autosave fix ups

git-svn-id: https://develop.svn.wordpress.org/trunk@4086 602fd350-edb4-49c9-b593-d223f7449a82

wp-admin/admin-ajax.php

@@ -246,6 +246,19 @@ case 'autosave' :
 	}
 	die('0');
 break;
+case 'autosave-generate-nonces' :
+	$ID = (int) $_POST['post_ID'];
+	if($_POST['post_type'] == 'post') {
+		if(current_user_can('edit_post', $ID))
+			die(wp_create_nonce('update-post_' . $ID));
+	}
+	if($_POST['post_type'] == 'page') {
+		if(current_user_can('edit_page', $ID)) {
+			die(wp_create_nonce('update-page_' . $ID));
+		}
+	}
+	die($_POST['post_type']);
+break;
 default :
 	do_action( 'wp_ajax_' . $_POST['action'] );
 	die('0');

wp-admin/edit-form-advanced.php

@@ -53,7 +53,7 @@ if (empty($post->post_status)) $post->post_status = 'draft';
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
 <input type="hidden" id="hiddenaction" name="action" value="<?php echo $form_action ?>" />
 <input type="hidden" name="post_author" value="<?php echo $post->post_author ?>" />
-<input type="hidden" name="post_type" value="post" />
+<input type="hidden" id="post_type" name="post_type" value="post" />
 
 <?php echo $form_extra ?>
 <?php if (isset($_GET['message']) && 2 > $_GET['message']) : ?>

wp-admin/edit-page-form.php

@@ -34,7 +34,7 @@ if (isset($mode) && 'bookmarklet' == $mode) {
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
 <input type="hidden" id="hiddenaction" name="action" value='<?php echo $form_action ?>' />
 <?php echo $form_extra ?>
-<input type="hidden" name="post_type" value="page" />
+<input type="hidden" id="post_type" name="post_type" value="page" />
 
 <script type="text/javascript">
 // <![CDATA[

wp-admin/post.php

@@ -98,7 +98,7 @@ case 'editpost':
 	$referer = preg_replace('|https?://[^/]+|i', '', wp_get_referer());
 	
 	if ($_POST['save']) {
-		$location = wp_get_referer();
+		$location = "post.php?action=edit&post=$post_ID";
 	} elseif ($_POST['updatemeta']) {
 		$location = wp_get_referer() . '&message=2#postcustom';
 	} elseif ($_POST['deletemeta']) {

wp-includes/js/autosave.js.php

@@ -25,6 +25,11 @@ function autosave_cur_time() {
 	((now.getSeconds() < 10) ? ":0" : ":") + now.getSeconds();
 }
 	
+function autosave_update_nonce() {
+	var response = nonceAjax.response;
+	document.getElementsByName('_wpnonce')[0].value = response;
+}
+
 function autosave_update_post_ID() {
 	var response = autosaveAjax.response;
 	var res = parseInt(response);
@@ -36,9 +41,23 @@ function autosave_update_post_ID() {
 		message = "<?php _e('Saved at '); ?>" + autosave_cur_time();
 		$('post_ID').name = "post_ID";
 		$('post_ID').value = res;
+		$('hiddenaction').value = 'editpost';
+		// We need new nonces
+		nonceAjax = new sack();
+		nonceAjax.element = null;
+		nonceAjax.setVar("action", "autosave-generate-nonces");
+		nonceAjax.setVar("post_ID", res);
+		nonceAjax.setVar("cookie", document.cookie);
+		nonceAjax.setVar("post_type", $('post_type').value);
+		nonceAjax.requestFile = "<?php echo get_bloginfo('siteurl'); ?>/wp-admin/admin-ajax.php";
+		nonceAjax.onCompletion = autosave_update_nonce;
+		nonceAjax.method = "POST";
+		nonceAjax.runAJAX();
+		
 	}
 	$('autosave').innerHTML = message;
 }
+
 function autosave_loading() {
 	$('autosave').innerHTML = "<?php _e('Saving Draft...'); ?>";
 }

wp-includes/script-loader.php

@@ -18,7 +18,7 @@ class WP_Scripts {
 		$this->add( 'tiny_mce', '/wp-includes/js/tinymce/tiny_mce_gzip.php', false, '04162006' );
 		$this->add( 'wp_tiny_mce', '/wp-includes/js/tinymce/tiny_mce_config.php', array('tiny_mce'), '04162006' );
 		$this->add( 'prototype', '/wp-includes/js/prototype.js', false, '1.5.0');
-		$this->add( 'autosave', '/wp-includes/js/autosave.js.php', array('prototype', 'sack'), '4080');
+		$this->add( 'autosave', '/wp-includes/js/autosave.js.php', array('prototype', 'sack'), '4086');
 		if ( is_admin() ) {
 			$this->add( 'dbx-admin-key', '/wp-admin/dbx-admin-key-js.php', array('dbx'), '3651' );
 			$this->add( 'listman', '/wp-admin/list-manipulation-js.php', array('sack', 'fat'), '4042' ); // Make changeset # the correct one