WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/24/2012 07:17:49 PM (9 years ago)
Author:
koopersmith
Message:

Theme Customizer: Improve accuracy of identifying internal urls. see #20507, #19910.

The 'customize_preview_link' filter has been replaced by 'customize_allowed_urls'.
Improved accuracy when checking for wp-admin.
Improved accuracy when attempting to match the schemes of the control and preview frames.
Improved accuracy of internal link whitelist.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/customize.php

    r20877 r20882  
    102102    // insecure content warnings. This is not attempted if the admin and frontend
    103103    // are on different domains to avoid the case where the frontend doesn't have
    104     // ssl certs. Domain mapping plugins can force ssl in these conditions using
    105     // the customize_preview_link filter.
     104    // ssl certs. Domain mapping plugins can allow other urls in these conditions
     105    // using the customize_allowed_urls filter.
     106
     107    $allowed_urls = array( home_url('/') );
    106108    $admin_origin = parse_url( admin_url() );
    107     $home_origin = parse_url( home_url() );
    108     $scheme = null;
     109    $home_origin  = parse_url( home_url() );
     110
    109111    if ( is_ssl() && ( $admin_origin[ 'host' ] == $home_origin[ 'host' ] ) )
    110         $scheme = 'https';
     112        $allowed_urls[] = home_url( '/', 'https' );
    111113
    112     $preview_url = apply_filters( 'customize_preview_link',  home_url( '/', $scheme ) );
     114    $allowed_urls = array_unique( apply_filters( 'customize_allowed_urls', $allowed_urls ) );
    113115
    114116    $settings = array(
     
    118120        ),
    119121        'url'      => array(
    120             'preview'  => esc_url( $preview_url ),
     122            'preview'  => esc_url( home_url( '/' ) ),
    121123            'parent'   => esc_url( admin_url() ),
    122124            'ajax'     => esc_url( admin_url( 'admin-ajax.php', 'relative' ) ),
     125            'allowed'  => array_map( 'esc_url', $allowed_urls ),
    123126        ),
    124127        'settings' => array(),
Note: See TracChangeset for help on using the changeset viewer.