WordPress.org

Make WordPress Core

Changeset 20809


Ignore:
Timestamp:
05/16/12 20:59:02 (2 years ago)
Author:
koopersmith
Message:

Theme Customizer: Properly escape customize settings when sending values to JS. Add WP_Customize_Setting->js_value(). fixes #20687, see #19910.

Location:
trunk/wp-includes
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/class-wp-customize-setting.php

    r20783 r20809  
    232232 
    233233    /** 
     234     * Escape the parameter's value for use in JavaScript. 
     235     * 
     236     * @since 3.4.0 
     237     * 
     238     * @return mixed The requested escaped value. 
     239     */ 
     240    public function js_value() { 
     241        $value = $this->value(); 
     242 
     243        if ( is_string( $value ) ) 
     244            return html_entity_decode( $value, ENT_QUOTES, 'UTF-8'); 
     245 
     246        return $value; 
     247    } 
     248 
     249    /** 
    234250     * Check if the theme supports the setting and check user capabilities. 
    235251     * 
  • trunk/wp-includes/class-wp-customize.php

    r20802 r20809  
    214214 
    215215        foreach ( $this->settings as $id => $setting ) { 
    216             $settings['values'][ $id ] = $setting->value(); 
     216            $settings['values'][ $id ] = $setting->js_value(); 
    217217        } 
    218218 
  • trunk/wp-includes/customize-controls.php

    r20802 r20809  
    109109    foreach ( $this->settings as $id => $setting ) { 
    110110        $settings['settings'][ $id ] = array( 
    111             'value'     => $setting->value(), 
     111            'value'     => $setting->js_value(), 
    112112            'transport' => $setting->transport, 
    113113        ); 
Note: See TracChangeset for help on using the changeset viewer.