From e4f73af4953fbf1c7501fc3b4d79821a3961b519 Mon Sep 17 00:00:00 2001
From: Andrew Ozz <azaozz@git.wordpress.org>
Date: Thu, 16 May 2013 03:47:09 +0000
Subject: [PATCH] Separate the nonces update from checking the post lock. Fix
 scheduling the logged out check. See #23697, see #23295.

git-svn-id: https://develop.svn.wordpress.org/trunk@24273 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/includes/misc.php      | 28 +++++++++++++++++++----
 wp-admin/js/post.js             | 40 +++++++++++++++++++++++++++++----
 wp-includes/js/wp-auth-check.js |  7 ++++--
 3 files changed, 65 insertions(+), 10 deletions(-)

diff --git a/wp-admin/includes/misc.php b/wp-admin/includes/misc.php
index 421c7b3360..deb470f9b9 100644
--- a/wp-admin/includes/misc.php
+++ b/wp-admin/includes/misc.php
@@ -623,8 +623,30 @@ function wp_refresh_post_lock( $response, $data, $screen_id ) {
 				$send['new_lock'] = implode( ':', $new_lock );
 		}
 
+		$response['wp-refresh-post-lock'] = $send;
+	}
+
+	return $response;
+}
+add_filter( 'heartbeat_received', 'wp_refresh_post_lock', 10, 3 );
+
+/**
+ * Check nonce expiration on the New/Edit Post screen and refresh if needed
+ *
+ * @since 3.6
+ */
+function wp_refresh_post_nonces( $response, $data, $screen_id ) {
+	if ( 'post' == $screen_id && array_key_exists( 'wp-refresh-post-nonces', $data ) ) {
+		$received = $data['wp-refresh-post-nonces'];
+
+		if ( ! $post_id = absint( $received['post_id'] ) )
+			return $response;
+
+		if ( ! current_user_can('edit_post', $post_id) )
+			return $response;
+
 		if ( ! empty( $received['post_nonce'] ) && 2 === wp_verify_nonce( $received['post_nonce'], 'update-post_' . $post_id ) ) {
-			$send['update_nonces'] = array(
+			$response['wp-refresh-post-nonces'] = array(
 				'replace-autosavenonce' => wp_create_nonce('autosave'),
 				'replace-getpermalinknonce' => wp_create_nonce('getpermalink'),
 				'replace-samplepermalinknonce' => wp_create_nonce('samplepermalink'),
@@ -633,13 +655,11 @@ function wp_refresh_post_lock( $response, $data, $screen_id ) {
 				'replace-_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ),
 			);
 		}
-
-		$response['wp-refresh-post-lock'] = $send;
 	}
 
 	return $response;
 }
-add_filter( 'heartbeat_received', 'wp_refresh_post_lock', 10, 3 );
+add_filter( 'heartbeat_received', 'wp_refresh_post_nonces', 10, 3 );
 
 /**
  * Output the HTML for restoring the post data from DOM storage
diff --git a/wp-admin/js/post.js b/wp-admin/js/post.js
index c46da8eed5..ae7da28bff 100644
--- a/wp-admin/js/post.js
+++ b/wp-admin/js/post.js
@@ -254,7 +254,6 @@ WPRemoveThumbnail = function(nonce){
 $(document).on( 'heartbeat-send.refresh-lock', function( e, data ) {
 	var lock = $('#active_post_lock').val(),
 		post_id = $('#post_ID').val(),
-		post_nonce = $('#_wpnonce').val(),
 		send = {};
 
 	if ( !post_id )
@@ -265,9 +264,6 @@ $(document).on( 'heartbeat-send.refresh-lock', function( e, data ) {
 	if ( lock )
 		send['lock'] = lock;
 
-	if ( post_nonce )
-		send['post_nonce'] = post_nonce;
-
 	data['wp-refresh-post-lock'] = send;
 });
 
@@ -321,6 +317,42 @@ $(document).on( 'heartbeat-tick.refresh-lock', function( e, data ) {
 
 }(jQuery));
 
+(function($) {
+	var check, timeout;
+
+	function schedule() {
+		check = false;
+		window.clearTimeout( timeout );
+		timeout = window.setTimeout( function(){ check = 1; }, 3600000 );
+	}
+
+	$(document).on( 'heartbeat-send.wp-refresh-nonces', function( e, data ) { 
+		var nonce, post_id;
+
+		if ( check ) {
+			if ( ( post_id = $('#post_ID').val() ) && ( nonce = $('#_wpnonce').val() ) ) {
+				data['wp-refresh-post-nonces'] = {
+					post_id: post_id,
+					post_nonce: nonce
+				};
+			}
+			check = 2;
+		}
+	}).on( 'heartbeat-tick.wp-refresh-nonces', function( e, data ) {
+		if ( check === 2 )
+			schedule();
+
+		if ( data['wp-refresh-post-nonces'] ) {
+			$.each( data['wp-refresh-post-nonces'], function( selector, value ) {
+				if ( selector.match(/^replace-/) )
+					$( '#' + selector.replace('replace-', '') ).val( value );
+			});
+		}
+	}).ready( function() {
+		schedule();
+	});
+}(jQuery));
+
 jQuery(document).ready( function($) {
 	var stamp, visibility, sticky = '', last = 0, co = $('#content');
 
diff --git a/wp-includes/js/wp-auth-check.js b/wp-includes/js/wp-auth-check.js
index 5eb34b7c00..a8b4d85da8 100644
--- a/wp-includes/js/wp-auth-check.js
+++ b/wp-includes/js/wp-auth-check.js
@@ -72,11 +72,11 @@
 	function schedule() {
 		check = false;
 		window.clearTimeout( timeout );
-		timeout = window.setTimeout( function(){ check = true; }, 180000 ); // 3 min.
+		timeout = window.setTimeout( function(){ check = 1; }, 180000 ); // 3 min.
 	}
 
 	$( document ).on( 'heartbeat-tick.wp-auth-check', function( e, data ) {
-		if ( check )
+		if ( check === 2 )
 			schedule();
 
 		if ( data['wp-auth-check'] && wrap.hasClass('hidden') ) {
@@ -103,6 +103,9 @@
 
 			if ( check || ! empty )
 				data['wp-auth-check'] = 1;
+
+			if ( check )
+				check = 2;
 		});
 	});