Changeset 40704 for trunk/src/wp-includes/class-wp-customize-manager.php
- Timestamp:
- 05/16/2017 12:06:32 PM (8 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/class-wp-customize-manager.php
r40643 r40704 485 485 if ( ! preg_match( '/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/', $this->_changeset_uuid ) ) { 486 486 $this->wp_die( -1, __( 'Invalid changeset UUID' ) ); 487 } 488 489 /* 490 * Clear incoming post data if the user lacks a CSRF token (nonce). Note that the customizer 491 * application will inject the customize_preview_nonce query parameter into all Ajax requests. 492 * For similar behavior elsewhere in WordPress, see rest_cookie_check_errors() which logs out 493 * a user when a valid nonce isn't present. 494 */ 495 $has_post_data_nonce = ( 496 check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'nonce', false ) 497 || 498 check_ajax_referer( 'save-customize_' . $this->get_stylesheet(), 'nonce', false ) 499 || 500 check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'customize_preview_nonce', false ) 501 ); 502 if ( ! current_user_can( 'customize' ) || ! $has_post_data_nonce ) { 503 unset( $_POST['customized'] ); 504 unset( $_REQUEST['customized'] ); 487 505 } 488 506
Note: See TracChangeset
for help on using the changeset viewer.