Ticket #24447: 24447.2.patch
File 24447.2.patch, 7.8 KB (added by , 9 years ago) |
---|
-
src/wp-admin/includes/admin-filters.php
58 58 59 59 add_filter( 'heartbeat_received', 'wp_check_locked_posts', 10, 3 ); 60 60 add_filter( 'heartbeat_received', 'wp_refresh_post_lock', 10, 3 ); 61 add_filter( 'heartbeat_received', 'wp_refresh_post_nonces', 10, 3 );62 61 add_filter( 'heartbeat_received', 'heartbeat_autosave', 500, 2 ); 63 62 64 63 add_filter( 'heartbeat_settings', 'wp_heartbeat_set_suspension' ); -
src/wp-admin/includes/ajax-actions.php
2571 2571 * @since 3.6.0 2572 2572 */ 2573 2573 function wp_ajax_heartbeat() { 2574 if ( empty( $_POST['_nonce'] ) ) 2574 if ( empty( $_POST['_nonce'] ) ) { 2575 2575 wp_send_json_error(); 2576 } 2576 2577 2577 $response = array(); 2578 $response = $data = array(); 2579 $nonce_state = wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' ); 2580 $nonces = explode( ',', $_POST['nonces'] ); 2581 $screen_id = empty( $_POST['screen_id'] ) ? 'front' : sanitize_key( $_POST['screen_id'] ); 2578 2582 2579 if ( false === wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' ) ) { 2580 // User is logged in but nonces have expired. 2581 $response['nonces_expired'] = true; 2582 wp_send_json($response); 2583 if ( ! empty( $_POST['data'] ) ) { 2584 $data = wp_unslash( (array) $_POST['data'] ); 2583 2585 } 2584 2586 2585 // screen_id is the same as $current_screen->id and the JS global 'pagenow'. 2586 if ( ! empty($_POST['screen_id']) ) 2587 $screen_id = sanitize_key($_POST['screen_id']); 2588 else 2589 $screen_id = 'front'; 2587 // Send the current time according to the server. 2588 $response['server_time'] = time(); 2589 2590 // We're halfway the nonces' life, so refresh them. 2591 if ( 1 !== $nonce_state ) { 2592 if ( ! empty( $nonces ) ) { 2593 $response['nonces'] = array(); 2590 2594 2591 if ( ! empty($_POST['data']) ) { 2592 $data = wp_unslash( (array) $_POST['data'] ); 2595 foreach ( $nonces as $action ) { 2596 $response['nonces'][ $action ] = wp_create_nonce( $action ); 2597 } 2598 } 2599 2600 // If nonces expired, do not send anything else. 2601 if ( false === $nonce_state ) { 2602 wp_send_json( $response ); 2603 } 2604 } 2593 2605 2606 if ( ! empty( $data ) ) { 2594 2607 /** 2595 2608 * Filter the Heartbeat response received. 2596 2609 * … … 2625 2638 */ 2626 2639 do_action( 'heartbeat_tick', $response, $screen_id ); 2627 2640 2628 // Send the current time according to the server 2629 $response['server_time'] = time(); 2630 2631 wp_send_json($response); 2641 wp_send_json( $response ); 2632 2642 } 2633 2643 2634 2644 /** -
src/wp-admin/includes/misc.php
762 762 } 763 763 764 764 /** 765 * Check nonce expiration on the New/Edit Post screen and refresh if needed766 *767 * @since 3.6.0768 */769 function wp_refresh_post_nonces( $response, $data, $screen_id ) {770 if ( array_key_exists( 'wp-refresh-post-nonces', $data ) ) {771 $received = $data['wp-refresh-post-nonces'];772 $response['wp-refresh-post-nonces'] = array( 'check' => 1 );773 774 if ( ! $post_id = absint( $received['post_id'] ) )775 return $response;776 777 if ( ! current_user_can( 'edit_post', $post_id ) || empty( $received['post_nonce'] ) )778 return $response;779 780 if ( 2 === wp_verify_nonce( $received['post_nonce'], 'update-post_' . $post_id ) ) {781 $response['wp-refresh-post-nonces'] = array(782 'replace' => array(783 'getpermalinknonce' => wp_create_nonce('getpermalink'),784 'samplepermalinknonce' => wp_create_nonce('samplepermalink'),785 'closedpostboxesnonce' => wp_create_nonce('closedpostboxes'),786 '_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ),787 '_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ),788 ),789 'heartbeatNonce' => wp_create_nonce( 'heartbeat-nonce' ),790 );791 }792 }793 794 return $response;795 }796 797 /**798 765 * Disable suspension of Heartbeat on the Add/Edit Post screens. 799 766 * 800 767 * @since 3.8.0 -
src/wp-admin/js/post.js
160 160 161 161 }(jQuery)); 162 162 163 (function($) {164 var check, timeout;165 166 function schedule() {167 check = false;168 window.clearTimeout( timeout );169 timeout = window.setTimeout( function(){ check = true; }, 300000 );170 }171 172 $(document).on( 'heartbeat-send.wp-refresh-nonces', function( e, data ) {173 var nonce, post_id;174 175 if ( check ) {176 if ( ( post_id = $('#post_ID').val() ) && ( nonce = $('#_wpnonce').val() ) ) {177 data['wp-refresh-post-nonces'] = {178 post_id: post_id,179 post_nonce: nonce180 };181 }182 }183 }).on( 'heartbeat-tick.wp-refresh-nonces', function( e, data ) {184 var nonces = data['wp-refresh-post-nonces'];185 186 if ( nonces ) {187 schedule();188 189 if ( nonces.replace ) {190 $.each( nonces.replace, function( selector, value ) {191 $( '#' + selector ).val( value );192 });193 }194 195 if ( nonces.heartbeatNonce )196 window.heartbeatSettings.nonce = nonces.heartbeatNonce;197 }198 }).ready( function() {199 schedule();200 });201 }(jQuery));202 203 163 jQuery(document).ready( function($) { 204 164 var stamp, visibility, $submitButtons, updateVisibility, updateText, 205 165 sticky = '', -
src/wp-includes/functions.php
1380 1380 */ 1381 1381 function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) { 1382 1382 $name = esc_attr( $name ); 1383 $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />';1383 $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" data-nonce-action="' . $action . '" value="' . wp_create_nonce( $action ) . '" />'; 1384 1384 1385 1385 if ( $referer ) 1386 1386 $nonce_field .= wp_referer_field( false ); -
src/wp-includes/js/heartbeat.js
342 342 * @return void 343 343 */ 344 344 function connect() { 345 var ajaxData, heartbeatData; 345 var ajaxData, heartbeatData, 346 nonces = [ 'heartbeat-nonce' ]; 346 347 347 348 // If the connection to the server is slower than the interval, 348 349 // heartbeat connects as soon as the previous connection's response is received. … … 358 359 359 360 $document.trigger( 'heartbeat-send', [ heartbeatData ] ); 360 361 362 $( 'input[data-nonce-action]' ).each( function() { 363 nonces.push( $( this ).attr( 'data-nonce-action' ) ); 364 } ); 365 366 $document.trigger( 'heartbeat-send-nonces', [ nonces ] ); 367 361 368 ajaxData = { 362 369 data: heartbeatData, 363 370 interval: settings.tempInterval ? settings.tempInterval / 1000 : settings.mainInterval / 1000, 364 371 _nonce: typeof window.heartbeatSettings === 'object' ? window.heartbeatSettings.nonce : '', 365 372 action: 'heartbeat', 366 373 screen_id: settings.screenId, 367 has_focus: settings.hasFocus 374 has_focus: settings.hasFocus, 375 nonces: nonces.join( ',' ) 368 376 }; 369 377 370 378 settings.connecting = true; … … 387 395 388 396 clearErrorState(); 389 397 390 if ( response.nonces_expired ) { 391 $document.trigger( 'heartbeat-nonces-expired' ); 392 return; 398 if ( response.nonces ) { 399 window.heartbeatSettings.nonce = response.nonces['heartbeat-nonce']; 400 401 $.each( response.nonces, function( action, value ) { 402 $( 'input[data-nonce-action="' + action + '"]' ).val( value ); 403 } ); 404 405 $document.trigger( 'heartbeat-receive-nonces', [ response.nonces ] ); 406 407 delete response.nonces; 393 408 } 394 409 395 410 // Change the interval from PHP