Make WordPress Core


Ignore:
Timestamp:
04/13/2013 12:41:15 AM (11 years ago)
Author:
azaozz
Message:

Post locks: make sure we never overwrite a draft when it's locked, clean up wp_ajax_autosave() and make wp-refresh-post-lock a bit more robust, see #23697

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/ajax-actions.php

    r23975 r23981  
    10641064
    10651065    if ( ! empty( $_POST['autosave'] ) ) {
    1066         // Drafts and auto-drafts are just overwritten by autosave for the same user
    1067         if ( get_current_user_id() == $post->post_author && ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) ) {
     1066        if ( ! wp_check_post_lock( $post->ID ) && get_current_user_id() == $post->post_author && ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) ) {
     1067            // Drafts and auto-drafts are just overwritten by autosave for the same user if the post is not locked
    10681068            $id = edit_post();
    1069         } else { // Non drafts are not overwritten. The autosave is stored in a special post revision for each user.
     1069        } else {
     1070            // Non drafts or other users drafts are not overwritten. The autosave is stored in a special post revision for each user.
    10701071            $revision_id = wp_create_post_autosave( $post->ID );
    10711072            if ( is_wp_error($revision_id) )
     
    10751076        }
    10761077
    1077         if ( is_wp_error($id) ) {
    1078             // is_wp_error($id) overwrites $data in WP_Ajax_Response but no point in doing wp_create_nonce('update-post_' . $id) below
    1079             // todo: Needs review. The errors generated in WP_Ajax_Response and parsed with wpAjax.parseAjaxResponse() haven't been used for many years.
    1080             $data = $id;
    1081             $id = 0;
    1082         } else {
     1078        // When is_wp_error($id), $id overwrites $data in WP_Ajax_Response
     1079        // todo: Needs review. The errors generated in WP_Ajax_Response and parsed with wpAjax.parseAjaxResponse() haven't been used for years.
     1080        if ( ! is_wp_error($id) ) {
    10831081            /* translators: draft saved date format, see http://php.net/date */
    10841082            $draft_saved_date_format = __('g:i:s a');
     
    10991097        $supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes');
    11001098        $supplemental['replace-_ajax_linking_nonce'] = wp_create_nonce( 'internal-linking' );
    1101         if ( $id )
    1102             $supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id);
     1099        $supplemental['replace-_wpnonce'] = wp_create_nonce( 'update-post_' . $post->ID );
    11031100    }
    11041101
     
    11061103        'what' => 'autosave',
    11071104        'id' => $id,
    1108         'data' => $id ? $data : '',
     1105        'data' => $data,
    11091106        'supplemental' => $supplemental
    11101107    ) );
     
    21302127
    21312128        // make sure the right revision is the most recent
    2132         if ( $compare_two_mode && $right_revision->post_date < $left_revision->post_date ) {
     2129        if ( $compare_two_mode && $right_revision->ID < $left_revision->ID ) {
    21332130            $temp = $left_revision;
    21342131            $left_revision = $right_revision;
Note: See TracChangeset for help on using the changeset viewer.