enmi-conf.org: comparison wp/wp-includes/class-wp-customize-manager.php

equal deleted inserted replaced

-:3d4e9c994f10
+:a86126ab1dd4
 	/**
 	 * Changeset data loaded from a customize_changeset post.
 	 *
 	 * @since 4.7.0
-	 * @var array
+	 * @var array|null
 	 */
 	private $_changeset_data;
 	/**
 	 * Constructor.
 		// Note that the UUID format will be validated in the setup_theme() method.
 		if ( ! isset( $args['changeset_uuid'] ) ) {
 			$args['changeset_uuid'] = wp_generate_uuid4();
 		}
-		// The theme and messenger_channel should be supplied via $args, but they are also looked at in the $_REQUEST global here for back-compat.
+		// The theme and messenger_channel should be supplied via $args,
+		// but they are also looked at in the $_REQUEST global here for back-compat.
 		if ( ! isset( $args['theme'] ) ) {
 			if ( isset( $_REQUEST['customize_theme'] ) ) {
 				$args['theme'] = wp_unslash( $_REQUEST['customize_theme'] );
 			} elseif ( isset( $_REQUEST['theme'] ) ) { // Deprecated.
 				$args['theme'] = wp_unslash( $_REQUEST['theme'] );
 			if ( isset( $args[ $key ] ) ) {
 				$this->$key = (bool) $args[ $key ];
 			}
 		}
-		require_once( ABSPATH . WPINC . '/class-wp-customize-setting.php' );
+		require_once ABSPATH . WPINC . '/class-wp-customize-setting.php';
-		require_once( ABSPATH . WPINC . '/class-wp-customize-panel.php' );
+		require_once ABSPATH . WPINC . '/class-wp-customize-panel.php';
-		require_once( ABSPATH . WPINC . '/class-wp-customize-section.php' );
+		require_once ABSPATH . WPINC . '/class-wp-customize-section.php';
-		require_once( ABSPATH . WPINC . '/class-wp-customize-control.php' );
+		require_once ABSPATH . WPINC . '/class-wp-customize-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-color-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-color-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-media-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-media-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-upload-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-upload-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-image-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-image-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-background-image-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-image-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-background-position-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-position-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-cropped-image-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-cropped-image-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-site-icon-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-site-icon-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-header-image-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-header-image-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-theme-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-theme-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-code-editor-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-code-editor-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-widget-area-customize-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-widget-area-customize-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-widget-form-customize-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-widget-form-customize-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-location-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-location-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-name-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-name-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-locations-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-locations-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-auto-add-control.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-auto-add-control.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-new-menu-control.php' ); // @todo Remove in a future release. See #42364.
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menus-panel.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menus-panel.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-themes-panel.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-themes-panel.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-themes-section.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-themes-section.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-sidebar-section.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-sidebar-section.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-section.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-section.php' );
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-new-menu-section.php' ); // @todo Remove in a future release. See #42364.
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-custom-css-setting.php';
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-filter-setting.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-custom-css-setting.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-header-image-setting.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-filter-setting.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-image-setting.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-header-image-setting.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-setting.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-background-image-setting.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-setting.php';
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-setting.php' );
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-setting.php' );
 		/**
 		 * Filters the core Customizer components to load.
 		 *
 		 * This allows Core components to be excluded from being instantiated by
 		 * @param string[]             $components Array of core components to load.
 		 * @param WP_Customize_Manager $this       WP_Customize_Manager instance.
 		 */
 		$components = apply_filters( 'customize_loaded_components', $this->components, $this );
-		require_once( ABSPATH . WPINC . '/customize/class-wp-customize-selective-refresh.php' );
+		require_once ABSPATH . WPINC . '/customize/class-wp-customize-selective-refresh.php';
 		$this->selective_refresh = new WP_Customize_Selective_Refresh( $this );
 		if ( in_array( 'widgets', $components, true ) ) {
-			require_once( ABSPATH . WPINC . '/class-wp-customize-widgets.php' );
+			require_once ABSPATH . WPINC . '/class-wp-customize-widgets.php';
 			$this->widgets = new WP_Customize_Widgets( $this );
 		}
 		if ( in_array( 'nav_menus', $components, true ) ) {
-			require_once( ABSPATH . WPINC . '/class-wp-customize-nav-menus.php' );
+			require_once ABSPATH . WPINC . '/class-wp-customize-nav-menus.php';
 			$this->nav_menus = new WP_Customize_Nav_Menus( $this );
 		}
 		add_action( 'setup_theme', array( $this, 'setup_theme' ) );
 		add_action( 'wp_loaded', array( $this, 'wp_loaded' ) );
 		add_filter( 'heartbeat_received', array( $this, 'check_changeset_lock_with_heartbeat' ), 10, 3 );
 		add_action( 'wp_ajax_customize_override_changeset_lock', array( $this, 'handle_override_changeset_lock_request' ) );
 		add_action( 'wp_ajax_customize_dismiss_autosave_or_lock', array( $this, 'handle_dismiss_autosave_or_lock_request' ) );
 		add_action( 'customize_register', array( $this, 'register_controls' ) );
-		add_action( 'customize_register', array( $this, 'register_dynamic_settings' ), 11 ); // allow code to create settings first
+		add_action( 'customize_register', array( $this, 'register_dynamic_settings' ), 11 ); // Allow code to create settings first.
 		add_action( 'customize_controls_init', array( $this, 'prepare_controls' ) );
 		add_action( 'customize_controls_enqueue_scripts', array( $this, 'enqueue_control_scripts' ) );
 		// Render Common, Panel, Section, and Control templates.
 		add_action( 'customize_controls_print_footer_scripts', array( $this, 'render_panel_templates' ), 1 );
 	 * Custom wp_die wrapper. Returns either the standard message for UI
 	 * or the Ajax message.
 	 *
 	 * @since 3.4.0
 	 *
-	 * @param mixed $ajax_message Ajax return
+	 * @param string|WP_Error $ajax_message Ajax return.
-	 * @param mixed $message UI message
+	 * @param string          $message      Optional. UI message.
 	 */
 	protected function wp_die( $ajax_message, $message = null ) {
 		if ( $this->doing_ajax() ) {
 			wp_die( $ajax_message );
 		}
 	 * @global string $pagenow
 	 */
 	public function setup_theme() {
 		global $pagenow;
-		// Check permissions for customize.php access since this method is called before customize.php can run any code,
+		// Check permissions for customize.php access since this method is called before customize.php can run any code.
 		if ( 'customize.php' === $pagenow && ! current_user_can( 'customize' ) ) {
 			if ( ! is_user_logged_in() ) {
 				auth_redirect();
 			} else {
 				wp_die(
 		if ( $this->is_theme_active() ) {
 			// Once the theme is loaded, we'll validate it.
 			add_action( 'after_setup_theme', array( $this, 'after_setup_theme' ) );
 		} else {
-			// If the requested theme is not the active theme and the user doesn't have the
+			// If the requested theme is not the active theme and the user doesn't have
-			// switch_themes cap, bail.
+			// the switch_themes cap, bail.
 			if ( ! current_user_can( 'switch_themes' ) ) {
 				$this->wp_die( -1, __( 'Sorry, you are not allowed to edit theme options on this site.' ) );
 			}
 			// If the theme has errors while loading, bail.
 	 * this method will determine which UUID should be used. If changeset branching is disabled, then the most saved
 	 * changeset will be loaded by default. Otherwise, if there are no existing saved changesets or if changeset branching is
 	 * enabled, then a new UUID will be generated.
 	 *
 	 * @since 4.9.0
+	 *
 	 * @global string $pagenow
 	 */
 	public function establish_loaded_changeset() {
 		global $pagenow;
 	/**
 	 * Gets whether settings are or will be previewed.
 	 *
 	 * @since 4.9.0
+	 *
 	 * @see WP_Customize_Setting::preview()
 	 *
 	 * @return bool
 	 */
 	public function settings_previewed() {
 	/**
 	 * Gets whether data from a changeset's autosaved revision should be loaded if it exists.
 	 *
 	 * @since 4.9.0
+	 *
 	 * @see WP_Customize_Manager::changeset_data()
 	 *
 	 * @return bool Is using autosaved changeset revision.
 	 */
 	public function autosaved() {
 	/**
 	 * Whether the changeset branching is allowed.
 	 *
 	 * @since 4.9.0
+	 *
 	 * @see WP_Customize_Manager::establish_loaded_changeset()
 	 *
 	 * @return bool Is changeset branching.
 	 */
 	public function branching() {
 	/**
 	 * Get the changeset UUID.
 	 *
 	 * @since 4.7.0
+	 *
 	 * @see WP_Customize_Manager::establish_loaded_changeset()
 	 *
 	 * @return string UUID.
 	 */
 	public function changeset_uuid() {
 	 * @since 3.4.0
 	 *
 	 * @return bool
 	 */
 	public function is_theme_active() {
-		return $this->get_stylesheet() == $this->original_stylesheet;
+		return $this->get_stylesheet() === $this->original_stylesheet;
 	}
 	/**
 	 * Register styles/scripts and initialize the preview of each setting
 	 *
 	 * @since 3.4.0
 	 */
 	public function wp_loaded() {
-		// Unconditionally register core types for panels, sections, and controls in case plugin unhooks all customize_register actions.
+		// Unconditionally register core types for panels, sections, and controls
+		// in case plugin unhooks all customize_register actions.
 		$this->register_panel_type( 'WP_Customize_Panel' );
 		$this->register_panel_type( 'WP_Customize_Themes_Panel' );
 		$this->register_section_type( 'WP_Customize_Section' );
 		$this->register_section_type( 'WP_Customize_Sidebar_Section' );
 		$this->register_section_type( 'WP_Customize_Themes_Section' );
 		}
 		return $dismissed;
 	}
 	/**
-	 * Get the changeset post id for the loaded changeset.
+	 * Get the changeset post ID for the loaded changeset.
 	 *
 	 * @since 4.7.0
 	 *
 	 * @return int|null Post ID on success or null if there is no post yet saved.
 	 */
 			}
 		} elseif ( 'customize_changeset' !== $changeset_post->post_type ) {
 			return new WP_Error( 'wrong_post_type' );
 		}
 		$changeset_data = json_decode( $changeset_post->post_content, true );
-		if ( function_exists( 'json_last_error' ) && json_last_error() ) {
+		$last_error     = json_last_error();
-			return new WP_Error( 'json_parse_error', '', json_last_error() );
+		if ( $last_error ) {
+			return new WP_Error( 'json_parse_error', '', $last_error );
 		}
 		if ( ! is_array( $changeset_data ) ) {
 			return new WP_Error( 'expected_array' );
 		}
 		return $changeset_data;
 					// Find the max widget number for this type.
 					$widget_numbers = array_keys( $settings );
 					if ( count( $widget_numbers ) > 0 ) {
 						$widget_numbers[]               = 1;
-						$max_widget_numbers[ $id_base ] = call_user_func_array( 'max', $widget_numbers );
+						$max_widget_numbers[ $id_base ] = max( ...$widget_numbers );
 					} else {
 						$max_widget_numbers[ $id_base ] = 1;
 					}
 				}
 				$max_widget_numbers[ $id_base ] += 1;
 						array(
 							'post_status' => 'auto-draft', // So attachment will be garbage collected in a week if changeset is never published.
 						)
 					);
-					// In PHP < 5.6 filesize() returns 0 for the temp files unless we clear the file status cache.
-					// Technically, PHP < 5.6.0 || < 5.5.13 || < 5.4.29 but no need to be so targeted.
-					// See https://bugs.php.net/bug.php?id=65701
-					if ( version_compare( PHP_VERSION, '5.6', '<' ) ) {
-						clearstatcache();
-					}
 					$attachment_id = media_handle_sideload( $file_array, 0, null, $attachment_post_data );
 					if ( is_wp_error( $attachment_id ) ) {
 						continue;
 					}
 					update_post_meta( $attachment_id, '_starter_content_theme', $this->get_stylesheet() );
 			}
 		}
 		// Options.
 		foreach ( $options as $name => $value ) {
-			if ( preg_match( '/^{{(?P<symbol>.+)}}$/', $value, $matches ) ) {
+			// Serialize the value to check for post symbols.
+			$value = maybe_serialize( $value );
+			if ( is_serialized( $value ) ) {
+				if ( preg_match( '/s:\d+:"{{(?P<symbol>.+)}}"/', $value, $matches ) ) {
+					if ( isset( $posts[ $matches['symbol'] ] ) ) {
+						$symbol_match = $posts[ $matches['symbol'] ]['ID'];
+					} elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) {
+						$symbol_match = $attachment_ids[ $matches['symbol'] ];
+					}
+					// If we have any symbol matches, update the values.
+					if ( isset( $symbol_match ) ) {
+						// Replace found string matches with post IDs.
+						$value = str_replace( $matches[0], "i:{$symbol_match}", $value );
+					} else {
+						continue;
+					}
+				}
+			} elseif ( preg_match( '/^{{(?P<symbol>.+)}}$/', $value, $matches ) ) {
 				if ( isset( $posts[ $matches['symbol'] ] ) ) {
 					$value = $posts[ $matches['symbol'] ]['ID'];
 				} elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) {
 					$value = $attachment_ids[ $matches['symbol'] ];
 				} else {
 					continue;
 				}
 			}
+			// Unserialize values after checking for post symbols, so they can be properly referenced.
+			$value = maybe_unserialize( $value );
 			if ( empty( $changeset_data[ $name ] ) || ! empty( $changeset_data[ $name ]['starter_content'] ) ) {
 				$this->set_post_value( $name, $value );
 				$this->pending_starter_content_settings_ids[] = $name;
 			}
 		}
 		// Theme mods.
 		foreach ( $theme_mods as $name => $value ) {
-			if ( preg_match( '/^{{(?P<symbol>.+)}}$/', $value, $matches ) ) {
+			// Serialize the value to check for post symbols.
+			$value = maybe_serialize( $value );
+			// Check if value was serialized.
+			if ( is_serialized( $value ) ) {
+				if ( preg_match( '/s:\d+:"{{(?P<symbol>.+)}}"/', $value, $matches ) ) {
+					if ( isset( $posts[ $matches['symbol'] ] ) ) {
+						$symbol_match = $posts[ $matches['symbol'] ]['ID'];
+					} elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) {
+						$symbol_match = $attachment_ids[ $matches['symbol'] ];
+					}
+					// If we have any symbol matches, update the values.
+					if ( isset( $symbol_match ) ) {
+						// Replace found string matches with post IDs.
+						$value = str_replace( $matches[0], "i:{$symbol_match}", $value );
+					} else {
+						continue;
+					}
+				}
+			} elseif ( preg_match( '/^{{(?P<symbol>.+)}}$/', $value, $matches ) ) {
 				if ( isset( $posts[ $matches['symbol'] ] ) ) {
 					$value = $posts[ $matches['symbol'] ]['ID'];
 				} elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) {
 					$value = $attachment_ids[ $matches['symbol'] ];
 				} else {
 					continue;
 				}
 			}
+			// Unserialize values after checking for post symbols, so they can be properly referenced.
+			$value = maybe_unserialize( $value );
 			// Handle header image as special case since setting has a legacy format.
 			if ( 'header_image' === $name ) {
 				$name     = 'header_image_data';
 				$metadata = wp_get_attachment_metadata( $value );
 		if ( empty( $attachments ) ) {
 			return $prepared_attachments;
 		}
 		// Such is The WordPress Way.
-		require_once( ABSPATH . 'wp-admin/includes/file.php' );
+		require_once ABSPATH . 'wp-admin/includes/file.php';
-		require_once( ABSPATH . 'wp-admin/includes/media.php' );
+		require_once ABSPATH . 'wp-admin/includes/media.php';
-		require_once( ABSPATH . 'wp-admin/includes/image.php' );
+		require_once ABSPATH . 'wp-admin/includes/image.php';
 		foreach ( $attachments as $symbol => $attachment ) {
 			// A file is required and URLs to files are not currently allowed.
 			if ( empty( $attachment['file'] ) || preg_match( '#^https?://$#', $attachment['file'] ) ) {
 	 * @see WP_REST_Request::has_valid_params()
 	 *
 	 * @param WP_Customize_Setting $setting A WP_Customize_Setting derived object.
 	 * @param mixed                $default Value returned $setting has no post value (added in 4.2.0)
 	 *                                      or the post value is invalid (added in 4.6.0).
-	 * @return string|mixed $post_value Sanitized value or the $default provided.
+	 * @return string|mixed Sanitized value or the $default provided.
 	 */
 	public function post_value( $setting, $default = null ) {
 		$post_values = $this->unsanitized_post_values();
 		if ( ! array_key_exists( $setting->id, $post_values ) ) {
 			return $default;
 		 * If preview is being served inside the customizer preview iframe, and
 		 * if the user doesn't have customize capability, then it is assumed
 		 * that the user's session has expired and they need to re-authenticate.
 		 */
 		if ( $this->messenger_channel && ! current_user_can( 'customize' ) ) {
-			$this->wp_die( -1, __( 'Unauthorized. You may remove the customize_messenger_channel param to preview as frontend.' ) );
+			$this->wp_die(
+				-1,
+				sprintf(
+					/* translators: %s: customize_messenger_channel */
+					__( 'Unauthorized. You may remove the %s param to preview as frontend.' ),
+					'<code>customize_messenger_channel<code>'
+				)
+			);
 			return;
 		}
 		$this->prepare_controls();
 	/**
 	 * Add customize state query params to a given URL if preview is allowed.
 	 *
 	 * @since 4.7.0
+	 *
 	 * @see wp_redirect()
 	 * @see WP_Customize_Manager::get_allowed_url()
 	 *
 	 * @param string $url URL.
 	 * @return string URL.
 	/**
 	 * Filters the current theme and return the name of the previewed theme.
 	 *
 	 * @since 3.4.0
 	 *
-	 * @param $current_theme {@internal Parameter is not used}
+	 * @param mixed $current_theme {@internal Parameter is not used}
 	 * @return string Theme name.
 	 */
 	public function current_theme( $current_theme ) {
 		return $this->theme()->display( 'Name' );
 	}
 			// Dismiss all other auto-draft changeset posts for this user (they serve like autosave revisions), as there should only be one.
 			if ( $is_new_changeset ) {
 				$this->dismiss_user_auto_draft_changesets();
 			}
-			// Note that if the changeset status was publish, then it will get set to trash if revisions are not supported.
+			// Note that if the changeset status was publish, then it will get set to Trash if revisions are not supported.
 			$response['changeset_status'] = $changeset_post->post_status;
 			if ( $is_publish && 'trash' === $response['changeset_status'] ) {
 				$response['changeset_status'] = 'publish';
 			}
 		 * A changeset update is transactional when a status is supplied in the request.
 		 */
 		if ( $update_transactionally && $invalid_setting_count > 0 ) {
 			$response = array(
 				'setting_validities' => $setting_validities,
-				/* translators: %s: number of invalid settings */
+				/* translators: %s: Number of invalid settings. */
 				'message'            => sprintf( _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', $invalid_setting_count ), number_format_i18n( $invalid_setting_count ) ),
 			);
 			return new WP_Error( 'transaction_fail', '', $response );
 		}
 			update_option( 'theme_switched_via_customizer', true );
 			$this->start_previewing_theme();
 		}
 		// Gather the data for wp_insert_post()/wp_update_post().
-		$json_options = 0;
+		$post_array = array(
-		if ( defined( 'JSON_UNESCAPED_SLASHES' ) ) {
+			// JSON_UNESCAPED_SLASHES is only to improve readability as slashes needn't be escaped in storage.
-			$json_options |= JSON_UNESCAPED_SLASHES; // Introduced in PHP 5.4. This is only to improve readability as slashes needn't be escaped in storage.
+			'post_content' => wp_json_encode( $data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT ),
-		}
-		$json_options |= JSON_PRETTY_PRINT; // Also introduced in PHP 5.4, but WP defines constant for back compat. See WP Trac #30139.
-		$post_array    = array(
-			'post_content' => wp_json_encode( $data, $json_options ),
 		);
 		if ( $args['title'] ) {
 			$post_array['post_title'] = $args['title'];
 		}
 		if ( $changeset_post_id ) {
 		$this->store_changeset_revision = $allow_revision;
 		add_filter( 'wp_save_post_revision_post_has_changed', array( $this, '_filter_revision_post_has_changed' ), 5, 3 );
 		/*
-		 * Update the changeset post. The publish_customize_changeset action
+		 * Update the changeset post. The publish_customize_changeset action will cause the settings in the
-		 * will cause the settings in the changeset to be saved via
+		 * changeset to be saved via WP_Customize_Setting::save(). Updating a post with publish status will
-		 * WP_Customize_Setting::save().
+		 * trigger WP_Customize_Manager::publish_changeset_values().
 		 */
+		add_filter( 'wp_insert_post_data', array( $this, 'preserve_insert_changeset_post_content' ), 5, 3 );
-		// Prevent content filters from corrupting JSON in post_content.
-		$has_kses = ( false !== has_filter( 'content_save_pre', 'wp_filter_post_kses' ) );
-		if ( $has_kses ) {
-			kses_remove_filters();
-		}
-		$has_targeted_link_rel_filters = ( false !== has_filter( 'content_save_pre', 'wp_targeted_link_rel' ) );
-		if ( $has_targeted_link_rel_filters ) {
-			wp_remove_targeted_link_rel_filters();
-		}
-		// Note that updating a post with publish status will trigger WP_Customize_Manager::publish_changeset_values().
 		if ( $changeset_post_id ) {
 			if ( $args['autosave'] && 'auto-draft' !== get_post_status( $changeset_post_id ) ) {
 				// See _wp_translate_postdata() for why this is required as it will use the edit_post meta capability.
 				add_filter( 'map_meta_cap', array( $this, 'grant_edit_post_capability_for_changeset' ), 10, 4 );
 				$post_array['post_ID']   = $post_array['ID'];
 				$post_array['post_type'] = 'customize_changeset';
-				$r                       = wp_create_post_autosave( wp_slash( $post_array ) );
+				$r = wp_create_post_autosave( wp_slash( $post_array ) );
 				remove_filter( 'map_meta_cap', array( $this, 'grant_edit_post_capability_for_changeset' ), 10 );
 			} else {
 				$post_array['edit_date'] = true; // Prevent date clearing.
-				$r                       = wp_update_post( wp_slash( $post_array ), true );
+				$r = wp_update_post( wp_slash( $post_array ), true );
 				// Delete autosave revision for user when the changeset is updated.
 				if ( ! empty( $args['user_id'] ) ) {
 					$autosave_draft = wp_get_post_autosave( $changeset_post_id, $args['user_id'] );
 					if ( $autosave_draft ) {
 			$r = wp_insert_post( wp_slash( $post_array ), true );
 			if ( ! is_wp_error( $r ) ) {
 				$this->_changeset_post_id = $r; // Update cached post ID for the loaded changeset.
 			}
 		}
+		remove_filter( 'wp_insert_post_data', array( $this, 'preserve_insert_changeset_post_content' ), 5 );
-		// Restore removed content filters.
-		if ( $has_kses ) {
-			kses_init_filters();
-		}
-		if ( $has_targeted_link_rel_filters ) {
-			wp_init_targeted_link_rel_filters();
-		}
 		$this->_changeset_data = null; // Reset so WP_Customize_Manager::changeset_data() will re-populate with updated contents.
 		remove_filter( 'wp_save_post_revision_post_has_changed', array( $this, '_filter_revision_post_has_changed' ) );
 			$response['changeset_post_save_failure'] = $r->get_error_code();
 			return new WP_Error( 'changeset_post_save_failure', '', $response );
 		}
 		return $response;
+	}
+	/**
+	 * Preserve the initial JSON post_content passed to save into the post.
+	 *
+	 * This is needed to prevent KSES and other {@see 'content_save_pre'} filters
+	 * from corrupting JSON data.
+	 *
+	 * Note that WP_Customize_Manager::validate_setting_values() have already
+	 * run on the setting values being serialized as JSON into the post content
+	 * so it is pre-sanitized.
+	 *
+	 * Also, the sanitization logic is re-run through the respective
+	 * WP_Customize_Setting::sanitize() method when being read out of the
+	 * changeset, via WP_Customize_Manager::post_value(), and this sanitized
+	 * value will also be sent into WP_Customize_Setting::update() for
+	 * persisting to the DB.
+	 *
+	 * Multiple users can collaborate on a single changeset, where one user may
+	 * have the unfiltered_html capability but another may not. A user with
+	 * unfiltered_html may add a script tag to some field which needs to be kept
+	 * intact even when another user updates the changeset to modify another field
+	 * when they do not have unfiltered_html.
+	 *
+	 * @since 5.4.1
+	 *
+	 * @param array $data                An array of slashed and processed post data.
+	 * @param array $postarr             An array of sanitized (and slashed) but otherwise unmodified post data.
+	 * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as originally passed to wp_insert_post().
+	 * @return array Filtered post data.
+	 */
+	public function preserve_insert_changeset_post_content( $data, $postarr, $unsanitized_postarr ) {
+		if (
+			isset( $data['post_type'] ) &&
+			isset( $unsanitized_postarr['post_content'] ) &&
+			'customize_changeset' === $data['post_type'] ||
+			(
+				'revision' === $data['post_type'] &&
+				! empty( $data['post_parent'] ) &&
+				'customize_changeset' === get_post_type( $data['post_parent'] )
+			)
+		) {
+			$data['post_content'] = $unsanitized_postarr['post_content'];
+		}
+		return $data;
 	}
 	/**
 	 * Trash or delete a changeset post.
 	 *
 	 * `wp_publish_post()`. The reason for bypassing `wp_trash_post()` is that it
 	 * will mutate the the `post_content` and the `post_name` when they should be
 	 * untouched.
 	 *
 	 * @since 4.9.0
+	 *
+	 * @see wp_trash_post()
 	 * @global wpdb $wpdb WordPress database abstraction object.
-	 * @see wp_trash_post()
 	 *
 	 * @param int|WP_Post $post The changeset post.
 	 * @return mixed A WP_Post object for the trashed post or an empty value on failure.
 	 */
 	public function trash_changeset_post( $post ) {
 				)
 			);
 			return;
 		}
-		if ( $changeset_post_id && ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->delete_post, $changeset_post_id ) ) {
+		if ( $changeset_post_id ) {
-			wp_send_json_error(
+			if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->delete_post, $changeset_post_id ) ) {
-				array(
+				wp_send_json_error(
-					'code'    => 'changeset_trash_unauthorized',
+					array(
-					'message' => __( 'Unable to trash changes.' ),
+						'code'    => 'changeset_trash_unauthorized',
-				)
+						'message' => __( 'Unable to trash changes.' ),
-			);
+					)
+				);
+			}
+			$lock_user = (int) wp_check_post_lock( $changeset_post_id );
+			if ( $lock_user && get_current_user_id() !== $lock_user ) {
+				wp_send_json_error(
+					array(
+						'code'     => 'changeset_locked',
+						'message'  => __( 'Changeset is being edited by other user.' ),
+						'lockUser' => $this->get_lock_user_data( $lock_user ),
+					)
+				);
+			}
 		}
 		if ( 'trash' === get_post_status( $changeset_post_id ) ) {
 			wp_send_json_error(
 				array(
 	 * `_wp_translate_postdata()` which in turn will check if a user can 'edit_post', but the
 	 * the caps for the customize_changeset post type are all mapping to the meta capability.
 	 * This should be able to be removed once #40922 is addressed in core.
 	 *
 	 * @since 4.9.0
+	 *
 	 * @link https://core.trac.wordpress.org/ticket/40922
 	 * @see WP_Customize_Manager::save_changeset_post()
 	 * @see _wp_translate_postdata()
 	 *
 	 * @param string[] $caps    Array of the user's capabilities.
 	 * @param string   $cap     Capability name.
 	 * @param int      $user_id The user ID.
 	 * @param array    $args    Adds the context to the cap. Typically the object ID.
-	 * @return array   Capabilities.
+	 * @return array Capabilities.
 	 */
 	public function grant_edit_post_capability_for_changeset( $caps, $cap, $user_id, $args ) {
 		if ( 'edit_post' === $cap && ! empty( $args[0] ) && 'customize_changeset' === get_post_type( $args[0] ) ) {
 			$post_type_obj = get_post_type_object( 'customize_changeset' );
 			$caps          = map_meta_cap( $post_type_obj->cap->$cap, $user_id );
 	/**
 	 * Marks the changeset post as being currently edited by the current user.
 	 *
 	 * @since 4.9.0
 	 *
-	 * @param int  $changeset_post_id Changeset post id.
+	 * @param int  $changeset_post_id Changeset post ID.
-	 * @param bool $take_over Take over the changeset, default is false.
+	 * @param bool $take_over Whether to take over the changeset. Default false.
 	 */
 	public function set_changeset_lock( $changeset_post_id, $take_over = false ) {
 		if ( $changeset_post_id ) {
 			$can_override = ! (bool) get_post_meta( $changeset_post_id, '_edit_lock', true );
 	/**
 	 * Refreshes changeset lock with the current time if current user edited the changeset before.
 	 *
 	 * @since 4.9.0
 	 *
-	 * @param int $changeset_post_id Changeset post id.
+	 * @param int $changeset_post_id Changeset post ID.
 	 */
 	public function refresh_changeset_lock( $changeset_post_id ) {
 		if ( ! $changeset_post_id ) {
 			return;
 		}
 	 * @since 4.7.0
 	 *
 	 * @param bool    $post_has_changed Whether the post has changed.
 	 * @param WP_Post $last_revision    The last revision post object.
 	 * @param WP_Post $post             The post object.
-	 *
 	 * @return bool Whether a revision should be made.
 	 */
 	public function _filter_revision_post_has_changed( $post_has_changed, $last_revision, $post ) {
 		unset( $last_revision );
 		if ( 'customize_changeset' === $post->post_type ) {
 	 * Please note that if the settings in the changeset are for a non-activated
 	 * theme, the theme must first be switched to (via `switch_theme()`) before
 	 * invoking this method.
 	 *
 	 * @since 4.7.0
+	 *
 	 * @see _wp_customize_publish_changeset()
-	 * @global wpdb $wpdb
+	 * @global wpdb $wpdb WordPress database abstraction object.
 	 *
 	 * @param int $changeset_post_id ID for customize_changeset post. Defaults to the changeset for the current manager instance.
 	 * @return true|WP_Error True or error info.
 	 */
 	public function _publish_changeset_values( $changeset_post_id ) {
 	 * Add a customize setting.
 	 *
 	 * @since 3.4.0
 	 * @since 4.5.0 Return added WP_Customize_Setting instance.
 	 *
+	 * @see WP_Customize_Setting::__construct()
+	 * @link https://developer.wordpress.org/themes/customize-api
+	 *
 	 * @param WP_Customize_Setting|string $id   Customize Setting object, or ID.
-	 * @param array                       $args {
+	 * @param array                       $args Optional. Array of properties for the new Setting object.
-	 *  Optional. Array of properties for the new WP_Customize_Setting. Default empty array.
+	 *                                          See WP_Customize_Setting::__construct() for information
-	 *
+	 *                                          on accepted arguments. Default empty array.
-	 *  @type string       $type                  Type of the setting. Default 'theme_mod'.
+	 * @return WP_Customize_Setting The instance of the setting that was added.
-	 *  @type string       $capability            Capability required for the setting. Default 'edit_theme_options'
-	 *  @type string|array $theme_supports        Theme features required to support the panel. Default is none.
-	 *  @type string       $default               Default value for the setting. Default is empty string.
-	 *  @type string       $transport             Options for rendering the live preview of changes in Customizer.
-	 *                                            Using 'refresh' makes the change visible by reloading the whole preview.
-	 *                                            Using 'postMessage' allows a custom JavaScript to handle live changes.
-	 * @link https://developer.wordpress.org/themes/customize-api
-	 *                                            Default is 'refresh'
-	 *  @type callable     $validate_callback     Server-side validation callback for the setting's value.
-	 *  @type callable     $sanitize_callback     Callback to filter a Customize setting value in un-slashed form.
-	 *  @type callable     $sanitize_js_callback  Callback to convert a Customize PHP setting value to a value that is
-	 *                                            JSON serializable.
-	 *  @type bool         $dirty                 Whether or not the setting is initially dirty when created.
-	 * }
-	 * @return WP_Customize_Setting             The instance of the setting that was added.
 	 */
 	public function add_setting( $id, $args = array() ) {
 		if ( $id instanceof WP_Customize_Setting ) {
 			$setting = $id;
 		} else {
 	 * @return array The WP_Customize_Setting objects added.
 	 */
 	public function add_dynamic_settings( $setting_ids ) {
 		$new_settings = array();
 		foreach ( $setting_ids as $setting_id ) {
-			// Skip settings already created
+			// Skip settings already created.
 			if ( $this->get_setting( $setting_id ) ) {
 				continue;
 			}
 			$setting_args  = false;
 	}
 	/**
 	 * Remove a customize setting.
 	 *
+	 * Note that removing the setting doesn't destroy the WP_Customize_Setting instance or remove its filters.
+	 *
 	 * @since 3.4.0
 	 *
 	 * @param string $id Customize Setting ID.
 	 */
 	public function remove_setting( $id ) {
 	 * Add a customize panel.
 	 *
 	 * @since 4.0.0
 	 * @since 4.5.0 Return added WP_Customize_Panel instance.
 	 *
-	 * @param WP_Customize_Panel|string $id   Customize Panel object, or Panel ID.
+	 * @see WP_Customize_Panel::__construct()
-	 * @param array                     $args {
+	 *
-	 *  Optional. Array of properties for the new Panel object. Default empty array.
+	 * @param WP_Customize_Panel|string $id   Customize Panel object, or ID.
-	 *  @type int          $priority              Priority of the panel, defining the display order of panels and sections.
+	 * @param array                     $args Optional. Array of properties for the new Panel object.
-	 *                                            Default 160.
+	 *                                        See WP_Customize_Panel::__construct() for information
-	 *  @type string       $capability            Capability required for the panel. Default `edit_theme_options`
+	 *                                        on accepted arguments. Default empty array.
-	 *  @type string|array $theme_supports        Theme features required to support the panel.
+	 * @return WP_Customize_Panel The instance of the panel that was added.
-	 *  @type string       $title                 Title of the panel to show in UI.
-	 *  @type string       $description           Description to show in the UI.
-	 *  @type string       $type                  Type of the panel.
-	 *  @type callable     $active_callback       Active callback.
-	 * }
-	 * @return WP_Customize_Panel             The instance of the panel that was added.
 	 */
 	public function add_panel( $id, $args = array() ) {
 		if ( $id instanceof WP_Customize_Panel ) {
 			$panel = $id;
 		} else {
 	}
 	/**
 	 * Remove a customize panel.
 	 *
+	 * Note that removing the panel doesn't destroy the WP_Customize_Panel instance or remove its filters.
+	 *
 	 * @since 4.0.0
 	 *
 	 * @param string $id Panel ID to remove.
 	 */
 	public function remove_panel( $id ) {
 		// Removing core components this way is _doing_it_wrong().
 		if ( in_array( $id, $this->components, true ) ) {
-			/* translators: 1: panel id, 2: link to 'customize_loaded_components' filter reference */
 			$message = sprintf(
+				/* translators: 1: Panel ID, 2: Link to 'customize_loaded_components' filter reference. */
 				__( 'Removing %1$s manually will cause PHP warnings. Use the %2$s filter instead.' ),
 				$id,
-				'<a href="' . esc_url( 'https://developer.wordpress.org/reference/hooks/customize_loaded_components/' ) . '"><code>customize_loaded_components</code></a>'
+				sprintf(
+					'<a href="%1$s">%2$s</a>',
+					esc_url( 'https://developer.wordpress.org/reference/hooks/customize_loaded_components/' ),
+					'<code>customize_loaded_components</code>'
+				)
 			);
 			_doing_it_wrong( __METHOD__, $message, '4.5.0' );
 		}
 		unset( $this->panels[ $id ] );
 	 * Add a customize section.
 	 *
 	 * @since 3.4.0
 	 * @since 4.5.0 Return added WP_Customize_Section instance.
 	 *
-	 * @param WP_Customize_Section|string $id   Customize Section object, or Section ID.
+	 * @see WP_Customize_Section::__construct()
-	 * @param array                     $args {
+	 *
-	 *  Optional. Array of properties for the new Section object. Default empty array.
+	 * @param WP_Customize_Section|string $id   Customize Section object, or ID.
-	 *  @type int          $priority              Priority of the section, defining the display order of panels and sections.
+	 * @param array                       $args Optional. Array of properties for the new Section object.
-	 *                                            Default 160.
+	 *                                          See WP_Customize_Section::__construct() for information
-	 *  @type string       $panel                 The panel this section belongs to (if any). Default empty.
+	 *                                          on accepted arguments. Default empty array.
-	 *  @type string       $capability            Capability required for the section. Default 'edit_theme_options'
+	 * @return WP_Customize_Section The instance of the section that was added.
-	 *  @type string|array $theme_supports        Theme features required to support the section.
-	 *  @type string       $title                 Title of the section to show in UI.
-	 *  @type string       $description           Description to show in the UI.
-	 *  @type string       $type                  Type of the section.
-	 *  @type callable     $active_callback       Active callback.
-	 *  @type bool         $description_hidden    Hide the description behind a help icon, instead of inline above the first control. Default false.
-	 * }
-	 * @return WP_Customize_Section             The instance of the section that was added.
 	 */
 	public function add_section( $id, $args = array() ) {
 		if ( $id instanceof WP_Customize_Section ) {
 			$section = $id;
 		} else {
 	}
 	/**
 	 * Remove a customize section.
 	 *
+	 * Note that removing the section doesn't destroy the WP_Customize_Section instance or remove its filters.
+	 *
 	 * @since 3.4.0
 	 *
 	 * @param string $id Section ID.
 	 */
 	public function remove_section( $id ) {
 	 * Add a customize control.
 	 *
 	 * @since 3.4.0
 	 * @since 4.5.0 Return added WP_Customize_Control instance.
 	 *
+	 * @see WP_Customize_Control::__construct()
+	 *
 	 * @param WP_Customize_Control|string $id   Customize Control object, or ID.
-	 * @param array                       $args {
+	 * @param array                       $args Optional. Array of properties for the new Control object.
-	 *  Optional. Array of properties for the new Control object. Default empty array.
+	 *                                          See WP_Customize_Control::__construct() for information
-	 *
+	 *                                          on accepted arguments. Default empty array.
-	 *  @type array        $settings              All settings tied to the control. If undefined, defaults to `$setting`.
+	 * @return WP_Customize_Control The instance of the control that was added.
-	 *                                            IDs in the array correspond to the ID of a registered `WP_Customize_Setting`.
-	 *  @type string       $setting               The primary setting for the control (if there is one). Default is 'default'.
-	 *  @type string       $capability            Capability required to use this control. Normally derived from `$settings`.
-	 *  @type int          $priority              Order priority to load the control. Default 10.
-	 *  @type string       $section               The section this control belongs to. Default empty.
-	 *  @type string       $label                 Label for the control. Default empty.
-	 *  @type string       $description           Description for the control. Default empty.
-	 *  @type array        $choices               List of choices for 'radio' or 'select' type controls, where values
-	 *                                            are the keys, and labels are the values. Default empty array.
-	 *  @type array        $input_attrs           List of custom input attributes for control output, where attribute
-	 *                                            names are the keys and values are the values. Default empty array.
-	 *  @type bool         $allow_addition        Show UI for adding new content, currently only used for the
-	 *                                            dropdown-pages control. Default false.
-	 *  @type string       $type                  The type of the control. Default 'text'.
-	 *  @type callback     $active_callback       Active callback.
-	 * }
-	 * @return WP_Customize_Control             The instance of the control that was added.
 	 */
 	public function add_control( $id, $args = array() ) {
 		if ( $id instanceof WP_Customize_Control ) {
 			$control = $id;
 		} else {
 		}
 	}
 	/**
 	 * Remove a customize control.
+	 *
+	 * Note that removing the control doesn't destroy the WP_Customize_Control instance or remove its filters.
 	 *
 	 * @since 3.4.0
 	 *
 	 * @param string $id ID of the control.
 	 */
 	 *
 	 * @return string The template string for the document title.
 	 */
 	public function get_document_title_template() {
 		if ( $this->is_theme_active() ) {
-			/* translators: %s: document title from the preview */
+			/* translators: %s: Document title from the preview. */
 			$document_title_tmpl = __( 'Customize: %s' );
 		} else {
-			/* translators: %s: document title from the preview */
+			/* translators: %s: Document title from the preview. */
 			$document_title_tmpl = __( 'Live Preview: %s' );
 		}
 		$document_title_tmpl = html_entity_decode( $document_title_tmpl, ENT_QUOTES, 'UTF-8' ); // Because exported to JS and assigned to document.title.
 		return $document_title_tmpl;
 	}
 	 * ssl certs. Domain mapping plugins can allow other urls in these conditions
 	 * using the customize_allowed_urls filter.
 	 *
 	 * @since 4.7.0
 	 *
-	 * @returns array Allowed URLs.
+	 * @return array Allowed URLs.
 	 */
 	public function get_allowed_urls() {
 		$allowed_urls = array( home_url( '/' ) );
 		if ( is_ssl() && ! $this->is_cross_domain() ) {
 	/**
 	 * Get URL to link the user to when closing the Customizer.
 	 *
 	 * @since 4.4.0
 	 *
+	 * @global array $_registered_pages
+	 *
 	 * @return string URL for link to close Customizer.
 	 */
 	public function get_return_url() {
+		global $_registered_pages;
 		$referer                    = wp_get_referer();
 		$excluded_referer_basenames = array( 'customize.php', 'wp-login.php' );
 		if ( $this->return_url ) {
 			$return_url = $this->return_url;
 		} elseif ( $this->preview_url ) {
 			$return_url = $this->preview_url;
 		} else {
 			$return_url = home_url( '/' );
 		}
+		$return_url_basename = wp_basename( parse_url( $this->return_url, PHP_URL_PATH ) );
+		$return_url_query    = parse_url( $this->return_url, PHP_URL_QUERY );
+		if ( 'themes.php' === $return_url_basename && $return_url_query ) {
+			parse_str( $return_url_query, $query_vars );
+			/*
+			 * If the return URL is a page added by a theme to the Appearance menu via add_submenu_page(),
+			 * verify that belongs to the active theme, otherwise fall back to the Themes screen.
+			 */
+			if ( isset( $query_vars['page'] ) && ! isset( $_registered_pages[ "appearance_page_{$query_vars['page']}" ] ) ) {
+				$return_url = admin_url( 'themes.php' );
+			}
+		}
 		return $return_url;
 	}
 	/**
 	 * Set the autofocused constructs.
 	 * @since 4.4.0
 	 *
 	 * @param array $autofocus {
 	 *     Mapping of 'panel', 'section', 'control' to the ID which should be autofocused.
 	 *
-	 *     @type string [$control]  ID for control to be autofocused.
+	 *     @type string $control ID for control to be autofocused.
-	 *     @type string [$section]  ID for section to be autofocused.
+	 *     @type string $section ID for section to be autofocused.
-	 *     @type string [$panel]    ID for panel to be autofocused.
+	 *     @type string $panel   ID for panel to be autofocused.
 	 * }
 	 */
 	public function set_autofocus( $autofocus ) {
 		$this->autofocus = array_filter( wp_array_slice_assoc( $autofocus, array( 'panel', 'section', 'control' ) ), 'is_string' );
 	}
 	 * @since 4.4.0
 	 *
 	 * @return array {
 	 *     Mapping of 'panel', 'section', 'control' to the ID which should be autofocused.
 	 *
-	 *     @type string [$control]  ID for control to be autofocused.
+	 *     @type string $control ID for control to be autofocused.
-	 *     @type string [$section]  ID for section to be autofocused.
+	 *     @type string $section ID for section to be autofocused.
-	 *     @type string [$panel]    ID for panel to be autofocused.
+	 *     @type string $panel   ID for panel to be autofocused.
 	 * }
 	 */
 	public function get_autofocus() {
 		return $this->autofocus;
 	}
 			'autofocus'              => $this->get_autofocus(),
 			'documentTitleTmpl'      => $this->get_document_title_template(),
 			'previewableDevices'     => $this->get_previewable_devices(),
 			'l10n'                   => array(
 				'confirmDeleteTheme'   => __( 'Are you sure you want to delete this theme?' ),
-				/* translators: %d: number of theme search results, which cannot currently consider singular vs. plural forms */
+				/* translators: %d: Number of theme search results, which cannot currently consider singular vs. plural forms. */
 				'themeSearchResults'   => __( '%d themes found' ),
-				/* translators: %d: number of themes being displayed, which cannot currently consider singular vs. plural forms */
+				/* translators: %d: Number of themes being displayed, which cannot currently consider singular vs. plural forms. */
 				'announceThemeCount'   => __( 'Displaying %d themes' ),
-				/* translators: %s: theme name */
+				/* translators: %s: Theme name. */
 				'announceThemeDetails' => __( 'Showing details for theme: %s' ),
 			),
 		);
 		// Temporarily disable installation in Customizer. See #42184.
 				'site_icon',
 				array(
 					'label'       => __( 'Site Icon' ),
 					'description' => sprintf(
 						'<p>' . __( 'Site Icons are what you see in browser tabs, bookmark bars, and within the WordPress mobile apps. Upload one here!' ) . '</p>' .
-						/* translators: %s: site icon size in pixels */
+						/* translators: %s: Site icon size in pixels. */
 						'<p>' . __( 'Site Icons should be square and at least %s pixels.' ) . '</p>',
 						'<strong>512 &times; 512</strong>'
 					),
 					'section'     => 'title_tagline',
 					'priority'    => 60,
 				'custom_logo',
 				array(
 					'label'         => __( 'Logo' ),
 					'section'       => 'title_tagline',
 					'priority'      => 8,
-					'height'        => $custom_logo_args[0]['height'],
+					'height'        => isset( $custom_logo_args[0]['height'] ) ? $custom_logo_args[0]['height'] : null,
-					'width'         => $custom_logo_args[0]['width'],
+					'width'         => isset( $custom_logo_args[0]['width'] ) ? $custom_logo_args[0]['width'] : null,
-					'flex_height'   => $custom_logo_args[0]['flex-height'],
+					'flex_height'   => isset( $custom_logo_args[0]['flex-height'] ) ? $custom_logo_args[0]['flex-height'] : null,
-					'flex_width'    => $custom_logo_args[0]['flex-width'],
+					'flex_width'    => isset( $custom_logo_args[0]['flex-width'] ) ? $custom_logo_args[0]['flex-width'] : null,
 					'button_labels' => array(
 						'select'       => __( 'Select logo' ),
 						'change'       => __( 'Change logo' ),
 						'remove'       => __( 'Remove' ),
 						'default'      => __( 'Default' ),
 				'sanitize_callback'    => array( $this, '_sanitize_header_textcolor' ),
 				'sanitize_js_callback' => 'maybe_hash_hex_color',
 			)
 		);
-		// Input type: checkbox
+		// Input type: checkbox.
-		// With custom value
+		// With custom value.
 		$this->add_control(
 			'display_header_text',
 			array(
 				'settings' => 'header_textcolor',
 				'label'    => __( 'Display Site Title and Tagline' ),
 					'section' => 'colors',
 				)
 			)
 		);
-		// Input type: Color
+		// Input type: color.
-		// With sanitize_callback
+		// With sanitize_callback.
 		$this->add_setting(
 			'background_color',
 			array(
 				'default'              => get_theme_support( 'custom-background', 'default-color' ),
 				'theme_supports'       => 'custom-background',
 			$width  = absint( get_theme_support( 'custom-header', 'width' ) );
 			$height = absint( get_theme_support( 'custom-header', 'height' ) );
 			if ( $width && $height ) {
 				$control_description = sprintf(
-					/* translators: 1: .mp4, 2: header size in pixels */
+					/* translators: 1: .mp4, 2: Header size in pixels. */
 					__( 'Upload your video in %1$s format and minimize its file size for best results. Your theme recommends dimensions of %2$s pixels.' ),
 					'<code>.mp4</code>',
 					sprintf( '<strong>%s &times; %s</strong>', $width, $height )
 				);
 			} elseif ( $width ) {
 				$control_description = sprintf(
-					/* translators: 1: .mp4, 2: header width in pixels */
+					/* translators: 1: .mp4, 2: Header width in pixels. */
 					__( 'Upload your video in %1$s format and minimize its file size for best results. Your theme recommends a width of %2$s pixels.' ),
 					'<code>.mp4</code>',
 					sprintf( '<strong>%s</strong>', $width )
 				);
 			} else {
 				$control_description = sprintf(
-					/* translators: 1: .mp4, 2: header height in pixels */
+					/* translators: 1: .mp4, 2: Header height in pixels. */
 					__( 'Upload your video in %1$s format and minimize its file size for best results. Your theme recommends a height of %2$s pixels.' ),
 					'<code>.mp4</code>',
 					sprintf( '<strong>%s</strong>', $height )
 				);
 			}
 			array(
 				'label'   => __( 'Image Size' ),
 				'section' => 'background_image',
 				'type'    => 'select',
 				'choices' => array(
-					'auto'    => __( 'Original' ),
+					'auto'    => _x( 'Original', 'Original Size' ),
 					'contain' => __( 'Fit to Screen' ),
 					'cover'   => __( 'Fill Screen' ),
 				),
 			)
 		);
 		$section_description .= __( 'Add your own CSS code here to customize the appearance and layout of your site.' );
 		$section_description .= sprintf(
 			' <a href="%1$s" class="external-link" target="_blank">%2$s<span class="screen-reader-text"> %3$s</span></a>',
 			esc_url( __( 'https://codex.wordpress.org/CSS' ) ),
 			__( 'Learn more about CSS' ),
-			/* translators: accessibility text */
+			/* translators: Accessibility text. */
 			__( '(opens in a new tab)' )
 		);
 		$section_description .= '</p>';
 		$section_description .= '<p id="editor-keyboard-trap-help-1">' . __( 'When using a keyboard to navigate:' ) . '</p>';
 		$section_description .= '<ul>';
 		$section_description .= '<li id="editor-keyboard-trap-help-2">' . __( 'In the editing area, the Tab key enters a tab character.' ) . '</li>';
 		$section_description .= '<li id="editor-keyboard-trap-help-3">' . __( 'To move away from this area, press the Esc key followed by the Tab key.' ) . '</li>';
-		$section_description .= '<li id="editor-keyboard-trap-help-4">' . __( 'Screen reader users: when in forms mode, you may need to press the escape key twice.' ) . '</li>';
+		$section_description .= '<li id="editor-keyboard-trap-help-4">' . __( 'Screen reader users: when in forms mode, you may need to press the Esc key twice.' ) . '</li>';
 		$section_description .= '</ul>';
 		if ( 'false' !== wp_get_current_user()->syntax_highlighting ) {
 			$section_description .= '<p>';
 			$section_description .= sprintf(
-				/* translators: 1: link to user profile, 2: additional link attributes, 3: accessibility text */
+				/* translators: 1: Link to user profile, 2: Additional link attributes, 3: Accessibility text. */
 				__( 'The edit field automatically highlights code syntax. You can disable this in your <a href="%1$s" %2$s>user profile%3$s</a> to work in plain text mode.' ),
 				esc_url( get_edit_profile_url() ),
 				'class="external-link" target="_blank"',
 				sprintf(
 					'<span class="screen-reader-text"> %s</span>',
-					/* translators: accessibility text */
+					/* translators: Accessibility text. */
 					__( '(opens in a new tab)' )
 				)
 			);
 			$section_description .= '</p>';
 		}
 	 *
 	 * Used as active callback for static front page section and controls.
 	 *
 	 * @since 4.7.0
 	 *
-	 * @returns bool Whether there are published (or to be published) pages.
+	 * @return bool Whether there are published (or to be published) pages.
 	 */
 	public function has_published_pages() {
 		$setting = $this->get_setting( 'nav_menus_created_posts' );
 		if ( $setting ) {
 				// Set active based on customized theme.
 				$theme->active = ( isset( $_POST['customized_theme'] ) && $_POST['customized_theme'] === $theme->slug );
 				// Map available theme properties to installed theme properties.
-				$theme->id           = $theme->slug;
+				$theme->id            = $theme->slug;
-				$theme->screenshot   = array( $theme->screenshot_url );
+				$theme->screenshot    = array( $theme->screenshot_url );
-				$theme->authorAndUri = wp_kses( $theme->author['display_name'], $themes_allowedtags );
+				$theme->authorAndUri  = wp_kses( $theme->author['display_name'], $themes_allowedtags );
+				$theme->compatibleWP  = is_wp_version_compatible( $theme->requires ); // phpcs:ignore WordPress.NamingConventions.ValidVariableName
+				$theme->compatiblePHP = is_php_version_compatible( $theme->requires_php ); // phpcs:ignore WordPress.NamingConventions.ValidVariableName
 				if ( isset( $theme->parent ) ) {
 					$theme->parent = $theme->parent['slug'];
 				} else {
 					$theme->parent = false;
 	/**
 	 * Callback for validating a background setting value.
 	 *
 	 * @since 4.7.0
 	 *
-	 * @param string $value Repeat value.
+	 * @param string               $value   Repeat value.
 	 * @param WP_Customize_Setting $setting Setting.
 	 * @return string|WP_Error Background value or validation error.
 	 */
 	public function _sanitize_background_setting( $value, $setting ) {
 		if ( 'background_repeat' === $setting->id ) {
-			if ( ! in_array( $value, array( 'repeat-x', 'repeat-y', 'repeat', 'no-repeat' ) ) ) {
+			if ( ! in_array( $value, array( 'repeat-x', 'repeat-y', 'repeat', 'no-repeat' ), true ) ) {
 				return new WP_Error( 'invalid_value', __( 'Invalid value for background repeat.' ) );
 			}
 		} elseif ( 'background_attachment' === $setting->id ) {
-			if ( ! in_array( $value, array( 'fixed', 'scroll' ) ) ) {
+			if ( ! in_array( $value, array( 'fixed', 'scroll' ), true ) ) {
 				return new WP_Error( 'invalid_value', __( 'Invalid value for background attachment.' ) );
 			}
 		} elseif ( 'background_position_x' === $setting->id ) {
 			if ( ! in_array( $value, array( 'left', 'center', 'right' ), true ) ) {
 				return new WP_Error( 'invalid_value', __( 'Invalid value for background position X.' ) );
 	/**
 	 * Export header video settings to facilitate selective refresh.
 	 *
 	 * @since 4.7.0
 	 *
-	 * @param array $response Response.
+	 * @param array                          $response          Response.
 	 * @param WP_Customize_Selective_Refresh $selective_refresh Selective refresh component.
-	 * @param array $partials Array of partials.
+	 * @param array                          $partials          Array of partials.
 	 * @return array
 	 */
 	public function export_header_video_settings( $response, $selective_refresh, $partials ) {
 		if ( isset( $partials['custom_header'] ) ) {
 			$response['custom_header_settings'] = get_header_video_settings();
 	 * Ensures that the selected video is less than 8MB and provides an error message.
 	 *
 	 * @since 4.7.0
 	 *
 	 * @param WP_Error $validity
-	 * @param mixed $value
+	 * @param mixed    $value
 	 * @return mixed
 	 */
 	public function _validate_header_video( $validity, $value ) {
 		$video = get_attached_file( absint( $value ) );
 		if ( $video ) {
 			$size = filesize( $video );
-			if ( 8 < $size / pow( 1024, 2 ) ) { // Check whether the size is larger than 8MB.
+			if ( $size > 8 * MB_IN_BYTES ) {
 				$validity->add(
 					'size_too_large',
 					__( 'This video file is too large to use as a header video. Try a shorter video or optimize the compression settings and re-upload a file that is less than 8MB. Or, upload your video to YouTube and link it with the option below.' )
 				);
 			}
 	 * Ensures that the provided URL is supported.
 	 *
 	 * @since 4.7.0
 	 *
 	 * @param WP_Error $validity
-	 * @param mixed $value
+	 * @param mixed    $value
 	 * @return mixed
 	 */
 	public function _validate_external_header_video( $validity, $value ) {
 		$video = esc_url_raw( $value );
 		if ( $video ) {

changeset 16	a86126ab1dd4
parent 9	177826044cd9
child 18	be944660c56a