Add a nonce to wp_ajax_save_attachment. see #21390, #21807.

git-svn-id: http://core.svn.wordpress.org/trunk@22212 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/includes/ajax-actions.php

@@ -1833,6 +1833,8 @@ function wp_ajax_save_attachment() {
 	if ( ! $id = absint( $_REQUEST['id'] ) )
 		wp_send_json_error();
 
+	check_ajax_referer( 'save-attachment', 'nonce' );
+
 	if ( ! current_user_can( 'edit_post', $id ) )
 		wp_send_json_error();
 

wp-includes/js/media-models.js

@@ -1,7 +1,7 @@
 window.wp = window.wp || {};
 
 (function($){
-	var Attachment, Attachments, Query, compare;
+	var Attachment, Attachments, Query, compare, l10n;
 
 	/**
 	 * wp.media( attributes )
@@ -20,6 +20,9 @@ window.wp = window.wp || {};
 
 	_.extend( media, { model: {}, view: {}, controller: {} });
 
+	// Link any localized strings.
+	l10n = media.model.l10n = _.isUndefined( _wpMediaModelsL10n ) ? {} : _wpMediaModelsL10n;
+
 	/**
 	 * ========================================================================
 	 * UTILITIES
@@ -192,7 +195,8 @@ window.wp = window.wp || {};
 				// Set the action and ID.
 				options.data = _.extend( options.data || {}, {
 					action: 'save-attachment',
-					id: this.id
+					id:     this.id,
+					nonce:  l10n.saveAttachmentNonce
 				});
 
 				// Record the values of the changed attributes.

wp-includes/script-loader.php

@@ -315,6 +315,10 @@ function wp_default_scripts( &$scripts ) {
 	) );
 
 	$scripts->add( 'media-models', "/wp-includes/js/media-models$suffix.js", array( 'backbone', 'jquery' ), false, 1 );
+	did_action( 'init' ) && $scripts->localize( 'media-models', '_wpMediaModelsL10n', array(
+		'saveAttachmentNonce' => wp_create_nonce( 'save-attachment' ),
+	) );
+
 	$scripts->add( 'media-views',  "/wp-includes/js/media-views$suffix.js",  array( 'media-models', 'wp-plupload' ), false, 1 );
 	did_action( 'init' ) && $scripts->localize( 'media-views', '_wpMediaViewsL10n', array(
 		// Generic