Make WordPress Core

Changeset 56199


Ignore:
Timestamp:
07/11/2023 05:01:05 AM (5 months ago)
Author:
isabel_brison
Message:

General: add nonce for block theme preview activation.

Adds a nonce so that activation works for block theme previews. Temporary fix until there is a REST API endpoint for activating themes.

Props scruffian, peterwilsoncc, nithins53, nithi22, jomonthomaslobo1, poena, syamraj24, vivekawsm, mrinal013.
Fixes #58712.

Location:
trunk/src
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/admin-filters.php

    r56059 r56199  
    169169// Append '(Draft)' to draft page titles in the privacy page dropdown.
    170170add_filter( 'list_pages', '_wp_privacy_settings_filter_draft_page_titles', 10, 2 );
    171 
    172 // Attaches filters to enable theme previews in the Site Editor.
    173 if ( ! empty( $_GET['wp_theme_preview'] ) ) {
    174     add_filter( 'stylesheet', 'wp_get_theme_preview_path' );
    175     add_filter( 'template', 'wp_get_theme_preview_path' );
    176     add_action( 'init', 'wp_attach_theme_preview_middleware' );
    177 }
  • trunk/src/wp-admin/includes/admin.php

    r56059 r56199  
    7272/** WordPress Theme Administration API */
    7373require_once ABSPATH . 'wp-admin/includes/theme.php';
    74 require_once ABSPATH . 'wp-admin/includes/theme-previews.php';
    7574
    7675/** WordPress Privacy Functions */
  • trunk/src/wp-admin/includes/theme-previews.php

    r56059 r56199  
    5555    );
    5656}
     57
     58/**
     59 * Set a JavaScript constant for theme activation.
     60 *
     61 * Sets the JavaScript global WP_BLOCK_THEME_ACTIVATE_NONCE containing the nonce
     62 * required to activate a theme. For use within the site editor.
     63 *
     64 * @see https://github.com/WordPress/gutenberg/pull/41836.
     65 *
     66 * @since 6.3.0
     67 * @private
     68 */
     69function wp_block_theme_activate_nonce() {
     70    $nonce_handle = 'switch-theme_' . wp_get_theme_preview_path();
     71    ?>
     72    <script type="text/javascript">
     73        window.WP_BLOCK_THEME_ACTIVATE_NONCE = '<?php echo wp_create_nonce( $nonce_handle ); ?>';
     74    </script>
     75    <?php
     76}
     77
     78// Attaches filters to enable theme previews in the Site Editor.
     79if ( ! empty( $_GET['wp_theme_preview'] ) ) {
     80    add_filter( 'stylesheet', 'wp_get_theme_preview_path' );
     81    add_filter( 'template', 'wp_get_theme_preview_path' );
     82    add_action( 'init', 'wp_attach_theme_preview_middleware' );
     83    add_action( 'admin_head', 'wp_block_theme_activate_nonce' );
     84}
  • trunk/src/wp-settings.php

    r56101 r56199  
    182182require ABSPATH . WPINC . '/block-template.php';
    183183require ABSPATH . WPINC . '/theme-templates.php';
     184require ABSPATH . WPINC . '/theme-previews.php';
    184185require ABSPATH . WPINC . '/template.php';
    185186require ABSPATH . WPINC . '/https-detection.php';
Note: See TracChangeset for help on using the changeset viewer.