Changeset 40705
- Timestamp:
- 05/16/2017 12:13:07 PM (8 years ago)
- Location:
- branches/4.7
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.7
-
branches/4.7/src/wp-admin/customize.php
r40369 r40705 156 156 <div class="accordion-section-title"> 157 157 <span class="preview-notice"><?php 158 echo sprintf( __( 'You are customizing %s' ), '<strong class="panel-title site-title">' . get_bloginfo( 'name' ) . '</strong>' );158 echo sprintf( __( 'You are customizing %s' ), '<strong class="panel-title site-title">' . get_bloginfo( 'name', 'display' ) . '</strong>' ); 159 159 ?></span> 160 160 <button type="button" class="customize-help-toggle dashicons dashicons-editor-help" aria-expanded="false"><span class="screen-reader-text"><?php _e( 'Help' ); ?></span></button> -
branches/4.7/src/wp-admin/js/customize-controls.js
r40420 r40705 4580 4580 }); 4581 4581 4582 // Ensure preview nonce is included with every customized request, to allow post data to be read. 4583 $.ajaxPrefilter( function injectPreviewNonce( options ) { 4584 if ( ! /wp_customize=on/.test( options.data ) ) { 4585 return; 4586 } 4587 options.data += '&' + $.param({ 4588 customize_preview_nonce: api.settings.nonce.preview 4589 }); 4590 }); 4591 4582 4592 // Refresh the nonces if the preview sends updated nonces over. 4583 4593 api.previewer.bind( 'nonce', function( nonce ) { -
branches/4.7/src/wp-includes/class-wp-customize-manager.php
r40384 r40705 483 483 if ( ! preg_match( '/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/', $this->_changeset_uuid ) ) { 484 484 $this->wp_die( -1, __( 'Invalid changeset UUID' ) ); 485 } 486 487 /* 488 * Clear incoming post data if the user lacks a CSRF token (nonce). Note that the customizer 489 * application will inject the customize_preview_nonce query parameter into all Ajax requests. 490 * For similar behavior elsewhere in WordPress, see rest_cookie_check_errors() which logs out 491 * a user when a valid nonce isn't present. 492 */ 493 $has_post_data_nonce = ( 494 check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'nonce', false ) 495 || 496 check_ajax_referer( 'save-customize_' . $this->get_stylesheet(), 'nonce', false ) 497 || 498 check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'customize_preview_nonce', false ) 499 ); 500 if ( ! current_user_can( 'customize' ) || ! $has_post_data_nonce ) { 501 unset( $_POST['customized'] ); 502 unset( $_REQUEST['customized'] ); 485 503 } 486 504
Note: See TracChangeset
for help on using the changeset viewer.