Make WordPress Core


Ignore:
Timestamp:
04/15/2014 01:15:43 AM (10 years ago)
Author:
nacin
Message:

Theme Installer: Revert to proxying through PHP for WordPress.org API requests.

This is to ensure we have valid installation nonces, though we've run into this as a problem previously (see #27639, #27581, #27055).

A tad slower, but we gained speed in 3.9 by simplifying the request made to the API.

props ocean90.
fixes #27798.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ajax-actions.php

    r27823 r28126  
    22052205    wp_send_json_success();
    22062206}
     2207
     2208/**
     2209 * Get themes from themes_api().
     2210 *
     2211 * @since 3.9.0
     2212 */
     2213function wp_ajax_query_themes() {
     2214    global $themes_allowedtags, $theme_field_defaults;
     2215
     2216    if ( ! current_user_can( 'install_themes' ) ) {
     2217        wp_send_json_error();
     2218    }
     2219
     2220    $args = wp_parse_args( wp_unslash( $_REQUEST['request'] ), array(
     2221        'per_page' => 20,
     2222        'fields'   => $theme_field_defaults
     2223    ) );
     2224
     2225    $old_filter = isset( $args['browse'] ) ? $args['browse'] : 'search';
     2226
     2227    /** This filter is documented in wp-admin/includes/class-wp-theme-install-list-table.php */
     2228    $args = apply_filters( 'install_themes_table_api_args_' . $old_filter, $args );
     2229
     2230    $api = themes_api( 'query_themes', $args );
     2231
     2232    if ( is_wp_error( $api ) ) {
     2233        wp_send_json_error();
     2234    }
     2235
     2236    $update_php = self_admin_url( 'update.php?action=install-theme' );
     2237    foreach ( $api->themes as &$theme ) {
     2238        $theme->install_url = add_query_arg( array(
     2239            'theme'    => $theme->slug,
     2240            '_wpnonce' => wp_create_nonce( 'install-theme_' . $theme->slug )
     2241        ), $update_php );
     2242
     2243        $theme->name        = wp_kses( $theme->name, $themes_allowedtags );
     2244        $theme->author      = wp_kses( $theme->author, $themes_allowedtags );
     2245        $theme->version     = wp_kses( $theme->version, $themes_allowedtags );
     2246        $theme->description = wp_kses( $theme->description, $themes_allowedtags );
     2247        $theme->num_ratings = sprintf( _n( '(based on %s rating)', '(based on %s ratings)', $theme->num_ratings ), number_format_i18n( $theme->num_ratings ) );
     2248    }
     2249
     2250    wp_send_json_success( $api );
     2251}
Note: See TracChangeset for help on using the changeset viewer.