diff --git src/wp-admin/includes/admin-filters.php src/wp-admin/includes/admin-filters.php
index 7f94480d02..9eb54874d0 100644
|
|
|
add_filter( 'heartbeat_received', 'wp_check_locked_posts', 10, 3 ); |
| 63 | 63 | add_filter( 'heartbeat_received', 'wp_refresh_post_lock', 10, 3 ); |
| 64 | 64 | add_filter( 'wp_refresh_nonces', 'wp_refresh_post_nonces', 10, 3 ); |
| 65 | 65 | add_filter( 'heartbeat_received', 'heartbeat_autosave', 500, 2 ); |
| | 66 | add_filter( 'heartbeat_received', 'rest_refresh_nonce_on_heartbeat', 10, 2 ); |
| 66 | 67 | |
| 67 | 68 | add_filter( 'heartbeat_settings', 'wp_heartbeat_set_suspension' ); |
| 68 | 69 | |
diff --git src/wp-includes/js/wp-api-nonce.js src/wp-includes/js/wp-api-nonce.js
new file mode 100644
index 0000000000..b1ef0b3d6b
|
-
|
+
|
|
| | 1 | jQuery( function ($) { |
| | 2 | |
| | 3 | // Send the current core `wp_rest` nonce with each heartbeat. |
| | 4 | $( document ).on( 'heartbeat-send', function ( e, data ) { |
| | 5 | data['wp-refresh-rest-nonce'] = wp.api.endpoints.at(0).get( 'nonce' ); |
| | 6 | }); |
| | 7 | |
| | 8 | // If a new nonce is returned with the heartbeat, update the core nonce. |
| | 9 | $( document ).on( 'heartbeat-tick', function ( e, data ) { |
| | 10 | if ( 'wp-refresh-rest-nonce' in data ) { |
| | 11 | wp.api.endpoints.at(0).set( 'nonce', data['wp-refresh-rest-nonce'] ); |
| | 12 | } |
| | 13 | }); |
| | 14 | }); |
diff --git src/wp-includes/rest-api.php src/wp-includes/rest-api.php
index 06bb9f9f80..30a1530c94 100644
|
|
|
function rest_cookie_check_errors( $result ) { |
| 746 | 746 | return true; |
| 747 | 747 | } |
| 748 | 748 | |
| | 749 | /** |
| | 750 | * Refresh the REST API nonce on heartbeat requests. |
| | 751 | * |
| | 752 | * @since 4.9 |
| | 753 | * |
| | 754 | * @param array $response The Heartbeat response. |
| | 755 | * @param array $data The $_POST data sent. |
| | 756 | * @return array The Heartbeat response. |
| | 757 | */ |
| | 758 | function rest_refresh_nonce_on_heartbeat( $response, $data ) { |
| | 759 | if ( array_key_exists( 'wp-refresh-rest-nonce', $data ) ) { |
| | 760 | |
| | 761 | // Are we in the second tick, meaning the nonce was generated between 12 and 24 hours ago? |
| | 762 | if ( 2 === wp_verify_nonce( $data['wp-refresh-rest-nonce'] ) ) { |
| | 763 | |
| | 764 | // Update nonce. |
| | 765 | $response['wp-refresh-rest-nonce'] = wp_create_nonce( 'wp_rest' ); |
| | 766 | } |
| | 767 | } |
| | 768 | |
| | 769 | return $response; |
| | 770 | } |
| | 771 | |
| 749 | 772 | /** |
| 750 | 773 | * Collects cookie authentication status. |
| 751 | 774 | * |
diff --git src/wp-includes/script-loader.php src/wp-includes/script-loader.php
index 7f6f6021d1..0a05041bf7 100644
|
|
|
function wp_default_scripts( &$scripts ) { |
| 505 | 505 | 'ariaShow' => esc_attr__( 'Show password' ), |
| 506 | 506 | 'ariaHide' => esc_attr__( 'Hide password' ), |
| 507 | 507 | ) ); |
| | 508 | $scripts->add( 'wp-api-nonce', "/wp-includes/js/wp-api-nonce$suffix.js", array( 'jquery', 'heartbeat' ), false, 1 ); |
| 508 | 509 | |
| 509 | 510 | $scripts->add( 'language-chooser', "/wp-admin/js/language-chooser$suffix.js", array( 'jquery' ), false, 1 ); |
| 510 | 511 | |
| … |
… |
function wp_default_scripts( &$scripts ) { |
| 618 | 619 | $scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 ); |
| 619 | 620 | $scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 ); |
| 620 | 621 | |
| 621 | | $scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request' |
| | 622 | $scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request', 'wp-api-nonce' ), false, 1 ); |
| 622 | 623 | |
| 623 | 624 | if ( is_admin() ) { |
| 624 | 625 | $scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array( 'jquery', 'wp-ajax-response' ), false, 1 ); |