Changeset 54122 for trunk/src/wp-admin/includes/misc.php

Timestamp:

09/11/2022 08:44:50 PM (3 years ago)

Author:

joemcgill

Message:

Editor: Refresh nones for metaboxes after reauthentication.

This fixes an issue where metaboxes fail to save after a session expires and a user logs in again via the heartbeat API.

Props LinSoftware.
Fixes #52584.

File:

• trunk/src/wp-admin/includes/misc.php (modified) (1 diff)

trunk/src/wp-admin/includes/misc.php

@@ -1257 +1257 @@
 
 /**
+ * Refresh nonces used with meta boxes in the block editor.
+ *
+ * @since 6.1.0
+ *
+ * @param array  $response  The Heartbeat response.
+ * @param array  $data      The $_POST data sent.
+ * @return array The Heartbeat response.
+ */
+function wp_refresh_metabox_loader_nonces( $response, $data ) {
+    if ( empty( $data['wp-refresh-metabox-loader-nonces'] ) ) {
+        return $response;
+    }
+
+    $received = $data['wp-refresh-metabox-loader-nonces'];
+    $post_id  = (int) $received['post_id'];
+
+    if ( ! $post_id ) {
+        return $response;
+    }
+
+    if ( ! current_user_can( 'edit_post', $post_id ) ) {
+        return $response;
+    }
+
+    $response['wp-refresh-metabox-loader-nonces'] = array(
+        'replace' => array(
+            'metabox_loader_nonce' => wp_create_nonce( 'meta-box-loader' ),
+            '_wpnonce'             => wp_create_nonce( 'update-post_' . $post_id ),
+        ),
+    );
+
+    return $response;
+}
+
+/**
  * Adds the latest Heartbeat and REST-API nonce to the Heartbeat response.
  *