Fix updating of nonces on the Edit Post screen after the log in expires and the user logs in again.
Props iseulde, azaozz. Fixes #33098. Built from https://develop.svn.wordpress.org/trunk@33468 git-svn-id: http://core.svn.wordpress.org/trunk@33435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
49ac027038
commit
fa25fe82ef
|
@ -58,7 +58,7 @@ add_action( 'update_option_page_on_front', 'update_home_siteurl', 10, 2 );
|
|||
|
||||
add_filter( 'heartbeat_received', 'wp_check_locked_posts', 10, 3 );
|
||||
add_filter( 'heartbeat_received', 'wp_refresh_post_lock', 10, 3 );
|
||||
add_filter( 'heartbeat_received', 'wp_refresh_post_nonces', 10, 3 );
|
||||
add_filter( 'wp_refresh_nonces', 'wp_refresh_post_nonces', 10, 3 );
|
||||
add_filter( 'heartbeat_received', 'heartbeat_autosave', 500, 2 );
|
||||
|
||||
add_filter( 'heartbeat_settings', 'wp_heartbeat_set_suspension' );
|
||||
|
|
|
@ -2571,26 +2571,35 @@ function wp_ajax_send_link_to_editor() {
|
|||
* @since 3.6.0
|
||||
*/
|
||||
function wp_ajax_heartbeat() {
|
||||
if ( empty( $_POST['_nonce'] ) )
|
||||
if ( empty( $_POST['_nonce'] ) ) {
|
||||
wp_send_json_error();
|
||||
|
||||
$response = array();
|
||||
|
||||
if ( false === wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' ) ) {
|
||||
// User is logged in but nonces have expired.
|
||||
$response['nonces_expired'] = true;
|
||||
wp_send_json($response);
|
||||
}
|
||||
|
||||
$response = $data = array();
|
||||
$nonce_state = wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' );
|
||||
|
||||
// screen_id is the same as $current_screen->id and the JS global 'pagenow'.
|
||||
if ( ! empty($_POST['screen_id']) )
|
||||
if ( ! empty( $_POST['screen_id'] ) ) {
|
||||
$screen_id = sanitize_key($_POST['screen_id']);
|
||||
else
|
||||
} else {
|
||||
$screen_id = 'front';
|
||||
}
|
||||
|
||||
if ( ! empty($_POST['data']) ) {
|
||||
if ( ! empty( $_POST['data'] ) ) {
|
||||
$data = wp_unslash( (array) $_POST['data'] );
|
||||
}
|
||||
|
||||
if ( 1 !== $nonce_state ) {
|
||||
$response = apply_filters( 'wp_refresh_nonces', $response, $data, $screen_id );
|
||||
|
||||
if ( false === $nonce_state ) {
|
||||
// User is logged in but nonces have expired.
|
||||
$response['nonces_expired'] = true;
|
||||
wp_send_json( $response );
|
||||
}
|
||||
}
|
||||
|
||||
if ( ! empty( $data ) ) {
|
||||
/**
|
||||
* Filter the Heartbeat response received.
|
||||
*
|
||||
|
@ -2628,7 +2637,7 @@ function wp_ajax_heartbeat() {
|
|||
// Send the current time according to the server
|
||||
$response['server_time'] = time();
|
||||
|
||||
wp_send_json($response);
|
||||
wp_send_json( $response );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -771,13 +771,14 @@ function wp_refresh_post_nonces( $response, $data, $screen_id ) {
|
|||
$received = $data['wp-refresh-post-nonces'];
|
||||
$response['wp-refresh-post-nonces'] = array( 'check' => 1 );
|
||||
|
||||
if ( ! $post_id = absint( $received['post_id'] ) )
|
||||
if ( ! $post_id = absint( $received['post_id'] ) ) {
|
||||
return $response;
|
||||
}
|
||||
|
||||
if ( ! current_user_can( 'edit_post', $post_id ) || empty( $received['post_nonce'] ) )
|
||||
if ( ! current_user_can( 'edit_post', $post_id ) ) {
|
||||
return $response;
|
||||
}
|
||||
|
||||
if ( 2 === wp_verify_nonce( $received['post_nonce'], 'update-post_' . $post_id ) ) {
|
||||
$response['wp-refresh-post-nonces'] = array(
|
||||
'replace' => array(
|
||||
'getpermalinknonce' => wp_create_nonce('getpermalink'),
|
||||
|
@ -789,7 +790,6 @@ function wp_refresh_post_nonces( $response, $data, $screen_id ) {
|
|||
'heartbeatNonce' => wp_create_nonce( 'heartbeat-nonce' ),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
return $response;
|
||||
}
|
||||
|
|
|
@ -170,13 +170,13 @@ $(document).on( 'heartbeat-send.refresh-lock', function( e, data ) {
|
|||
}
|
||||
|
||||
$(document).on( 'heartbeat-send.wp-refresh-nonces', function( e, data ) {
|
||||
var nonce, post_id;
|
||||
var post_id,
|
||||
$authCheck = $('#wp-auth-check-wrap');
|
||||
|
||||
if ( check ) {
|
||||
if ( ( post_id = $('#post_ID').val() ) && ( nonce = $('#_wpnonce').val() ) ) {
|
||||
if ( check || ( $authCheck.length && ! $authCheck.hasClass( 'hidden' ) ) ) {
|
||||
if ( ( post_id = $('#post_ID').val() ) && $('#_wpnonce').val() ) {
|
||||
data['wp-refresh-post-nonces'] = {
|
||||
post_id: post_id,
|
||||
post_nonce: nonce
|
||||
post_id: post_id
|
||||
};
|
||||
}
|
||||
}
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -389,7 +389,6 @@
|
|||
|
||||
if ( response.nonces_expired ) {
|
||||
$document.trigger( 'heartbeat-nonces-expired' );
|
||||
return;
|
||||
}
|
||||
|
||||
// Change the interval from PHP
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -4,7 +4,7 @@
|
|||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '4.3-beta4-33467';
|
||||
$wp_version = '4.3-beta4-33468';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
|
Loading…
Reference in New Issue