Make WordPress Core

Ticket #45113: 45113.heartbeatnonce.diff

File 45113.heartbeatnonce.diff, 17.4 KB (added by dd32, 6 years ago)
  • wp-admin/includes/admin-filters.php

    if ( ! is_customize_preview() ) { 
    5656}
    5757
    5858add_action( 'admin_print_scripts-post.php',     'wp_page_reload_on_back_button_js' );
    5959add_action( 'admin_print_scripts-post-new.php', 'wp_page_reload_on_back_button_js' );
    6060
    6161add_action( 'update_option_home',          'update_home_siteurl', 10, 2 );
    6262add_action( 'update_option_siteurl',       'update_home_siteurl', 10, 2 );
    6363add_action( 'update_option_page_on_front', 'update_home_siteurl', 10, 2 );
    6464add_action( 'update_option_admin_email',   'wp_site_admin_email_change_notification', 10, 3 );
    6565
    6666add_action( 'add_option_new_admin_email',    'update_option_new_admin_email', 10, 2 );
    6767add_action( 'update_option_new_admin_email', 'update_option_new_admin_email', 10, 2 );
    6868
    6969add_filter( 'heartbeat_received', 'wp_check_locked_posts',  10,  3 );
    7070add_filter( 'heartbeat_received', 'wp_refresh_post_lock',   10,  3 );
    71 add_filter( 'wp_refresh_nonces', 'wp_refresh_post_nonces', 10,  3 );
    7271add_filter( 'heartbeat_received', 'heartbeat_autosave',     500, 2 );
    7372
     73add_filter( 'wp_refresh_nonces', 'wp_refresh_post_nonces', 10, 3 );
     74add_filter( 'wp_refresh_nonces', 'wp_refresh_heartbeat_nonces' );
     75
    7476add_filter( 'heartbeat_settings', 'wp_heartbeat_set_suspension' );
    7577
    7678// Nav Menu hooks.
    7779add_action( 'admin_head-nav-menus.php', '_wp_delete_orphaned_draft_menu_items' );
    7880
    7981// Plugin hooks.
    8082add_filter( 'whitelist_options', 'option_update_filter' );
    8183
    8284// Plugin Install hooks.
    8385add_action( 'install_plugins_featured',               'install_dashboard' );
    8486add_action( 'install_plugins_upload',                 'install_plugins_upload' );
    8587add_action( 'install_plugins_search',                 'display_plugins_table' );
    8688add_action( 'install_plugins_popular',                'display_plugins_table' );
    8789add_action( 'install_plugins_recommended',            'display_plugins_table' );
    8890add_action( 'install_plugins_new',                    'display_plugins_table' );
  • wp-admin/includes/misc.php

    function wp_refresh_post_nonces( $respon 
    10081008                        return $response;
    10091009                }
    10101010
    10111011                if ( ! current_user_can( 'edit_post', $post_id ) ) {
    10121012                        return $response;
    10131013                }
    10141014
    10151015                $response['wp-refresh-post-nonces'] = array(
    10161016                        'replace' => array(
    10171017                                'getpermalinknonce' => wp_create_nonce('getpermalink'),
    10181018                                'samplepermalinknonce' => wp_create_nonce('samplepermalink'),
    10191019                                'closedpostboxesnonce' => wp_create_nonce('closedpostboxes'),
    10201020                                '_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ),
    10211021                                '_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ),
    10221022                        ),
    1023                         'heartbeatNonce' => wp_create_nonce( 'heartbeat-nonce' ),
    10241023                );
    10251024        }
    10261025
    10271026        return $response;
    10281027}
    10291028
    10301029/**
     1030 * Add the latest Heartbeat and REST-API nonce to the Heartbeat response.
     1031 *
     1032 * @since 5.0.0
     1033 *
     1034 * @param array  $response  The Heartbeat response.
     1035 * @return array The Heartbeat response.
     1036 */
     1037function wp_refresh_heartbeat_nonces( $response ) {
     1038        // Refresh the Rest API nonce.
     1039        $response['rest_nonce'] = wp_create_nonce( 'wp_rest' );
     1040        // TEMPORARY: Compat with api-fetch library
     1041        $response['rest-nonce'] = $response['rest_nonce'];
     1042
     1043        // Refresh the Heartbeat nonce.
     1044        $response['heartbeat_nonce'] = wp_create_nonce( 'heartbeat-nonce' );
     1045        return $response;
     1046}
     1047
     1048/**
    10311049 * Disable suspension of Heartbeat on the Add/Edit Post screens.
    10321050 *
    10331051 * @since 3.8.0
    10341052 *
    10351053 * @global string $pagenow
    10361054 *
    10371055 * @param array $settings An array of Heartbeat settings.
    10381056 * @return array Filtered Heartbeat settings.
    10391057 */
    10401058function wp_heartbeat_set_suspension( $settings ) {
    10411059        global $pagenow;
    10421060
    10431061        if ( 'post.php' === $pagenow || 'post-new.php' === $pagenow ) {
    10441062                $settings['suspension'] = 'disable';
    10451063        }
    final class WP_Privacy_Policy_Content { 
    16971715                        $strings[] = '<p class="privacy-policy-tutorial">' . __( 'The amount of information you may be required to show will vary depending on your local or national business regulations. You may, for example, be required to display a physical address, a registered address, or your company registration number.' ) . '</p>';
    16981716                }
    16991717
    17001718                /* translators: %s Site URL */
    17011719                $strings[] = '<p>' . $suggested_text . sprintf( __( 'Our website address is: %s.' ), get_bloginfo( 'url', 'display' ) ) . '</p>';
    17021720
    17031721                $strings[] = '<h2>' . __( 'What personal data we collect and why we collect it' ) . '</h2>';
    17041722
    17051723                if ( $description ) {
    17061724                        $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this section you should note what personal data you collect from users and site visitors. This may include personal data, such as name, email address, personal account preferences; transactional data, such as purchase information; and technical data, such as information about cookies.' ) . '</p>';
    17071725                        $strings[] = '<p class="privacy-policy-tutorial">' . __( 'You should also note any collection and retention of sensitive personal data, such as data concerning health.' ) . '</p>';
    17081726                        $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In addition to listing what personal data you collect, you need to note why you collect it. These explanations must note either the legal basis for your data collection and retention or the active consent the user has given.' ) . '</p>';
    17091727                        $strings[] = '<p class="privacy-policy-tutorial">' . __( 'Personal data is not just created by a user&#8217;s interactions with your site. Personal data is also generated from technical processes such as contact forms, comments, cookies, analytics, and third party embeds.' ) . '</p>';
    17101728                        $strings[] = '<p class="privacy-policy-tutorial">' . __( 'By default WordPress does not collect any personal data about visitors, and only collects the data shown on the User Profile screen from registered users. However some of your plugins may collect personal data. You should add the relevant information below.' ) . '</p>';
    17111729                }
    1712                
     1730
    17131731                $strings[] = '<h3>' . __( 'Comments' ) . '</h3>';
    17141732
    17151733                if ( $description ) {
    17161734                        $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this subsection you should note what information is captured through comments. We have noted the data which WordPress collects by default.' ) . '</p>';
    17171735                }
    17181736
    17191737                $strings[] = '<p>' . $suggested_text . __( 'When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor&#8217;s IP address and browser user agent string to help spam detection.' ) . '</p>';
    17201738                $strings[] = '<p>' . __( 'An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.' ) . '</p>';
    17211739                $strings[] = '<h3>' . __( 'Media' ) . '</h3>';
    17221740
    17231741                if ( $description ) {
    17241742                        $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this subsection you should note what information may be disclosed by users who can upload media files. All uploaded files are usually publicly accessible.' ) . '</p>';
    17251743                }
    17261744
    17271745                $strings[] = '<p>' . $suggested_text . __( 'If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.' ) . '</p>';
    final class WP_Privacy_Policy_Content { 
    17491767                $strings[] = '<h3>' . __( 'Analytics' ) . '</h3>';
    17501768
    17511769                if ( $description ) {
    17521770                        $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this subsection you should note what analytics package you use, how users can opt out of analytics tracking, and a link to your analytics provider&#8217;s privacy policy, if any.' ) . '</p>';
    17531771                        $strings[] = '<p class="privacy-policy-tutorial">' . __( 'By default WordPress does not collect any analytics data. However, many web hosting accounts collect some anonymous analytics data. You may also have installed a WordPress plugin that provides analytics services. In that case, add information from that plugin here.' ) . '</p>';
    17541772                }
    17551773
    17561774                $strings[] = '<h2>' . __( 'Who we share your data with' ) . '</h2>';
    17571775
    17581776                if ( $description ) {
    17591777                        $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this section you should name and list all third party providers with whom you share site data, including partners, cloud-based services, payment processors, and third party service providers, and note what data you share with them and why. Link to their own privacy policies if possible.' ) . '</p>';
    17601778                        $strings[] = '<p class="privacy-policy-tutorial">' . __( 'By default WordPress does not share any personal data with anyone.' ) . '</p>';
    17611779                }
    17621780
    17631781                $strings[] = '<h2>' . __( 'How long we retain your data' ) . '</h2>';
    1764                
     1782
    17651783                if ( $description ) {
    17661784                        $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this section you should explain how long you retain personal data collected or processed by the web site. While it is your responsibility to come up with the schedule of how long you keep each dataset for and why you keep it, that information does need to be listed here. For example, you may want to say that you keep contact form entries for six months, analytics records for a year, and customer purchase records for ten years.' ) . '</p>';
    17671785                }
    1768                
     1786
    17691787                $strings[] = '<p>' . $suggested_text . __( 'If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.' ) . '</p>';
    17701788                $strings[] = '<p>' . __( 'For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.' ) . '</p>';
    17711789
    17721790                $strings[] = '<h2>' . __( 'What rights you have over your data' ) . '</h2>';
    17731791
    17741792                if ( $description ) {
    17751793                        $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this section you should explain what rights your users have over their data and how they can invoke those rights.' ) . '</p>';
    17761794                }
    17771795
    17781796                $strings[] = '<p>' . $suggested_text . __( 'If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.' ) . '</p>';
    17791797
    17801798                $strings[] = '<h2>' . __( 'Where we send your data' ) . '</h2>';
    17811799
    17821800                if ( $description ) {
    17831801                        $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this section you should list all transfers of your site data outside the European Union and describe the means by which that data is safeguarded to European data protection standards. This could include your web hosting, cloud storage, or other third party services.' ) . '</p>';
  • wp-includes/js/heartbeat.js

     
    300300                                        case 'parsererror':
    301301                                        case 'empty':
    302302                                        case 'unknown':
    303303                                                settings.errorcount++;
    304304
    305305                                                if ( settings.errorcount > 2 && settings.hasConnected ) {
    306306                                                        trigger = true;
    307307                                                }
    308308
    309309                                                break;
    310310                                }
    311311
    312312                                if ( trigger && ! hasConnectionError() ) {
    313313                                        settings.connectionError = true;
    314314                                        $document.trigger( 'heartbeat-connection-lost', [error, status] );
     315                                        wp.hooks.doAction( 'heartbeat.connection-lost', error, status );
    315316                                }
    316317                        }
    317318                }
    318319
    319320                /**
    320321                 * Clear the error state and fire an event
    321322                 *
    322323                 * @access private
    323324                 *
    324325                 * @return void
    325326                 */
    326327                function clearErrorState() {
    327328                        // Has connected successfully
    328329                        settings.hasConnected = true;
    329330
    330331                        if ( hasConnectionError() ) {
    331332                                settings.errorcount = 0;
    332333                                settings.connectionError = false;
    333334                                $document.trigger( 'heartbeat-connection-restored' );
     335                                wp.hooks.doAction( 'heartbeat.connection-restored' );
    334336                        }
    335337                }
    336338
    337339                /**
    338340                 * Gather the data and connect to the server
    339341                 *
    340342                 * @access private
    341343                 *
    342344                 * @return void
    343345                 */
    344346                function connect() {
    345347                        var ajaxData, heartbeatData;
    346348
    347349                        // If the connection to the server is slower than the interval,
    348350                        // heartbeat connects as soon as the previous connection's response is received.
    349351                        if ( settings.connecting || settings.suspend ) {
    350352                                return;
    351353                        }
    352354
    353355                        settings.lastTick = time();
    354356
    355357                        heartbeatData = $.extend( {}, settings.queue );
    356358                        // Clear the data queue, anything added after this point will be send on the next tick
    357359                        settings.queue = {};
    358360
    359361                        $document.trigger( 'heartbeat-send', [ heartbeatData ] );
     362                        wp.hooks.doAction( 'heartbeat.send', heartbeatData );
    360363
    361364                        ajaxData = {
    362365                                data: heartbeatData,
    363366                                interval: settings.tempInterval ? settings.tempInterval / 1000 : settings.mainInterval / 1000,
    364367                                _nonce: typeof window.heartbeatSettings === 'object' ? window.heartbeatSettings.nonce : '',
    365368                                action: 'heartbeat',
    366369                                screen_id: settings.screenId,
    367370                                has_focus: settings.hasFocus
    368371                        };
    369372
    370373                        if ( 'customize' === settings.screenId  ) {
    371374                                ajaxData.wp_customize = 'on';
    372375                        }
    373376
    374377                        settings.connecting = true;
     
    381384                        }).always( function() {
    382385                                settings.connecting = false;
    383386                                scheduleNextTick();
    384387                        }).done( function( response, textStatus, jqXHR ) {
    385388                                var newInterval;
    386389
    387390                                if ( ! response ) {
    388391                                        setErrorState( 'empty' );
    389392                                        return;
    390393                                }
    391394
    392395                                clearErrorState();
    393396
    394397                                if ( response.nonces_expired ) {
    395398                                        $document.trigger( 'heartbeat-nonces-expired' );
     399                                        wp.hooks.doAction( 'heartbeat.nonces-expired' );
    396400                                }
    397401
    398402                                // Change the interval from PHP
    399403                                if ( response.heartbeat_interval ) {
    400404                                        newInterval = response.heartbeat_interval;
    401405                                        delete response.heartbeat_interval;
    402406                                }
    403407
     408                                // Update the heartbeat nonce if set.
     409                                if ( response.heartbeat_nonce && typeof window.heartbeatSettings === 'object' ) {
     410                                        window.heartbeatSettings.nonce = response.heartbeat_nonce;
     411                                        delete response.heartbeat_nonce;
     412                                }
     413
     414                                // Update the Rest API nonce if set and wp-api loaded.
     415                                if ( response.rest_nonce && typeof window.wpApiSettings === 'object' ) {
     416                                        window.wpApiSettings.nonce = response.rest_nonce;
     417                                        // This nonce is required for api-fetch through heartbeat.tick.
     418                                        // delete response.rest_nonce;
     419                                }
     420
    404421                                $document.trigger( 'heartbeat-tick', [response, textStatus, jqXHR] );
     422                                wp.hooks.doAction( 'heartbeat.tick', response, textStatus, jqXHR );
    405423
    406424                                // Do this last, can trigger the next XHR if connection time > 5 sec. and newInterval == 'fast'
    407425                                if ( newInterval ) {
    408426                                        interval( newInterval );
    409427                                }
    410428                        }).fail( function( jqXHR, textStatus, error ) {
    411429                                setErrorState( textStatus || 'unknown', jqXHR.status );
    412430                                $document.trigger( 'heartbeat-error', [jqXHR, textStatus, error] );
     431                                wp.hooks.doAction( 'heartbeat.error', jqXHR, textStatus, error );
    413432                        });
    414433                }
    415434
    416435                /**
    417436                 * Schedule the next connection
    418437                 *
    419438                 * Fires immediately if the connection time is longer than the interval.
    420439                 *
    421440                 * @access private
    422441                 *
    423442                 * @return void
    424443                 */
    425444                function scheduleNextTick() {
    426445                        var delta = time() - settings.lastTick,
    427446                                interval = settings.mainInterval;
  • wp-includes/script-loader.php

    function wp_default_scripts( &$scripts ) 
    752752        $scripts->add( 'wp-api-request', "/wp-includes/js/api-request$suffix.js", array( 'jquery' ), false, 1 );
    753753        // `wpApiSettings` is also used by `wp-api`, which depends on this script.
    754754        did_action( 'init' ) && $scripts->localize( 'wp-api-request', 'wpApiSettings', array(
    755755                'root'          => esc_url_raw( get_rest_url() ),
    756756                'nonce'         => ( wp_installing() && ! is_multisite() ) ? '' : wp_create_nonce( 'wp_rest' ),
    757757                'versionString' => 'wp/v2/',
    758758        ) );
    759759
    760760        $scripts->add( 'wp-pointer', "/wp-includes/js/wp-pointer$suffix.js", array( 'jquery-ui-widget', 'jquery-ui-position' ), '20111129a', 1 );
    761761        did_action( 'init' ) && $scripts->localize( 'wp-pointer', 'wpPointerL10n', array(
    762762                'dismiss' => __('Dismiss'),
    763763        ) );
    764764
    765765        $scripts->add( 'autosave', "/wp-includes/js/autosave$suffix.js", array('heartbeat'), false, 1 );
    766766
    767         $scripts->add( 'heartbeat', "/wp-includes/js/heartbeat$suffix.js", array('jquery'), false, 1 );
     767        $scripts->add( 'heartbeat', "/wp-includes/js/heartbeat$suffix.js", array( 'jquery', 'wp-hooks' ), false, 1 );
    768768        did_action( 'init' ) && $scripts->localize( 'heartbeat', 'heartbeatSettings',
    769769                /**
    770770                 * Filters the Heartbeat settings.
    771771                 *
    772772                 * @since 3.6.0
    773773                 *
    774774                 * @param array $settings Heartbeat settings array.
    775775                 */
    776776                apply_filters( 'heartbeat_settings', array() )
    777777        );
    778778
    779779        $scripts->add( 'wp-auth-check', "/wp-includes/js/wp-auth-check$suffix.js", array('heartbeat'), false, 1 );
    780780        did_action( 'init' ) && $scripts->localize( 'wp-auth-check', 'authcheckL10n', array(
    781781                'beforeunload' => __('Your session has expired. You can log in again from this page or go to the login page.'),
    782782