sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Widget Customizer: Simplify nonces. 

see #27534.

git-svn-id: https://develop.svn.wordpress.org/trunk@27819 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dominik Schilling (ocean90) 2014-03-28 15:34:17 +00:00
parent 891e6183ee
commit 814b798b0d
2 changed files with 7 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/wp-admin/js/customize-widgets.js
View File

@ -9,9 +9,7 @@ var WidgetCustomizer = ( function ($) {
SidebarCollection, SidebarCollection,
OldPreviewer, OldPreviewer,
customize = wp.customize, self = { customize = wp.customize, self = {
update_widget_ajax_action: null, nonce: null,
update_widget_nonce_value: null,
update_widget_nonce_post_key: null,
i18n: { i18n: {
save_btn_label: '', save_btn_label: '',
save_btn_tooltip: '', save_btn_tooltip: '',
@ -1201,9 +1199,9 @@ var WidgetCustomizer = ( function ($) {
processing( processing() + 1 ); processing( processing() + 1 );
params = {}; params = {};
params.action = self.update_widget_ajax_action; params.action = 'update-widget';
params.wp_customize = 'on'; params.wp_customize = 'on';
params[self.update_widget_nonce_post_key] = self.update_widget_nonce_value; params.nonce = self.nonce;
data = $.param( params ); data = $.param( params );
inputs = widget_content.find( ':input, option' ); inputs = widget_content.find( ':input, option' );

12
src/wp-includes/class-wp-customize-widgets.php
View File

@ -133,7 +133,7 @@ final class WP_Customize_Widgets {
&& &&
$this->get_post_value( 'action' ) === 'update-widget' $this->get_post_value( 'action' ) === 'update-widget'
&& &&
check_ajax_referer( 'update-widget', 'update-widget-nonce', false ) check_ajax_referer( 'update-widget', 'nonce', false )
); );
$is_ajax_customize_save = ( $is_ajax_customize_save = (
@ -141,7 +141,7 @@ final class WP_Customize_Widgets {
&& &&
$this->get_post_value( 'action' ) === 'customize_save' $this->get_post_value( 'action' ) === 'customize_save'
&& &&
check_ajax_referer( 'save-customize_' . $this->manager->get_stylesheet(), 'nonce' ) check_ajax_referer( 'save-customize_' . $this->manager->get_stylesheet(), 'nonce', false )
); );
$is_valid_request = ( $is_ajax_widget_update || $is_customize_preview || $is_ajax_customize_save ); $is_valid_request = ( $is_ajax_widget_update || $is_customize_preview || $is_ajax_customize_save );
@ -574,9 +574,7 @@ final class WP_Customize_Widgets {
// Why not wp_localize_script? Because we're not localizing, and it forces values into strings. // Why not wp_localize_script? Because we're not localizing, and it forces values into strings.
global $wp_scripts; global $wp_scripts;
$exports = array( $exports = array(
'update_widget_ajax_action' => 'update-widget', 'nonce' => wp_create_nonce( 'update-widget' ),
'update_widget_nonce_value' => wp_create_nonce( 'update-widget' ),
'update_widget_nonce_post_key' => 'update-widget-nonce',
'registered_sidebars' => array_values( $GLOBALS['wp_registered_sidebars'] ), 'registered_sidebars' => array_values( $GLOBALS['wp_registered_sidebars'] ),
'registered_widgets' => $GLOBALS['wp_registered_widgets'], 'registered_widgets' => $GLOBALS['wp_registered_widgets'],
'available_widgets' => $available_widgets, // @todo Merge this with registered_widgets 'available_widgets' => $available_widgets, // @todo Merge this with registered_widgets
@ -1159,7 +1157,7 @@ final class WP_Customize_Widgets {
wp_die( 0 ); wp_die( 0 );
} }
check_ajax_referer( 'update-widget', 'update-widget-nonce' ); check_ajax_referer( 'update-widget', 'nonce' );
if ( ! current_user_can( 'edit_theme_options' ) ) { if ( ! current_user_can( 'edit_theme_options' ) ) {
wp_die( -1 ); wp_die( -1 );
@ -1169,8 +1167,6 @@ final class WP_Customize_Widgets {
wp_send_json_error(); wp_send_json_error();
} }
unset( $_POST['update-widget-nonce'], $_POST['action'] );
do_action( 'load-widgets.php' ); do_action( 'load-widgets.php' );
do_action( 'widgets.php' ); do_action( 'widgets.php' );
do_action( 'sidebar_admin_setup' ); do_action( 'sidebar_admin_setup' );