Widget Customizer: Simplify nonces.
see #27534. git-svn-id: https://develop.svn.wordpress.org/trunk@27819 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
891e6183ee
commit
814b798b0d
|
@ -9,9 +9,7 @@ var WidgetCustomizer = ( function ($) {
|
||||||
SidebarCollection,
|
SidebarCollection,
|
||||||
OldPreviewer,
|
OldPreviewer,
|
||||||
customize = wp.customize, self = {
|
customize = wp.customize, self = {
|
||||||
update_widget_ajax_action: null,
|
nonce: null,
|
||||||
update_widget_nonce_value: null,
|
|
||||||
update_widget_nonce_post_key: null,
|
|
||||||
i18n: {
|
i18n: {
|
||||||
save_btn_label: '',
|
save_btn_label: '',
|
||||||
save_btn_tooltip: '',
|
save_btn_tooltip: '',
|
||||||
|
@ -1201,9 +1199,9 @@ var WidgetCustomizer = ( function ($) {
|
||||||
processing( processing() + 1 );
|
processing( processing() + 1 );
|
||||||
|
|
||||||
params = {};
|
params = {};
|
||||||
params.action = self.update_widget_ajax_action;
|
params.action = 'update-widget';
|
||||||
params.wp_customize = 'on';
|
params.wp_customize = 'on';
|
||||||
params[self.update_widget_nonce_post_key] = self.update_widget_nonce_value;
|
params.nonce = self.nonce;
|
||||||
|
|
||||||
data = $.param( params );
|
data = $.param( params );
|
||||||
inputs = widget_content.find( ':input, option' );
|
inputs = widget_content.find( ':input, option' );
|
||||||
|
|
|
@ -133,7 +133,7 @@ final class WP_Customize_Widgets {
|
||||||
&&
|
&&
|
||||||
$this->get_post_value( 'action' ) === 'update-widget'
|
$this->get_post_value( 'action' ) === 'update-widget'
|
||||||
&&
|
&&
|
||||||
check_ajax_referer( 'update-widget', 'update-widget-nonce', false )
|
check_ajax_referer( 'update-widget', 'nonce', false )
|
||||||
);
|
);
|
||||||
|
|
||||||
$is_ajax_customize_save = (
|
$is_ajax_customize_save = (
|
||||||
|
@ -141,7 +141,7 @@ final class WP_Customize_Widgets {
|
||||||
&&
|
&&
|
||||||
$this->get_post_value( 'action' ) === 'customize_save'
|
$this->get_post_value( 'action' ) === 'customize_save'
|
||||||
&&
|
&&
|
||||||
check_ajax_referer( 'save-customize_' . $this->manager->get_stylesheet(), 'nonce' )
|
check_ajax_referer( 'save-customize_' . $this->manager->get_stylesheet(), 'nonce', false )
|
||||||
);
|
);
|
||||||
|
|
||||||
$is_valid_request = ( $is_ajax_widget_update || $is_customize_preview || $is_ajax_customize_save );
|
$is_valid_request = ( $is_ajax_widget_update || $is_customize_preview || $is_ajax_customize_save );
|
||||||
|
@ -574,9 +574,7 @@ final class WP_Customize_Widgets {
|
||||||
// Why not wp_localize_script? Because we're not localizing, and it forces values into strings.
|
// Why not wp_localize_script? Because we're not localizing, and it forces values into strings.
|
||||||
global $wp_scripts;
|
global $wp_scripts;
|
||||||
$exports = array(
|
$exports = array(
|
||||||
'update_widget_ajax_action' => 'update-widget',
|
'nonce' => wp_create_nonce( 'update-widget' ),
|
||||||
'update_widget_nonce_value' => wp_create_nonce( 'update-widget' ),
|
|
||||||
'update_widget_nonce_post_key' => 'update-widget-nonce',
|
|
||||||
'registered_sidebars' => array_values( $GLOBALS['wp_registered_sidebars'] ),
|
'registered_sidebars' => array_values( $GLOBALS['wp_registered_sidebars'] ),
|
||||||
'registered_widgets' => $GLOBALS['wp_registered_widgets'],
|
'registered_widgets' => $GLOBALS['wp_registered_widgets'],
|
||||||
'available_widgets' => $available_widgets, // @todo Merge this with registered_widgets
|
'available_widgets' => $available_widgets, // @todo Merge this with registered_widgets
|
||||||
|
@ -1159,7 +1157,7 @@ final class WP_Customize_Widgets {
|
||||||
wp_die( 0 );
|
wp_die( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
check_ajax_referer( 'update-widget', 'update-widget-nonce' );
|
check_ajax_referer( 'update-widget', 'nonce' );
|
||||||
|
|
||||||
if ( ! current_user_can( 'edit_theme_options' ) ) {
|
if ( ! current_user_can( 'edit_theme_options' ) ) {
|
||||||
wp_die( -1 );
|
wp_die( -1 );
|
||||||
|
@ -1169,8 +1167,6 @@ final class WP_Customize_Widgets {
|
||||||
wp_send_json_error();
|
wp_send_json_error();
|
||||||
}
|
}
|
||||||
|
|
||||||
unset( $_POST['update-widget-nonce'], $_POST['action'] );
|
|
||||||
|
|
||||||
do_action( 'load-widgets.php' );
|
do_action( 'load-widgets.php' );
|
||||||
do_action( 'widgets.php' );
|
do_action( 'widgets.php' );
|
||||||
do_action( 'sidebar_admin_setup' );
|
do_action( 'sidebar_admin_setup' );
|
||||||
|
|
Loading…
Reference in New Issue