Ticket #20852: 20852.2.diff
| File 20852.2.diff, 13.1 KB (added by nacin, 12 months ago) |
|---|
-
wp-includes/class-wp-customize-manager.php
78 78 * @since 3.4.0 79 79 */ 80 80 public function setup_theme() { 81 if ( ! ( isset( $_REQUEST['customize'] ) && 'on' == $_REQUEST['customize'] ) && ! basename( $_SERVER['PHP_SELF'] ) == 'customize.php' )82 return;83 84 81 send_origin_headers(); 85 82 83 $this->original_stylesheet = get_stylesheet(); 84 85 $this->theme = wp_get_theme( isset( $_REQUEST['theme'] ) ? $_REQUEST['theme'] : null ); 86 87 // You can't preview a theme if it doesn't exist, or if it is not allowed (unless active). 88 if ( ! $this->theme->exists() ) 89 wp_die( __( 'Cheatin’ uh?' ) ); 90 91 if ( $this->theme->get_stylesheet() != get_stylesheet() && ( ! $this->theme()->is_allowed() || ! current_user_can( 'switch_themes' ) ) ) 92 wp_die( __( 'Cheatin’ uh?' ) ); 93 94 if ( ! current_user_can( 'edit_theme_options' ) ) 95 wp_die( __( 'Cheatin’ uh?' ) ); 96 86 97 $this->start_previewing_theme(); 87 98 show_admin_bar( false ); 88 99 } … … 95 106 * @since 3.4.0 96 107 */ 97 108 public function start_previewing_theme() { 98 if ( $this->is_preview() || false === $this->theme || ( $this->theme && ! $this->theme->exists() ) ) 109 // Bail if we're already previewing. 110 if ( $this->is_preview() ) 99 111 return; 100 112 101 // Initialize $theme and $original_stylesheet if they do not yet exist.102 if ( ! isset( $this->theme ) ) {103 $this->theme = wp_get_theme( isset( $_REQUEST['theme'] ) ? $_REQUEST['theme'] : null );104 if ( ! $this->theme->exists() ) {105 $this->theme = false;106 return;107 }108 }109 110 $this->original_stylesheet = get_stylesheet();111 112 113 $this->previewing = true; 113 114 114 115 add_filter( 'template', array( $this, 'get_template' ) ); … … 419 420 if ( ! $this->is_preview() ) 420 421 die; 421 422 422 check_ajax_referer( 'customize_controls ', 'nonce' );423 check_ajax_referer( 'customize_controls-' . $this->get_stylesheet(), 'nonce' ); 423 424 424 425 // Do we have to switch themes? 425 426 if ( $this->get_stylesheet() != $this->original_stylesheet ) { 426 if ( ! current_user_can( 'switch_themes' ) )427 die;428 429 427 // Temporarily stop previewing the theme to allow switch_themes() 430 428 // to operate properly. 431 429 $this->stop_previewing_theme(); -
wp-includes/js/customize-loader.dev.js
14 14 initialize: function() { 15 15 this.body = $( document.body ); 16 16 17 // Ensure the loader is supported.18 // Check for settings, postMessage support, and whether we require CORS support.19 if ( ! Loader.settings || ! $.support.postMessage || ( ! $.support.cors && Loader.settings.isCrossDomain ) ) {20 this.body.removeClass( 'customize-support' ).addClass( 'no-customize-support' );21 return;22 }23 24 this.body.removeClass( 'no-customize-support' ).addClass( 'customize-support' );25 26 17 this.window = $( window ); 27 18 this.element = $( '<div id="customize-container" />' ).appendTo( this.body ); 28 19 -
wp-includes/theme.php
1601 1601 function _wp_customize_loader_settings() { 1602 1602 global $wp_scripts; 1603 1603 1604 $admin_origin = parse_url( admin_url() );1605 $home_origin = parse_url( home_url() );1606 $cross_domain = ( strtolower( $admin_origin[ 'host' ] ) != strtolower( $home_origin[ 'host' ] ) );1607 1608 1604 $settings = array( 1609 'url' => esc_url( admin_url( 'customize.php' ) ), 1610 'isCrossDomain' => $cross_domain, 1605 'url' => esc_url( admin_url( 'customize.php' ) ), 1611 1606 ); 1612 1607 1613 1608 $script = 'var _wpCustomizeLoaderSettings = ' . json_encode( $settings ) . ';'; -
wp-admin/includes/theme.php
11 11 * 12 12 * @since 2.8.0 13 13 * 14 * @param string $ template Template directoryof the theme to delete14 * @param string $stylesheet Stylesheet of the theme to delete 15 15 * @param string $redirect Redirect to page when complete. 16 16 * @return mixed 17 17 */ 18 function delete_theme($ template, $redirect = '') {18 function delete_theme($stylesheet, $redirect = '') { 19 19 global $wp_filesystem; 20 20 21 if ( empty($ template) )21 if ( empty($stylesheet) ) 22 22 return false; 23 23 24 24 ob_start(); 25 25 if ( empty( $redirect ) ) 26 $redirect = wp_nonce_url('themes.php?action=delete& template=' . $template, 'delete-theme_' . $template);26 $redirect = wp_nonce_url('themes.php?action=delete&stylesheet=' . $stylesheet, 'delete-theme_' . $stylesheet); 27 27 if ( false === ($credentials = request_filesystem_credentials($redirect)) ) { 28 28 $data = ob_get_contents(); 29 29 ob_end_clean(); … … 61 61 return new WP_Error('fs_no_themes_dir', __('Unable to locate WordPress theme directory.')); 62 62 63 63 $themes_dir = trailingslashit( $themes_dir ); 64 $theme_dir = trailingslashit($themes_dir . $ template);64 $theme_dir = trailingslashit($themes_dir . $stylesheet); 65 65 $deleted = $wp_filesystem->delete($theme_dir, true); 66 66 67 67 if ( ! $deleted ) 68 return new WP_Error('could_not_remove_theme', sprintf(__('Could not fully remove the theme %s.'), $ template) );68 return new WP_Error('could_not_remove_theme', sprintf(__('Could not fully remove the theme %s.'), $stylesheet) ); 69 69 70 70 // Force refresh of theme update information 71 71 delete_site_transient('update_themes'); -
wp-admin/includes/class-wp-themes-list-table.php
125 125 $version = $theme->display('Version'); 126 126 $author = $theme->display('Author'); 127 127 128 $activate_link = wp_nonce_url( "themes.php?action=activate&template=" . urlencode( $template ) . "&stylesheet=" . urlencode( $stylesheet ), 'switch-theme_' . $ template);128 $activate_link = wp_nonce_url( "themes.php?action=activate&template=" . urlencode( $template ) . "&stylesheet=" . urlencode( $stylesheet ), 'switch-theme_' . $stylesheet ); 129 129 130 130 $preview_link = esc_url( add_query_arg( 131 131 array( 'preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'preview_iframe' => true, 'TB_iframe' => 'true' ), 132 132 home_url( '/' ) ) ); 133 133 134 134 $actions = array(); 135 $actions[ ] = '<a href="' . $activate_link . '" class="activatelink" title="'135 $actions['activate'] = '<a href="' . $activate_link . '" class="activatelink" title="' 136 136 . esc_attr( sprintf( __( 'Activate “%s”' ), $title ) ) . '">' . __( 'Activate' ) . '</a>'; 137 $actions[] = '<a href="' . $preview_link . '" class="hide-if-customize" title="' 138 . esc_attr( sprintf( __( 'Preview “%s”' ), $title ) ) . '">' . __( 'Preview' ) . '</a>' 139 . '<a href="' . wp_customize_url( $stylesheet ) . '" class="load-customize hide-if-no-customize">' 140 . __( 'Live Preview' ) . '</a>'; 137 138 $actions['preview'] = '<a href="' . $preview_link . '" class="hide-if-customize" title="' 139 . esc_attr( sprintf( __( 'Preview “%s”' ), $title ) ) . '">' . __( 'Preview' ) . '</a>'; 140 141 if ( current_user_can( 'edit_theme_options' ) ) 142 $actions['preview'] .= '<a href="' . wp_customize_url( $stylesheet ) . '" class="load-customize hide-if-no-customize">' 143 . __( 'Live Preview' ) . '</a>'; 144 141 145 if ( ! is_multisite() && current_user_can( 'delete_themes' ) ) 142 $actions['delete'] = '<a class="submitdelete deletion" href="' . wp_nonce_url( "themes.php?action=delete& template=$stylesheet", 'delete-theme_' . $stylesheet )146 $actions['delete'] = '<a class="submitdelete deletion" href="' . wp_nonce_url( "themes.php?action=delete&stylesheet=$stylesheet", 'delete-theme_' . $stylesheet ) 143 147 . '" onclick="' . "return confirm( '" . esc_js( sprintf( __( "You are about to delete this theme '%s'\n 'Cancel' to stop, 'OK' to delete." ), $title ) ) 144 148 . "' );" . '">' . __( 'Delete' ) . '</a>'; 145 149 -
wp-admin/customize.php
13 13 14 14 global $wp_scripts, $wp_customize; 15 15 16 wp_reset_vars( array( 'theme' ) );17 18 if ( ! $theme )19 $theme = get_stylesheet();20 21 16 $registered = $wp_scripts->registered; 22 17 $wp_scripts = new WP_Scripts; 23 18 $wp_scripts->registered = $registered; … … 48 43 </head> 49 44 <body class="wp-full-overlay"> 50 45 <form id="customize-controls" class="wrap wp-full-overlay-sidebar"> 51 <?php wp_nonce_field( 'customize_controls '); ?>46 <?php wp_nonce_field( 'customize_controls-' . $wp_customize->get_stylesheet() ); ?> 52 47 <div id="customize-header-actions" class="wp-full-overlay-header"> 53 48 <?php 54 49 $save_text = $wp_customize->is_theme_active() ? __( 'Save & Publish' ) : __( 'Save & Activate' ); -
wp-admin/admin-header.php
102 102 <?php 103 103 // If the customize-loader script is enqueued, make sure the customize 104 104 // body classes are correct as early as possible. 105 if ( wp_script_is( 'customize-loader', 'queue' ) )105 if ( wp_script_is( 'customize-loader', 'queue' ) && current_user_can( 'edit_theme_options' ) ) 106 106 wp_customize_support_script(); 107 107 ?> 108 108 -
wp-admin/themes.php
16 16 17 17 if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) { 18 18 if ( 'activate' == $_GET['action'] ) { 19 check_admin_referer('switch-theme_' . $_GET['template']); 19 check_admin_referer('switch-theme_' . $_GET['stylesheet']); 20 $theme = wp_get_theme( $_GET['stylesheet'] ); 21 if ( ! $theme->exists() || ! $theme->is_allowed() ) 22 wp_die( __( 'Cheatin’ uh?' ) ); 20 23 switch_theme($_GET['template'], $_GET['stylesheet']); 21 24 wp_redirect( admin_url('themes.php?activated=true') ); 22 25 exit; 23 26 } elseif ( 'delete' == $_GET['action'] ) { 24 check_admin_referer('delete-theme_' . $_GET['template']); 25 if ( !current_user_can('delete_themes') ) 27 check_admin_referer('delete-theme_' . $_GET['stylesheet']); 28 $theme = wp_get_theme( $_GET['stylesheet'] ); 29 if ( !current_user_can('delete_themes') || ! $theme->exists() ) 26 30 wp_die( __( 'Cheatin’ uh?' ) ); 27 delete_theme($_GET[' template']);31 delete_theme($_GET['stylesheet']); 28 32 wp_redirect( admin_url('themes.php?deleted=true') ); 29 33 exit; 30 34 } … … 60 64 ) ); 61 65 } 62 66 67 endif; // switch_themes 68 63 69 if ( current_user_can( 'edit_theme_options' ) ) { 64 70 $help_customize = 65 71 '<p>' . __('Click on the "Live Preview" link under any theme to preview that theme and change theme options in a separate, full-screen view. Any installed theme can be previewed and customized in this way.') . '</p>'. … … 83 89 wp_enqueue_script( 'theme' ); 84 90 wp_enqueue_script( 'customize-loader' ); 85 91 86 endif;87 88 92 require_once('./admin-header.php'); 89 93 ?> 90 94 … … 120 124 ?> 121 125 <div id="current-theme" class="<?php echo esc_attr( $class ); ?>"> 122 126 <?php if ( $screenshot ) : ?> 127 <?php if ( current_user_can( 'edit_theme_options' ) ) : ?> 123 128 <a href="<?php echo wp_customize_url(); ?>" class="load-customize hide-if-no-customize" title="<?php echo esc_attr( $customize_title ); ?>"> 124 129 <img src="<?php echo esc_url( $screenshot ); ?>" alt="<?php esc_attr_e( 'Current theme preview' ); ?>" /> 125 130 </a> 131 <?php endif; ?> 126 132 <img class="hide-if-customize" src="<?php echo esc_url( $screenshot ); ?>" alt="<?php esc_attr_e( 'Current theme preview' ); ?>" /> 127 133 <?php endif; ?> 128 134 … … 140 146 <?php theme_update_available( $ct ); ?> 141 147 </div> 142 148 143 <div class="theme-options">144 <a id="customize-current-theme-link" href="<?php echo wp_customize_url(); ?>" class="load-customize hide-if-no-customize" title="<?php echo esc_attr( $customize_title ); ?>"><?php _e( 'Customize' )?></a>145 <span><?php _e( 'Options:' )?></span>146 149 <?php 147 150 // Pretend you didn't see this. 148 151 $options = array(); … … 171 174 } 172 175 } 173 176 177 if ( $options || current_user_can( 'edit_theme_options' ) ) : 174 178 ?> 175 <ul> 176 <?php foreach ( $options as $option ) : ?> 177 <li><?php echo $option; ?></li> 178 <?php endforeach; ?> 179 </ul> 180 </div> 179 <div class="theme-options"> 180 <?php if ( current_user_can( 'edit_theme_options' ) ) : ?> 181 <a id="customize-current-theme-link" href="<?php echo wp_customize_url(); ?>" class="load-customize hide-if-no-customize" title="<?php echo esc_attr( $customize_title ); ?>"><?php _e( 'Customize' ); ?></a> 182 <?php 183 endif; // edit_theme_options 184 if ( $options ) : 185 ?> 186 <span><?php _e( 'Options:' )?></span> 187 <ul> 188 <?php foreach ( $options as $option ) : ?> 189 <li><?php echo $option; ?></li> 190 <?php endforeach; ?> 191 </ul> 192 </div> 193 <?php 194 endif; // options 195 endif; // options || edit_theme_options 196 ?> 181 197 182 198 </div> 183 199
