Ticket #31897: 31897.3.diff
File 31897.3.diff, 3.7 KB (added by , 9 years ago) |
---|
-
src/wp-admin/customize.php
55 55 wp_enqueue_script( 'customize-controls' ); 56 56 wp_enqueue_style( 'customize-controls' ); 57 57 58 // Setup heartbeat to keep nonces up to date. 59 wp_enqueue_script( 'heartbeat' ); 60 58 61 /** 59 62 * Enqueue Customizer control scripts. 60 63 * -
src/wp-admin/js/customize-controls.js
2946 2946 active: $.Deferred() 2947 2947 }; 2948 2948 2949 // When the heartbeat returns a refreshed nonce array, apply it. 2950 $( document ).on( 'heartbeat-tick.wp-refresh-nonces', function( e, data ) { 2951 if ( 'undefined' !== typeof data['wp-customize-nonces'] ) { 2952 api.trigger( 'nonce-refresh', data['wp-customize-nonces'] ); 2953 } 2954 } ); 2955 2956 // Attach our existing nonce to the heartbeat request, so it can be checked for expiration. 2957 $( document ).on( 'heartbeat-send.wp-refresh-nonces', function( e, data ) { 2958 data['wp-customize-nonces'] = api.settings.nonce; 2959 data['isCustomizer'] = true; 2960 } ); 2961 2949 2962 /* 2950 2963 * Wrap this.refresh to prevent it from hammering the servers: 2951 2964 * -
src/wp-includes/class-wp-customize-manager.php
304 304 305 305 // Export the settings to JS via the _wpCustomizeSettings variable. 306 306 add_action( 'customize_controls_print_footer_scripts', array( $this, 'customize_pane_settings' ), 1000 ); 307 308 // Refresh the customizer nonces using the hearbeat api. 309 add_filter( 'heartbeat_received', array( $this, 'wp_heartbeat_refresh_customizer_nonces' ), 10, 3 ); 310 add_filter( 'heartbeat_settings', array( $this, 'wp_heartbeat_settings_customizer_filter' ) ); 311 307 312 } 308 313 309 314 /** 315 * Filter heartbeat settings for the Customizer. 316 * 317 * @since 4.5.0 318 * 319 * @param array $settings Current settings to filter. 320 * @return array 321 */ 322 public function wp_heartbeat_settings_customizer_filter( $settings ) { 323 global $pagenow; 324 325 if ( 'customize.php' !== $pagenow ) { 326 return $settings; 327 } 328 $settings['screenId'] = 'customize'; 329 330 return $settings; 331 } 332 333 /** 334 * Return refreshed customizer nonces when needed. 335 * 336 * @since 4.5.0 337 * 338 * @param array $response The Heartbeat response. 339 * @param array $data The $_POST data sent. 340 * @param string $screen_id The screen id. 341 * @return array The Heartbeat response. 342 */ 343 function wp_heartbeat_refresh_customizer_nonces( $response, $data, $screen_id ) { 344 if ( array_key_exists( 'wp-customize-nonces', $data ) && current_user_can( 'customize' ) ) { 345 $received = $data['wp-customize-nonces']; 346 if ( 2 === wp_verify_nonce( $received['save'], 'save-customize_' . $this->get_stylesheet() ) ) { 347 $response['wp-customize-nonces'] = $this->get_nonces(); 348 } 349 } 350 351 return $response; 352 } 353 354 /** 310 355 * Return true if it's an AJAX request. 311 356 * 312 357 * @since 3.4.0 -
src/wp-includes/js/heartbeat.js
367 367 has_focus: settings.hasFocus 368 368 }; 369 369 370 if ( heartbeatData.isCustomizer ) { 371 ajaxData.wp_customize = 'on'; 372 delete ajaxData.data.isCustomizer; 373 } 374 370 375 settings.connecting = true; 371 376 settings.xhr = $.ajax({ 372 377 url: settings.url,