WordPress.org

Make WordPress Core

Ticket #31897: 31897.diff

File 31897.diff, 3.4 KB (added by adamsilverstein, 4 years ago)
  • src/wp-admin/customize.php

     
    5555wp_enqueue_script( 'customize-controls' );
    5656wp_enqueue_style( 'customize-controls' );
    5757
     58// Setup heartbeat to keep nonces up to date.
     59wp_enqueue_script( 'heartbeat' );
     60
    5861/**
    5962 * Enqueue Customizer control scripts.
    6063 *
  • src/wp-admin/includes/admin-filters.php

     
    8080// Theme hooks.
    8181add_action( 'customize_controls_print_footer_scripts', 'customize_themes_print_templates' );
    8282
     83// Customizer hooks: refresh the customizer nonces using the hearbeat api.
     84add_filter( 'heartbeat_received', 'wp_refresh_customizer_nonces', 10,  3 );
     85
     86
    8387// Theme Install hooks.
    8488// add_action('install_themes_dashboard', 'install_themes_dashboard');
    8589// add_action('install_themes_upload', 'install_themes_upload', 10, 0);
  • src/wp-admin/includes/ajax-actions.php

     
    27072707                        wp_send_json( $response );
    27082708                }
    27092709        }
    2710 
    27112710        if ( ! empty( $data ) ) {
    27122711                /**
    27132712                 * Filter the Heartbeat response received.
  • src/wp-admin/includes/misc.php

     
    843843        return $response;
    844844}
    845845
     846        /**
     847         * Return refreshed customizer nonces when needed.
     848         *
     849         * @since 4.5.0
     850         */
     851function wp_refresh_customizer_nonces( $response, $data, $screen_id ) {
     852
     853        if ( array_key_exists( 'wp-refresh-customizer-nonce', $data ) ) {
     854
     855                // Bootstrap the customizer.
     856                require_once ABSPATH . WPINC . '/class-wp-customize-manager.php';
     857                $GLOBALS['wp_customize'] = new WP_Customize_Manager();
     858                $wp_customize            = $GLOBALS['wp_customize'];
     859
     860                $received = $data['wp-refresh-customizer-nonce'];
     861
     862                if ( 2 === wp_verify_nonce( $received['save'], 'save-customize_' . $wp_customize->get_stylesheet() ) ) {
     863                        $response['wp-refresh-customizer-nonce'] = $wp_customize->get_nonces();
     864                }
     865        }
     866
     867        return $response;
     868}
     869
    846870/**
    847871 * Disable suspension of Heartbeat on the Add/Edit Post screens.
    848872 *
  • src/wp-admin/js/customize-controls.js

     
    29462946                                active: $.Deferred()
    29472947                        };
    29482948
     2949                        // When the heartbeat returns a refreshed nonce array, apply it.
     2950                        $( document ).on( 'heartbeat-tick.wp-refresh-nonces', function( e, data ) {
     2951                                if ( 'undefined' !== typeof data['wp-refresh-customizer-nonce'] ) {
     2952                                        api.trigger( 'nonce-refresh', data['wp-refresh-customizer-nonce'] );
     2953                                }
     2954                        } );
     2955
     2956                        // Attach our existing nonce to the heartbeat request, so it can be checked for expiration.
     2957                        $( document ).on( 'heartbeat-send.wp-refresh-nonces', function( e, data ) {
     2958                                data['wp-refresh-customizer-nonce'] = api.settings.nonce;
     2959                        } );
     2960
    29492961                        /*
    29502962                         * Wrap this.refresh to prevent it from hammering the servers:
    29512963                         *