WordPress.org

Make WordPress Core

Ticket #37569: 37569.2.diff

File 37569.2.diff, 3.6 KB (added by adamsilverstein, 3 years ago)
  • src/wp-admin/includes/admin-filters.php

    diff --git src/wp-admin/includes/admin-filters.php src/wp-admin/includes/admin-filters.php
    index 7f94480d02..9eb54874d0 100644
    add_filter( 'heartbeat_received', 'wp_check_locked_posts', 10, 3 ); 
    6363add_filter( 'heartbeat_received', 'wp_refresh_post_lock',   10,  3 );
    6464add_filter( 'wp_refresh_nonces', 'wp_refresh_post_nonces', 10,  3 );
    6565add_filter( 'heartbeat_received', 'heartbeat_autosave',     500, 2 );
     66add_filter( 'heartbeat_received', 'rest_refresh_nonce_on_heartbeat', 10,  2 );
    6667
    6768add_filter( 'heartbeat_settings', 'wp_heartbeat_set_suspension' );
    6869
  • new file src/wp-includes/js/wp-api-nonce.js

    diff --git src/wp-includes/js/wp-api-nonce.js src/wp-includes/js/wp-api-nonce.js
    new file mode 100644
    index 0000000000..b1ef0b3d6b
    - +  
     1jQuery( function ($) {
     2
     3        // Send the current core `wp_rest` nonce with each heartbeat.
     4        $( document ).on( 'heartbeat-send', function ( e, data ) {
     5                data['wp-refresh-rest-nonce'] = wp.api.endpoints.at(0).get( 'nonce' );
     6        });
     7
     8        // If a new nonce is returned with the heartbeat, update the core nonce.
     9        $( document ).on( 'heartbeat-tick', function ( e, data ) {
     10                if ( 'wp-refresh-rest-nonce' in data ) {
     11                        wp.api.endpoints.at(0).set( 'nonce', data['wp-refresh-rest-nonce'] );
     12                }
     13        });
     14});
  • src/wp-includes/rest-api.php

    diff --git src/wp-includes/rest-api.php src/wp-includes/rest-api.php
    index 06bb9f9f80..30a1530c94 100644
    function rest_cookie_check_errors( $result ) { 
    746746        return true;
    747747}
    748748
     749/**
     750 * Refresh the REST API nonce on heartbeat requests.
     751 *
     752 * @since 4.9
     753 *
     754 * @param array  $response  The Heartbeat response.
     755 * @param array  $data      The $_POST data sent.
     756 * @return array The Heartbeat response.
     757 */
     758function rest_refresh_nonce_on_heartbeat( $response, $data ) {
     759        if ( array_key_exists( 'wp-refresh-rest-nonce', $data ) ) {
     760
     761                // Are we in the second tick, meaning the nonce was generated between 12 and 24 hours ago?
     762                if ( 2 === wp_verify_nonce( $data['wp-refresh-rest-nonce'] ) ) {
     763
     764                        // Update nonce.
     765                        $response['wp-refresh-rest-nonce'] = wp_create_nonce( 'wp_rest' );
     766                }
     767        }
     768
     769        return $response;
     770}
     771
    749772/**
    750773 * Collects cookie authentication status.
    751774 *
  • src/wp-includes/script-loader.php

    diff --git src/wp-includes/script-loader.php src/wp-includes/script-loader.php
    index 7f6f6021d1..0a05041bf7 100644
    function wp_default_scripts( &$scripts ) { 
    505505                'ariaShow' => esc_attr__( 'Show password' ),
    506506                'ariaHide' => esc_attr__( 'Hide password' ),
    507507        ) );
     508        $scripts->add( 'wp-api-nonce', "/wp-includes/js/wp-api-nonce$suffix.js", array( 'jquery', 'heartbeat' ), false, 1 );
    508509
    509510        $scripts->add( 'language-chooser', "/wp-admin/js/language-chooser$suffix.js", array( 'jquery' ), false, 1 );
    510511
    function wp_default_scripts( &$scripts ) { 
    618619        $scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 );
    619620        $scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 );
    620621
    621         $scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request' ), false, 1 );
     622        $scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request', 'wp-api-nonce' ), false, 1 );
    622623
    623624        if ( is_admin() ) {
    624625                $scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array( 'jquery', 'wp-ajax-response' ), false, 1 );