[wp-trac] [WordPress Trac] #47843: Update the WordPress Packages to the ones used in the Gutenberg 6.4 release
WordPress Trac
noreply at wordpress.org
Sun Sep 15 17:22:01 UTC 2019
#47843: Update the WordPress Packages to the ones used in the Gutenberg 6.4 release
------------------------------+---------------------
Reporter: gziolo | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.3
Component: Editor | Version:
Severity: normal | Resolution:
Keywords: has-patch commit | Focuses:
------------------------------+---------------------
Comment (by iseulde):
I added the action that was added for the plugin in
https://github.com/WordPress/gutenberg/pull/16683.
The changes I made are the following:
{{{#!diff
Index: src/wp-admin/admin-ajax.php
===================================================================
--- src/wp-admin/admin-ajax.php (revision 46145)
+++ src/wp-admin/admin-ajax.php (working copy)
@@ -53,6 +53,7 @@
'autocomplete-user',
'dashboard-widgets',
'logged-in',
+ 'rest-nonce',
);
$core_actions_post = array(
Index: src/wp-admin/includes/ajax-actions.php
===================================================================
--- src/wp-admin/includes/ajax-actions.php (revision 46145)
+++ src/wp-admin/includes/ajax-actions.php (working copy)
@@ -5271,3 +5271,12 @@
wp_send_json_success( $all_sizes );
}
+
+/**
+ * Ajax handler to renew the REST API nonce.
+ *
+ * @since 5.3.0
+ */
+function wp_ajax_rest_nonce() {
+ exit( wp_create_nonce( 'wp_rest' ) );
+}
Index: src/wp-includes/script-loader.php
===================================================================
--- src/wp-includes/script-loader.php (revision 46145)
+++ src/wp-includes/script-loader.php (working copy)
@@ -535,27 +535,17 @@
}
$scripts->add_inline_script(
'wp-api-fetch',
- sprintf(
- implode(
- "\n",
- array(
- '( function() {',
- ' var nonceMiddleware =
wp.apiFetch.createNonceMiddleware( "%s" );',
- ' wp.apiFetch.use(
nonceMiddleware );',
- ' wp.hooks.addAction(',
- '
"heartbeat.tick",',
- ' "core/api-fetch
/create-nonce-middleware",',
- ' function( response
) {',
- ' if (
response[ "rest_nonce" ] ) {',
- '
nonceMiddleware.nonce = response[ "rest_nonce" ];',
- ' }',
- ' }',
- ' );',
- '} )();',
- )
+ join( array(
+ sprintf(
+ 'wp.apiFetch.nonceMiddleware =
wp.apiFetch.createNonceMiddleware( "%s" );',
+ ( wp_installing() && ! is_multisite() ) ?
'' : wp_create_nonce( 'wp_rest' )
),
- ( wp_installing() && ! is_multisite() ) ? '' :
wp_create_nonce( 'wp_rest' )
- ),
+ 'wp.apiFetch.use( wp.apiFetch.nonceMiddleware );',
+ sprintf(
+ 'wp.apiFetch.nonceEndpoint = "%s";',
+ admin_url( 'admin-ajax.php?action=rest-
nonce' )
+ ),
+ ), "\n" ),
'after'
);
$scripts->add_inline_script(
}}}
This can be tested by adding lowering the nonce life to 5 seconds. Load
the page, then wait 5 seconds and try to update or publish a post.
{{{#!php
<?php
add_filter( 'nonce_life', function() {
return 5;
} );
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47843#comment:29>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list