Make WordPress Core

Ticket #20852: 20852.2.diff

File 20852.2.diff, 13.1 KB (added by nacin, 12 years ago)
  • wp-includes/class-wp-customize-manager.php

     
    7878         * @since 3.4.0
    7979         */
    8080        public function setup_theme() {
    81                 if ( ! ( isset( $_REQUEST['customize'] ) && 'on' == $_REQUEST['customize'] ) && ! basename( $_SERVER['PHP_SELF'] ) == 'customize.php' )
    82                         return;
    83 
    8481                send_origin_headers();
    8582
     83                $this->original_stylesheet = get_stylesheet();
     84
     85                $this->theme = wp_get_theme( isset( $_REQUEST['theme'] ) ? $_REQUEST['theme'] : null );
     86
     87                // You can't preview a theme if it doesn't exist, or if it is not allowed (unless active).
     88                if ( ! $this->theme->exists() )
     89                        wp_die( __( 'Cheatin’ uh?' ) );
     90
     91                if ( $this->theme->get_stylesheet() != get_stylesheet() && ( ! $this->theme()->is_allowed() || ! current_user_can( 'switch_themes' ) ) )
     92                        wp_die( __( 'Cheatin’ uh?' ) );
     93
     94                if ( ! current_user_can( 'edit_theme_options' ) )
     95                        wp_die( __( 'Cheatin’ uh?' ) );
     96
    8697                $this->start_previewing_theme();
    8798                show_admin_bar( false );
    8899        }
     
    95106         * @since 3.4.0
    96107         */
    97108        public function start_previewing_theme() {
    98                 if ( $this->is_preview() || false === $this->theme || ( $this->theme && ! $this->theme->exists() ) )
     109                // Bail if we're already previewing.
     110                if ( $this->is_preview() )
    99111                        return;
    100112
    101                 // Initialize $theme and $original_stylesheet if they do not yet exist.
    102                 if ( ! isset( $this->theme ) ) {
    103                         $this->theme = wp_get_theme( isset( $_REQUEST['theme'] ) ? $_REQUEST['theme'] : null );
    104                         if ( ! $this->theme->exists() ) {
    105                                 $this->theme = false;
    106                                 return;
    107                         }
    108                 }
    109 
    110                 $this->original_stylesheet = get_stylesheet();
    111 
    112113                $this->previewing = true;
    113114
    114115                add_filter( 'template', array( $this, 'get_template' ) );
     
    419420                if ( ! $this->is_preview() )
    420421                        die;
    421422
    422                 check_ajax_referer( 'customize_controls', 'nonce' );
     423                check_ajax_referer( 'customize_controls-' . $this->get_stylesheet(), 'nonce' );
    423424
    424425                // Do we have to switch themes?
    425426                if ( $this->get_stylesheet() != $this->original_stylesheet ) {
    426                         if ( ! current_user_can( 'switch_themes' ) )
    427                                 die;
    428 
    429427                        // Temporarily stop previewing the theme to allow switch_themes()
    430428                        // to operate properly.
    431429                        $this->stop_previewing_theme();
  • wp-includes/js/customize-loader.dev.js

     
    1414                initialize: function() {
    1515                        this.body = $( document.body );
    1616
    17                         // Ensure the loader is supported.
    18                         // Check for settings, postMessage support, and whether we require CORS support.
    19                         if ( ! Loader.settings || ! $.support.postMessage || ( ! $.support.cors && Loader.settings.isCrossDomain ) ) {
    20                                 this.body.removeClass( 'customize-support' ).addClass( 'no-customize-support' );
    21                                 return;
    22                         }
    23 
    24                         this.body.removeClass( 'no-customize-support' ).addClass( 'customize-support' );
    25 
    2617                        this.window  = $( window );
    2718                        this.element = $( '<div id="customize-container" />' ).appendTo( this.body );
    2819
  • wp-includes/theme.php

     
    16011601function _wp_customize_loader_settings() {
    16021602        global $wp_scripts;
    16031603
    1604         $admin_origin = parse_url( admin_url() );
    1605         $home_origin  = parse_url( home_url() );
    1606         $cross_domain = ( strtolower( $admin_origin[ 'host' ] ) != strtolower( $home_origin[ 'host' ] ) );
    1607 
    16081604        $settings = array(
    1609                 'url'           => esc_url( admin_url( 'customize.php' ) ),
    1610                 'isCrossDomain' => $cross_domain,
     1605                'url' => esc_url( admin_url( 'customize.php' ) ),
    16111606        );
    16121607
    16131608        $script = 'var _wpCustomizeLoaderSettings = ' . json_encode( $settings ) . ';';
  • wp-admin/includes/theme.php

     
    1111 *
    1212 * @since 2.8.0
    1313 *
    14  * @param string $template Template directory of the theme to delete
     14 * @param string $stylesheet Stylesheet of the theme to delete
    1515 * @param string $redirect Redirect to page when complete.
    1616 * @return mixed
    1717 */
    18 function delete_theme($template, $redirect = '') {
     18function delete_theme($stylesheet, $redirect = '') {
    1919        global $wp_filesystem;
    2020
    21         if ( empty($template) )
     21        if ( empty($stylesheet) )
    2222                return false;
    2323
    2424        ob_start();
    2525        if ( empty( $redirect ) )
    26                 $redirect = wp_nonce_url('themes.php?action=delete&template=' . $template, 'delete-theme_' . $template);
     26                $redirect = wp_nonce_url('themes.php?action=delete&stylesheet=' . $stylesheet, 'delete-theme_' . $stylesheet);
    2727        if ( false === ($credentials = request_filesystem_credentials($redirect)) ) {
    2828                $data = ob_get_contents();
    2929                ob_end_clean();
     
    6161                return new WP_Error('fs_no_themes_dir', __('Unable to locate WordPress theme directory.'));
    6262
    6363        $themes_dir = trailingslashit( $themes_dir );
    64         $theme_dir = trailingslashit($themes_dir . $template);
     64        $theme_dir = trailingslashit($themes_dir . $stylesheet);
    6565        $deleted = $wp_filesystem->delete($theme_dir, true);
    6666
    6767        if ( ! $deleted )
    68                 return new WP_Error('could_not_remove_theme', sprintf(__('Could not fully remove the theme %s.'), $template) );
     68                return new WP_Error('could_not_remove_theme', sprintf(__('Could not fully remove the theme %s.'), $stylesheet) );
    6969
    7070        // Force refresh of theme update information
    7171        delete_site_transient('update_themes');
  • wp-admin/includes/class-wp-themes-list-table.php

     
    125125                        $version    = $theme->display('Version');
    126126                        $author     = $theme->display('Author');
    127127
    128                         $activate_link = wp_nonce_url( "themes.php?action=activate&amp;template=" . urlencode( $template ) . "&amp;stylesheet=" . urlencode( $stylesheet ), 'switch-theme_' . $template );
     128                        $activate_link = wp_nonce_url( "themes.php?action=activate&amp;template=" . urlencode( $template ) . "&amp;stylesheet=" . urlencode( $stylesheet ), 'switch-theme_' . $stylesheet );
    129129
    130130                        $preview_link = esc_url( add_query_arg(
    131131                                array( 'preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'preview_iframe' => true, 'TB_iframe' => 'true' ),
    132132                                home_url( '/' ) ) );
    133133
    134134                        $actions = array();
    135                         $actions[] = '<a href="' . $activate_link . '" class="activatelink" title="'
     135                        $actions['activate'] = '<a href="' . $activate_link . '" class="activatelink" title="'
    136136                                . esc_attr( sprintf( __( 'Activate &#8220;%s&#8221;' ), $title ) ) . '">' . __( 'Activate' ) . '</a>';
    137                         $actions[] = '<a href="' . $preview_link . '" class="hide-if-customize" title="'
    138                                 . esc_attr( sprintf( __( 'Preview &#8220;%s&#8221;' ), $title ) ) . '">' . __( 'Preview' ) . '</a>'
    139                                 . '<a href="' . wp_customize_url( $stylesheet ) . '" class="load-customize hide-if-no-customize">'
    140                                 . __( 'Live Preview' ) . '</a>';
     137
     138                        $actions['preview'] = '<a href="' . $preview_link . '" class="hide-if-customize" title="'
     139                                . esc_attr( sprintf( __( 'Preview &#8220;%s&#8221;' ), $title ) ) . '">' . __( 'Preview' ) . '</a>';
     140
     141                        if ( current_user_can( 'edit_theme_options' ) )
     142                                $actions['preview'] .= '<a href="' . wp_customize_url( $stylesheet ) . '" class="load-customize hide-if-no-customize">'
     143                                        . __( 'Live Preview' ) . '</a>';
     144
    141145                        if ( ! is_multisite() && current_user_can( 'delete_themes' ) )
    142                                 $actions['delete'] = '<a class="submitdelete deletion" href="' . wp_nonce_url( "themes.php?action=delete&amp;template=$stylesheet", 'delete-theme_' . $stylesheet )
     146                                $actions['delete'] = '<a class="submitdelete deletion" href="' . wp_nonce_url( "themes.php?action=delete&amp;stylesheet=$stylesheet", 'delete-theme_' . $stylesheet )
    143147                                        . '" onclick="' . "return confirm( '" . esc_js( sprintf( __( "You are about to delete this theme '%s'\n  'Cancel' to stop, 'OK' to delete." ), $title ) )
    144148                                        . "' );" . '">' . __( 'Delete' ) . '</a>';
    145149
  • wp-admin/customize.php

     
    1313
    1414global $wp_scripts, $wp_customize;
    1515
    16 wp_reset_vars( array( 'theme' ) );
    17 
    18 if ( ! $theme )
    19         $theme = get_stylesheet();
    20 
    2116$registered = $wp_scripts->registered;
    2217$wp_scripts = new WP_Scripts;
    2318$wp_scripts->registered = $registered;
     
    4843</head>
    4944<body class="wp-full-overlay">
    5045        <form id="customize-controls" class="wrap wp-full-overlay-sidebar">
    51                 <?php wp_nonce_field( 'customize_controls' ); ?>
     46                <?php wp_nonce_field( 'customize_controls-' . $wp_customize->get_stylesheet() ); ?>
    5247                <div id="customize-header-actions" class="wp-full-overlay-header">
    5348                        <?php
    5449                                $save_text = $wp_customize->is_theme_active() ? __( 'Save &amp; Publish' ) : __( 'Save &amp; Activate' );
  • wp-admin/admin-header.php

     
    102102<?php
    103103// If the customize-loader script is enqueued, make sure the customize
    104104// body classes are correct as early as possible.
    105 if ( wp_script_is( 'customize-loader', 'queue' ) )
     105if ( wp_script_is( 'customize-loader', 'queue' ) && current_user_can( 'edit_theme_options' ) )
    106106        wp_customize_support_script();
    107107?>
    108108
  • wp-admin/themes.php

     
    1616
    1717if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) {
    1818        if ( 'activate' == $_GET['action'] ) {
    19                 check_admin_referer('switch-theme_' . $_GET['template']);
     19                check_admin_referer('switch-theme_' . $_GET['stylesheet']);
     20                $theme = wp_get_theme( $_GET['stylesheet'] );
     21                if ( ! $theme->exists() || ! $theme->is_allowed() )
     22                        wp_die( __( 'Cheatin&#8217; uh?' ) );
    2023                switch_theme($_GET['template'], $_GET['stylesheet']);
    2124                wp_redirect( admin_url('themes.php?activated=true') );
    2225                exit;
    2326        } elseif ( 'delete' == $_GET['action'] ) {
    24                 check_admin_referer('delete-theme_' . $_GET['template']);
    25                 if ( !current_user_can('delete_themes') )
     27                check_admin_referer('delete-theme_' . $_GET['stylesheet']);
     28                $theme = wp_get_theme( $_GET['stylesheet'] );
     29                if ( !current_user_can('delete_themes') || ! $theme->exists() )
    2630                        wp_die( __( 'Cheatin&#8217; uh?' ) );
    27                 delete_theme($_GET['template']);
     31                delete_theme($_GET['stylesheet']);
    2832                wp_redirect( admin_url('themes.php?deleted=true') );
    2933                exit;
    3034        }
     
    6064        ) );
    6165}
    6266
     67endif; // switch_themes
     68
    6369if ( current_user_can( 'edit_theme_options' ) ) {
    6470        $help_customize =
    6571                '<p>' . __('Click on the "Live Preview" link under any theme to preview that theme and change theme options in a separate, full-screen view. Any installed theme can be previewed and customized in this way.') . '</p>'.
     
    8389wp_enqueue_script( 'theme' );
    8490wp_enqueue_script( 'customize-loader' );
    8591
    86 endif;
    87 
    8892require_once('./admin-header.php');
    8993?>
    9094
     
    120124?>
    121125<div id="current-theme" class="<?php echo esc_attr( $class ); ?>">
    122126        <?php if ( $screenshot ) : ?>
     127                <?php if ( current_user_can( 'edit_theme_options' ) ) : ?>
    123128                <a href="<?php echo wp_customize_url(); ?>" class="load-customize hide-if-no-customize" title="<?php echo esc_attr( $customize_title ); ?>">
    124129                        <img src="<?php echo esc_url( $screenshot ); ?>" alt="<?php esc_attr_e( 'Current theme preview' ); ?>" />
    125130                </a>
     131                <?php endif; ?>
    126132                <img class="hide-if-customize" src="<?php echo esc_url( $screenshot ); ?>" alt="<?php esc_attr_e( 'Current theme preview' ); ?>" />
    127133        <?php endif; ?>
    128134
     
    140146                <?php theme_update_available( $ct ); ?>
    141147        </div>
    142148
    143 <div class="theme-options">
    144         <a id="customize-current-theme-link" href="<?php echo wp_customize_url(); ?>" class="load-customize hide-if-no-customize" title="<?php echo esc_attr( $customize_title ); ?>"><?php _e( 'Customize' )?></a>
    145         <span><?php _e( 'Options:' )?></span>
    146149        <?php
    147150        // Pretend you didn't see this.
    148151        $options = array();
     
    171174                }
    172175        }
    173176
     177        if ( $options || current_user_can( 'edit_theme_options' ) ) :
    174178        ?>
    175         <ul>
    176                 <?php foreach ( $options as $option ) : ?>
    177                         <li><?php echo $option; ?></li>
    178                 <?php endforeach; ?>
    179         </ul>
    180 </div>
     179        <div class="theme-options">
     180                <?php if ( current_user_can( 'edit_theme_options' ) ) : ?>
     181                <a id="customize-current-theme-link" href="<?php echo wp_customize_url(); ?>" class="load-customize hide-if-no-customize" title="<?php echo esc_attr( $customize_title ); ?>"><?php _e( 'Customize' ); ?></a>
     182                <?php
     183                endif; // edit_theme_options
     184                if ( $options ) :
     185                ?>
     186                <span><?php _e( 'Options:' )?></span>
     187                <ul>
     188                        <?php foreach ( $options as $option ) : ?>
     189                                <li><?php echo $option; ?></li>
     190                        <?php endforeach; ?>
     191                </ul>
     192        </div>
     193        <?php
     194                endif; // options
     195        endif; // options || edit_theme_options
     196        ?>
    181197
    182198</div>
    183199