Ticket #31294: 31294.3.diff
| File 31294.3.diff, 5.1 KB (added by , 10 years ago) |
|---|
-
src/wp-admin/customize.php
216 216 217 217 $login_url = add_query_arg( array( 218 218 'interim-login' => 1, 219 'customize-login' => 1 219 'customize-login' => 1, 220 'theme' => $wp_customize->get_stylesheet(), 220 221 ), wp_login_url() ); 221 222 222 223 // Prepare Customizer settings to pass to JavaScript. -
src/wp-admin/js/customize-controls.js
2358 2358 2359 2359 messenger.targetWindow( iframe[0].contentWindow ); 2360 2360 2361 messenger.bind( 'login', function() { 2361 messenger.bind( 'login', function ( params ) { 2362 api.trigger( 'nonce-refresh', params.nonce ); 2363 2362 2364 iframe.remove(); 2363 2365 messenger.destroy(); 2364 2366 delete previewer._login; … … 2538 2540 $.extend( this.nonce, nonce ); 2539 2541 }); 2540 2542 2543 // Refresh the nonces if login sends updated nonces over. 2544 api.bind( 'nonce-refresh', function( nonce ) { 2545 $.extend( api.settings.nonce, nonce ); 2546 $.extend( api.previewer.nonce, nonce ); 2547 }); 2548 2541 2549 // Create Settings 2542 2550 $.each( api.settings.settings, function( id, data ) { 2543 2551 api.create( id, id, data.value, { -
src/wp-admin/js/customize-widgets.js
1898 1898 sidebar_widgets: api.Widgets.SidebarControl 1899 1899 }); 1900 1900 1901 // Refresh the nonces if login sends updated nonces over. 1902 api.bind( 'nonce-refresh', function( nonce ) { 1903 api.Widgets.data.nonce = nonce['update-widget']; 1904 }); 1905 1901 1906 /** 1902 1907 * Init Customizer for widgets. 1903 1908 */ -
src/wp-login.php
767 767 default: 768 768 $secure_cookie = ''; 769 769 $customize_login = isset( $_REQUEST['customize-login'] ); 770 if ( $customize_login ) 770 $customize_theme = null; 771 if ( $customize_login ) { 771 772 wp_enqueue_script( 'customize-base' ); 773 if ( ! empty( $_REQUEST['theme'] ) ) { 774 $customize_theme = wp_unslash( $_REQUEST['theme'] ); 775 } 776 } 772 777 773 778 // If the user wants ssl but the session is not ssl, force a secure cookie. 774 779 if ( !empty($_POST['log']) && !force_ssl_admin() ) { … … 792 797 793 798 $reauth = empty($_REQUEST['reauth']) ? false : true; 794 799 800 $GLOBALS['_wp_login_logged_in_cookie'] = null; 801 802 /** 803 * Workaround to obtain the LOGGED_IN_COOKIE when wp_signon() is called. 804 * 805 * @ignore 806 * @since 4.2.0 807 * 808 * @param string $cookie The logged-in cookie. 809 */ 810 function _capture_wp_login_logged_in_cookie( $cookie ) { 811 $GLOBALS['_wp_login_logged_in_cookie'] = $cookie; 812 } 813 814 add_action( 'set_logged_in_cookie', '_capture_wp_login_logged_in_cookie' ); 795 815 $user = wp_signon( '', $secure_cookie ); 816 remove_action( 'set_logged_in_cookie', '_capture_wp_login_logged_in_cookie' ); 796 817 797 818 if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) { 798 819 if ( headers_sent() ) { … … 827 848 /** This action is documented in wp-login.php */ 828 849 do_action( 'login_footer' ); ?> 829 850 <?php if ( $customize_login ) : ?> 830 <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script> 851 <?php 852 $theme = wp_get_theme( $customize_theme ); 853 $messenger_login_params = array( 854 'url' => wp_customize_url(), 855 'channel' => 'login', 856 ); 857 $login_message = array(); 858 859 // Update Customizer nonces 860 if ( ! $theme->errors() ) { 861 /* 862 * Set the current user and auth cookie so that wp_create_nonce() will succeed; 863 * wp_signon() calls wp_set_auth_cookie() which does not set $_COOKIE, and 864 * wp_create_nonce() calls wp_get_session_token() which calls wp_parse_auth_cookie() 865 * which expects the $_COOKIE to be set. 866 */ 867 wp_set_current_user( $user->ID ); 868 $_COOKIE[ LOGGED_IN_COOKIE ] = $GLOBALS['_wp_login_logged_in_cookie']; 869 $login_message['nonce'] = array( 870 'save' => wp_create_nonce( 'save-customize_' . $theme->get_stylesheet() ), 871 'preview' => wp_create_nonce( 'preview-customize_' . $theme->get_stylesheet() ), 872 'update-widget' => wp_create_nonce( 'update-widget' ), 873 ); 874 } 875 876 ?> 877 <script type="text/javascript"> 878 setTimeout( function () { 879 var messenger = new wp.customize.Messenger( <?php echo wp_json_encode( $messenger_login_params ); ?> ); 880 messenger.send( 'login', <?php echo wp_json_encode( $login_message ); ?> ); 881 }, 1000 ); 882 </script> 831 883 <?php endif; ?> 832 884 </body></html> 833 885 <?php exit; … … 924 976 <?php } ?> 925 977 <?php if ( $customize_login ) : ?> 926 978 <input type="hidden" name="customize-login" value="1" /> 979 <input type="hidden" name="theme" value="<?php echo esc_attr( $customize_theme ) ?>" /> 927 980 <?php endif; ?> 928 981 <input type="hidden" name="testcookie" value="1" /> 929 982 </p>