WordPress.org

Make WordPress Core

Changeset 28126


Ignore:
Timestamp:
04/15/2014 01:15:43 AM (6 years ago)
Author:
nacin
Message:

Theme Installer: Revert to proxying through PHP for WordPress.org API requests.

This is to ensure we have valid installation nonces, though we've run into this as a problem previously (see #27639, #27581, #27055).

A tad slower, but we gained speed in 3.9 by simplifying the request made to the API.

props ocean90.
fixes #27798.

Location:
trunk/src/wp-admin
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/admin-ajax.php

    r27419 r28126  
    5959    'query-attachments', 'save-attachment', 'save-attachment-compat', 'send-link-to-editor',
    6060    'send-attachment-to-editor', 'save-attachment-order', 'heartbeat', 'get-revision-diffs',
    61     'save-user-color-scheme', 'update-widget',
     61    'save-user-color-scheme', 'update-widget', 'query-themes',
    6262);
    6363
  • trunk/src/wp-admin/includes/ajax-actions.php

    r27823 r28126  
    22052205    wp_send_json_success();
    22062206}
     2207
     2208/**
     2209 * Get themes from themes_api().
     2210 *
     2211 * @since 3.9.0
     2212 */
     2213function wp_ajax_query_themes() {
     2214    global $themes_allowedtags, $theme_field_defaults;
     2215
     2216    if ( ! current_user_can( 'install_themes' ) ) {
     2217        wp_send_json_error();
     2218    }
     2219
     2220    $args = wp_parse_args( wp_unslash( $_REQUEST['request'] ), array(
     2221        'per_page' => 20,
     2222        'fields'   => $theme_field_defaults
     2223    ) );
     2224
     2225    $old_filter = isset( $args['browse'] ) ? $args['browse'] : 'search';
     2226
     2227    /** This filter is documented in wp-admin/includes/class-wp-theme-install-list-table.php */
     2228    $args = apply_filters( 'install_themes_table_api_args_' . $old_filter, $args );
     2229
     2230    $api = themes_api( 'query_themes', $args );
     2231
     2232    if ( is_wp_error( $api ) ) {
     2233        wp_send_json_error();
     2234    }
     2235
     2236    $update_php = self_admin_url( 'update.php?action=install-theme' );
     2237    foreach ( $api->themes as &$theme ) {
     2238        $theme->install_url = add_query_arg( array(
     2239            'theme'    => $theme->slug,
     2240            '_wpnonce' => wp_create_nonce( 'install-theme_' . $theme->slug )
     2241        ), $update_php );
     2242
     2243        $theme->name        = wp_kses( $theme->name, $themes_allowedtags );
     2244        $theme->author      = wp_kses( $theme->author, $themes_allowedtags );
     2245        $theme->version     = wp_kses( $theme->version, $themes_allowedtags );
     2246        $theme->description = wp_kses( $theme->description, $themes_allowedtags );
     2247        $theme->num_ratings = sprintf( _n( '(based on %s rating)', '(based on %s ratings)', $theme->num_ratings ), number_format_i18n( $theme->num_ratings ) );
     2248    }
     2249
     2250    wp_send_json_success( $api );
     2251}
  • trunk/src/wp-admin/includes/theme.php

    r28037 r28126  
    347347
    348348        if ( $ssl && is_wp_error( $request ) ) {
    349             trigger_error( __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server&#8217;s configuration. If you continue to have problems, please try the <a href="https://wordpress.org/support/">support forums</a>.' ) . ' ' . '(WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.)', headers_sent() || WP_DEBUG ? E_USER_WARNING : E_USER_NOTICE );
     349            if ( ! defined( 'DOING_AJAX' ) || ! DOING_AJAX ) {
     350                trigger_error( __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server&#8217;s configuration. If you continue to have problems, please try the <a href="https://wordpress.org/support/">support forums</a>.' ) . ' ' . '(WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.)', headers_sent() || WP_DEBUG ? E_USER_WARNING : E_USER_NOTICE );
     351            }
    350352            $request = wp_remote_post( $http_url, $args );
    351353        }
  • trunk/src/wp-admin/js/theme.js

    r28123 r28126  
    2323    // Map `id` to `slug` for shared code
    2424    initialize: function() {
    25         var install, description;
    26 
    27         // Install url for the theme
    28         // using the install nonce
    29         install = {
    30             action: 'install-theme',
    31             theme: this.get( 'slug' ),
    32             _wpnonce: themes.data.settings._nonceInstall
    33         };
    34 
    35         // Build the url query
    36         install = themes.data.settings.updateURI + '?' + $.param( install );
     25        var description;
    3726
    3827        // If theme is already installed, set an attribute.
     
    4332        // Set the attributes
    4433        this.set({
    45             installURI: ( this.get( 'slug' ) ) ? install : false,
    4634            // slug is for installation, id is for existing.
    4735            id: this.get( 'slug' ) || this.get( 'id' )
     
    226214    // When we are missing a cache object we fire an apiCall()
    227215    // which triggers events of `query:success` or `query:fail`
    228     query: function( request, action ) {
     216    query: function( request ) {
    229217        /**
    230218         * @static
     
    255243        // Otherwise, send a new API call and add it to the cache.
    256244        if ( ! query && ! isPaginated ) {
    257             query = this.apiCall( request, action ).done( function( data ) {
     245            query = this.apiCall( request ).done( function( data ) {
    258246
    259247                // Update the collection with the queried data.
     
    263251                    // Store the results and the query request
    264252                    queries.push( { themes: data.themes, request: request, total: count } );
    265 
    266                 } else if ( action ) {
    267                     self.reset( data );
    268                     count = 1;
    269                     self.trigger( 'query:theme' );
    270253                }
    271254
     
    285268            // If it's a paginated request we need to fetch more themes...
    286269            if ( isPaginated ) {
    287                 return this.apiCall( request, action, isPaginated ).done( function( data ) {
     270                return this.apiCall( request, isPaginated ).done( function( data ) {
    288271                    // Add the new themes to the current collection
    289272                    // @todo update counter
     
    311294            }
    312295
     296            this.reset( query.themes );
    313297            if ( ! query.total ) {
    314298                this.count = this.length;
    315299            }
    316300
    317             this.reset( query.themes );
    318301            this.trigger( 'update' );
     302            this.trigger( 'query:success', this.count );
    319303        }
    320304    },
     
    330314
    331315    // Send request to api.wordpress.org/themes
    332     apiCall: function( request, action, paginated ) {
    333 
    334         // Send tags (and fields) as comma-separated to keep the JSONP query string short.
    335         if ( request.tag && _.isArray( request.tag ) ) {
    336             request.tag = request.tag.join( ',' );
    337         }
    338 
    339         // Set request action
    340         if ( ! action ) {
    341             action = 'query_themes'
    342         }
    343 
    344         // JSONP request to .org API
    345         return $.ajax({
    346             url: 'https://api.wordpress.org/themes/info/1.1/?callback=?',
    347             dataType: 'jsonp',
    348             timeout: 15000, // 15 seconds
    349 
     316    apiCall: function( request, paginated ) {
     317        return wp.ajax.send( 'query-themes', {
     318            data: {
    350319            // Request data
    351             data: {
    352                 action: action,
    353320                request: _.extend({
    354                     per_page: 72,
    355                     fields: 'description,tested,requires,rating,downloaded,downloadLink,last_updated,homepage,num_ratings'
     321                    per_page: 100,
     322                    fields: {
     323                        description: true,
     324                        tested: true,
     325                        requires: true,
     326                        rating: true,
     327                        downloaded: true,
     328                        downloadLink: true,
     329                        last_updated: true,
     330                        homepage: true,
     331                        num_ratings: true
     332                    }
    356333                }, request)
    357334            },
     
    15681545    },
    15691546
    1570     backToFilters: function() {
     1547    backToFilters: function( event ) {
     1548        if ( event ) {
     1549            event.preventDefault();
     1550        }
     1551
    15711552        $( 'body' ).removeClass( 'filters-applied' );
    15721553    },
     
    16351616        // Queries the API for the passed theme slug
    16361617        themes.router.on( 'route:preview', function( slug ) {
    1637             request.slug = slug;
    1638             self.view.collection.query( request, 'theme_information' );
     1618            request.theme = slug;
     1619            self.view.collection.query( request );
    16391620        });
    16401621
  • trunk/src/wp-admin/theme-install.php

    r28123 r28126  
    4747        'canInstall'    => current_user_can( 'install_themes' ),
    4848        'installURI'    => current_user_can( 'install_themes' ) ? self_admin_url( 'theme-install.php' ) : null,
    49         'adminUrl'      => parse_url( self_admin_url(), PHP_URL_PATH ),
    50         'updateURI'     => self_admin_url( 'update.php' ),
    51         '_nonceInstall' => wp_create_nonce( 'install-theme' )
     49        'adminUrl'      => parse_url( self_admin_url(), PHP_URL_PATH )
    5250    ),
    5351    'l10n' => array(
     
    5755        'upload' => __( 'Upload Theme' ),
    5856        'back'   => __( 'Back' ),
    59         'error'  => sprintf( __( 'An unexpected error occurred and we can&#8127;t reach WordPress.org. If you continue to have problems, please try the <a href="%s">support forums</a>.' ), __( 'https://wordpress.org/support/' ) )
     57        'error'  => __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server&#8217;s configuration. If you continue to have problems, please try the <a href="https://wordpress.org/support/">support forums</a>.' )
    6058    ),
    6159    'installedThemes' => array_keys( $installed_themes ),
     
    200198
    201199    <div class="theme-actions">
    202         <a class="button button-primary" href="{{ data.installURI }}"><?php esc_html_e( 'Install' ); ?></a>
     200        <a class="button button-primary" href="{{ data.install_url }}"><?php esc_html_e( 'Install' ); ?></a>
    203201        <a class="button button-secondary preview install-theme-preview" href="#"><?php esc_html_e( 'Preview' ); ?></a>
    204202    </div>
     
    216214            <a href="#" class="button button-primary theme-install disabled"><?php _e( 'Installed' ); ?></a>
    217215        <# } else { #>
    218             <a href="{{ data.installURI }}" class="button button-primary theme-install"><?php _e( 'Install' ); ?></a>
     216            <a href="{{ data.install_url }}" class="button button-primary theme-install"><?php _e( 'Install' ); ?></a>
    219217        <# } #>
    220218        </div>
     
    234232                        <span class="five"></span>
    235233                    <# if ( data.num_ratings ) { #>
    236                         <p class="ratings">({{ data.num_ratings }})</p>
     234                        <p class="ratings">{{ data.num_ratings }}</p>
    237235                    <# } else { #>
    238236                        <p class="ratings"><?php _e( 'No ratings.' ); ?></p>
  • trunk/src/wp-admin/update.php

    r27499 r28126  
    203203        include_once ABSPATH . 'wp-admin/includes/theme-install.php'; //for themes_api..
    204204
    205         check_admin_referer( 'install-theme' );
     205        check_admin_referer( 'install-theme_' . $theme );
    206206        $api = themes_api('theme_information', array('slug' => $theme, 'fields' => array('sections' => false, 'tags' => false) ) ); //Save on a bit of bandwidth.
    207207
Note: See TracChangeset for help on using the changeset viewer.