sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

check_ajax_referer() should look for *only* the auth_cookie, not others that look like they match. Autosave should know that an ajax response of -1 or 0 is a failure. Props mdawaffe 

git-svn-id: https://develop.svn.wordpress.org/trunk@6649 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2008-01-24 21:19:42 +00:00
parent 0883db3afb
commit c1b80c091e
3 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-includes/js/autosave.js
View File

@ -28,7 +28,7 @@ function autosave_update_post_ID(response) {
if(isNaN(res)) {
message = autosaveL10n.errorText.replace(/%response%/g, response);
} else {
} else if( res > 0 ) {
message = autosaveL10n.saveText.replace(/%time%/g, autosave_cur_time());
jQuery('#post_ID').attr({name: "post_ID"});
jQuery('#post_ID').val(res);
@ -42,6 +42,8 @@ function autosave_update_post_ID(response) {
jQuery('#_wpnonce').val(html);
});
jQuery('#hiddenaction').val('editpost');
} else {
message = autosaveL10n.failText;
}
jQuery('#autosave').html(message);
autosave_enable_buttons();

4
wp-includes/pluggable.php
View File

@ -661,8 +661,10 @@ function check_ajax_referer( $action = -1 ) {
$auth_cookie = '';
$cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
foreach ( $cookie as $tasty ) {
if ( false !== strpos($tasty, AUTH_COOKIE) )
if ( false !== strpos($tasty, AUTH_COOKIE . '=') ) {
$auth_cookie = substr(strstr($tasty, '='), 1);
break;
}
}
if ( empty($auth_cookie) )

3
wp-includes/script-loader.php
View File

@ -37,10 +37,11 @@ class WP_Scripts {
$this->add( 'prototype', '/wp-includes/js/prototype.js', false, '1.6');
$this->add( 'autosave', '/wp-includes/js/autosave.js', array('jquery', 'schedule'), '20080104');
$this->add( 'autosave', '/wp-includes/js/autosave.js', array('prototype', 'sack'), '20080124');
$this->localize( 'autosave', 'autosaveL10n', array(
'autosaveInterval' => apply_filters('autosave_interval', '120'),
'errorText' => __('Error: %response%'),
'failText' => __('Error: Autosave Failed.'),
'saveText' => __('Saved at %time%.'),
'requestFile' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php',
'savingText' => __('Saving Draft...')