WordPress.org

Make WordPress Core

Changeset 24528


Ignore:
Timestamp:
06/29/2013 01:31:44 AM (5 years ago)
Author:
azaozz
Message:

Nonce refresh:

  • Update the heartbeat nonce when refreshing nonces on the Edit Post screen.
  • After a user logs in from the auth-check dialog, speed up heatrbeat to check/refresh nonces on the Edit Post screen.
  • Speeding up heartbeat: bring back the setting how long it should last (how many ticks).
  • Add 'heartbeat-nonces-expired' jQuery event when nonces have expired and the user is logged in.

See #23295, see #23216.

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/ajax-actions.php

    r24520 r24528  
    20552055
    20562056function wp_ajax_heartbeat() {
    2057     check_ajax_referer( 'heartbeat-nonce', '_nonce' );
     2057    if ( empty( $_POST['_nonce'] ) )
     2058        wp_send_json_error();
     2059
    20582060    $response = array();
     2061
     2062    if ( false === wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' ) ) {
     2063        // User is logged in but nonces have expired.
     2064        $response['nonces_expired'] = true;
     2065        wp_send_json($response);
     2066    }
    20592067
    20602068    // screen_id is the same as $current_screen->id and the JS global 'pagenow'
     
    20772085    do_action( 'heartbeat_tick', $response, $screen_id );
    20782086
    2079     // send the current time acording to the server
     2087    // Send the current time acording to the server
    20802088    $response['server_time'] = time();
    20812089
  • trunk/wp-admin/includes/misc.php

    r24408 r24528  
    640640    if ( array_key_exists( 'wp-refresh-post-nonces', $data ) ) {
    641641        $received = $data['wp-refresh-post-nonces'];
     642        $response['wp-refresh-post-nonces'] = array( 'check' => 1 );
    642643
    643644        if ( ! $post_id = absint( $received['post_id'] ) )
    644645            return $response;
    645646
    646         if ( ! current_user_can('edit_post', $post_id) )
     647        if ( ! current_user_can( 'edit_post', $post_id ) || empty( $received['post_nonce'] ) )
    647648            return $response;
    648649
    649         if ( ! empty( $received['post_nonce'] ) && 2 === wp_verify_nonce( $received['post_nonce'], 'update-post_' . $post_id ) ) {
     650        if ( 2 === wp_verify_nonce( $received['post_nonce'], 'update-post_' . $post_id ) ) {
    650651            $response['wp-refresh-post-nonces'] = array(
    651                 'replace-autosavenonce' => wp_create_nonce('autosave'),
    652                 'replace-getpermalinknonce' => wp_create_nonce('getpermalink'),
    653                 'replace-samplepermalinknonce' => wp_create_nonce('samplepermalink'),
    654                 'replace-closedpostboxesnonce' => wp_create_nonce('closedpostboxes'),
    655                 'replace-_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ),
    656                 'replace-_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ),
     652                'replace' => array(
     653                    'autosavenonce' => wp_create_nonce('autosave'),
     654                    'getpermalinknonce' => wp_create_nonce('getpermalink'),
     655                    'samplepermalinknonce' => wp_create_nonce('samplepermalink'),
     656                    'closedpostboxesnonce' => wp_create_nonce('closedpostboxes'),
     657                    '_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ),
     658                    '_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ),
     659                ),
     660                'heartbeatNonce' => wp_create_nonce( 'heartbeat-nonce' ),
    657661            );
    658662        }
  • trunk/wp-admin/js/post.js

    r24414 r24528  
    317317        check = false;
    318318        window.clearTimeout( timeout );
    319         timeout = window.setTimeout( function(){ check = 1; }, 3600000 );
     319        timeout = window.setTimeout( function(){ check = true; }, 300000 );
    320320    }
    321321
     
    330330                };
    331331            }
    332             check = 2;
    333332        }
    334333    }).on( 'heartbeat-tick.wp-refresh-nonces', function( e, data ) {
    335         if ( check === 2 )
     334        var nonces = data['wp-refresh-post-nonces'];
     335
     336        if ( nonces ) {
    336337            schedule();
    337338
    338         if ( data['wp-refresh-post-nonces'] ) {
    339             $.each( data['wp-refresh-post-nonces'], function( selector, value ) {
    340                 if ( selector.match(/^replace-/) )
    341                     $( '#' + selector.replace('replace-', '') ).val( value );
    342             });
     339            if ( nonces.replace ) {
     340                $.each( nonces.replace, function( selector, value ) {
     341                    $( '#' + selector ).val( value );
     342                });
     343            }
     344
     345            if ( nonces.heartbeatNonce )
     346                window.heartbeatSettings.nonce = nonces.heartbeatNonce;
    343347        }
    344348    }).ready( function() {
  • trunk/wp-includes/js/heartbeat.js

    r24406 r24528  
    1111            running,
    1212            beat,
    13             nonce,
    1413            screenId = typeof pagenow != 'undefined' ? pagenow : '',
    1514            url = typeof ajaxurl != 'undefined' ? ajaxurl : '',
     
    3130        this.connectionLost = false;
    3231
    33         if ( typeof( window.heartbeatSettings ) != 'undefined' ) {
    34             settings = window.heartbeatSettings;
     32        if ( typeof( window.heartbeatSettings ) == 'object' ) {
     33            settings = $.extend( {}, window.heartbeatSettings );
    3534
    3635            // Add private vars
    37             nonce = settings.nonce || '';
    38             delete settings.nonce;
    39 
    4036            url = settings.ajaxurl || url;
    4137            delete settings.ajaxurl;
     38            delete settings.nonce;
    4239
    4340            interval = settings.interval || 15; // default interval
     
    121118
    122119        function connect() {
    123             var send = {}, data, i, empty = true;
     120            var send = {}, data, i, empty = true,
     121            nonce = typeof window.heartbeatSettings == 'object' ? window.heartbeatSettings.nonce : '';
    124122            tick = time();
    125123
     
    168166                if ( self.connectionLost )
    169167                    errorstate();
     168
     169                if ( response.nonces_expired ) {
     170                    $(document).trigger( 'heartbeat-nonces-expired' );
     171                    return;
     172                }
    170173
    171174                // Change the interval from PHP
     
    335338         *
    336339         * @param string speed Interval speed: 'fast' (5sec), 'standard' (15sec) default, 'slow' (60sec)
     340         * @param string ticks Used with speed = 'fast', how many ticks before the speed reverts back
    337341         * @return int Current interval in seconds
    338342         */
    339         this.interval = function( speed ) {
     343        this.interval = function( speed, ticks ) {
    340344            var reset, seconds;
     345            ticks = parseInt( ticks, 10 ) || 30;
     346            ticks = ticks < 1 || ticks > 30 ? 30 : ticks;
    341347
    342348            if ( speed ) {
     
    344350                    case 'fast':
    345351                        seconds = 5;
    346                         countdown = 30;
     352                        countdown = ticks;
    347353                        break;
    348354                    case 'slow':
  • trunk/wp-includes/js/wp-auth-check.js

    r24273 r24528  
    11// Interim login dialog
    22(function($){
    3     var wrap, check, timeout;
     3    var wrap, check, scheduleTimeout, hideTimeout;
    44
    55    function show() {
     
    3333                        parent.find('.wp-auth-check-close').show();
    3434                        wrap.data('logged-in', 1);
    35                         setTimeout( function() { hide(); }, 3000 );
     35                        hideTimeout = setTimeout( function() { hide(); }, 3000 );
    3636                    }
    3737
     
    6363    function hide() {
    6464        $(window).off( 'beforeunload.wp-auth-check' );
     65        window.clearTimeout( hideTimeout );
     66
     67        // When on the Edit Post screen, speed up heartbeat after the user logs in to quickly refresh nonces
     68        if ( typeof adminpage != 'undefined' && ( adminpage == 'post-php' || adminpage == 'post-new-php' )
     69             && typeof wp != 'undefined' && wp.heartbeat ) {
     70
     71            wp.heartbeat.interval( 'fast', 1 );
     72        }
    6573
    6674        wrap.fadeOut( 200, function() {
     
    7280    function schedule() {
    7381        check = false;
    74         window.clearTimeout( timeout );
    75         timeout = window.setTimeout( function(){ check = 1; }, 180000 ); // 3 min.
     82        window.clearTimeout( scheduleTimeout );
     83        scheduleTimeout = window.setTimeout( function(){ check = 1; }, 300000 ); // 5 min.
    7684    }
    7785
Note: See TracChangeset for help on using the changeset viewer.