WordPress.org

Make WordPress Core

Changeset 20809


Ignore:
Timestamp:
05/16/2012 08:59:02 PM (6 years ago)
Author:
koopersmith
Message:

Theme Customizer: Properly escape customize settings when sending values to JS. Add WP_Customize_Setting->js_value(). fixes #20687, see #19910.

Location:
trunk/wp-includes
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/class-wp-customize-setting.php

    r20783 r20809  
    232232
    233233    /**
     234     * Escape the parameter's value for use in JavaScript.
     235     *
     236     * @since 3.4.0
     237     *
     238     * @return mixed The requested escaped value.
     239     */
     240    public function js_value() {
     241        $value = $this->value();
     242
     243        if ( is_string( $value ) )
     244            return html_entity_decode( $value, ENT_QUOTES, 'UTF-8');
     245
     246        return $value;
     247    }
     248
     249    /**
    234250     * Check if the theme supports the setting and check user capabilities.
    235251     *
  • trunk/wp-includes/class-wp-customize.php

    r20802 r20809  
    214214
    215215        foreach ( $this->settings as $id => $setting ) {
    216             $settings['values'][ $id ] = $setting->value();
     216            $settings['values'][ $id ] = $setting->js_value();
    217217        }
    218218
  • trunk/wp-includes/customize-controls.php

    r20802 r20809  
    109109    foreach ( $this->settings as $id => $setting ) {
    110110        $settings['settings'][ $id ] = array(
    111             'value'     => $setting->value(),
     111            'value'     => $setting->js_value(),
    112112            'transport' => $setting->transport,
    113113        );
Note: See TracChangeset for help on using the changeset viewer.