General: add nonce for block theme preview activation.

Adds a nonce so that activation works for block theme previews. Temporary fix until there is a REST API endpoint for activating themes. Props scruffian, peterwilsoncc, nithins53, nithi22, jomonthomaslobo1, poena, syamraj24, vivekawsm, mrinal013. Fixes #58712. Built from https://develop.svn.wordpress.org/trunk@56199 git-svn-id: http://core.svn.wordpress.org/trunk@55711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-07-11 05:03:23 +00:00 · 2023-07-11 05:03:23 +00:00 · 1ee477dbe4
parent 304154d8fd
commit 1ee477dbe4
5 changed files with 30 additions and 9 deletions
--- a/wp-admin/includes/admin-filters.php
+++ b/wp-admin/includes/admin-filters.php
@ -168,10 +168,3 @@ add_action( 'post_updated', array( 'WP_Privacy_Policy_Content', '_policy_page_up

 // Append '(Draft)' to draft page titles in the privacy page dropdown.
 add_filter( 'list_pages', '_wp_privacy_settings_filter_draft_page_titles', 10, 2 );
-
-// Attaches filters to enable theme previews in the Site Editor.
-if ( ! empty( $_GET['wp_theme_preview'] ) ) {
-	add_filter( 'stylesheet', 'wp_get_theme_preview_path' );
-	add_filter( 'template', 'wp_get_theme_preview_path' );
-	add_action( 'init', 'wp_attach_theme_preview_middleware' );
-}
--- a/wp-admin/includes/admin.php
+++ b/wp-admin/includes/admin.php
@ -71,7 +71,6 @@ require_once ABSPATH . 'wp-admin/includes/list-table.php';

 /** WordPress Theme Administration API */
 require_once ABSPATH . 'wp-admin/includes/theme.php';
-require_once ABSPATH . 'wp-admin/includes/theme-previews.php';

 /** WordPress Privacy Functions */
 require_once ABSPATH . 'wp-admin/includes/privacy-tools.php';
--- a/wp-admin/includes/theme-previews.php
+++ b/wp-admin/includes/theme-previews.php
@ -54,3 +54,31 @@ function wp_attach_theme_preview_middleware() {
 		'after'
 	);
 }
+
+/**
+ * Set a JavaScript constant for theme activation.
+ *
+ * Sets the JavaScript global WP_BLOCK_THEME_ACTIVATE_NONCE containing the nonce
+ * required to activate a theme. For use within the site editor.
+ *
+ * @see https://github.com/WordPress/gutenberg/pull/41836.
+ *
+ * @since 6.3.0
+ * @private
+ */
+function wp_block_theme_activate_nonce() {
+	$nonce_handle = 'switch-theme_' . wp_get_theme_preview_path();
+	?>
+	<script type="text/javascript">
+		window.WP_BLOCK_THEME_ACTIVATE_NONCE = '<?php echo wp_create_nonce( $nonce_handle ); ?>';
+	</script>
+	<?php
+}
+
+// Attaches filters to enable theme previews in the Site Editor.
+if ( ! empty( $_GET['wp_theme_preview'] ) ) {
+	add_filter( 'stylesheet', 'wp_get_theme_preview_path' );
+	add_filter( 'template', 'wp_get_theme_preview_path' );
+	add_action( 'init', 'wp_attach_theme_preview_middleware' );
+	add_action( 'admin_head', 'wp_block_theme_activate_nonce' );
+}
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -16,7 +16,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '6.3-beta3-56198';
+$wp_version = '6.3-beta3-56199';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
--- a/wp-settings.php
+++ b/wp-settings.php
@ -181,6 +181,7 @@ require ABSPATH . WPINC . '/class-wp-block-template.php';
 require ABSPATH . WPINC . '/block-template-utils.php';
 require ABSPATH . WPINC . '/block-template.php';
 require ABSPATH . WPINC . '/theme-templates.php';
+require ABSPATH . WPINC . '/theme-previews.php';
 require ABSPATH . WPINC . '/template.php';
 require ABSPATH . WPINC . '/https-detection.php';
 require ABSPATH . WPINC . '/https-migration.php';