diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php
index 74835b3dfe..b3c7ce2c60 100644
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -94,7 +94,7 @@ case 'delete-link' :
else die('0');
break;
case 'delete-meta' :
- check_ajax_referer( 'change_meta' );
+ check_ajax_referer( "delete-meta_$id" );
if ( !$meta = get_post_meta_by_id( $id ) )
die('0');
if ( !current_user_can( 'edit_post', $meta->post_id ) )
@@ -368,10 +368,10 @@ case 'add-comment' :
$x->send();
break;
case 'add-meta' :
- check_ajax_referer( 'change_meta' );
+ check_ajax_referer( 'add-meta' );
$c = 0;
$pid = (int) $_POST['post_id'];
- if ( isset($_POST['addmeta']) ) {
+ if ( isset($_POST['metakeyselect']) ) {
if ( !current_user_can( 'edit_post', $pid ) )
die('-1');
if ( '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php
index aaf341588e..c1ff2e6da4 100644
--- a/wp-admin/includes/template.php
+++ b/wp-admin/includes/template.php
@@ -745,6 +745,10 @@ function list_meta( $meta ) {
}
function _list_meta_row( $entry, &$count ) {
+ static $update_nonce = false;
+ if ( !$update_nonce )
+ $update_nonce = wp_create_nonce( 'add-meta' );
+
$r = '';
++ $count;
if ( $count % 2 )
@@ -768,12 +772,16 @@ function _list_meta_row( $entry, &$count ) {
$entry['meta_key'] = attribute_escape($entry['meta_key']);
$entry['meta_value'] = attribute_escape($entry['meta_value']);
$entry['meta_id'] = (int) $entry['meta_id'];
+
+ $delete_nonce = wp_create_nonce( 'delete-meta_' . $entry['meta_id'] );
+
$r .= "\n\t
";
$r .= "\n\t\t | ";
$r .= "\n\t\t | ";
- $r .= "\n\t\t ";
+ $r .= "\n\t\t | ";
$r .= "\n\t\t";
+ $r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='".attribute_escape(__( 'Delete' ))."' />";
+ $r .= wp_nonce_field( 'change-meta', '_ajax_nonce', false, false );
$r .= " | \n\t
";
return $r;
}
@@ -815,10 +823,9 @@ function meta_form() {
|
|
-
-
-
+
+
|
0 ) {
- if ( postID == parseInt(jQuery('#post_ID').val()) ) { return; } // no need to do this more than once
- jQuery('#post_ID').attr({name: "post_ID"});
- jQuery('#post_ID').val(postID);
- // We need new nonces
- jQuery.post(autosaveL10n.requestFile, {
- action: "autosave-generate-nonces",
- post_ID: postID,
- autosavenonce: jQuery('#autosavenonce').val(),
- post_type: jQuery('#post_type').val()
- }, function(html) {
- jQuery('#_wpnonce').val(html);
- });
- jQuery('#hiddenaction').val('editpost');
- }
+ autosave_update_post_ID( postID );
+ }
+}
+
+function autosave_update_post_ID( postID ) {
+ if ( !isNaN(postID) && postID > 0 ) {
+ if ( postID == parseInt(jQuery('#post_ID').val()) ) { return; } // no need to do this more than once
+ jQuery('#post_ID').attr({name: "post_ID"});
+ jQuery('#post_ID').val(postID);
+ // We need new nonces
+ jQuery.post(autosaveL10n.requestFile, {
+ action: "autosave-generate-nonces",
+ post_ID: postID,
+ autosavenonce: jQuery('#autosavenonce').val(),
+ post_type: jQuery('#post_type').val()
+ }, function(html) {
+ jQuery('#_wpnonce').val(html);
+ });
+ jQuery('#hiddenaction').val('editpost');
}
}
@@ -173,7 +176,7 @@ var autosave = function() {
if(parseInt(post_data["post_ID"]) < 1) {
post_data["temp_ID"] = post_data["post_ID"];
- var successCallback = autosave_update_post_ID; // new post
+ var successCallback = autosave_saved_new;; // new post
} else {
var successCallback = autosave_saved; // pre-existing post
}
diff --git a/wp-includes/js/wp-lists.js b/wp-includes/js/wp-lists.js
index f1eed16dbf..e1ef515712 100644
--- a/wp-includes/js/wp-lists.js
+++ b/wp-includes/js/wp-lists.js
@@ -154,7 +154,7 @@ var wpList = {
s.success = function(r) {
var res = wpAjax.parseAjaxResponse(r, s.response, s.element);
if ( !res || res.errors ) {
- element.stop().css( 'backgroundColor', '#FF3333' ).show().queue( function() { list.wpList.recolor(); $(this).dequeue(); } );
+ element.stop().stop().css( 'backgroundColor', '#FF3333' ).show().queue( function() { list.wpList.recolor(); $(this).dequeue(); } );
return false;
}
if ( $.isFunction(s.delAfter) ) {
@@ -217,7 +217,7 @@ var wpList = {
s.success = function(r) {
var res = wpAjax.parseAjaxResponse(r, s.response, s.element);
if ( !res || res.errors ) {
- element.stop().css( 'backgroundColor', '#FF3333' )[isClass?'removeClass':'addClass'](s.dimClass).show().queue( function() { list.wpList.recolor(); $(this).dequeue(); } );
+ element.stop().stop().css( 'backgroundColor', '#FF3333' )[isClass?'removeClass':'addClass'](s.dimClass).show().queue( function() { list.wpList.recolor(); $(this).dequeue(); } );
return false;
}
if ( $.isFunction(s.dimAfter) ) {
diff --git a/wp-includes/script-loader.php b/wp-includes/script-loader.php
index 6732a10007..139518c890 100644
--- a/wp-includes/script-loader.php
+++ b/wp-includes/script-loader.php
@@ -47,7 +47,7 @@ class WP_Scripts {
'broken' => __('An unidentified error has occurred.')
) );
- $this->add( 'autosave', '/wp-includes/js/autosave.js', array('schedule', 'wp-ajax-response'), '20080317' );
+ $this->add( 'autosave', '/wp-includes/js/autosave.js', array('schedule', 'wp-ajax-response'), '20080322' );
$this->add( 'wp-ajax', '/wp-includes/js/wp-ajax.js', array('prototype'), '20070306');
$this->localize( 'wp-ajax', 'WPAjaxL10n', array(
@@ -57,7 +57,7 @@ class WP_Scripts {
'whoaText' => __("Slow down, I'm still sending your data!")
) );
- $this->add( 'wp-lists', '/wp-includes/js/wp-lists.js', array('wp-ajax-response'), '20080312' );
+ $this->add( 'wp-lists', '/wp-includes/js/wp-lists.js', array('wp-ajax-response'), '20080322' );
$this->localize( 'wp-lists', 'wpListL10n', array(
'url' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php'
) );
@@ -144,7 +144,7 @@ class WP_Scripts {
'save' => __('Save'),
'cancel' => __('Cancel'),
) );
- $this->add( 'post', '/wp-admin/js/post.js', array('suggest', 'jquery-ui-tabs', 'wp-lists', 'postbox', 'slug'), '20080318' );
+ $this->add( 'post', '/wp-admin/js/post.js', array('suggest', 'jquery-ui-tabs', 'wp-lists', 'postbox', 'slug'), '20080322' );
$this->localize( 'post', 'postL10n', array(
'tagsUsed' => __('Tags used on this post:'),
'add' => attribute_escape(__('Add')),