Ticket #31294: 31294.5.diff
| File 31294.5.diff, 6.0 KB (added by , 5 years ago) |
|---|
-
src/wp-admin/js/customize-controls.js
2358 2358 2359 2359 messenger.targetWindow( iframe[0].contentWindow ); 2360 2360 2361 messenger.bind( 'login', function() { 2362 iframe.remove(); 2363 messenger.destroy(); 2364 delete previewer._login; 2365 deferred.resolve(); 2361 messenger.bind( 'login', function () { 2362 var refreshNonces = previewer.refreshNonces(); 2363 2364 refreshNonces.always( function() { 2365 iframe.remove(); 2366 messenger.destroy(); 2367 delete previewer._login; 2368 }); 2369 2370 refreshNonces.done( function() { 2371 deferred.resolve(); 2372 }); 2373 2374 refreshNonces.fail( function() { 2375 previewer.cheatin(); 2376 deferred.reject(); 2377 }); 2366 2378 }); 2367 2379 2368 2380 return this._login; … … 2370 2382 2371 2383 cheatin: function() { 2372 2384 $( document.body ).empty().addClass('cheatin').append( '<p>' + api.l10n.cheatin + '</p>' ); 2385 }, 2386 2387 refreshNonces: function() { 2388 var request, deferred = $.Deferred(); 2389 2390 deferred.promise(); 2391 2392 request = wp.ajax.post( 'customize_refresh_nonces', { 2393 wp_customize: 'on', 2394 theme: api.settings.theme.stylesheet 2395 }); 2396 2397 request.done( function( response ) { 2398 api.trigger( 'nonce-refresh', response ); 2399 deferred.resolve(); 2400 }); 2401 2402 request.fail( function() { 2403 deferred.reject(); 2404 }); 2405 2406 return deferred; 2373 2407 } 2374 2408 }); 2375 2409 … … 2538 2572 $.extend( this.nonce, nonce ); 2539 2573 }); 2540 2574 2575 // Refresh the nonces if login sends updated nonces over. 2576 api.bind( 'nonce-refresh', function( nonce ) { 2577 $.extend( api.settings.nonce, nonce ); 2578 $.extend( api.previewer.nonce, nonce ); 2579 }); 2580 2541 2581 // Create Settings 2542 2582 $.each( api.settings.settings, function( id, data ) { 2543 2583 api.create( id, id, data.value, { -
src/wp-admin/js/customize-widgets.js
1898 1898 sidebar_widgets: api.Widgets.SidebarControl 1899 1899 }); 1900 1900 1901 // Refresh the nonce if login sends updated nonces over. 1902 api.bind( 'nonce-refresh', function( nonces ) { 1903 api.Widgets.data.nonce = nonces['update-widget']; 1904 }); 1905 1901 1906 /** 1902 1907 * Init Customizer for widgets. 1903 1908 */ -
src/wp-includes/class-wp-customize-manager.php
91 91 92 92 add_filter( 'wp_die_handler', array( $this, 'wp_die_handler' ) ); 93 93 94 add_action( 'setup_theme', 95 add_action( 'wp_loaded', 94 add_action( 'setup_theme', array( $this, 'setup_theme' ) ); 95 add_action( 'wp_loaded', array( $this, 'wp_loaded' ) ); 96 96 97 97 // Run wp_redirect_status late to make sure we override the status last. 98 98 add_action( 'wp_redirect_status', array( $this, 'wp_redirect_status' ), 1000 ); … … 105 105 remove_action( 'admin_init', '_maybe_update_plugins' ); 106 106 remove_action( 'admin_init', '_maybe_update_themes' ); 107 107 108 add_action( 'wp_ajax_customize_save', array( $this, 'save' ) ); 108 add_action( 'wp_ajax_customize_save', array( $this, 'save' ) ); 109 add_action( 'wp_ajax_customize_refresh_nonces', array( $this, 'refresh_nonces' ) ); 109 110 110 111 add_action( 'customize_register', array( $this, 'register_controls' ) ); 111 112 add_action( 'customize_register', array( $this, 'register_dynamic_settings' ), 11 ); // allow code to create settings first … … 784 785 } 785 786 786 787 /** 788 * Refresh nonces for the current preview. 789 * 790 * @since 4.2.0 791 */ 792 public function refresh_nonces() { 793 if ( ! $this->is_preview() ) { 794 wp_send_json_error( 'not_preview' ); 795 } 796 797 $nonces = array( 798 'save' => wp_create_nonce( 'save-customize_' . $this->get_stylesheet() ), 799 'preview' => wp_create_nonce( 'preview-customize_' . $this->get_stylesheet() ), 800 ); 801 802 /** 803 * Filter nonces for a customize_refresh_nonces AJAX request. 804 * 805 * @since 4.2.0 806 * 807 * @param array $nonces Array of refreshed nonces for save and 808 * preview actions. 809 * @param WP_Customize_Manager $this WP_Customize_Manager instance. 810 */ 811 $nonces = apply_filters( 'customize_refresh_nonces', $nonces, $this ); 812 wp_send_json_success( $nonces ); 813 } 814 815 /** 787 816 * Add a customize setting. 788 817 * 789 818 * @since 3.4.0 -
src/wp-includes/class-wp-customize-widgets.php
95 95 add_action( 'customize_controls_print_footer_scripts', array( $this, 'print_footer_scripts' ) ); 96 96 add_action( 'customize_controls_print_footer_scripts', array( $this, 'output_widget_control_templates' ) ); 97 97 add_action( 'customize_preview_init', array( $this, 'customize_preview_init' ) ); 98 add_filter( 'customize_refresh_nonces', array( $this, 'refresh_nonces' ) ); 98 99 99 100 add_action( 'dynamic_sidebar', array( $this, 'tally_rendered_widgets' ) ); 100 101 add_filter( 'is_active_sidebar', array( $this, 'tally_sidebars_via_is_active_sidebar_calls' ), 10, 2 ); … … 889 890 } 890 891 891 892 /** 893 * Refresh nonce for widget updates. 894 * 895 * @since 4.2.0 896 * @access public 897 * 898 * @param array $nonces Array of nonces. 899 * @return array $nonces Array of nonces. 900 */ 901 public function refresh_nonces( $nonces ) { 902 $nonces['update-widget'] = wp_create_nonce( 'update-widget' ); 903 return $nonces; 904 } 905 906 /** 892 907 * When previewing, make sure the proper previewing widgets are used. 893 908 * 894 909 * Because wp_get_sidebars_widgets() gets called early at init