ), 1332 'delete' => wp_create_nonce( 'delete-post_' . $attachment->ID ), 1333 ), 1330 1334 ); 1331 1335 1332 1336 if ( $meta && 'image' === $type ) { … … 1452 1456 'allMediaItems' => __( 'All media items' ), 1453 1457 'insertIntoPost' => $hier ? __( 'Insert into page' ) : __( 'Insert into post' ), 1454 1458 'uploadedToThisPost' => $hier ? __( 'Uploaded to this page' ) : __( 'Uploaded to this post' ), 1459 'warnDelete' => __( "You are about to permanently delete this item.\n 'Cancel' to stop, 'OK' to delete." ), 1455 1460 1456 1461 // Embed 1457 1462 'embedFromUrlTitle' => __( 'Embed From URL' ), … … 1642 1647 <# if ( 'image' === data.type && ! data.uploading ) { #> 1643 1648 <div class="dimensions">{{ data.width }} × {{ data.height }}</div> 1644 1649 <# } #> 1650 <# if ( ! data.uploading ) { #> 1651 <div class="delete-attachment"> 1652 <a href="#"><?php _e( 'Delete Permanently' ); ?></a> 1653 </div> 1654 <# } #> 1645 1655 </div> 1646 1656 <div class="compat-meta"> 1647 1657 <# if ( data.compat && data.compat.meta ) { #> -
wp-includes/script-loader.php
322 322 $scripts->add( 'media-models', "/wp-includes/js/media-models$suffix.js", array( 'backbone', 'jquery' ), false, 1 ); 323 323 did_action( 'init' ) && $scripts->localize( 'media-models', '_wpMediaModelsL10n', array( 324 324 'settings' => array( 325 'saveAttachmentNonce' => wp_create_nonce( 'save-attachment' ),326 325 'ajaxurl' => admin_url( 'admin-ajax.php', 'relative' ), 327 326 ), 328 327 ) );