WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Widget Customizer: Simplify nonces. 

see #27534.
Built from https://develop.svn.wordpress.org/trunk@27819


git-svn-id: http://core.svn.wordpress.org/trunk@27653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Dominik Schilling 2014-03-28 15:35:15 +00:00
parent ffa6562965
commit c2f839b7b6
3 changed files with 8 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-admin/js/customize-widgets.js
View File

@ -9,9 +9,7 @@ var WidgetCustomizer = ( function ($) {
SidebarCollection,
OldPreviewer,
customize = wp.customize, self = {
update_widget_ajax_action: null,
update_widget_nonce_value: null,
update_widget_nonce_post_key: null,
nonce: null,
i18n: {
save_btn_label: '',
save_btn_tooltip: '',
@ -1201,9 +1199,9 @@ var WidgetCustomizer = ( function ($) {
processing( processing() + 1 );
params = {};
params.action = self.update_widget_ajax_action;
params.action = 'update-widget';
params.wp_customize = 'on';
params[self.update_widget_nonce_post_key] = self.update_widget_nonce_value;
params.nonce = self.nonce;
data = $.param( params );
inputs = widget_content.find( ':input, option' );

2
wp-admin/js/customize-widgets.min.js vendored
View File

File diff suppressed because one or more lines are too long

12
wp-includes/class-wp-customize-widgets.php
View File

@ -133,7 +133,7 @@ final class WP_Customize_Widgets {
&&
$this->get_post_value( 'action' ) === 'update-widget'
&&
check_ajax_referer( 'update-widget', 'update-widget-nonce', false )
check_ajax_referer( 'update-widget', 'nonce', false )
);
$is_ajax_customize_save = (
@ -141,7 +141,7 @@ final class WP_Customize_Widgets {
&&
$this->get_post_value( 'action' ) === 'customize_save'
&&
check_ajax_referer( 'save-customize_' . $this->manager->get_stylesheet(), 'nonce' )
check_ajax_referer( 'save-customize_' . $this->manager->get_stylesheet(), 'nonce', false )
);
$is_valid_request = ( $is_ajax_widget_update || $is_customize_preview || $is_ajax_customize_save );
@ -574,9 +574,7 @@ final class WP_Customize_Widgets {
// Why not wp_localize_script? Because we're not localizing, and it forces values into strings.
global $wp_scripts;
$exports = array(
'update_widget_ajax_action' => 'update-widget',
'update_widget_nonce_value' => wp_create_nonce( 'update-widget' ),
'update_widget_nonce_post_key' => 'update-widget-nonce',
'nonce' => wp_create_nonce( 'update-widget' ),
'registered_sidebars' => array_values( $GLOBALS['wp_registered_sidebars'] ),
'registered_widgets' => $GLOBALS['wp_registered_widgets'],
'available_widgets' => $available_widgets, // @todo Merge this with registered_widgets
@ -1159,7 +1157,7 @@ final class WP_Customize_Widgets {
wp_die( 0 );
}
check_ajax_referer( 'update-widget', 'update-widget-nonce' );
check_ajax_referer( 'update-widget', 'nonce' );
if ( ! current_user_can( 'edit_theme_options' ) ) {
wp_die( -1 );
@ -1169,8 +1167,6 @@ final class WP_Customize_Widgets {
wp_send_json_error();
}
unset( $_POST['update-widget-nonce'], $_POST['action'] );
do_action( 'load-widgets.php' );
do_action( 'widgets.php' );
do_action( 'sidebar_admin_setup' );