diff --git a/wp-admin/includes/ajax-actions.php b/wp-admin/includes/ajax-actions.php index b8ccf4a4a8..763a58317c 100644 --- a/wp-admin/includes/ajax-actions.php +++ b/wp-admin/includes/ajax-actions.php @@ -1038,7 +1038,7 @@ function wp_ajax_add_user( $action ) { function wp_ajax_autosave() { define( 'DOING_AUTOSAVE', true ); - $nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' ); + check_ajax_referer( 'autosave', 'autosavenonce' ); $_POST['post_category'] = explode(",", $_POST['catslist']); if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) ) @@ -1090,15 +1090,6 @@ function wp_ajax_autosave() { $id = $post->ID; } - if ( $nonce_age == 2 ) { - $supplemental['replace-autosavenonce'] = wp_create_nonce('autosave'); - $supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink'); - $supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink'); - $supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes'); - $supplemental['replace-_ajax_linking_nonce'] = wp_create_nonce( 'internal-linking' ); - $supplemental['replace-_wpnonce'] = wp_create_nonce( 'update-post_' . $post->ID ); - } - $x = new WP_Ajax_Response( array( 'what' => 'autosave', 'id' => $id, diff --git a/wp-admin/includes/misc.php b/wp-admin/includes/misc.php index 8d911cbc6a..421c7b3360 100644 --- a/wp-admin/includes/misc.php +++ b/wp-admin/includes/misc.php @@ -623,6 +623,17 @@ function wp_refresh_post_lock( $response, $data, $screen_id ) { $send['new_lock'] = implode( ':', $new_lock ); } + if ( ! empty( $received['post_nonce'] ) && 2 === wp_verify_nonce( $received['post_nonce'], 'update-post_' . $post_id ) ) { + $send['update_nonces'] = array( + 'replace-autosavenonce' => wp_create_nonce('autosave'), + 'replace-getpermalinknonce' => wp_create_nonce('getpermalink'), + 'replace-samplepermalinknonce' => wp_create_nonce('samplepermalink'), + 'replace-closedpostboxesnonce' => wp_create_nonce('closedpostboxes'), + 'replace-_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ), + 'replace-_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ), + ); + } + $response['wp-refresh-post-lock'] = $send; } diff --git a/wp-admin/js/post.js b/wp-admin/js/post.js index 2e69150a13..c46da8eed5 100644 --- a/wp-admin/js/post.js +++ b/wp-admin/js/post.js @@ -252,7 +252,10 @@ WPRemoveThumbnail = function(nonce){ }; $(document).on( 'heartbeat-send.refresh-lock', function( e, data ) { - var lock = $('#active_post_lock').val(), post_id = $('#post_ID').val(), send = {}; + var lock = $('#active_post_lock').val(), + post_id = $('#post_ID').val(), + post_nonce = $('#_wpnonce').val(), + send = {}; if ( !post_id ) return; @@ -262,6 +265,9 @@ $(document).on( 'heartbeat-send.refresh-lock', function( e, data ) { if ( lock ) send['lock'] = lock; + if ( post_nonce ) + send['post_nonce'] = post_nonce; + data['wp-refresh-post-lock'] = send; }); @@ -286,7 +292,9 @@ $(document).on( 'heartbeat-tick.refresh-lock', function( e, data ) { }); // Save the latest changes and disable - autosave(); + if ( ! autosave() ) + window.onbeforeunload = null; + autosave = function(){}; } @@ -301,6 +309,13 @@ $(document).on( 'heartbeat-tick.refresh-lock', function( e, data ) { } else if ( received.new_lock ) { $('#active_post_lock').val( received.new_lock ); } + + if ( received.update_nonces ) { + $.each( received.update_nonces, function( selector, value ) { + if ( selector.match(/^replace-/) ) + $( '#' + selector.replace('replace-', '') ).val( value ); + }); + } } }); diff --git a/wp-includes/js/autosave.js b/wp-includes/js/autosave.js index dae969ba78..3d5a13003b 100644 --- a/wp-includes/js/autosave.js +++ b/wp-includes/js/autosave.js @@ -254,19 +254,11 @@ function delayed_autosave() { } autosave = function() { - // (bool) is rich editor enabled and active + var post_data = wp.autosave.getPostData(), + doAutoSave = post_data.autosave, + successCallback; + blockSave = true; - var rich = (typeof tinymce != "undefined") && tinymce.activeEditor && !tinymce.activeEditor.isHidden(), - post_data, doAutoSave, ed, origStatus, successCallback; - - // Disable buttons until we know the save completed. - autosave_disable_buttons(); - - post_data = wp.autosave.getPostData(); - - // We always send the ajax request in order to keep the post lock fresh. - // This (bool) tells whether or not to write the post to the DB during the ajax request. - doAutoSave = post_data.autosave; // No autosave while thickbox is open (media buttons) if ( jQuery("#TB_window").css('display') == 'block' ) @@ -281,9 +273,12 @@ autosave = function() { autosaveLast = post_data["post_title"] + post_data["content"]; jQuery(document).triggerHandler('wpcountwords', [ post_data["content"] ]); } else { - post_data['autosave'] = 0; + return false; } + // Disable buttons until we know the save completed. + autosave_disable_buttons(); + if ( post_data["auto_draft"] == '1' ) { successCallback = autosave_saved_new; // new post } else { @@ -297,6 +292,8 @@ autosave = function() { url: ajaxurl, success: successCallback }); + + return true; } // Autosave in localStorage