Changeset 44938

Timestamp:

03/20/2019 08:11:05 AM (6 years ago)

Author:

ocean90

Message:

Meta Boxes: Use a unique name for the nonce of the meta box loader.

Fixes a case where saving in the block editor fails if there are two _wpnonce arguments in the request, one overriding the other so that use_block_editor_for_post() wasn't able to check the nonce properly.

Props Chouby.
See #45253.

Location:

trunk/src/wp-admin

Files:

• edit-form-blocks.php (modified) (1 diff)
• includes/post.php (modified) (1 diff)

trunk/src/wp-admin/edit-form-blocks.php

@@ -118 +118 @@
 $meta_box_url = add_query_arg(
     array(
-        'post'            => $post->ID,
-        'action'          => 'edit',
-        'meta-box-loader' => true,
-        '_wpnonce'        => wp_create_nonce( 'meta-box-loader' ),
+        'post'                  => $post->ID,
+        'action'                => 'edit',
+        'meta-box-loader'       => true,
+        'meta-box-loader-nonce' => wp_create_nonce( 'meta-box-loader' ),
     ),
     $meta_box_url

trunk/src/wp-admin/includes/post.php

@@ -2072 +2072 @@
     // We're in the meta box loader, so don't use the block editor.
     if ( isset( $_GET['meta-box-loader'] ) ) {
-        check_admin_referer( 'meta-box-loader' );
+        check_admin_referer( 'meta-box-loader', 'meta-box-loader-nonce' );
         return false;
     }