Changeset 21135
- Timestamp:
- 06/26/2012 06:48:18 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/customize.php
r21069 r21135 8 8 */ 9 9 10 define( 'IFRAME_REQUEST', true ); 11 10 12 require_once( './admin.php' ); 11 13 if ( ! current_user_can( 'edit_theme_options' ) ) … … 66 68 <div class="wp-full-overlay expanded"> 67 69 <form id="customize-controls" class="wrap wp-full-overlay-sidebar"> 68 <?php wp_nonce_field( 'customize_controls-' . $wp_customize->get_stylesheet() ); ?>69 70 <div id="customize-header-actions" class="wp-full-overlay-header"> 70 71 <?php … … 176 177 'settings' => array(), 177 178 'controls' => array(), 179 'nonce' => array( 180 'save' => wp_create_nonce( 'save-customize_' . $wp_customize->get_stylesheet() ), 181 'preview' => wp_create_nonce( 'preview-customize_' . $wp_customize->get_stylesheet() ) 182 ), 178 183 ); 179 184 -
trunk/wp-admin/js/customize-controls.dev.js
r21071 r21135 295 295 deferred.promise( this ); 296 296 297 this.previewer = params.previewer; 297 this.container = params.container; 298 this.signature = params.signature; 298 299 299 300 $.extend( params, { channel: api.PreviewFrame.uuid() }); … … 339 340 this.request.done( function( response ) { 340 341 var location = self.request.getResponseHeader('Location'), 341 signature = 'WP_CUSTOMIZER_SIGNATURE',342 signature = self.signature, 342 343 index; 343 344 … … 372 373 373 374 // Create the iframe and inject the html content. 374 self.iframe = $('<iframe />').appendTo( self. previewer.container );375 self.iframe = $('<iframe />').appendTo( self.container ); 375 376 376 377 // Bind load event after the iframe has been added to the page; … … 417 418 418 419 iframe = $('<iframe src="' + self.previewUrl() + '" />').hide(); 419 iframe.appendTo( self. previewer.container );420 iframe.appendTo( self.container ); 420 421 iframe.load( function() { 421 422 self.triedLogin = true; … … 498 499 this.container = api.ensure( params.container ); 499 500 this.allowedUrls = params.allowedUrls; 501 this.signature = params.signature; 500 502 501 503 params.url = window.location.href; … … 571 573 previewUrl: this.previewUrl(), 572 574 query: this.query() || {}, 573 previewer: this 575 container: this.container, 576 signature: this.signature 574 577 }); 575 578 … … 584 587 self.targetWindow( this.targetWindow() ); 585 588 self.channel( this.channel() ); 589 590 self.send( 'active' ); 586 591 }); 587 592 … … 684 689 form: '#customize-controls', 685 690 previewUrl: api.settings.url.preview, 686 allowedUrls: api.settings.url.allowed 691 allowedUrls: api.settings.url.allowed, 692 signature: 'WP_CUSTOMIZER_SIGNATURE' 687 693 }, { 694 695 nonce: api.settings.nonce, 696 688 697 query: function() { 689 698 return { 690 699 wp_customize: 'on', 691 700 theme: api.settings.theme.stylesheet, 692 customized: JSON.stringify( api.get() ) 701 customized: JSON.stringify( api.get() ), 702 nonce: this.nonce.preview 693 703 }; 694 704 }, 695 696 nonce: $('#_wpnonce').val(),697 705 698 706 save: function() { … … 700 708 query = $.extend( this.query(), { 701 709 action: 'customize_save', 702 nonce: this.nonce 710 nonce: this.nonce.save 703 711 }), 704 712 request = $.post( api.settings.url.ajax, query ); … … 733 741 } 734 742 }); 743 744 // Refresh the nonces if the preview sends updated nonces over. 745 previewer.bind( 'nonce', function( nonce ) { 746 $.extend( this.nonce, nonce ); 747 }); 735 748 736 749 $.each( api.settings.settings, function( id, data ) { -
trunk/wp-includes/class-wp-customize-manager.php
r21131 r21135 18 18 protected $controls = array(); 19 19 20 protected $nonce_tick; 21 20 22 protected $customized; 21 23 … … 309 311 */ 310 312 public function customize_preview_init() { 313 $this->nonce_tick = check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'nonce' ); 314 311 315 $this->prepare_controls(); 312 316 … … 363 367 ); 364 368 369 if ( 2 == $this->nonce_tick ) { 370 $settings['nonce'] = array( 371 'save' => wp_create_nonce( 'save-customize_' . $this->get_stylesheet() ), 372 'preview' => wp_create_nonce( 'preview-customize_' . $this->get_stylesheet() ) 373 ); 374 } 375 365 376 foreach ( $this->settings as $id => $setting ) { 366 377 $settings['values'][ $id ] = $setting->js_value(); … … 469 480 die; 470 481 471 check_ajax_referer( ' customize_controls-' . $this->get_stylesheet(), 'nonce' );482 check_ajax_referer( 'save-customize_' . $this->get_stylesheet(), 'nonce' ); 472 483 473 484 // Do we have to switch themes? -
trunk/wp-includes/js/customize-preview.dev.js
r21054 r21135 89 89 }); 90 90 preview.send( 'synced' ); 91 }) 91 }); 92 93 preview.bind( 'active', function() { 94 if ( api.settings.nonce ) 95 preview.send( 'nonce', api.settings.nonce ); 96 }); 92 97 93 98 preview.send( 'ready' ); -
trunk/wp-login.php
r21031 r21135 40 40 */ 41 41 function login_header($title = 'Log In', $message = '', $wp_error = '') { 42 global $error, $interim_login, $current_site , $customize_login;42 global $error, $interim_login, $current_site; 43 43 44 44 // Don't index any of these forms … … 68 68 <meta name="viewport" content="width=320; initial-scale=0.9; maximum-scale=1.0; user-scalable=0;" /><?php 69 69 } 70 71 if ( $customize_login )72 wp_enqueue_script( 'customize-base' );73 70 74 71 do_action( 'login_enqueue_scripts' ); … … 569 566 $interim_login = isset($_REQUEST['interim-login']); 570 567 $customize_login = isset( $_REQUEST['customize-login'] ); 568 if ( $customize_login ) 569 wp_enqueue_script( 'customize-base' ); 571 570 572 571 // If the user wants ssl but the session is not ssl, force a secure cookie. … … 605 604 if ( $interim_login ) { 606 605 $message = '<p class="message">' . __('You have logged in successfully.') . '</p>'; 607 login_header( '', $message ); 608 609 if ( ! $customize_login ) : ?> 610 <script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script> 611 <p class="alignright"> 612 <input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p> 613 <?php endif; 614 615 ?></div><?php 616 617 do_action('login_footer'); 618 619 if ( $customize_login ) : ?> 606 login_header( '', $message ); ?> 607 608 <?php if ( ! $customize_login ) : ?> 609 <script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script> 610 <p class="alignright"> 611 <input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p> 612 <?php endif; ?> 613 </div> 614 <?php do_action( 'login_footer' ); ?> 615 <?php if ( $customize_login ) : ?> 620 616 <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script> 621 <?phpendif; ?>617 <?php endif; ?> 622 618 </body></html> 623 619 <?php exit;
Note: See TracChangeset
for help on using the changeset viewer.