Make WordPress Core


Ignore:
Timestamp:
07/28/2015 10:06:52 PM (9 years ago)
Author:
azaozz
Message:

Fix updating of nonces on the Edit Post screen after the log in expires and the user logs in again.
Props iseulde, azaozz. Fixes #33098.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ajax-actions.php

    r33432 r33468  
    25722572 */
    25732573function wp_ajax_heartbeat() {
    2574     if ( empty( $_POST['_nonce'] ) )
    2575         wp_send_json_error();
    2576 
    2577     $response = array();
    2578 
    2579     if ( false === wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' ) ) {
    2580         // User is logged in but nonces have expired.
    2581         $response['nonces_expired'] = true;
    2582         wp_send_json($response);
    2583     }
     2574    if ( empty( $_POST['_nonce'] ) ) {
     2575        wp_send_json_error();
     2576    }
     2577
     2578    $response = $data = array();
     2579    $nonce_state = wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' );
    25842580
    25852581    // screen_id is the same as $current_screen->id and the JS global 'pagenow'.
    2586     if ( ! empty($_POST['screen_id']) )
     2582    if ( ! empty( $_POST['screen_id'] ) ) {
    25872583        $screen_id = sanitize_key($_POST['screen_id']);
    2588     else
     2584    } else {
    25892585        $screen_id = 'front';
    2590 
    2591     if ( ! empty($_POST['data']) ) {
     2586    }
     2587
     2588    if ( ! empty( $_POST['data'] ) ) {
    25922589        $data = wp_unslash( (array) $_POST['data'] );
    2593 
     2590    }
     2591
     2592    if ( 1 !== $nonce_state ) {
     2593        $response = apply_filters( 'wp_refresh_nonces', $response, $data, $screen_id );
     2594
     2595        if ( false === $nonce_state ) {
     2596            // User is logged in but nonces have expired.
     2597            $response['nonces_expired'] = true;
     2598            wp_send_json( $response );
     2599        }
     2600    }
     2601
     2602    if ( ! empty( $data ) ) {
    25942603        /**
    25952604         * Filter the Heartbeat response received.
     
    26292638    $response['server_time'] = time();
    26302639
    2631     wp_send_json($response);
     2640    wp_send_json( $response );
    26322641}
    26332642
Note: See TracChangeset for help on using the changeset viewer.