WordPress.org

Make WordPress Core

Changeset 33468


Ignore:
Timestamp:
07/28/2015 10:06:52 PM (5 years ago)
Author:
azaozz
Message:

Fix updating of nonces on the Edit Post screen after the log in expires and the user logs in again.
Props iseulde, azaozz. Fixes #33098.

Location:
trunk/src
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/admin-filters.php

    r33011 r33468  
    5959add_filter( 'heartbeat_received', 'wp_check_locked_posts',  10,  3 );
    6060add_filter( 'heartbeat_received', 'wp_refresh_post_lock',   10,  3 );
    61 add_filter( 'heartbeat_received', 'wp_refresh_post_nonces', 10,  3 );
     61add_filter( 'wp_refresh_nonces', 'wp_refresh_post_nonces', 10,  3 );
    6262add_filter( 'heartbeat_received', 'heartbeat_autosave',     500, 2 );
    6363
  • trunk/src/wp-admin/includes/ajax-actions.php

    r33432 r33468  
    25722572 */
    25732573function wp_ajax_heartbeat() {
    2574     if ( empty( $_POST['_nonce'] ) )
    2575         wp_send_json_error();
    2576 
    2577     $response = array();
    2578 
    2579     if ( false === wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' ) ) {
    2580         // User is logged in but nonces have expired.
    2581         $response['nonces_expired'] = true;
    2582         wp_send_json($response);
    2583     }
     2574    if ( empty( $_POST['_nonce'] ) ) {
     2575        wp_send_json_error();
     2576    }
     2577
     2578    $response = $data = array();
     2579    $nonce_state = wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' );
    25842580
    25852581    // screen_id is the same as $current_screen->id and the JS global 'pagenow'.
    2586     if ( ! empty($_POST['screen_id']) )
     2582    if ( ! empty( $_POST['screen_id'] ) ) {
    25872583        $screen_id = sanitize_key($_POST['screen_id']);
    2588     else
     2584    } else {
    25892585        $screen_id = 'front';
    2590 
    2591     if ( ! empty($_POST['data']) ) {
     2586    }
     2587
     2588    if ( ! empty( $_POST['data'] ) ) {
    25922589        $data = wp_unslash( (array) $_POST['data'] );
    2593 
     2590    }
     2591
     2592    if ( 1 !== $nonce_state ) {
     2593        $response = apply_filters( 'wp_refresh_nonces', $response, $data, $screen_id );
     2594
     2595        if ( false === $nonce_state ) {
     2596            // User is logged in but nonces have expired.
     2597            $response['nonces_expired'] = true;
     2598            wp_send_json( $response );
     2599        }
     2600    }
     2601
     2602    if ( ! empty( $data ) ) {
    25942603        /**
    25952604         * Filter the Heartbeat response received.
     
    26292638    $response['server_time'] = time();
    26302639
    2631     wp_send_json($response);
     2640    wp_send_json( $response );
    26322641}
    26332642
  • trunk/src/wp-admin/includes/misc.php

    r32672 r33468  
    772772        $response['wp-refresh-post-nonces'] = array( 'check' => 1 );
    773773
    774         if ( ! $post_id = absint( $received['post_id'] ) )
     774        if ( ! $post_id = absint( $received['post_id'] ) ) {
    775775            return $response;
    776 
    777         if ( ! current_user_can( 'edit_post', $post_id ) || empty( $received['post_nonce'] ) )
     776        }
     777
     778        if ( ! current_user_can( 'edit_post', $post_id ) ) {
    778779            return $response;
    779 
    780         if ( 2 === wp_verify_nonce( $received['post_nonce'], 'update-post_' . $post_id ) ) {
    781             $response['wp-refresh-post-nonces'] = array(
    782                 'replace' => array(
    783                     'getpermalinknonce' => wp_create_nonce('getpermalink'),
    784                     'samplepermalinknonce' => wp_create_nonce('samplepermalink'),
    785                     'closedpostboxesnonce' => wp_create_nonce('closedpostboxes'),
    786                     '_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ),
    787                     '_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ),
    788                 ),
    789                 'heartbeatNonce' => wp_create_nonce( 'heartbeat-nonce' ),
    790             );
    791         }
     780        }
     781
     782        $response['wp-refresh-post-nonces'] = array(
     783            'replace' => array(
     784                'getpermalinknonce' => wp_create_nonce('getpermalink'),
     785                'samplepermalinknonce' => wp_create_nonce('samplepermalink'),
     786                'closedpostboxesnonce' => wp_create_nonce('closedpostboxes'),
     787                '_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ),
     788                '_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ),
     789            ),
     790            'heartbeatNonce' => wp_create_nonce( 'heartbeat-nonce' ),
     791        );
    792792    }
    793793
  • trunk/src/wp-admin/js/post.js

    r33352 r33468  
    171171
    172172    $(document).on( 'heartbeat-send.wp-refresh-nonces', function( e, data ) {
    173         var nonce, post_id;
    174 
    175         if ( check ) {
    176             if ( ( post_id = $('#post_ID').val() ) && ( nonce = $('#_wpnonce').val() ) ) {
     173        var post_id,
     174            $authCheck = $('#wp-auth-check-wrap');
     175
     176        if ( check || ( $authCheck.length && ! $authCheck.hasClass( 'hidden' ) ) ) {
     177            if ( ( post_id = $('#post_ID').val() ) && $('#_wpnonce').val() ) {
    177178                data['wp-refresh-post-nonces'] = {
    178                     post_id: post_id,
    179                     post_nonce: nonce
     179                    post_id: post_id
    180180                };
    181181            }
  • trunk/src/wp-includes/js/heartbeat.js

    r30293 r33468  
    390390                if ( response.nonces_expired ) {
    391391                    $document.trigger( 'heartbeat-nonces-expired' );
    392                     return;
    393392                }
    394393
Note: See TracChangeset for help on using the changeset viewer.