WordPress.org

Make WordPress Core

Changeset 22212


Ignore:
Timestamp:
10/12/2012 04:02:45 PM (6 years ago)
Author:
koopersmith
Message:

Add a nonce to wp_ajax_save_attachment. see #21390, #21807.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/ajax-actions.php

    r22200 r22212  
    18341834        wp_send_json_error();
    18351835
     1836    check_ajax_referer( 'save-attachment', 'nonce' );
     1837
    18361838    if ( ! current_user_can( 'edit_post', $id ) )
    18371839        wp_send_json_error();
  • trunk/wp-includes/js/media-models.js

    r22173 r22212  
    22
    33(function($){
    4     var Attachment, Attachments, Query, compare;
     4    var Attachment, Attachments, Query, compare, l10n;
    55
    66    /**
     
    2020
    2121    _.extend( media, { model: {}, view: {}, controller: {} });
     22
     23    // Link any localized strings.
     24    l10n = media.model.l10n = _.isUndefined( _wpMediaModelsL10n ) ? {} : _wpMediaModelsL10n;
    2225
    2326    /**
     
    193196                options.data = _.extend( options.data || {}, {
    194197                    action: 'save-attachment',
    195                     id: this.id
     198                    id:     this.id,
     199                    nonce:  l10n.saveAttachmentNonce
    196200                });
    197201
  • trunk/wp-includes/script-loader.php

    r22182 r22212  
    316316
    317317    $scripts->add( 'media-models', "/wp-includes/js/media-models$suffix.js", array( 'backbone', 'jquery' ), false, 1 );
     318    did_action( 'init' ) && $scripts->localize( 'media-models', '_wpMediaModelsL10n', array(
     319        'saveAttachmentNonce' => wp_create_nonce( 'save-attachment' ),
     320    ) );
     321
    318322    $scripts->add( 'media-views',  "/wp-includes/js/media-views$suffix.js",  array( 'media-models', 'wp-plupload' ), false, 1 );
    319323    did_action( 'init' ) && $scripts->localize( 'media-views', '_wpMediaViewsL10n', array(
Note: See TracChangeset for help on using the changeset viewer.