WordPress.org

Make WordPress Core

Changeset 20861


Ignore:
Timestamp:
05/24/2012 01:48:32 AM (7 years ago)
Author:
koopersmith
Message:

Theme Customizer: Properly handle redirects in the preview by setting wp_redirect_status to 200. props nacin, see #20507, #19910.

Location:
trunk/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/class-wp-customize-manager.php

    r20860 r20861  
    3535        add_action( 'wp_loaded',    array( $this, 'wp_loaded' ) );
    3636
     37        // Run wp_redirect_status late to make sure we override the status last.
     38        add_action( 'wp_redirect_status', array( $this, 'wp_redirect_status' ), 1000 );
     39
    3740        add_action( 'wp_ajax_customize_save', array( $this, 'save' ) );
    3841
     
    209212        if ( $this->is_preview() && ! is_admin() )
    210213            $this->customize_preview_init();
     214    }
     215
     216    /**
     217     * Prevents AJAX requests from following redirects when previewing a theme
     218     * by issuing a 200 response instead of a 30x.
     219     *
     220     * Instead, the JS will sniff out the location header.
     221     *
     222     * @since 3.4.0
     223     */
     224    public function wp_redirect_status( $status ) {
     225        if ( $this->is_preview() && ! is_admin() )
     226            return 200;
     227
     228        return $status;
    211229    }
    212230
  • trunk/wp-includes/js/customize-controls.dev.js

    r20837 r20861  
    319319            api.Messenger.prototype.initialize.call( this, params.url );
    320320
     321            // We're dynamically generating the iframe, so the origin is set
     322            // to the current window's location, not the url's.
     323            this.origin.unlink( this.url ).set( window.location.href );
     324
     325            // Limit the URL to internal, front-end links.
     326            this.url.setter( function( to ) {
     327                // Bail if we're navigating to a different origin or wp-admin.
     328                if ( 0 !== to.indexOf( self.origin() + '/' ) || -1 !== to.indexOf( 'wp-admin' ) )
     329                    return null;
     330
     331                return to;
     332            });
     333
     334            // Refresh the preview when the URL is changed.
     335            this.url.bind( this.refresh );
     336
    321337            this.scroll = 0;
    322338            this.bind( 'scroll', function( distance ) {
     
    324340            });
    325341
    326             // We're dynamically generating the iframe, so the origin is set
    327             // to the current window's location, not the url's.
    328             this.origin.unlink( this.url ).set( window.location.href );
    329 
    330             this.bind( 'url', function( url ) {
    331                 // Bail if we're navigating to the current url, to a different origin, or wp-admin.
    332                 if ( this.url() == url || 0 !== url.indexOf( this.origin() + '/' ) || -1 !== url.indexOf( 'wp-admin' ) )
    333                     return;
    334 
    335                 this.url( url );
    336                 this.refresh();
    337             });
     342            // Update the URL when the iframe sends a URL message.
     343            this.bind( 'url', this.url );
    338344        },
    339345        loader: function() {
     
    366372                data: this.query() || {},
    367373                success: function( response ) {
    368                     var iframe = self.loader()[0].contentWindow;
     374                    var iframe = self.loader()[0].contentWindow,
     375                        location = self.request.getResponseHeader('Location');
     376
     377                    // Check if the location response header differs from the current URL.
     378                    // If so, the request was redirected; try loading the requested page.
     379                    if ( location && location != self.url() ) {
     380                        self.url( location );
     381                        return;
     382                    }
    369383
    370384                    self.loader().one( 'load', self.loaded );
Note: See TracChangeset for help on using the changeset viewer.