Changeset 33468

Timestamp:

07/28/2015 10:06:52 PM (10 years ago)

Author:

azaozz

Message:

Fix updating of nonces on the Edit Post screen after the log in expires and the user logs in again.
Props iseulde, azaozz. Fixes #33098.

Location:

trunk/src

Files:

• wp-admin/includes/admin-filters.php (modified) (1 diff)
• wp-admin/includes/ajax-actions.php (modified) (2 diffs)
• wp-admin/includes/misc.php (modified) (1 diff)
• wp-admin/js/post.js (modified) (1 diff)
• wp-includes/js/heartbeat.js (modified) (1 diff)

trunk/src/wp-admin/includes/admin-filters.php

@@ -59 +59 @@
 add_filter( 'heartbeat_received', 'wp_check_locked_posts',  10,  3 );
 add_filter( 'heartbeat_received', 'wp_refresh_post_lock',   10,  3 );
-add_filter( 'heartbeat_received', 'wp_refresh_post_nonces', 10,  3 );
+add_filter( 'wp_refresh_nonces', 'wp_refresh_post_nonces', 10,  3 );
 add_filter( 'heartbeat_received', 'heartbeat_autosave',     500, 2 );
 

trunk/src/wp-admin/includes/ajax-actions.php

@@ -2572 +2572 @@
  */
 function wp_ajax_heartbeat() {
-    if ( empty( $_POST['_nonce'] ) )
-        wp_send_json_error();
-
-    $response = array();
-
-    if ( false === wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' ) ) {
-        // User is logged in but nonces have expired.
-        $response['nonces_expired'] = true;
-        wp_send_json($response);
-    }
+    if ( empty( $_POST['_nonce'] ) ) {
+        wp_send_json_error();
+    }
+
+    $response = $data = array();
+    $nonce_state = wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' );
 
     // screen_id is the same as $current_screen->id and the JS global 'pagenow'.
-    if ( ! empty($_POST['screen_id']) )
+    if ( ! empty( $_POST['screen_id'] ) ) {
         $screen_id = sanitize_key($_POST['screen_id']);
-    else
+    } else {
         $screen_id = 'front';
-
-    if ( ! empty($_POST['data']) ) {
+    }
+
+    if ( ! empty( $_POST['data'] ) ) {
         $data = wp_unslash( (array) $_POST['data'] );
-
+    }
+
+    if ( 1 !== $nonce_state ) {
+        $response = apply_filters( 'wp_refresh_nonces', $response, $data, $screen_id );
+
+        if ( false === $nonce_state ) {
+            // User is logged in but nonces have expired.
+            $response['nonces_expired'] = true;
+            wp_send_json( $response );
+        }
+    }
+
+    if ( ! empty( $data ) ) {
         /**
          * Filter the Heartbeat response received.
@@ -2629 +2638 @@
     $response['server_time'] = time();
 
-    wp_send_json($response);
+    wp_send_json( $response );
 }
 

trunk/src/wp-admin/includes/misc.php

@@ -772 +772 @@
         $response['wp-refresh-post-nonces'] = array( 'check' => 1 );
 
-        if ( ! $post_id = absint( $received['post_id'] ) )
+        if ( ! $post_id = absint( $received['post_id'] ) ) {
             return $response;
-
-        if ( ! current_user_can( 'edit_post', $post_id ) || empty( $received['post_nonce'] ) )
+        }
+
+        if ( ! current_user_can( 'edit_post', $post_id ) ) {
             return $response;
-
-        if ( 2 === wp_verify_nonce( $received['post_nonce'], 'update-post_' . $post_id ) ) {
-            $response['wp-refresh-post-nonces'] = array(
-                'replace' => array(
-                    'getpermalinknonce' => wp_create_nonce('getpermalink'),
-                    'samplepermalinknonce' => wp_create_nonce('samplepermalink'),
-                    'closedpostboxesnonce' => wp_create_nonce('closedpostboxes'),
-                    '_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ),
-                    '_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ),
-                ),
-                'heartbeatNonce' => wp_create_nonce( 'heartbeat-nonce' ),
-            );
-        }
+        }
+
+        $response['wp-refresh-post-nonces'] = array(
+            'replace' => array(
+                'getpermalinknonce' => wp_create_nonce('getpermalink'),
+                'samplepermalinknonce' => wp_create_nonce('samplepermalink'),
+                'closedpostboxesnonce' => wp_create_nonce('closedpostboxes'),
+                '_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ),
+                '_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ),
+            ),
+            'heartbeatNonce' => wp_create_nonce( 'heartbeat-nonce' ),
+        );
     }
 

trunk/src/wp-admin/js/post.js

@@ -171 +171 @@
 
     $(document).on( 'heartbeat-send.wp-refresh-nonces', function( e, data ) {
-        var nonce, post_id;
-
-        if ( check ) {
-            if ( ( post_id = $('#post_ID').val() ) && ( nonce = $('#_wpnonce').val() ) ) {
+        var post_id,
+            $authCheck = $('#wp-auth-check-wrap');
+
+        if ( check || ( $authCheck.length && ! $authCheck.hasClass( 'hidden' ) ) ) {
+            if ( ( post_id = $('#post_ID').val() ) && $('#_wpnonce').val() ) {
                 data['wp-refresh-post-nonces'] = {
-                    post_id: post_id,
-                    post_nonce: nonce
+                    post_id: post_id
                 };
             }

trunk/src/wp-includes/js/heartbeat.js

@@ -390 +390 @@
                 if ( response.nonces_expired ) {
                     $document.trigger( 'heartbeat-nonces-expired' );
-                    return;
                 }