diff --git src/wp-admin/includes/theme.php src/wp-admin/includes/theme.php
index c4b8b0c..0a0ea9e 100644
|
|
function wp_prepare_themes_for_js( $themes = null ) { |
525 | 525 | $parents[ $slug ] = $theme->parent()->get_stylesheet(); |
526 | 526 | } |
527 | 527 | |
| 528 | $customize_action = null; |
| 529 | if ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) { |
| 530 | $customize_action = esc_url( add_query_arg( |
| 531 | array( |
| 532 | 'return' => urlencode( esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ), |
| 533 | ), |
| 534 | wp_customize_url( $slug ) |
| 535 | ) ); |
| 536 | } |
| 537 | |
528 | 538 | $prepared_themes[ $slug ] = array( |
529 | 539 | 'id' => $slug, |
530 | 540 | 'name' => $theme->display( 'Name' ), |
… |
… |
function wp_prepare_themes_for_js( $themes = null ) { |
540 | 550 | 'update' => get_theme_update_available( $theme ), |
541 | 551 | 'actions' => array( |
542 | 552 | 'activate' => current_user_can( 'switch_themes' ) ? wp_nonce_url( admin_url( 'themes.php?action=activate&stylesheet=' . $encoded_slug ), 'switch-theme_' . $slug ) : null, |
543 | | 'customize' => ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) ? wp_customize_url( $slug ) : null, |
| 553 | 'customize' => $customize_action, |
544 | 554 | 'delete' => current_user_can( 'delete_themes' ) ? wp_nonce_url( admin_url( 'themes.php?action=delete&stylesheet=' . $encoded_slug ), 'delete-theme_' . $slug ) : null, |
545 | 555 | ), |
546 | 556 | ); |
diff --git src/wp-includes/class-wp-customize-manager.php src/wp-includes/class-wp-customize-manager.php
index 485e164..0002773 100644
|
|
final class WP_Customize_Manager { |
1455 | 1455 | * @return string URL for link to close Customizer. |
1456 | 1456 | */ |
1457 | 1457 | public function get_return_url() { |
| 1458 | $referer = wp_get_referer(); |
1458 | 1459 | if ( $this->return_url ) { |
1459 | 1460 | $return_url = $this->return_url; |
| 1461 | } else if ( $referer ) { |
| 1462 | $return_url = $referer; |
1460 | 1463 | } else if ( $this->preview_url ) { |
1461 | 1464 | $return_url = $this->preview_url; |
1462 | | } else if ( current_user_can( 'edit_theme_options' ) || current_user_can( 'switch_themes' ) ) { |
1463 | | $return_url = admin_url( 'themes.php' ); |
1464 | 1465 | } else { |
1465 | | $return_url = admin_url(); |
| 1466 | $return_url = home_url( '/' ); |
1466 | 1467 | } |
1467 | 1468 | return $return_url; |
1468 | 1469 | } |
diff --git tests/phpunit/tests/customize/manager.php tests/phpunit/tests/customize/manager.php
index ec9e2b0..36c2906 100644
|
|
class Tests_WP_Customize_Manager extends WP_UnitTestCase { |
252 | 252 | */ |
253 | 253 | function test_return_url() { |
254 | 254 | wp_set_current_user( self::$factory->user->create( array( 'role' => 'author' ) ) ); |
255 | | $this->assertEquals( get_admin_url(), $this->manager->get_return_url() ); |
| 255 | $this->assertEquals( home_url( '/' ), $this->manager->get_return_url() ); |
256 | 256 | |
257 | 257 | wp_set_current_user( self::$factory->user->create( array( 'role' => 'administrator' ) ) ); |
258 | 258 | $this->assertTrue( current_user_can( 'edit_theme_options' ) ); |
259 | | $this->assertEquals( admin_url( 'themes.php' ), $this->manager->get_return_url() ); |
| 259 | $this->assertEquals( home_url( '/' ), $this->manager->get_return_url() ); |
260 | 260 | |
261 | 261 | $preview_url = home_url( '/foo/' ); |
262 | 262 | $this->manager->set_preview_url( $preview_url ); |
263 | 263 | $this->assertEquals( $preview_url, $this->manager->get_return_url() ); |
264 | 264 | |
| 265 | $url = home_url( '/referred/' ); |
| 266 | $_SERVER['HTTP_REFERER'] = wp_slash( $url ); |
| 267 | $this->assertEquals( $url, $this->manager->get_return_url() ); |
| 268 | |
| 269 | $url = 'http://badreferer.example.com/'; |
| 270 | $_SERVER['HTTP_REFERER'] = wp_slash( $url ); |
| 271 | $this->assertNotEquals( $url, $this->manager->get_return_url() ); |
| 272 | $this->assertEquals( $preview_url, $this->manager->get_return_url() ); |
| 273 | |
265 | 274 | $this->manager->set_return_url( admin_url( 'edit.php?trashed=1' ) ); |
266 | 275 | $this->assertEquals( admin_url( 'edit.php' ), $this->manager->get_return_url() ); |
267 | 276 | } |