Make WordPress Core

Changeset 27819


Ignore:
Timestamp:
03/28/2014 03:34:17 PM (8 years ago)
Author:
ocean90
Message:

Widget Customizer: Simplify nonces.

see #27534.

Location:
trunk/src
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/js/customize-widgets.js

    r27798 r27819  
    1010        OldPreviewer,
    1111        customize = wp.customize, self = {
    12         update_widget_ajax_action: null,
    13         update_widget_nonce_value: null,
    14         update_widget_nonce_post_key: null,
     12        nonce: null,
    1513        i18n: {
    1614            save_btn_label: '',
     
    12021200
    12031201            params = {};
    1204             params.action = self.update_widget_ajax_action;
     1202            params.action = 'update-widget';
    12051203            params.wp_customize = 'on';
    1206             params[self.update_widget_nonce_post_key] = self.update_widget_nonce_value;
     1204            params.nonce = self.nonce;
    12071205
    12081206            data = $.param( params );
  • trunk/src/wp-includes/class-wp-customize-widgets.php

    r27818 r27819  
    134134            $this->get_post_value( 'action' ) === 'update-widget'
    135135            &&
    136             check_ajax_referer( 'update-widget', 'update-widget-nonce', false )
     136            check_ajax_referer( 'update-widget', 'nonce', false )
    137137        );
    138138
     
    142142            $this->get_post_value( 'action' ) === 'customize_save'
    143143            &&
    144             check_ajax_referer( 'save-customize_' . $this->manager->get_stylesheet(), 'nonce' )
     144            check_ajax_referer( 'save-customize_' . $this->manager->get_stylesheet(), 'nonce', false )
    145145        );
    146146
     
    575575        global $wp_scripts;
    576576        $exports = array(
    577             'update_widget_ajax_action' => 'update-widget',
    578             'update_widget_nonce_value' => wp_create_nonce( 'update-widget' ),
    579             'update_widget_nonce_post_key' => 'update-widget-nonce',
     577            'nonce' => wp_create_nonce( 'update-widget' ),
    580578            'registered_sidebars' => array_values( $GLOBALS['wp_registered_sidebars'] ),
    581579            'registered_widgets' => $GLOBALS['wp_registered_widgets'],
     
    11601158        }
    11611159
    1162         check_ajax_referer( 'update-widget', 'update-widget-nonce' );
     1160        check_ajax_referer( 'update-widget', 'nonce' );
    11631161
    11641162        if ( ! current_user_can( 'edit_theme_options' ) ) {
     
    11691167            wp_send_json_error();
    11701168        }
    1171 
    1172         unset( $_POST['update-widget-nonce'], $_POST['action'] );
    11731169
    11741170        do_action( 'load-widgets.php' );
Note: See TracChangeset for help on using the changeset viewer.