diff -r 490d5cc509ed -r cf61fcea0001 wp/wp-admin/customize.php --- a/wp/wp-admin/customize.php Tue Jun 09 11:14:17 2015 +0000 +++ b/wp/wp-admin/customize.php Mon Oct 14 17:39:30 2019 +0200 @@ -13,27 +13,88 @@ require_once( dirname( __FILE__ ) . '/admin.php' ); if ( ! current_user_can( 'customize' ) ) { - wp_die( __( 'Cheatin’ uh?' ), 403 ); + wp_die( + '

' . __( 'You need a higher level of permission.' ) . '

' . + '

' . __( 'Sorry, you are not allowed to customize this site.' ) . '

', + 403 + ); } -wp_reset_vars( array( 'url', 'return' ) ); -$url = wp_unslash( $url ); -$url = wp_validate_redirect( $url, home_url( '/' ) ); -if ( $return ) { - $return = wp_unslash( $return ); - $return = wp_validate_redirect( $return ); -} -if ( ! $return ) { - if ( $url ) { - $return = $url; - } elseif ( current_user_can( 'edit_theme_options' ) || current_user_can( 'switch_themes' ) ) { - $return = admin_url( 'themes.php' ); - } else { - $return = admin_url(); +/** + * @global WP_Scripts $wp_scripts + * @global WP_Customize_Manager $wp_customize + */ +global $wp_scripts, $wp_customize; + +if ( $wp_customize->changeset_post_id() ) { + $changeset_post = get_post( $wp_customize->changeset_post_id() ); + + if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->edit_post, $changeset_post->ID ) ) { + wp_die( + '

' . __( 'You need a higher level of permission.' ) . '

' . + '

' . __( 'Sorry, you are not allowed to edit this changeset.' ) . '

', + 403 + ); + } + + $missed_schedule = ( + 'future' === $changeset_post->post_status && + get_post_time( 'G', true, $changeset_post ) < time() + ); + if ( $missed_schedule ) { + /* + * Note that an Ajax request spawns here instead of just calling `wp_publish_post( $changeset_post->ID )`. + * + * Because WP_Customize_Manager is not instantiated for customize.php with the `settings_previewed=false` + * argument, settings cannot be reliably saved. Some logic short-circuits if the current value is the + * same as the value being saved. This is particularly true for options via `update_option()`. + * + * By opening an Ajax request, this is avoided and the changeset is published. See #39221. + */ + $nonces = $wp_customize->get_nonces(); + $request_args = array( + 'nonce' => $nonces['save'], + 'customize_changeset_uuid' => $wp_customize->changeset_uuid(), + 'wp_customize' => 'on', + 'customize_changeset_status' => 'publish', + ); + ob_start(); + ?> + + + ' . __( 'Your scheduled changes just published' ) . '' . + '

' . __( 'Customize New Changes' ) . '

' . $script, + 200 + ); + } + + if ( in_array( get_post_status( $changeset_post->ID ), array( 'publish', 'trash' ), true ) ) { + wp_die( + '

' . __( 'Something went wrong.' ) . '

' . + '

' . __( 'This changeset cannot be further modified.' ) . '

' . + '

' . __( 'Customize New Changes' ) . '

', + 403 + ); } } -global $wp_scripts, $wp_customize; + +wp_reset_vars( array( 'url', 'return', 'autofocus' ) ); +if ( ! empty( $url ) ) { + $wp_customize->set_preview_url( wp_unslash( $url ) ); +} +if ( ! empty( $return ) ) { + $wp_customize->set_return_url( wp_unslash( $return ) ); +} +if ( ! empty( $autofocus ) && is_array( $autofocus ) ) { + $wp_customize->set_autofocus( wp_unslash( $autofocus ) ); +} $registered = $wp_scripts->registered; $wp_scripts = new WP_Scripts; @@ -50,6 +111,7 @@ */ do_action( 'customize_controls_init' ); +wp_enqueue_script( 'heartbeat' ); wp_enqueue_script( 'customize-controls' ); wp_enqueue_style( 'customize-controls' ); @@ -74,29 +136,22 @@ ?>is_ios() ) { $body_class .= ' ios'; } if ( is_rtl() ) { $body_class .= ' rtl'; } -$body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_locale() ) ) ); +$body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_user_locale() ) ) ); -if ( $wp_customize->is_theme_active() ) { - $document_title_tmpl = _x( 'Customize: %s', 'Placeholder is the document title from the preview' ); -} else { - $document_title_tmpl = _x( 'Live Preview: %s', 'Placeholder is the document title from the preview' ); -} -$document_title_tmpl = html_entity_decode( $document_title_tmpl, ENT_QUOTES, 'UTF-8' ); // because exported to JS and assigned to document.title -$admin_title = sprintf( $document_title_tmpl, __( 'Loading…' ) ); +$admin_title = sprintf( $wp_customize->get_document_title_template(), __( 'Loading…' ) ); ?><?php echo $admin_title; ?>
-
- is_theme_active() ? __( 'Save & Publish' ) : __( 'Save & Activate' ); - submit_button( $save_text, 'primary save', 'save', false ); - ?> - - - - - - - - - + is_theme_active() ? __( 'Publish' ) : __( 'Activate & Publish' ); ?> +
+ +
-
- + + + + + +
+ +
+
+
-
-
-
-
- ' . get_bloginfo( 'name' ) . '' ); - ?> +
+
+
    +
    +
    +
    +
    + ' . get_bloginfo( 'name', 'display' ) . '' ); + ?> + +
    +
    -
    + +
    +
    +
    - -
    -
    -
    -
    render_control_templates(); - /** - * Print Customizer control scripts in the footer. + * Prints templates, control scripts, and settings in the footer. * * @since 3.4.0 */ do_action( 'customize_controls_print_footer_scripts' ); - - /* - * If the frontend and the admin are served from the same domain, load the - * preview over ssl if the Customizer is being loaded over ssl. This avoids - * insecure content warnings. This is not attempted if the admin and frontend - * are on different domains to avoid the case where the frontend doesn't have - * ssl certs. Domain mapping plugins can allow other urls in these conditions - * using the customize_allowed_urls filter. - */ - - $allowed_urls = array( home_url('/') ); - $admin_origin = parse_url( admin_url() ); - $home_origin = parse_url( home_url() ); - $cross_domain = ( strtolower( $admin_origin[ 'host' ] ) != strtolower( $home_origin[ 'host' ] ) ); - - if ( is_ssl() && ! $cross_domain ) - $allowed_urls[] = home_url( '/', 'https' ); - - /** - * Filter the list of URLs allowed to be clicked and followed in the Customizer preview. - * - * @since 3.4.0 - * - * @param array $allowed_urls An array of allowed URLs. - */ - $allowed_urls = array_unique( apply_filters( 'customize_allowed_urls', $allowed_urls ) ); - - $fallback_url = add_query_arg( array( - 'preview' => 1, - 'template' => $wp_customize->get_template(), - 'stylesheet' => $wp_customize->get_stylesheet(), - 'preview_iframe' => true, - 'TB_iframe' => 'true' - ), home_url( '/' ) ); - - $login_url = add_query_arg( array( - 'interim-login' => 1, - 'customize-login' => 1 - ), wp_login_url() ); - - // Prepare Customizer settings to pass to JavaScript. - $settings = array( - 'theme' => array( - 'stylesheet' => $wp_customize->get_stylesheet(), - 'active' => $wp_customize->is_theme_active(), - ), - 'url' => array( - 'preview' => esc_url_raw( $url ? $url : home_url( '/' ) ), - 'parent' => esc_url_raw( admin_url() ), - 'activated' => esc_url_raw( home_url( '/' ) ), - 'ajax' => esc_url_raw( admin_url( 'admin-ajax.php', 'relative' ) ), - 'allowed' => array_map( 'esc_url_raw', $allowed_urls ), - 'isCrossDomain' => $cross_domain, - 'fallback' => esc_url_raw( $fallback_url ), - 'home' => esc_url_raw( home_url( '/' ) ), - 'login' => esc_url_raw( $login_url ), - ), - 'browser' => array( - 'mobile' => wp_is_mobile(), - 'ios' => $is_ios, - ), - 'settings' => array(), - 'controls' => array(), - 'panels' => array(), - 'sections' => array(), - 'nonce' => array( - 'save' => wp_create_nonce( 'save-customize_' . $wp_customize->get_stylesheet() ), - 'preview' => wp_create_nonce( 'preview-customize_' . $wp_customize->get_stylesheet() ) - ), - 'autofocus' => array(), - 'documentTitleTmpl' => $document_title_tmpl, - ); - - // Prepare Customize Setting objects to pass to JavaScript. - foreach ( $wp_customize->settings() as $id => $setting ) { - $settings['settings'][ $id ] = array( - 'value' => $setting->js_value(), - 'transport' => $setting->transport, - 'dirty' => $setting->dirty, - ); - } - - // Prepare Customize Control objects to pass to JavaScript. - foreach ( $wp_customize->controls() as $id => $control ) { - $settings['controls'][ $id ] = $control->json(); - } - - // Prepare Customize Section objects to pass to JavaScript. - foreach ( $wp_customize->sections() as $id => $section ) { - $settings['sections'][ $id ] = $section->json(); - } - - // Prepare Customize Panel objects to pass to JavaScript. - foreach ( $wp_customize->panels() as $id => $panel ) { - $settings['panels'][ $id ] = $panel->json(); - foreach ( $panel->sections as $section_id => $section ) { - $settings['sections'][ $section_id ] = $section->json(); - } - } - - // Pass to frontend the Customizer construct being deeplinked - if ( isset( $_GET['autofocus'] ) ) { - $autofocus = wp_unslash( $_GET['autofocus'] ); - if ( is_array( $autofocus ) ) { - foreach ( $autofocus as $type => $id ) { - if ( isset( $settings[ $type . 's' ][ $id ] ) ) { - $settings['autofocus'][ $type ] = $id; - } - } - } - } - ?> -