Index: wp-includes/class-wp-customize-manager.php =================================================================== --- wp-includes/class-wp-customize-manager.php (revision 21003) +++ wp-includes/class-wp-customize-manager.php (working copy) @@ -78,11 +78,22 @@ * @since 3.4.0 */ public function setup_theme() { - if ( ! ( isset( $_REQUEST['customize'] ) && 'on' == $_REQUEST['customize'] ) && ! basename( $_SERVER['PHP_SELF'] ) == 'customize.php' ) - return; - send_origin_headers(); + $this->original_stylesheet = get_stylesheet(); + + $this->theme = wp_get_theme( isset( $_REQUEST['theme'] ) ? $_REQUEST['theme'] : null ); + + // You can't preview a theme if it doesn't exist, or if it is not allowed (unless active). + if ( ! $this->theme->exists() ) + wp_die( __( 'Cheatin’ uh?' ) ); + + if ( $this->theme->get_stylesheet() != get_stylesheet() && ( ! $this->theme()->is_allowed() || ! current_user_can( 'switch_themes' ) ) ) + wp_die( __( 'Cheatin’ uh?' ) ); + + if ( ! current_user_can( 'edit_theme_options' ) ) + wp_die( __( 'Cheatin’ uh?' ) ); + $this->start_previewing_theme(); show_admin_bar( false ); } @@ -95,20 +106,10 @@ * @since 3.4.0 */ public function start_previewing_theme() { - if ( $this->is_preview() || false === $this->theme || ( $this->theme && ! $this->theme->exists() ) ) + // Bail if we're already previewing. + if ( $this->is_preview() ) return; - // Initialize $theme and $original_stylesheet if they do not yet exist. - if ( ! isset( $this->theme ) ) { - $this->theme = wp_get_theme( isset( $_REQUEST['theme'] ) ? $_REQUEST['theme'] : null ); - if ( ! $this->theme->exists() ) { - $this->theme = false; - return; - } - } - - $this->original_stylesheet = get_stylesheet(); - $this->previewing = true; add_filter( 'template', array( $this, 'get_template' ) ); @@ -419,13 +420,10 @@ if ( ! $this->is_preview() ) die; - check_ajax_referer( 'customize_controls', 'nonce' ); + check_ajax_referer( 'customize_controls-' . $this->get_stylesheet(), 'nonce' ); // Do we have to switch themes? if ( $this->get_stylesheet() != $this->original_stylesheet ) { - if ( ! current_user_can( 'switch_themes' ) ) - die; - // Temporarily stop previewing the theme to allow switch_themes() // to operate properly. $this->stop_previewing_theme(); Index: wp-includes/js/customize-loader.dev.js =================================================================== --- wp-includes/js/customize-loader.dev.js (revision 21003) +++ wp-includes/js/customize-loader.dev.js (working copy) @@ -17,12 +17,9 @@ // Ensure the loader is supported. // Check for settings, postMessage support, and whether we require CORS support. if ( ! Loader.settings || ! $.support.postMessage || ( ! $.support.cors && Loader.settings.isCrossDomain ) ) { - this.body.removeClass( 'customize-support' ).addClass( 'no-customize-support' ); return; } - this.body.removeClass( 'no-customize-support' ).addClass( 'customize-support' ); - this.window = $( window ); this.element = $( '
' ).appendTo( this.body ); Index: wp-admin/includes/theme.php =================================================================== --- wp-admin/includes/theme.php (revision 21003) +++ wp-admin/includes/theme.php (working copy) @@ -11,19 +11,19 @@ * * @since 2.8.0 * - * @param string $template Template directory of the theme to delete + * @param string $stylesheet Stylesheet of the theme to delete * @param string $redirect Redirect to page when complete. * @return mixed */ -function delete_theme($template, $redirect = '') { +function delete_theme($stylesheet, $redirect = '') { global $wp_filesystem; - if ( empty($template) ) + if ( empty($stylesheet) ) return false; ob_start(); if ( empty( $redirect ) ) - $redirect = wp_nonce_url('themes.php?action=delete&template=' . $template, 'delete-theme_' . $template); + $redirect = wp_nonce_url('themes.php?action=delete&stylesheet=' . $stylesheet, 'delete-theme_' . $stylesheet); if ( false === ($credentials = request_filesystem_credentials($redirect)) ) { $data = ob_get_contents(); ob_end_clean(); @@ -61,11 +61,11 @@ return new WP_Error('fs_no_themes_dir', __('Unable to locate WordPress theme directory.')); $themes_dir = trailingslashit( $themes_dir ); - $theme_dir = trailingslashit($themes_dir . $template); + $theme_dir = trailingslashit($themes_dir . $stylesheet); $deleted = $wp_filesystem->delete($theme_dir, true); if ( ! $deleted ) - return new WP_Error('could_not_remove_theme', sprintf(__('Could not fully remove the theme %s.'), $template) ); + return new WP_Error('could_not_remove_theme', sprintf(__('Could not fully remove the theme %s.'), $stylesheet) ); // Force refresh of theme update information delete_site_transient('update_themes'); Index: wp-admin/includes/class-wp-themes-list-table.php =================================================================== --- wp-admin/includes/class-wp-themes-list-table.php (revision 21003) +++ wp-admin/includes/class-wp-themes-list-table.php (working copy) @@ -125,21 +125,25 @@ $version = $theme->display('Version'); $author = $theme->display('Author'); - $activate_link = wp_nonce_url( "themes.php?action=activate&template=" . urlencode( $template ) . "&stylesheet=" . urlencode( $stylesheet ), 'switch-theme_' . $template ); + $activate_link = wp_nonce_url( "themes.php?action=activate&template=" . urlencode( $template ) . "&stylesheet=" . urlencode( $stylesheet ), 'switch-theme_' . $stylesheet ); $preview_link = esc_url( add_query_arg( array( 'preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'preview_iframe' => true, 'TB_iframe' => 'true' ), home_url( '/' ) ) ); $actions = array(); - $actions[] = '' . __( 'Activate' ) . ''; - $actions[] = '' . __( 'Preview' ) . '' - . '' - . __( 'Live Preview' ) . ''; + + $actions['preview'] = '' . __( 'Preview' ) . ''; + + if ( current_user_can( 'edit_theme_options' ) ) + $actions['preview'] .= '' + . __( 'Live Preview' ) . ''; + if ( ! is_multisite() && current_user_can( 'delete_themes' ) ) - $actions['delete'] = '' . __( 'Delete' ) . ''; Index: wp-admin/customize.php =================================================================== --- wp-admin/customize.php (revision 21006) +++ wp-admin/customize.php (working copy) @@ -13,11 +13,6 @@ global $wp_scripts, $wp_customize; -wp_reset_vars( array( 'theme' ) ); - -if ( ! $theme ) - $theme = get_stylesheet(); - $registered = $wp_scripts->registered; $wp_scripts = new WP_Scripts; $wp_scripts->registered = $registered; @@ -48,7 +43,7 @@
- + get_stylesheet() ); ?>
is_theme_active() ? __( 'Save & Publish' ) : __( 'Save & Activate' ); Index: wp-admin/admin-header.php =================================================================== --- wp-admin/admin-header.php (revision 21003) +++ wp-admin/admin-header.php (working copy) @@ -102,7 +102,7 @@ Index: wp-admin/themes.php =================================================================== --- wp-admin/themes.php (revision 21003) +++ wp-admin/themes.php (working copy) @@ -16,15 +16,19 @@ if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) { if ( 'activate' == $_GET['action'] ) { - check_admin_referer('switch-theme_' . $_GET['template']); + check_admin_referer('switch-theme_' . $_GET['stylesheet']); + $theme = wp_get_theme( $_GET['stylesheet'] ); + if ( ! $theme->exists() || ! $theme->is_allowed() ) + wp_die( __( 'Cheatin’ uh?' ) ); switch_theme($_GET['template'], $_GET['stylesheet']); wp_redirect( admin_url('themes.php?activated=true') ); exit; } elseif ( 'delete' == $_GET['action'] ) { - check_admin_referer('delete-theme_' . $_GET['template']); - if ( !current_user_can('delete_themes') ) + check_admin_referer('delete-theme_' . $_GET['stylesheet']); + $theme = wp_get_theme( $_GET['stylesheet'] ); + if ( !current_user_can('delete_themes') || ! $theme->exists() ) wp_die( __( 'Cheatin’ uh?' ) ); - delete_theme($_GET['template']); + delete_theme($_GET['stylesheet']); wp_redirect( admin_url('themes.php?deleted=true') ); exit; } @@ -60,6 +64,8 @@ ) ); } +endif; // switch_themes + if ( current_user_can( 'edit_theme_options' ) ) { $help_customize = '

' . __('Click on the "Live Preview" link under any theme to preview that theme and change theme options in a separate, full-screen view. Any installed theme can be previewed and customized in this way.') . '

'. @@ -83,8 +89,6 @@ wp_enqueue_script( 'theme' ); wp_enqueue_script( 'customize-loader' ); -endif; - require_once('./admin-header.php'); ?> @@ -120,9 +124,11 @@ ?>
+ <?php esc_attr_e( 'Current theme preview' ); ?> + <?php esc_attr_e( 'Current theme preview' ); ?> @@ -140,9 +146,6 @@
-
- - -
    - -
    • - -
-
+
+ + + + +
    + +
    • + +
+
+