WordPress.org

Make WordPress Core

Ticket #32637: 32637.5.diff

File 32637.5.diff, 2.4 KB (added by westonruter, 5 years ago)
  • src/wp-includes/class-wp-customize-manager.php

    diff --git src/wp-includes/class-wp-customize-manager.php src/wp-includes/class-wp-customize-manager.php
    index 00c54c7..247d045 100644
    final class WP_Customize_Manager { 
    13981398         * @return string
    13991399         */
    14001400        public function get_return_url() {
     1401                $referer = wp_get_referer();
    14011402                if ( $this->return_url ) {
    14021403                        $return_url = $this->return_url;
     1404                } else if ( $referer ) {
     1405                        $return_url = $referer;
    14031406                } else if ( $this->preview_url ) {
    14041407                        $return_url = $this->preview_url;
    1405                 } else if ( current_user_can( 'edit_theme_options' ) || current_user_can( 'switch_themes' ) ) {
    1406                         $return_url = admin_url( 'themes.php' );
    14071408                } else {
    1408                         $return_url = admin_url();
     1409                        $return_url = home_url( '/' );
    14091410                }
    14101411                return $return_url;
    14111412        }
  • tests/phpunit/tests/customize/manager.php

    diff --git tests/phpunit/tests/customize/manager.php tests/phpunit/tests/customize/manager.php
    index a484a8a..098b4e0 100644
    class Tests_WP_Customize_Manager extends WP_UnitTestCase { 
    252252         */
    253253        function test_return_url() {
    254254                wp_set_current_user( $this->factory->user->create( array( 'role' => 'author' ) ) );
    255                 $this->assertEquals( get_admin_url(), $this->manager->get_return_url() );
     255                $this->assertEquals( home_url( '/' ), $this->manager->get_return_url() );
    256256
    257257                wp_set_current_user( $this->factory->user->create( array( 'role' => 'administrator' ) ) );
    258258                $this->assertTrue( current_user_can( 'edit_theme_options' ) );
    259                 $this->assertEquals( admin_url( 'themes.php' ), $this->manager->get_return_url() );
     259                $this->assertEquals( home_url( '/' ), $this->manager->get_return_url() );
    260260
    261261                $preview_url = home_url( '/foo/' );
    262262                $this->manager->set_preview_url( $preview_url );
    263263                $this->assertEquals( $preview_url, $this->manager->get_return_url() );
    264264
     265                $url = home_url( '/referred/' );
     266                $_SERVER['HTTP_REFERER'] = wp_slash( $url );
     267                $this->assertEquals( $url, $this->manager->get_return_url() );
     268
     269                $url = 'http://badreferer.example.com/';
     270                $_SERVER['HTTP_REFERER'] = wp_slash( $url );
     271                $this->assertNotEquals( $url, $this->manager->get_return_url() );
     272                $this->assertEquals( $preview_url, $this->manager->get_return_url() );
     273
    265274                $this->manager->set_return_url( admin_url( 'edit.php?trashed=1' ) );
    266275                $this->assertEquals( admin_url( 'edit.php' ), $this->manager->get_return_url() );
    267276        }