Skip to content
This repository
Browse code

Use actual information for AJAX action

Instead of post ID 1, use the one from the post page.

Pass the nonce from the server-side and use that.
  • Loading branch information...
commit 281438ddfb6dc36c87b7198653d9478a9159b518 1 parent e447a3c
Nikolay Bachiyski authored December 20, 2012
3  js/liveblog-admin.js
... ...
@@ -1,11 +1,12 @@
1 1
 jQuery(function($) {
2 2
 	var $meta_box = $('#liveblog');
  3
+	var post_id = $('#post_ID').val();
3 4
 	var show_error = function(message) {
4 5
 		$('p.error', $meta_box).show().html(message);
5 6
  	}
6 7
 	$meta_box.on('click', 'button', function(e) {
7 8
 		e.preventDefault();
8  
-		var url = ajaxurl + '?action=set_liveblog_state_for_post&post_id=1&state=' + $(this).val();
  9
+		var url = ajaxurl + '?action=set_liveblog_state_for_post&post_id=' + encodeURIComponent(post_id) + '&state=' + encodeURIComponent($(this).val()) + '&' + liveblog_admin_settings.nonce_key + '=' + liveblog_admin_settings.nonce;
9 10
 		$('.inside', $meta_box).load(url, function(response, status, xhr) {
10 11
 			if ( status != 'error') return;
11 12
 			show_error('Error: ' + xhr.status + ' ' + xhr.statusText);
6  liveblog.php
@@ -417,7 +417,11 @@ public static function add_comment_class( $classes, $class, $comment_id ) {
417 417
 
418 418
 	public static function admin_enqueue_scripts() {
419 419
 		wp_enqueue_style( self::key,  plugins_url( 'css/liveblog-admin.css', __FILE__ ) );
420  
-		wp_enqueue_script( self::key,  plugins_url( 'js/liveblog-admin.js', __FILE__ ) );
  420
+		wp_enqueue_script( 'liveblog-admin',  plugins_url( 'js/liveblog-admin.js', __FILE__ ) );
  421
+		wp_localize_script( 'liveblog-admin', 'liveblog_admin_settings', array(
  422
+			'nonce_key' => self::nonce_key,
  423
+			'nonce' => wp_create_nonce( self::nonce_key ),
  424
+		) );
421 425
 	}
422 426
 
423 427
 	/**

0 notes on commit 281438d

Please sign in to comment.
Something went wrong with that request. Please try again.