diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php index 9f5f025b4c..ed1ef9e499 100644 --- a/wp-admin/admin-ajax.php +++ b/wp-admin/admin-ajax.php @@ -67,6 +67,7 @@ if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_po add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 ); add_action( 'wp_ajax_nopriv_autosave', 'wp_ajax_nopriv_autosave', 1 ); +add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 ); if ( is_user_logged_in() ) do_action( 'wp_ajax_' . $_REQUEST['action'] ); // Authenticated actions diff --git a/wp-admin/includes/ajax-actions.php b/wp-admin/includes/ajax-actions.php index bd4d5b93c4..7f09a4f557 100644 --- a/wp-admin/includes/ajax-actions.php +++ b/wp-admin/includes/ajax-actions.php @@ -2081,12 +2081,12 @@ function wp_ajax_heartbeat() { check_ajax_referer( 'heartbeat-nonce', '_nonce' ); $response = array(); - // screenid is the same as $current_screen->id and the JS global 'pagenow' + // screen_id is the same as $current_screen->id and the JS global 'pagenow' if ( ! empty($_POST['screenid']) ) $screen_id = sanitize_key($_POST['screenid']); else $screen_id = 'site'; - + if ( ! empty($_POST['data']) ) { $data = wp_unslash( (array) $_POST['data'] ); // todo: how much to sanitize and preset and what to leave to be accessed from $data or $_POST..? @@ -2106,9 +2106,31 @@ function wp_ajax_heartbeat() { // send the current time acording to the server $response['servertime'] = time(); - // Change the interval, format: array( speed, ticks ) - if ( isset($response['heartbeat_interval']) ) - $response['heartbeat_interval'] = (array) $response['heartbeat_interval']; + wp_send_json($response); +} + +function wp_ajax_nopriv_heartbeat() { + $response = array(); + + // screen_id is the same as $current_screen->id and the JS global 'pagenow' + if ( ! empty($_POST['screenid']) ) + $screen_id = sanitize_key($_POST['screenid']); + else + $screen_id = 'site'; + + if ( ! empty($_POST['data']) ) { + $data = wp_unslash( (array) $_POST['data'] ); + $response = apply_filters( 'heartbeat_nopriv_received', $response, $data, $screen_id ); + } + + $response = apply_filters( 'heartbeat_nopriv_send', $response, $screen_id ); + + // Allow the transport to be replaced with long-polling easily + do_action( 'heartbeat_nopriv_tick', $response, $screen_id ); + + // send the current time acording to the server + $response['servertime'] = time(); wp_send_json($response); } + diff --git a/wp-includes/general-template.php b/wp-includes/general-template.php index 4385e4b2e3..de94d0ba51 100644 --- a/wp-includes/general-template.php +++ b/wp-includes/general-template.php @@ -2287,6 +2287,8 @@ function __checked_selected_helper( $helper, $current, $echo, $type ) { * @return array $settings */ function wp_heartbeat_settings( $settings ) { - $setting['nonce'] = wp_create_nonce( 'heartbeat-nonce' ); + if ( is_user_logged_in() ) + $setting['nonce'] = wp_create_nonce( 'heartbeat-nonce' ); + return $setting; } diff --git a/wp-includes/js/heartbeat.js b/wp-includes/js/heartbeat.js index 76e34875d0..a3825996b4 100644 --- a/wp-includes/js/heartbeat.js +++ b/wp-includes/js/heartbeat.js @@ -95,6 +95,7 @@ window.wp = window.wp || {}; tick = time(); data.data = $.extend( {}, queue ); + $(document).trigger( 'heartbeat-send', [data.data] ); data.interval = interval / 1000; data._nonce = nonce;