WordPress.org

Make WordPress Core

Changeset 22212


Ignore:
Timestamp:
10/12/12 16:02:45 (19 months ago)
Author:
koopersmith
Message:

Add a nonce to wp_ajax_save_attachment. see #21390, #21807.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/ajax-actions.php

    r22200 r22212  
    18341834        wp_send_json_error(); 
    18351835 
     1836    check_ajax_referer( 'save-attachment', 'nonce' ); 
     1837 
    18361838    if ( ! current_user_can( 'edit_post', $id ) ) 
    18371839        wp_send_json_error(); 
  • trunk/wp-includes/js/media-models.js

    r22173 r22212  
    22 
    33(function($){ 
    4     var Attachment, Attachments, Query, compare; 
     4    var Attachment, Attachments, Query, compare, l10n; 
    55 
    66    /** 
     
    2020 
    2121    _.extend( media, { model: {}, view: {}, controller: {} }); 
     22 
     23    // Link any localized strings. 
     24    l10n = media.model.l10n = _.isUndefined( _wpMediaModelsL10n ) ? {} : _wpMediaModelsL10n; 
    2225 
    2326    /** 
     
    193196                options.data = _.extend( options.data || {}, { 
    194197                    action: 'save-attachment', 
    195                     id: this.id 
     198                    id:     this.id, 
     199                    nonce:  l10n.saveAttachmentNonce 
    196200                }); 
    197201 
  • trunk/wp-includes/script-loader.php

    r22182 r22212  
    316316 
    317317    $scripts->add( 'media-models', "/wp-includes/js/media-models$suffix.js", array( 'backbone', 'jquery' ), false, 1 ); 
     318    did_action( 'init' ) && $scripts->localize( 'media-models', '_wpMediaModelsL10n', array( 
     319        'saveAttachmentNonce' => wp_create_nonce( 'save-attachment' ), 
     320    ) ); 
     321 
    318322    $scripts->add( 'media-views',  "/wp-includes/js/media-views$suffix.js",  array( 'media-models', 'wp-plupload' ), false, 1 ); 
    319323    did_action( 'init' ) && $scripts->localize( 'media-views', '_wpMediaViewsL10n', array( 
Note: See TracChangeset for help on using the changeset viewer.