Ticket #31897: 31897.2.diff
File 31897.2.diff, 3.1 KB (added by , 9 years ago) |
---|
-
src/wp-admin/customize.php
55 55 wp_enqueue_script( 'customize-controls' ); 56 56 wp_enqueue_style( 'customize-controls' ); 57 57 58 // Setup heartbeat to keep nonces up to date. 59 wp_enqueue_script( 'heartbeat' ); 60 58 61 /** 59 62 * Enqueue Customizer control scripts. 60 63 * -
src/wp-admin/js/customize-controls.js
2946 2946 active: $.Deferred() 2947 2947 }; 2948 2948 2949 // When the heartbeat returns a refreshed nonce array, apply it. 2950 $( document ).on( 'heartbeat-tick.wp-refresh-nonces', function( e, data ) { 2951 if ( 'undefined' !== typeof data['wp-refresh-customizer-nonce'] ) { 2952 api.trigger( 'nonce-refresh', data['wp-refresh-customizer-nonce'] ); 2953 } 2954 } ); 2955 2956 // Attach our existing nonce to the heartbeat request, so it can be checked for expiration. 2957 $( document ).on( 'heartbeat-send.wp-refresh-nonces', function( e, data ) { 2958 data['wp-refresh-customizer-nonce'] = api.settings.nonce; 2959 data['isCustomizer'] = 'on'; 2960 } ); 2961 2949 2962 /* 2950 2963 * Wrap this.refresh to prevent it from hammering the servers: 2951 2964 * -
src/wp-includes/class-wp-customize-manager.php
304 304 305 305 // Export the settings to JS via the _wpCustomizeSettings variable. 306 306 add_action( 'customize_controls_print_footer_scripts', array( $this, 'customize_pane_settings' ), 1000 ); 307 308 // Customizer hooks: refresh the customizer nonces using the hearbeat api. 309 add_filter( 'heartbeat_received', array( $this, 'wp_refresh_customizer_nonces' ), 10, 3 ); 310 307 311 } 308 312 309 313 /** 314 * Return refreshed customizer nonces when needed. 315 * 316 * @since 4.5.0 317 */ 318 function wp_refresh_customizer_nonces( $response, $data, $screen_id ) { 319 if ( array_key_exists( 'wp-refresh-customizer-nonce', $data ) ) { 320 $received = $data['wp-refresh-customizer-nonce']; 321 if ( 2 === wp_verify_nonce( $received['save'], 'save-customize_' . $this->get_stylesheet() ) ) { 322 $response['wp-refresh-customizer-nonce'] = $this->get_nonces(); 323 } 324 } 325 326 return $response; 327 } 328 329 /** 310 330 * Return true if it's an AJAX request. 311 331 * 312 332 * @since 3.4.0 -
src/wp-includes/js/heartbeat.js
364 364 _nonce: typeof window.heartbeatSettings === 'object' ? window.heartbeatSettings.nonce : '', 365 365 action: 'heartbeat', 366 366 screen_id: settings.screenId, 367 has_focus: settings.hasFocus 367 has_focus: settings.hasFocus, 368 wp_customize: heartbeatData.isCustomizer 368 369 }; 369 370 370 371 settings.connecting = true;