Ticket #31294: 31294.2.diff
File 31294.2.diff, 4.3 KB (added by , 6 years ago) |
---|
-
src/wp-admin/customize.php
diff --git src/wp-admin/customize.php src/wp-admin/customize.php index 51db8b3..2486b75 100644
do_action( 'customize_controls_print_scripts' ); 209 209 210 210 $login_url = add_query_arg( array( 211 211 'interim-login' => 1, 212 'customize-login' => 1 212 'customize-login' => 1, 213 'theme' => $wp_customize->get_stylesheet(), 213 214 ), wp_login_url() ); 214 215 215 216 // Prepare Customizer settings to pass to JavaScript. -
src/wp-admin/js/customize-controls.js
diff --git src/wp-admin/js/customize-controls.js src/wp-admin/js/customize-controls.js index d4acb7c..58d8cd9 100644
2334 2334 2335 2335 messenger.targetWindow( iframe[0].contentWindow ); 2336 2336 2337 messenger.bind( 'login', function() { 2337 messenger.bind( 'login', function ( params ) { 2338 $.extend( api.settings.nonce, params.nonce ); 2339 $.extend( previewer.nonce, params.nonce ); 2340 api.Widgets.data.nonce = params.nonce['update-widget']; 2341 2338 2342 iframe.remove(); 2339 2343 messenger.destroy(); 2340 2344 delete previewer._login; -
src/wp-login.php
diff --git src/wp-login.php src/wp-login.php index 62b182d..621a278 100644
case 'login' : 767 767 default: 768 768 $secure_cookie = ''; 769 769 $customize_login = isset( $_REQUEST['customize-login'] ); 770 if ( $customize_login ) 770 $customize_theme = null; 771 if ( $customize_login ) { 771 772 wp_enqueue_script( 'customize-base' ); 773 if ( ! empty( $_REQUEST['theme'] ) ) { 774 $customize_theme = wp_unslash( $_REQUEST['theme'] ); 775 } 776 } 772 777 773 778 // If the user wants ssl but the session is not ssl, force a secure cookie. 774 779 if ( !empty($_POST['log']) && !force_ssl_admin() ) { … … default: 792 797 793 798 $reauth = empty($_REQUEST['reauth']) ? false : true; 794 799 800 $GLOBALS['_wp_login_logged_in_cookie'] = null; 801 802 /** 803 * Workaround to obtain the LOGGED_IN_COOKIE when wp_signon() is called. 804 * 805 * @param string $cookie 806 * @private 807 */ 808 function _capture_wp_login_logged_in_cookie( $cookie ) { 809 $GLOBALS['_wp_login_logged_in_cookie'] = $cookie; 810 } 811 812 add_action( 'set_logged_in_cookie', '_capture_wp_login_logged_in_cookie' ); 795 813 $user = wp_signon( '', $secure_cookie ); 814 remove_action( 'set_logged_in_cookie', '_capture_wp_login_logged_in_cookie' ); 796 815 797 816 if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) { 798 817 if ( headers_sent() ) { … … default: 827 846 /** This action is documented in wp-login.php */ 828 847 do_action( 'login_footer' ); ?> 829 848 <?php if ( $customize_login ) : ?> 830 <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script> 849 <?php 850 $theme = wp_get_theme( $customize_theme ); 851 $messenger_login_params = array( 852 'url' => wp_customize_url(), 853 'channel' => 'login', 854 ); 855 $login_message = array(); 856 857 // Update Customizer nonces 858 if ( ! $theme->errors() ) { 859 /* 860 * Set the current user and auth cookie so that wp_create_nonce() will succeed; 861 * wp_signon() calls wp_set_auth_cookie() which deos not set $_COOKIE, and 862 * wp_create_nonce() calls wp_get_session_token() which calls wp_parse_auth_cookie() 863 * which expects the $_COOKIE to be set. 864 */ 865 wp_set_current_user( $user->ID ); 866 $_COOKIE[ LOGGED_IN_COOKIE ] = $GLOBALS['_wp_login_logged_in_cookie']; 867 $login_message['nonce'] = array( 868 'save' => wp_create_nonce( 'save-customize_' . $theme->get_stylesheet() ), 869 'preview' => wp_create_nonce( 'preview-customize_' . $theme->get_stylesheet() ), 870 'update-widget' => wp_create_nonce( 'update-widget' ), 871 ); 872 } 873 874 ?> 875 <script type="text/javascript"> 876 setTimeout( function () { 877 var messenger = new wp.customize.Messenger( <?php echo wp_json_encode( $messenger_login_params ) ?> ); 878 messenger.send( 'login', <?php echo wp_json_encode( $login_message ) ?> ); 879 }, 1000 ); 880 </script> 831 881 <?php endif; ?> 832 882 </body></html> 833 883 <?php exit; … … default: 918 968 <?php } ?> 919 969 <?php if ( $customize_login ) : ?> 920 970 <input type="hidden" name="customize-login" value="1" /> 971 <input type="hidden" name="theme" value="<?php echo esc_attr( $customize_theme ) ?>" /> 921 972 <?php endif; ?> 922 973 <input type="hidden" name="testcookie" value="1" /> 923 974 </p>