Ticket #45113: 45113.heartbeatnonce.diff
File 45113.heartbeatnonce.diff, 17.4 KB (added by , 6 years ago) |
---|
-
wp-admin/includes/admin-filters.php
if ( ! is_customize_preview() ) { 56 56 } 57 57 58 58 add_action( 'admin_print_scripts-post.php', 'wp_page_reload_on_back_button_js' ); 59 59 add_action( 'admin_print_scripts-post-new.php', 'wp_page_reload_on_back_button_js' ); 60 60 61 61 add_action( 'update_option_home', 'update_home_siteurl', 10, 2 ); 62 62 add_action( 'update_option_siteurl', 'update_home_siteurl', 10, 2 ); 63 63 add_action( 'update_option_page_on_front', 'update_home_siteurl', 10, 2 ); 64 64 add_action( 'update_option_admin_email', 'wp_site_admin_email_change_notification', 10, 3 ); 65 65 66 66 add_action( 'add_option_new_admin_email', 'update_option_new_admin_email', 10, 2 ); 67 67 add_action( 'update_option_new_admin_email', 'update_option_new_admin_email', 10, 2 ); 68 68 69 69 add_filter( 'heartbeat_received', 'wp_check_locked_posts', 10, 3 ); 70 70 add_filter( 'heartbeat_received', 'wp_refresh_post_lock', 10, 3 ); 71 add_filter( 'wp_refresh_nonces', 'wp_refresh_post_nonces', 10, 3 );72 71 add_filter( 'heartbeat_received', 'heartbeat_autosave', 500, 2 ); 73 72 73 add_filter( 'wp_refresh_nonces', 'wp_refresh_post_nonces', 10, 3 ); 74 add_filter( 'wp_refresh_nonces', 'wp_refresh_heartbeat_nonces' ); 75 74 76 add_filter( 'heartbeat_settings', 'wp_heartbeat_set_suspension' ); 75 77 76 78 // Nav Menu hooks. 77 79 add_action( 'admin_head-nav-menus.php', '_wp_delete_orphaned_draft_menu_items' ); 78 80 79 81 // Plugin hooks. 80 82 add_filter( 'whitelist_options', 'option_update_filter' ); 81 83 82 84 // Plugin Install hooks. 83 85 add_action( 'install_plugins_featured', 'install_dashboard' ); 84 86 add_action( 'install_plugins_upload', 'install_plugins_upload' ); 85 87 add_action( 'install_plugins_search', 'display_plugins_table' ); 86 88 add_action( 'install_plugins_popular', 'display_plugins_table' ); 87 89 add_action( 'install_plugins_recommended', 'display_plugins_table' ); 88 90 add_action( 'install_plugins_new', 'display_plugins_table' ); -
wp-admin/includes/misc.php
function wp_refresh_post_nonces( $respon 1008 1008 return $response; 1009 1009 } 1010 1010 1011 1011 if ( ! current_user_can( 'edit_post', $post_id ) ) { 1012 1012 return $response; 1013 1013 } 1014 1014 1015 1015 $response['wp-refresh-post-nonces'] = array( 1016 1016 'replace' => array( 1017 1017 'getpermalinknonce' => wp_create_nonce('getpermalink'), 1018 1018 'samplepermalinknonce' => wp_create_nonce('samplepermalink'), 1019 1019 'closedpostboxesnonce' => wp_create_nonce('closedpostboxes'), 1020 1020 '_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ), 1021 1021 '_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ), 1022 1022 ), 1023 'heartbeatNonce' => wp_create_nonce( 'heartbeat-nonce' ),1024 1023 ); 1025 1024 } 1026 1025 1027 1026 return $response; 1028 1027 } 1029 1028 1030 1029 /** 1030 * Add the latest Heartbeat and REST-API nonce to the Heartbeat response. 1031 * 1032 * @since 5.0.0 1033 * 1034 * @param array $response The Heartbeat response. 1035 * @return array The Heartbeat response. 1036 */ 1037 function wp_refresh_heartbeat_nonces( $response ) { 1038 // Refresh the Rest API nonce. 1039 $response['rest_nonce'] = wp_create_nonce( 'wp_rest' ); 1040 // TEMPORARY: Compat with api-fetch library 1041 $response['rest-nonce'] = $response['rest_nonce']; 1042 1043 // Refresh the Heartbeat nonce. 1044 $response['heartbeat_nonce'] = wp_create_nonce( 'heartbeat-nonce' ); 1045 return $response; 1046 } 1047 1048 /** 1031 1049 * Disable suspension of Heartbeat on the Add/Edit Post screens. 1032 1050 * 1033 1051 * @since 3.8.0 1034 1052 * 1035 1053 * @global string $pagenow 1036 1054 * 1037 1055 * @param array $settings An array of Heartbeat settings. 1038 1056 * @return array Filtered Heartbeat settings. 1039 1057 */ 1040 1058 function wp_heartbeat_set_suspension( $settings ) { 1041 1059 global $pagenow; 1042 1060 1043 1061 if ( 'post.php' === $pagenow || 'post-new.php' === $pagenow ) { 1044 1062 $settings['suspension'] = 'disable'; 1045 1063 } … … final class WP_Privacy_Policy_Content { 1697 1715 $strings[] = '<p class="privacy-policy-tutorial">' . __( 'The amount of information you may be required to show will vary depending on your local or national business regulations. You may, for example, be required to display a physical address, a registered address, or your company registration number.' ) . '</p>'; 1698 1716 } 1699 1717 1700 1718 /* translators: %s Site URL */ 1701 1719 $strings[] = '<p>' . $suggested_text . sprintf( __( 'Our website address is: %s.' ), get_bloginfo( 'url', 'display' ) ) . '</p>'; 1702 1720 1703 1721 $strings[] = '<h2>' . __( 'What personal data we collect and why we collect it' ) . '</h2>'; 1704 1722 1705 1723 if ( $description ) { 1706 1724 $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this section you should note what personal data you collect from users and site visitors. This may include personal data, such as name, email address, personal account preferences; transactional data, such as purchase information; and technical data, such as information about cookies.' ) . '</p>'; 1707 1725 $strings[] = '<p class="privacy-policy-tutorial">' . __( 'You should also note any collection and retention of sensitive personal data, such as data concerning health.' ) . '</p>'; 1708 1726 $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In addition to listing what personal data you collect, you need to note why you collect it. These explanations must note either the legal basis for your data collection and retention or the active consent the user has given.' ) . '</p>'; 1709 1727 $strings[] = '<p class="privacy-policy-tutorial">' . __( 'Personal data is not just created by a user’s interactions with your site. Personal data is also generated from technical processes such as contact forms, comments, cookies, analytics, and third party embeds.' ) . '</p>'; 1710 1728 $strings[] = '<p class="privacy-policy-tutorial">' . __( 'By default WordPress does not collect any personal data about visitors, and only collects the data shown on the User Profile screen from registered users. However some of your plugins may collect personal data. You should add the relevant information below.' ) . '</p>'; 1711 1729 } 1712 1730 1713 1731 $strings[] = '<h3>' . __( 'Comments' ) . '</h3>'; 1714 1732 1715 1733 if ( $description ) { 1716 1734 $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this subsection you should note what information is captured through comments. We have noted the data which WordPress collects by default.' ) . '</p>'; 1717 1735 } 1718 1736 1719 1737 $strings[] = '<p>' . $suggested_text . __( 'When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.' ) . '</p>'; 1720 1738 $strings[] = '<p>' . __( 'An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.' ) . '</p>'; 1721 1739 $strings[] = '<h3>' . __( 'Media' ) . '</h3>'; 1722 1740 1723 1741 if ( $description ) { 1724 1742 $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this subsection you should note what information may be disclosed by users who can upload media files. All uploaded files are usually publicly accessible.' ) . '</p>'; 1725 1743 } 1726 1744 1727 1745 $strings[] = '<p>' . $suggested_text . __( 'If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.' ) . '</p>'; … … final class WP_Privacy_Policy_Content { 1749 1767 $strings[] = '<h3>' . __( 'Analytics' ) . '</h3>'; 1750 1768 1751 1769 if ( $description ) { 1752 1770 $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this subsection you should note what analytics package you use, how users can opt out of analytics tracking, and a link to your analytics provider’s privacy policy, if any.' ) . '</p>'; 1753 1771 $strings[] = '<p class="privacy-policy-tutorial">' . __( 'By default WordPress does not collect any analytics data. However, many web hosting accounts collect some anonymous analytics data. You may also have installed a WordPress plugin that provides analytics services. In that case, add information from that plugin here.' ) . '</p>'; 1754 1772 } 1755 1773 1756 1774 $strings[] = '<h2>' . __( 'Who we share your data with' ) . '</h2>'; 1757 1775 1758 1776 if ( $description ) { 1759 1777 $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this section you should name and list all third party providers with whom you share site data, including partners, cloud-based services, payment processors, and third party service providers, and note what data you share with them and why. Link to their own privacy policies if possible.' ) . '</p>'; 1760 1778 $strings[] = '<p class="privacy-policy-tutorial">' . __( 'By default WordPress does not share any personal data with anyone.' ) . '</p>'; 1761 1779 } 1762 1780 1763 1781 $strings[] = '<h2>' . __( 'How long we retain your data' ) . '</h2>'; 1764 1782 1765 1783 if ( $description ) { 1766 1784 $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this section you should explain how long you retain personal data collected or processed by the web site. While it is your responsibility to come up with the schedule of how long you keep each dataset for and why you keep it, that information does need to be listed here. For example, you may want to say that you keep contact form entries for six months, analytics records for a year, and customer purchase records for ten years.' ) . '</p>'; 1767 1785 } 1768 1786 1769 1787 $strings[] = '<p>' . $suggested_text . __( 'If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.' ) . '</p>'; 1770 1788 $strings[] = '<p>' . __( 'For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.' ) . '</p>'; 1771 1789 1772 1790 $strings[] = '<h2>' . __( 'What rights you have over your data' ) . '</h2>'; 1773 1791 1774 1792 if ( $description ) { 1775 1793 $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this section you should explain what rights your users have over their data and how they can invoke those rights.' ) . '</p>'; 1776 1794 } 1777 1795 1778 1796 $strings[] = '<p>' . $suggested_text . __( 'If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.' ) . '</p>'; 1779 1797 1780 1798 $strings[] = '<h2>' . __( 'Where we send your data' ) . '</h2>'; 1781 1799 1782 1800 if ( $description ) { 1783 1801 $strings[] = '<p class="privacy-policy-tutorial">' . __( 'In this section you should list all transfers of your site data outside the European Union and describe the means by which that data is safeguarded to European data protection standards. This could include your web hosting, cloud storage, or other third party services.' ) . '</p>'; -
wp-includes/js/heartbeat.js
300 300 case 'parsererror': 301 301 case 'empty': 302 302 case 'unknown': 303 303 settings.errorcount++; 304 304 305 305 if ( settings.errorcount > 2 && settings.hasConnected ) { 306 306 trigger = true; 307 307 } 308 308 309 309 break; 310 310 } 311 311 312 312 if ( trigger && ! hasConnectionError() ) { 313 313 settings.connectionError = true; 314 314 $document.trigger( 'heartbeat-connection-lost', [error, status] ); 315 wp.hooks.doAction( 'heartbeat.connection-lost', error, status ); 315 316 } 316 317 } 317 318 } 318 319 319 320 /** 320 321 * Clear the error state and fire an event 321 322 * 322 323 * @access private 323 324 * 324 325 * @return void 325 326 */ 326 327 function clearErrorState() { 327 328 // Has connected successfully 328 329 settings.hasConnected = true; 329 330 330 331 if ( hasConnectionError() ) { 331 332 settings.errorcount = 0; 332 333 settings.connectionError = false; 333 334 $document.trigger( 'heartbeat-connection-restored' ); 335 wp.hooks.doAction( 'heartbeat.connection-restored' ); 334 336 } 335 337 } 336 338 337 339 /** 338 340 * Gather the data and connect to the server 339 341 * 340 342 * @access private 341 343 * 342 344 * @return void 343 345 */ 344 346 function connect() { 345 347 var ajaxData, heartbeatData; 346 348 347 349 // If the connection to the server is slower than the interval, 348 350 // heartbeat connects as soon as the previous connection's response is received. 349 351 if ( settings.connecting || settings.suspend ) { 350 352 return; 351 353 } 352 354 353 355 settings.lastTick = time(); 354 356 355 357 heartbeatData = $.extend( {}, settings.queue ); 356 358 // Clear the data queue, anything added after this point will be send on the next tick 357 359 settings.queue = {}; 358 360 359 361 $document.trigger( 'heartbeat-send', [ heartbeatData ] ); 362 wp.hooks.doAction( 'heartbeat.send', heartbeatData ); 360 363 361 364 ajaxData = { 362 365 data: heartbeatData, 363 366 interval: settings.tempInterval ? settings.tempInterval / 1000 : settings.mainInterval / 1000, 364 367 _nonce: typeof window.heartbeatSettings === 'object' ? window.heartbeatSettings.nonce : '', 365 368 action: 'heartbeat', 366 369 screen_id: settings.screenId, 367 370 has_focus: settings.hasFocus 368 371 }; 369 372 370 373 if ( 'customize' === settings.screenId ) { 371 374 ajaxData.wp_customize = 'on'; 372 375 } 373 376 374 377 settings.connecting = true; … … 381 384 }).always( function() { 382 385 settings.connecting = false; 383 386 scheduleNextTick(); 384 387 }).done( function( response, textStatus, jqXHR ) { 385 388 var newInterval; 386 389 387 390 if ( ! response ) { 388 391 setErrorState( 'empty' ); 389 392 return; 390 393 } 391 394 392 395 clearErrorState(); 393 396 394 397 if ( response.nonces_expired ) { 395 398 $document.trigger( 'heartbeat-nonces-expired' ); 399 wp.hooks.doAction( 'heartbeat.nonces-expired' ); 396 400 } 397 401 398 402 // Change the interval from PHP 399 403 if ( response.heartbeat_interval ) { 400 404 newInterval = response.heartbeat_interval; 401 405 delete response.heartbeat_interval; 402 406 } 403 407 408 // Update the heartbeat nonce if set. 409 if ( response.heartbeat_nonce && typeof window.heartbeatSettings === 'object' ) { 410 window.heartbeatSettings.nonce = response.heartbeat_nonce; 411 delete response.heartbeat_nonce; 412 } 413 414 // Update the Rest API nonce if set and wp-api loaded. 415 if ( response.rest_nonce && typeof window.wpApiSettings === 'object' ) { 416 window.wpApiSettings.nonce = response.rest_nonce; 417 // This nonce is required for api-fetch through heartbeat.tick. 418 // delete response.rest_nonce; 419 } 420 404 421 $document.trigger( 'heartbeat-tick', [response, textStatus, jqXHR] ); 422 wp.hooks.doAction( 'heartbeat.tick', response, textStatus, jqXHR ); 405 423 406 424 // Do this last, can trigger the next XHR if connection time > 5 sec. and newInterval == 'fast' 407 425 if ( newInterval ) { 408 426 interval( newInterval ); 409 427 } 410 428 }).fail( function( jqXHR, textStatus, error ) { 411 429 setErrorState( textStatus || 'unknown', jqXHR.status ); 412 430 $document.trigger( 'heartbeat-error', [jqXHR, textStatus, error] ); 431 wp.hooks.doAction( 'heartbeat.error', jqXHR, textStatus, error ); 413 432 }); 414 433 } 415 434 416 435 /** 417 436 * Schedule the next connection 418 437 * 419 438 * Fires immediately if the connection time is longer than the interval. 420 439 * 421 440 * @access private 422 441 * 423 442 * @return void 424 443 */ 425 444 function scheduleNextTick() { 426 445 var delta = time() - settings.lastTick, 427 446 interval = settings.mainInterval; -
wp-includes/script-loader.php
function wp_default_scripts( &$scripts ) 752 752 $scripts->add( 'wp-api-request', "/wp-includes/js/api-request$suffix.js", array( 'jquery' ), false, 1 ); 753 753 // `wpApiSettings` is also used by `wp-api`, which depends on this script. 754 754 did_action( 'init' ) && $scripts->localize( 'wp-api-request', 'wpApiSettings', array( 755 755 'root' => esc_url_raw( get_rest_url() ), 756 756 'nonce' => ( wp_installing() && ! is_multisite() ) ? '' : wp_create_nonce( 'wp_rest' ), 757 757 'versionString' => 'wp/v2/', 758 758 ) ); 759 759 760 760 $scripts->add( 'wp-pointer', "/wp-includes/js/wp-pointer$suffix.js", array( 'jquery-ui-widget', 'jquery-ui-position' ), '20111129a', 1 ); 761 761 did_action( 'init' ) && $scripts->localize( 'wp-pointer', 'wpPointerL10n', array( 762 762 'dismiss' => __('Dismiss'), 763 763 ) ); 764 764 765 765 $scripts->add( 'autosave', "/wp-includes/js/autosave$suffix.js", array('heartbeat'), false, 1 ); 766 766 767 $scripts->add( 'heartbeat', "/wp-includes/js/heartbeat$suffix.js", array( 'jquery'), false, 1 );767 $scripts->add( 'heartbeat', "/wp-includes/js/heartbeat$suffix.js", array( 'jquery', 'wp-hooks' ), false, 1 ); 768 768 did_action( 'init' ) && $scripts->localize( 'heartbeat', 'heartbeatSettings', 769 769 /** 770 770 * Filters the Heartbeat settings. 771 771 * 772 772 * @since 3.6.0 773 773 * 774 774 * @param array $settings Heartbeat settings array. 775 775 */ 776 776 apply_filters( 'heartbeat_settings', array() ) 777 777 ); 778 778 779 779 $scripts->add( 'wp-auth-check', "/wp-includes/js/wp-auth-check$suffix.js", array('heartbeat'), false, 1 ); 780 780 did_action( 'init' ) && $scripts->localize( 'wp-auth-check', 'authcheckL10n', array( 781 781 'beforeunload' => __('Your session has expired. You can log in again from this page or go to the login page.'), 782 782