WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/26/2012 06:44:31 PM (8 years ago)
Author:
koopersmith
Message:

Theme Customizer: Ensure that JS color controls always use real color values, even if the server-side value is a hex value without a hash. fixes #20448, see #19910.

Adds WP_Customize_Setting->sanitize_js_callback and 'customize_sanitize_js_$settingID' filter, to filter values before they're passed to JS using WP_Customize_Setting->js_value().

Adds support for regular hex colors to the color picker.

Changes color methods:

  • sanitize_hex_color() accepts 3 and 6 digit hex colors (with hashes) and the empty string.
  • sanitize_hex_color_no_hash() accepts 3 and 6 digit hex colors (without hashes) and the empty string.
  • maybe_hash_hex_color() ensures that a hex color has a hash, and otherwise leaves the value untouched.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/class-wp-customize-manager.php

    r20933 r20936  
    668668
    669669        $this->add_setting( 'header_textcolor', array(
    670             'sanitize_callback' => 'sanitize_header_textcolor',
    671670            'theme_supports' => array( 'custom-header', 'header-text' ),
    672671            'default'        => get_theme_support( 'custom-header', 'default-text-color' ),
     672
     673            'sanitize_callback'    => array( $this, '_sanitize_header_textcolor' ),
     674            'sanitize_js_callback' => 'maybe_hash_hex_color',
    673675        ) );
    674676
     
    690692        // With sanitize_callback
    691693        $this->add_setting( 'background_color', array(
    692             'default'           => get_theme_support( 'custom-background', 'default-color' ),
    693             'sanitize_callback' => 'sanitize_hexcolor',
    694             'theme_supports'    => 'custom-background',
     694            'default'        => get_theme_support( 'custom-background', 'default-color' ),
     695            'theme_supports' => 'custom-background',
     696
     697            'sanitize_callback'    => 'sanitize_hex_color_no_hash',
     698            'sanitize_js_callback' => 'maybe_hash_hex_color',
    695699        ) );
    696700
     
    877881        ) );
    878882    }
     883
     884    /**
     885     * Callback for validating the header_textcolor value.
     886     *
     887     * Accepts 'blank', and otherwise uses sanitize_hex_color_no_hash().
     888     *
     889     * @since 3.4.0
     890     */
     891    public function _sanitize_header_textcolor( $color ) {
     892        return ( 'blank' === $color ) ? 'blank' : sanitize_hex_color_no_hash( $color );
     893    }
    879894};
    880895
    881 // Callback function for sanitizing the header textcolor setting.
    882 function sanitize_header_textcolor( $color ) {
    883     if ( $color == 'blank' )
    884         return 'blank';
    885 
    886     return sanitize_hexcolor( $color );
    887 }
    888 
    889 // Callback function for sanitizing a hex color
    890 function sanitize_hexcolor( $color ) {
    891     $color = preg_replace( '/[^0-9a-fA-F]/', '', $color );
     896/**
     897 * Validates a hex color.
     898 *
     899 * Returns either '', a 3 or 6 digit hex color (with #), or null.
     900 * For validating values without a #, see sanitize_hex_color_no_hash().
     901 *
     902 * @since 3.4.0
     903 */
     904function sanitize_hex_color( $color ) {
     905    if ( '' === $color )
     906        return '';
    892907
    893908    // 3 or 6 hex digits, or the empty string.
    894     if ( preg_match('|^([A-Fa-f0-9]{3}){0,2}$|', $color ) )
     909    if ( preg_match('|^#([A-Fa-f0-9]{3}){1,2}$|', $color ) )
    895910        return $color;
    896911
    897912    return null;
    898913}
     914
     915/**
     916 * Sanitizes a hex color without a hash. Use sanitize_hex_color() when possible.
     917 *
     918 * Saving hex colors without a hash puts the burden of adding the hash on the
     919 * UI, which makes it difficult to use or upgrade to other color types such as
     920 * rgba, hsl, rgb, and html color names.
     921 *
     922 * Returns either '', a 3 or 6 digit hex color (without a #), or null.
     923 *
     924 * @since 3.4.0
     925 */
     926function sanitize_hex_color_no_hash( $color ) {
     927    $color = ltrim( $color, '#' );
     928
     929    if ( '' === $color )
     930        return '';
     931
     932    return sanitize_hex_color( '#' . $color ) ? $color : null;
     933}
     934
     935/**
     936 * Ensures that any hex color is properly hashed.
     937 * Otherwise, returns value untouched.
     938 *
     939 * This method should only be necessary if using sanitize_hex_color_no_hash().
     940 *
     941 * @since 3.4.0
     942 */
     943function maybe_hash_hex_color( $color ) {
     944    if ( $unhashed = sanitize_hex_color_no_hash( $color ) )
     945        return '#' . $unhashed;
     946
     947    return $color;
     948}
Note: See TracChangeset for help on using the changeset viewer.