Ticket #31897: 31897.5.diff
File 31897.5.diff, 3.8 KB (added by , 8 years ago) |
---|
-
src/wp-admin/customize.php
74 74 wp_enqueue_script( 'customize-controls' ); 75 75 wp_enqueue_style( 'customize-controls' ); 76 76 77 // Setup heartbeat to keep nonces up to date. 78 wp_enqueue_script( 'heartbeat' ); 79 77 80 /** 78 81 * Enqueue Customizer control scripts. 79 82 * -
src/wp-admin/js/customize-controls.js
3652 3653 active: $.Deferred() 3653 3654 }; 3654 3655 3656 // When the heartbeat returns a refreshed nonce array, apply it. 3657 + $( document ).on( 'heartbeat-tick.wp-refresh-nonces', function( e, data ) { 3658 + if ( 'undefined' !== typeof data['wp-customize-nonces'] ) { 3659 + pi.trigger( 'nonce-refresh', data['wp-customize-nonces'] ); 3660 + } 3661 + } ); 3662 + 3663 + // Attach our existing nonce to the heartbeat request, so it can be checked for expiration. 3664 + $( document ).on( 'heartbeat-send.wp-refresh-nonces', function( e, data ) { 3665 + data['wp-customize-nonces'] = api.settings.nonce; 3666 + } ); 3667 3655 3668 // Debounce to prevent hammering server and then wait for any pending update requests. 3656 3669 previewer.refresh = _.debounce( 3657 3670 ( function( originalRefresh ) { -
src/wp-includes/class-wp-customize-manager.php
366 366 367 367 // Export the settings to JS via the _wpCustomizeSettings variable. 368 368 add_action( 'customize_controls_print_footer_scripts', array( $this, 'customize_pane_settings' ), 1000 ); 369 370 // Refresh the customizer nonces using the hearbeat api. 371 add_filter( 'heartbeat_received', array( $this, 'wp_heartbeat_refresh_customizer_nonces' ), 10, 3 ); 372 add_filter( 'heartbeat_settings', array( $this, 'wp_heartbeat_settings_customizer_filter' ) ); 369 373 } 374 /** 375 Filter heartbeat settings for the Customizer. 376 * 377 * @since 4.5.0 378 * 379 * @param array $settings Current settings to filter. 380 * @return array 381 */ 382 public function wp_heartbeat_settings_customizer_filter( $settings ) { 383 global $pagenow; 384 385 + if ( 'customize.php' !== $pagenow ) { 386 return $settings; 387 } 388 $settings['screenId'] = 'customize'; 370 389 390 return $settings; 391 } 392 + 371 393 /** 394 * Return refreshed customizer nonces when needed. 395 * 396 * @since 4.5.0 397 * 398 * @param array $response The Heartbeat response. 399 * @param array $data The $_POST data sent. 400 * @param string $screen_id The screen id. 401 * @return array The Heartbeat response. 402 */ 403 function wp_heartbeat_refresh_customizer_nonces( $response, $data, $screen_id ) { 404 if ( array_key_exists( 'wp-customize-nonces', $data ) && current_user_can( 'customize' ) ) { 405 $received = $data['wp-customize-nonces']; 406 if ( 2 === wp_verify_nonce( $received['save'], 'save-customize_' . $this->get_stylesheet() ) ) { 407 $response['wp-customize-nonces'] = $this->get_nonces(); 408 } 409 } 410 + 411 return $response; 412 } 413 + 414 /** 372 415 * Return true if it's an Ajax request. 373 416 * 374 417 * @since 3.4.0 -
src/wp-includes/js/heartbeat.js
367 367 has_focus: settings.hasFocus 368 368 }; 369 369 370 if ( 'customize' === settings.screenId ) { 371 ajaxData.wp_customize = 'on'; 372 } 373 370 374 settings.connecting = true; 371 375 settings.xhr = $.ajax({ 372 376 url: settings.url,