]> scripts.mit.edu Git - autoinstalls/wordpress.git/blobdiff - wp-includes/class-wp-customize-manager.php
scripts.mit.edu / autoinstalls / wordpress.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
WordPress 3.4.1
[autoinstalls/wordpress.git] / wp-includes / class-wp-customize-manager.php
diff --git a/wp-includes/class-wp-customize-manager.php b/wp-includes/class-wp-customize-manager.php
index c1ce0510e7d43e107ccb630a9a7499f23cb56273..d0c5fb25f7775ca528aca4f4554a5caee98d8a67 100644 (file)
--- a/wp-includes/class-wp-customize-manager.php
+++ b/wp-includes/class-wp-customize-manager.php
@@ -17,6 +17,8 @@ final class WP_Customize_Manager {
        protected $sections = array();
        protected $controls = array();
 
+       protected $nonce_tick;
+
        protected $customized;
 
        private $_post_values;
@@ -308,6 +310,8 @@ final class WP_Customize_Manager {
         * @since 3.4.0
         */
        public function customize_preview_init() {
+               $this->nonce_tick = check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'nonce' );
+
                $this->prepare_controls();
 
                wp_enqueue_script( 'customize-preview' );
@@ -362,6 +366,13 @@ final class WP_Customize_Manager {
                        'channel' => esc_js( $_POST['customize_messenger_channel'] ),
                );
 
+               if ( 2 == $this->nonce_tick ) {
+                       $settings['nonce'] = array(
+                               'save' => wp_create_nonce( 'save-customize_' . $this->get_stylesheet() ),
+                               'preview' => wp_create_nonce( 'preview-customize_' . $this->get_stylesheet() )
+                       );
+               }
+
                foreach ( $this->settings as $id => $setting ) {
                        $settings['values'][ $id ] = $setting->js_value();
                }
@@ -468,7 +479,7 @@ final class WP_Customize_Manager {
                if ( ! $this->is_preview() )
                        die;
 
-               check_ajax_referer( 'customize_controls-' . $this->get_stylesheet(), 'nonce' );
+               check_ajax_referer( 'save-customize_' . $this->get_stylesheet(), 'nonce' );
 
                // Do we have to switch themes?
                if ( ! $this->is_theme_active() ) {
WordPress autoinstaller for phpBB