WordPress.org

Make WordPress Core

Ticket #25457: 25457.1.diff

File 25457.1.diff, 2.0 KB (added by westonruter, 7 years ago)

Append current REQUEST_URI as return query param for Customize admin menu link. Clean up retrieval of url and return query params. Use urlencode to properly encode return URLs containing query params. PR: https://github.com/x-team/wordpress-develop/pull/22

  • src/wp-admin/customize.php

    diff --git src/wp-admin/customize.php src/wp-admin/customize.php
    index 29ae035..7e69d13 100644
    define( 'IFRAME_REQUEST', true ); 
    1212/** Load WordPress Administration Bootstrap */
    1313require_once( dirname( __FILE__ ) . '/admin.php' );
    1414
    15 if ( ! current_user_can( 'edit_theme_options' ) )
     15if ( ! current_user_can( 'edit_theme_options' ) ) {
    1616        wp_die( __( 'Cheatin’ uh?' ) );
     17}
    1718
    1819wp_reset_vars( array( 'url', 'return' ) );
    19 $url = urldecode( $url );
     20$url = wp_unslash( $url );
    2021$url = wp_validate_redirect( $url, home_url( '/' ) );
    21 if ( $return )
    22         $return = wp_validate_redirect( urldecode( $return ) );
    23 if ( ! $return )
     22if ( $return ) {
     23        $return = wp_unslash( $return );
     24        $return = wp_validate_redirect( $return );
     25}
     26if ( ! $return ) {
    2427        $return = $url;
     28}
    2529
    2630global $wp_scripts, $wp_customize;
    2731
  • src/wp-admin/menu.php

    diff --git src/wp-admin/menu.php src/wp-admin/menu.php
    index 4008a09..4910fd4 100644
    $appearance_cap = current_user_can( 'switch_themes') ? 'switch_themes' : 'edit_t 
    146146
    147147$menu[60] = array( __('Appearance'), $appearance_cap, 'themes.php', '', 'menu-top menu-icon-appearance', 'menu-appearance', 'dashicons-admin-appearance' );
    148148        $submenu['themes.php'][5] = array( __( 'Themes' ), $appearance_cap, 'themes.php' );
    149         $submenu['themes.php'][6] = array( __( 'Customize' ), 'edit_theme_options', 'customize.php', 'hide-if-no-customize' );
    150         if ( current_theme_supports( 'menus' ) || current_theme_supports( 'widgets' ) )
     149
     150        $customize_url = add_query_arg( 'return', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), 'customize.php' );
     151        $submenu['themes.php'][6] = array( __( 'Customize' ), 'edit_theme_options', $customize_url, 'hide-if-no-customize' );
     152        unset( $customize_url );
     153        if ( current_theme_supports( 'menus' ) || current_theme_supports( 'widgets' ) ) {
    151154                $submenu['themes.php'][10] = array(__( 'Menus' ), 'edit_theme_options', 'nav-menus.php');
     155        }
    152156
    153157unset( $appearance_cap );
    154158