WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/29/2013 01:31:44 AM (7 years ago)
Author:
azaozz
Message:

Nonce refresh:

  • Update the heartbeat nonce when refreshing nonces on the Edit Post screen.
  • After a user logs in from the auth-check dialog, speed up heatrbeat to check/refresh nonces on the Edit Post screen.
  • Speeding up heartbeat: bring back the setting how long it should last (how many ticks).
  • Add 'heartbeat-nonces-expired' jQuery event when nonces have expired and the user is logged in.

See #23295, see #23216.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/misc.php

    r24408 r24528  
    640640    if ( array_key_exists( 'wp-refresh-post-nonces', $data ) ) {
    641641        $received = $data['wp-refresh-post-nonces'];
     642        $response['wp-refresh-post-nonces'] = array( 'check' => 1 );
    642643
    643644        if ( ! $post_id = absint( $received['post_id'] ) )
    644645            return $response;
    645646
    646         if ( ! current_user_can('edit_post', $post_id) )
     647        if ( ! current_user_can( 'edit_post', $post_id ) || empty( $received['post_nonce'] ) )
    647648            return $response;
    648649
    649         if ( ! empty( $received['post_nonce'] ) && 2 === wp_verify_nonce( $received['post_nonce'], 'update-post_' . $post_id ) ) {
     650        if ( 2 === wp_verify_nonce( $received['post_nonce'], 'update-post_' . $post_id ) ) {
    650651            $response['wp-refresh-post-nonces'] = array(
    651                 'replace-autosavenonce' => wp_create_nonce('autosave'),
    652                 'replace-getpermalinknonce' => wp_create_nonce('getpermalink'),
    653                 'replace-samplepermalinknonce' => wp_create_nonce('samplepermalink'),
    654                 'replace-closedpostboxesnonce' => wp_create_nonce('closedpostboxes'),
    655                 'replace-_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ),
    656                 'replace-_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ),
     652                'replace' => array(
     653                    'autosavenonce' => wp_create_nonce('autosave'),
     654                    'getpermalinknonce' => wp_create_nonce('getpermalink'),
     655                    'samplepermalinknonce' => wp_create_nonce('samplepermalink'),
     656                    'closedpostboxesnonce' => wp_create_nonce('closedpostboxes'),
     657                    '_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ),
     658                    '_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ),
     659                ),
     660                'heartbeatNonce' => wp_create_nonce( 'heartbeat-nonce' ),
    657661            );
    658662        }
Note: See TracChangeset for help on using the changeset viewer.