Ticket #32772: 32772.patch

theme.php

@@ -2066 +2066 @@
         $admin_origin = parse_url( admin_url() );
         $home_origin  = parse_url( home_url() );
         $cross_domain = ( strtolower( $admin_origin[ 'host' ] ) != strtolower( $home_origin[ 'host' ] ) );
-
+        /**
+         * Filter whether to enable the Customizer.
+         *
+         * Returning false to this hook will trigger the 'no-customizer-support'
+         * class within the body tag which will effectively revert the inclusion
+         * of the Customizer.
+         *
+         * @since 4.x.x
+         *
+         * @param bool Whether the Customizer should be shown. Default true.
+         */
+        $enabled = apply_filters( 'enable_customizer_support', true );
         ?>
         <script type="text/javascript">
                 (function() {
-                        var request, b = document.body, c = 'className', cs = 'customize-support', rcs = new RegExp('(^|\\s+)(no-)?'+cs+'(\\s+|$)');
+                        var request, enabled, b = document.body, c = 'className', cs = 'customize-support', rcs = new RegExp('(^|\\s+)(no-)?'+cs+'(\\s+|$)');
 
 <?php           if ( $cross_domain ): ?>
                         request = (function(){ var xhr = new XMLHttpRequest(); return ('withCredentials' in xhr); })();
@@ -2077 +2088 @@
 <?php           else: ?>
                         request = true;
 <?php           endif; ?>
+<?php       if ( $enabled ) { ?>
+                        enabled = true;
+<?php       } else { ?>
+                        enabled = false;
+<?php       } ?>
 
                         b[c] = b[c].replace( rcs, ' ' );
-                        b[c] += ( window.postMessage && request ? ' ' : ' no-' ) + cs;
+                        b[c] += ( window.postMessage && request && enabled ? ' ' : ' no-' ) + cs;
                 }());
         </script>
         <?php