Ticket #24131: 24131-2.patch
File 24131-2.patch, 6.2 KB (added by , 12 years ago) |
---|
-
wp-admin/includes/post.php
1212 1212 <?php 1213 1213 1214 1214 if ( $locked ) { 1215 $preview_ link = set_url_scheme( add_query_arg( 'preview', 'true', get_permalink( $post->ID ) ));1215 $preview_args = array( 'preview' => 'true' ); 1216 1216 1217 if ( 'publish' == $post->post_status || $user->ID != $post->post_author ) { 1218 // Latest content is in autosave 1219 $nonce = wp_create_nonce( 'post_preview_' . $post->ID ); 1220 $preview_link = add_query_arg( array( 'preview_id' => $post->ID, 'preview_nonce' => $nonce ), $preview_link ); 1221 } 1217 if ( 'publish' == $post->post_status || $user->ID != $post->post_author ) // Latest content is in autosave 1218 $preview_args['latest_changes'] = 'true'; 1222 1219 1223 $preview_link = apply_filters( 'preview_post_link', $preview_link);1220 $preview_link = apply_filters( 'preview_post_link', add_query_arg( $preview_args, get_permalink( $post->ID ) ) ); 1224 1221 $override = apply_filters( 'override_post_lock', true, $post, $user ); 1225 1222 $tab_last = $override ? '' : ' wp-tab-last'; 1226 1223 … … 1366 1363 } 1367 1364 1368 1365 $user_id = get_current_user_id(); 1366 $query_args = array( 'preview' => 'true' ); 1367 1369 1368 if ( 'draft' == $post->post_status && $user_id == $post->post_author ) { 1370 1369 $id = edit_post(); 1371 1370 } else { // Non drafts are not overwritten. The autosave is stored in a special post revision. 1372 1371 $id = wp_create_post_autosave( $post->ID ); 1373 if ( ! is_wp_error($id) ) 1372 if ( ! is_wp_error($id) ) { 1374 1373 $id = $post->ID; 1374 $query_args['latest_changes'] = 'true'; 1375 } 1375 1376 } 1376 1377 1377 1378 if ( is_wp_error($id) ) 1378 1379 wp_die( $id->get_error_message() ); 1379 1380 1380 if ( $_POST['post_status'] == 'draft' && $user_id == $post->post_author ) { 1381 $url = add_query_arg( 'preview', 'true', get_permalink($id) ); 1382 } else { 1383 $nonce = wp_create_nonce('post_preview_' . $id); 1384 $url = add_query_arg( array( 'preview' => 'true', 'preview_id' => $id, 'preview_nonce' => $nonce ), get_permalink($id) ); 1385 } 1386 1387 return apply_filters( 'preview_post_link', $url ); 1381 return apply_filters( 'preview_post_link', add_query_arg( $query_args, get_permalink($id) ) ); 1388 1382 } -
wp-includes/default-filters.php
277 277 add_action( 'template_redirect', 'wp_old_slug_redirect' ); 278 278 add_action( 'post_updated', 'wp_check_for_changed_slugs', 12, 3 ); 279 279 280 // Nonce check for Post Previews 281 add_action( 'init', '_show_post_preview' ); 280 // Post Previews 281 add_filter( 'the_preview', '_set_preview' ); 282 add_filter( 'preview_post_link', '_wp_add_preview_nonce', 5 ); 282 283 283 284 // Timezone 284 285 add_filter( 'pre_option_gmt_offset','wp_timezone_override_offset' ); -
wp-includes/query.php
2732 2732 } 2733 2733 } 2734 2734 2735 if ( $this->is_preview && $this->posts && current_user_can( $edit_cap, $this->posts[0]->ID ) ) 2736 $this->posts[0] = get_post( apply_filters_ref_array( 'the_preview', array( $this->posts[0], &$this ) ) ); 2735 if ( $this->is_preview && $this->posts && current_user_can( $edit_cap, $this->posts[0]->ID ) ) { 2736 if ( $the_preview = apply_filters( 'the_preview', $this->posts[0], $this ) ) 2737 $this->posts[0] = get_post( $the_preview ); 2738 else 2739 $this->posts = array(); 2740 } 2737 2741 } 2738 2742 2739 2743 // Put sticky posts at the top of the posts array -
wp-includes/revision.php
496 496 return (int) apply_filters( 'wp_revisions_to_keep', $num, $post ); 497 497 } 498 498 499 function _set_preview($post) { 499 /** 500 * Check the nonce for preview links. Overload the content 501 * wiht the latest autosave when 'latest_changes' is set. 502 * 503 * @access private 504 */ 505 function _set_preview( $post ) { 506 // Don't show a preview if the user is not coming from a 'preview' link in the admin 507 if ( empty( $_GET['preview_nonce'] ) || ! wp_verify_nonce( $_GET['preview_nonce'], 'post-preview' ) ) 508 return false; 500 509 501 if ( ! is_object($post) ) 502 return $post; 510 if ( isset($_GET['latest_changes']) ) { 511 if ( ! is_object($post) ) 512 return $post; 503 513 504 $preview = wp_get_post_autosave($post->ID);514 $preview = wp_get_post_autosave( $post->ID ); 505 515 506 if ( ! is_object($preview) )507 return $post;516 if ( ! is_object($preview) ) 517 return $post; 508 518 509 $preview = sanitize_post($preview);519 $preview = sanitize_post($preview); 510 520 511 $post->post_content = $preview->post_content;512 $post->post_title = $preview->post_title;513 $post->post_excerpt = $preview->post_excerpt;521 $post->post_content = $preview->post_content; 522 $post->post_title = $preview->post_title; 523 $post->post_excerpt = $preview->post_excerpt; 514 524 515 add_filter( 'get_post_metadata', '_wp_preview_meta_filter', 10, 4 ); 516 add_filter( 'get_the_terms', '_wp_preview_terms_filter', 10, 3 ); 525 add_filter( 'get_post_metadata', '_wp_preview_meta_filter', 10, 4 ); 526 add_filter( 'get_the_terms', '_wp_preview_terms_filter', 10, 3 ); 527 } 517 528 518 529 return $post; 519 530 } 520 531 521 function _show_post_preview() {522 523 if ( isset($_GET['preview_id']) && isset($_GET['preview_nonce']) ) {524 $id = (int) $_GET['preview_id'];525 526 if ( false == wp_verify_nonce( $_GET['preview_nonce'], 'post_preview_' . $id ) )527 wp_die( __('You do not have permission to preview drafts.') );528 529 add_filter('the_preview', '_set_preview');530 }531 }532 533 532 /** 534 533 * Filters post meta retrieval to get values from the actual autosave post, 535 534 * and not its parent. Filters revisioned meta keys only. … … 573 572 return $terms; 574 573 } 575 574 575 /** 576 * Add a nonce to all preview links. 577 * 578 * @since 3.6.0 579 * @access private 580 */ 581 function _wp_add_preview_nonce( $url ) { 582 static $nonce; 583 584 if ( ! $nonce ) 585 $nonce = wp_create_nonce('post-preview'); 586 587 return add_query_arg( 'preview_nonce', $nonce, $url ); 588 } 589 576 590 function _wp_get_post_revision_version( $revision ) { 577 591 if ( is_object( $revision ) ) 578 592 $revision = get_object_vars( $revision );