From 8bf3003c67bf78ed3b5a1cfa13a881fbcda77ad0 Mon Sep 17 00:00:00 2001
From: "Dominik Schilling (ocean90)" <ocean90@git.wordpress.org>
Date: Tue, 6 Jan 2015 21:46:54 +0000
Subject: [PATCH] Customizer: Send JSON success for `customize_save` and allow
 response to be filtered.

props westonruter.
fixes #29098.

git-svn-id: https://develop.svn.wordpress.org/trunk@31062 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/js/customize-controls.js         | 28 +++++++++++--------
 .../class-wp-customize-manager.php            | 23 ++++++++++++---
 2 files changed, 35 insertions(+), 16 deletions(-)

diff --git a/src/wp-admin/js/customize-controls.js b/src/wp-admin/js/customize-controls.js
index f43630a14a..7c4a631ca9 100644
--- a/src/wp-admin/js/customize-controls.js
+++ b/src/wp-admin/js/customize-controls.js
@@ -1945,7 +1945,6 @@
 			save: function() {
 				var self  = this,
 					query = $.extend( this.query(), {
-						action: 'customize_save',
 						nonce:  this.nonce.save
 					} ),
 					processing = api.state( 'processing' ),
@@ -1955,7 +1954,7 @@
 				body.addClass( 'saving' );
 
 				submit = function () {
-					var request = $.post( api.settings.url.ajax, query );
+					var request = wp.ajax.post( 'customize_save', query );
 
 					api.trigger( 'save', request );
 
@@ -1963,28 +1962,33 @@
 						body.removeClass( 'saving' );
 					} );
 
-					request.done( function( response ) {
-						// Check if the user is logged out.
+					request.fail( function ( response ) {
 						if ( '0' === response ) {
+							response = 'not_logged_in';
+						} else if ( '-1' === response ) {
+							// Back-compat in case any other check_ajax_referer() call is dying
+							response = 'invalid_nonce';
+						}
+
+						if ( 'invalid_nonce' === response ) {
+							self.cheatin();
+						} else if ( 'not_logged_in' === response ) {
 							self.preview.iframe.hide();
 							self.login().done( function() {
 								self.save();
 								self.preview.iframe.show();
 							} );
-							return;
-						}
-
-						// Check for cheaters.
-						if ( '-1' === response ) {
-							self.cheatin();
-							return;
 						}
+						api.trigger( 'error', response );
+					} );
 
+					request.done( function( response ) {
 						// Clear setting dirty states
 						api.each( function ( value ) {
 							value._dirty = false;
 						} );
-						api.trigger( 'saved' );
+
+						api.trigger( 'saved', response );
 					} );
 				};
 
diff --git a/src/wp-includes/class-wp-customize-manager.php b/src/wp-includes/class-wp-customize-manager.php
index 60303e6714..bc1305fe61 100644
--- a/src/wp-includes/class-wp-customize-manager.php
+++ b/src/wp-includes/class-wp-customize-manager.php
@@ -628,10 +628,14 @@ final class WP_Customize_Manager {
 	 * @since 3.4.0
 	 */
 	public function save() {
-		if ( ! $this->is_preview() )
-			die;
+		if ( ! $this->is_preview() ) {
+			wp_send_json_error( 'not_preview' );
+		}
 
-		check_ajax_referer( 'save-customize_' . $this->get_stylesheet(), 'nonce' );
+		$action = 'save-customize_' . $this->get_stylesheet();
+		if ( ! check_ajax_referer( $action, 'nonce', false ) ) {
+			wp_send_json_error( 'invalid_nonce' );
+		}
 
 		// Do we have to switch themes?
 		if ( ! $this->is_theme_active() ) {
@@ -666,7 +670,18 @@ final class WP_Customize_Manager {
 		 */
 		do_action( 'customize_save_after', $this );
 
-		die;
+		/**
+		 * Filter response data for a successful customize_save Ajax request.
+		 * 
+		 * This filter does not apply if there was a nonce or authentication failure.
+		 *
+		 * @since 4.2.0
+		 *
+		 * @param array $data
+		 * @param WP_Customize_Manager $this WP_Customize_Manager instance.
+		 */
+		$response = apply_filters( 'customize_save_response', array(), $this );
+		wp_send_json_success( $response );
 	}
 
 	/**