WordPress.org

Make WordPress Core

Ticket #32637: 32637.6.diff

File 32637.6.diff, 3.9 KB (added by westonruter, 4 years ago)
  • src/wp-admin/includes/theme.php

    diff --git src/wp-admin/includes/theme.php src/wp-admin/includes/theme.php
    index c4b8b0c..0a0ea9e 100644
    function wp_prepare_themes_for_js( $themes = null ) { 
    525525                        $parents[ $slug ] = $theme->parent()->get_stylesheet();
    526526                }
    527527
     528                $customize_action = null;
     529                if ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) {
     530                        $customize_action = esc_url( add_query_arg(
     531                                array(
     532                                        'return' => urlencode( esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ),
     533                                ),
     534                                wp_customize_url( $slug )
     535                        ) );
     536                }
     537
    528538                $prepared_themes[ $slug ] = array(
    529539                        'id'           => $slug,
    530540                        'name'         => $theme->display( 'Name' ),
    function wp_prepare_themes_for_js( $themes = null ) { 
    540550                        'update'       => get_theme_update_available( $theme ),
    541551                        'actions'      => array(
    542552                                'activate' => current_user_can( 'switch_themes' ) ? wp_nonce_url( admin_url( 'themes.php?action=activate&stylesheet=' . $encoded_slug ), 'switch-theme_' . $slug ) : null,
    543                                 'customize' => ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) ? wp_customize_url( $slug ) : null,
     553                                'customize' => $customize_action,
    544554                                'delete'   => current_user_can( 'delete_themes' ) ? wp_nonce_url( admin_url( 'themes.php?action=delete&stylesheet=' . $encoded_slug ), 'delete-theme_' . $slug ) : null,
    545555                        ),
    546556                );
  • src/wp-includes/class-wp-customize-manager.php

    diff --git src/wp-includes/class-wp-customize-manager.php src/wp-includes/class-wp-customize-manager.php
    index 485e164..0002773 100644
    final class WP_Customize_Manager { 
    14551455         * @return string URL for link to close Customizer.
    14561456         */
    14571457        public function get_return_url() {
     1458                $referer = wp_get_referer();
    14581459                if ( $this->return_url ) {
    14591460                        $return_url = $this->return_url;
     1461                } else if ( $referer ) {
     1462                        $return_url = $referer;
    14601463                } else if ( $this->preview_url ) {
    14611464                        $return_url = $this->preview_url;
    1462                 } else if ( current_user_can( 'edit_theme_options' ) || current_user_can( 'switch_themes' ) ) {
    1463                         $return_url = admin_url( 'themes.php' );
    14641465                } else {
    1465                         $return_url = admin_url();
     1466                        $return_url = home_url( '/' );
    14661467                }
    14671468                return $return_url;
    14681469        }
  • tests/phpunit/tests/customize/manager.php

    diff --git tests/phpunit/tests/customize/manager.php tests/phpunit/tests/customize/manager.php
    index ec9e2b0..36c2906 100644
    class Tests_WP_Customize_Manager extends WP_UnitTestCase { 
    252252         */
    253253        function test_return_url() {
    254254                wp_set_current_user( self::$factory->user->create( array( 'role' => 'author' ) ) );
    255                 $this->assertEquals( get_admin_url(), $this->manager->get_return_url() );
     255                $this->assertEquals( home_url( '/' ), $this->manager->get_return_url() );
    256256
    257257                wp_set_current_user( self::$factory->user->create( array( 'role' => 'administrator' ) ) );
    258258                $this->assertTrue( current_user_can( 'edit_theme_options' ) );
    259                 $this->assertEquals( admin_url( 'themes.php' ), $this->manager->get_return_url() );
     259                $this->assertEquals( home_url( '/' ), $this->manager->get_return_url() );
    260260
    261261                $preview_url = home_url( '/foo/' );
    262262                $this->manager->set_preview_url( $preview_url );
    263263                $this->assertEquals( $preview_url, $this->manager->get_return_url() );
    264264
     265                $url = home_url( '/referred/' );
     266                $_SERVER['HTTP_REFERER'] = wp_slash( $url );
     267                $this->assertEquals( $url, $this->manager->get_return_url() );
     268
     269                $url = 'http://badreferer.example.com/';
     270                $_SERVER['HTTP_REFERER'] = wp_slash( $url );
     271                $this->assertNotEquals( $url, $this->manager->get_return_url() );
     272                $this->assertEquals( $preview_url, $this->manager->get_return_url() );
     273
    265274                $this->manager->set_return_url( admin_url( 'edit.php?trashed=1' ) );
    266275                $this->assertEquals( admin_url( 'edit.php' ), $this->manager->get_return_url() );
    267276        }