[wp-trac] [WordPress Trac] #31897: Update Customizer nonces via Heartbeat API
WordPress Trac
noreply at wordpress.org
Wed Feb 24 18:19:56 UTC 2016
#31897: Update Customizer nonces via Heartbeat API
------------------------------------------+-----------------------------
Reporter: westonruter | Owner: voldemortensen
Type: enhancement | Status: assigned
Priority: normal | Milestone: Future Release
Component: Customize | Version: 3.4
Severity: normal | Resolution:
Keywords: needs-patch needs-unit-tests | Focuses: javascript
------------------------------------------+-----------------------------
Changes (by westonruter):
* keywords: needs-patch => needs-patch needs-unit-tests
Comment:
@adamsilverstein nice. The patch is looking good.
* In `wp_refresh_customizer_nonces()` you can prevent instantiating
`WP_Customize_manager` if the `$wp_customize` global already exists.
* Add a `current_user_can( 'customize' )` cap to the condition along with
`array_key_exists()`. Otherwise, an unprivileged user could potentially
obtain nonces.
* Needs `@param` and `@return` phpdoc tags.
* It would be useful for other plugins that make use of Heartbeat in the
Customizer to have the `$screen_id` populated to be `customize`.
* Maybe rename `wp_refresh_customizer_nonces()` to
`wp_heartbeat_refresh_customizer_nonces()`.
* Maybe rename the heartbeat data array key from `wp-refresh-customizer-
nonce` to `wp-customize-nonces`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31897#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list