Changeset 21010
- Timestamp:
- 06/06/2012 08:34:24 PM (13 years ago)
- Location:
- trunk
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/admin-header.php
r20918 r21010 103 103 // If the customize-loader script is enqueued, make sure the customize 104 104 // body classes are correct as early as possible. 105 if ( wp_script_is( 'customize-loader', 'queue' ) )105 if ( wp_script_is( 'customize-loader', 'queue' ) && current_user_can( 'edit_theme_options' ) ) 106 106 wp_customize_support_script(); 107 107 ?> -
trunk/wp-admin/customize.php
r21006 r21010 13 13 14 14 global $wp_scripts, $wp_customize; 15 16 wp_reset_vars( array( 'theme' ) );17 18 if ( ! $theme )19 $theme = get_stylesheet();20 15 21 16 $registered = $wp_scripts->registered; … … 49 44 <body class="wp-full-overlay"> 50 45 <form id="customize-controls" class="wrap wp-full-overlay-sidebar"> 51 <?php wp_nonce_field( 'customize_controls '); ?>46 <?php wp_nonce_field( 'customize_controls-' . $wp_customize->get_stylesheet() ); ?> 52 47 <div id="customize-header-actions" class="wp-full-overlay-header"> 53 48 <?php -
trunk/wp-admin/includes/class-wp-themes-list-table.php
r20827 r21010 126 126 $author = $theme->display('Author'); 127 127 128 $activate_link = wp_nonce_url( "themes.php?action=activate&template=" . urlencode( $template ) . "&stylesheet=" . urlencode( $stylesheet ), 'switch-theme_' . $ template);128 $activate_link = wp_nonce_url( "themes.php?action=activate&template=" . urlencode( $template ) . "&stylesheet=" . urlencode( $stylesheet ), 'switch-theme_' . $stylesheet ); 129 129 130 130 $preview_link = esc_url( add_query_arg( … … 133 133 134 134 $actions = array(); 135 $actions[ ] = '<a href="' . $activate_link . '" class="activatelink" title="'135 $actions['activate'] = '<a href="' . $activate_link . '" class="activatelink" title="' 136 136 . esc_attr( sprintf( __( 'Activate “%s”' ), $title ) ) . '">' . __( 'Activate' ) . '</a>'; 137 $actions[] = '<a href="' . $preview_link . '" class="hide-if-customize" title="' 138 . esc_attr( sprintf( __( 'Preview “%s”' ), $title ) ) . '">' . __( 'Preview' ) . '</a>' 139 . '<a href="' . wp_customize_url( $stylesheet ) . '" class="load-customize hide-if-no-customize">' 140 . __( 'Live Preview' ) . '</a>'; 137 138 $actions['preview'] = '<a href="' . $preview_link . '" class="hide-if-customize" title="' 139 . esc_attr( sprintf( __( 'Preview “%s”' ), $title ) ) . '">' . __( 'Preview' ) . '</a>'; 140 141 if ( current_user_can( 'edit_theme_options' ) ) 142 $actions['preview'] .= '<a href="' . wp_customize_url( $stylesheet ) . '" class="load-customize hide-if-no-customize">' 143 . __( 'Live Preview' ) . '</a>'; 144 141 145 if ( ! is_multisite() && current_user_can( 'delete_themes' ) ) 142 $actions['delete'] = '<a class="submitdelete deletion" href="' . wp_nonce_url( "themes.php?action=delete& template=$stylesheet", 'delete-theme_' . $stylesheet )146 $actions['delete'] = '<a class="submitdelete deletion" href="' . wp_nonce_url( "themes.php?action=delete&stylesheet=$stylesheet", 'delete-theme_' . $stylesheet ) 143 147 . '" onclick="' . "return confirm( '" . esc_js( sprintf( __( "You are about to delete this theme '%s'\n 'Cancel' to stop, 'OK' to delete." ), $title ) ) 144 148 . "' );" . '">' . __( 'Delete' ) . '</a>'; -
trunk/wp-admin/includes/theme.php
r20752 r21010 12 12 * @since 2.8.0 13 13 * 14 * @param string $ template Template directoryof the theme to delete14 * @param string $stylesheet Stylesheet of the theme to delete 15 15 * @param string $redirect Redirect to page when complete. 16 16 * @return mixed 17 17 */ 18 function delete_theme($ template, $redirect = '') {18 function delete_theme($stylesheet, $redirect = '') { 19 19 global $wp_filesystem; 20 20 21 if ( empty($ template) )21 if ( empty($stylesheet) ) 22 22 return false; 23 23 24 24 ob_start(); 25 25 if ( empty( $redirect ) ) 26 $redirect = wp_nonce_url('themes.php?action=delete& template=' . $template, 'delete-theme_' . $template);26 $redirect = wp_nonce_url('themes.php?action=delete&stylesheet=' . $stylesheet, 'delete-theme_' . $stylesheet); 27 27 if ( false === ($credentials = request_filesystem_credentials($redirect)) ) { 28 28 $data = ob_get_contents(); … … 62 62 63 63 $themes_dir = trailingslashit( $themes_dir ); 64 $theme_dir = trailingslashit($themes_dir . $ template);64 $theme_dir = trailingslashit($themes_dir . $stylesheet); 65 65 $deleted = $wp_filesystem->delete($theme_dir, true); 66 66 67 67 if ( ! $deleted ) 68 return new WP_Error('could_not_remove_theme', sprintf(__('Could not fully remove the theme %s.'), $ template) );68 return new WP_Error('could_not_remove_theme', sprintf(__('Could not fully remove the theme %s.'), $stylesheet) ); 69 69 70 70 // Force refresh of theme update information -
trunk/wp-admin/themes.php
r20967 r21010 17 17 if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) { 18 18 if ( 'activate' == $_GET['action'] ) { 19 check_admin_referer('switch-theme_' . $_GET['template']); 19 check_admin_referer('switch-theme_' . $_GET['stylesheet']); 20 $theme = wp_get_theme( $_GET['stylesheet'] ); 21 if ( ! $theme->exists() || ! $theme->is_allowed() ) 22 wp_die( __( 'Cheatin’ uh?' ) ); 20 23 switch_theme($_GET['template'], $_GET['stylesheet']); 21 24 wp_redirect( admin_url('themes.php?activated=true') ); 22 25 exit; 23 26 } elseif ( 'delete' == $_GET['action'] ) { 24 check_admin_referer('delete-theme_' . $_GET['template']); 25 if ( !current_user_can('delete_themes') ) 27 check_admin_referer('delete-theme_' . $_GET['stylesheet']); 28 $theme = wp_get_theme( $_GET['stylesheet'] ); 29 if ( !current_user_can('delete_themes') || ! $theme->exists() ) 26 30 wp_die( __( 'Cheatin’ uh?' ) ); 27 delete_theme($_GET[' template']);31 delete_theme($_GET['stylesheet']); 28 32 wp_redirect( admin_url('themes.php?deleted=true') ); 29 33 exit; … … 60 64 ) ); 61 65 } 66 67 endif; // switch_themes 62 68 63 69 if ( current_user_can( 'edit_theme_options' ) ) { … … 83 89 wp_enqueue_script( 'theme' ); 84 90 wp_enqueue_script( 'customize-loader' ); 85 86 endif;87 91 88 92 require_once('./admin-header.php'); … … 121 125 <div id="current-theme" class="<?php echo esc_attr( $class ); ?>"> 122 126 <?php if ( $screenshot ) : ?> 127 <?php if ( current_user_can( 'edit_theme_options' ) ) : ?> 123 128 <a href="<?php echo wp_customize_url(); ?>" class="load-customize hide-if-no-customize" title="<?php echo esc_attr( $customize_title ); ?>"> 124 129 <img src="<?php echo esc_url( $screenshot ); ?>" alt="<?php esc_attr_e( 'Current theme preview' ); ?>" /> 125 130 </a> 131 <?php endif; ?> 126 132 <img class="hide-if-customize" src="<?php echo esc_url( $screenshot ); ?>" alt="<?php esc_attr_e( 'Current theme preview' ); ?>" /> 127 133 <?php endif; ?> … … 141 147 </div> 142 148 143 <div class="theme-options">144 <a id="customize-current-theme-link" href="<?php echo wp_customize_url(); ?>" class="load-customize hide-if-no-customize" title="<?php echo esc_attr( $customize_title ); ?>"><?php _e( 'Customize' )?></a>145 <span><?php _e( 'Options:' )?></span>146 149 <?php 147 150 // Pretend you didn't see this. … … 172 175 } 173 176 177 if ( $options || current_user_can( 'edit_theme_options' ) ) : 174 178 ?> 175 <ul> 176 <?php foreach ( $options as $option ) : ?> 177 <li><?php echo $option; ?></li> 178 <?php endforeach; ?> 179 </ul> 180 </div> 179 <div class="theme-options"> 180 <?php if ( current_user_can( 'edit_theme_options' ) ) : ?> 181 <a id="customize-current-theme-link" href="<?php echo wp_customize_url(); ?>" class="load-customize hide-if-no-customize" title="<?php echo esc_attr( $customize_title ); ?>"><?php _e( 'Customize' ); ?></a> 182 <?php 183 endif; // edit_theme_options 184 if ( $options ) : 185 ?> 186 <span><?php _e( 'Options:' )?></span> 187 <ul> 188 <?php foreach ( $options as $option ) : ?> 189 <li><?php echo $option; ?></li> 190 <?php endforeach; ?> 191 </ul> 192 </div> 193 <?php 194 endif; // options 195 endif; // options || edit_theme_options 196 ?> 181 197 182 198 </div> -
trunk/wp-includes/class-wp-customize-manager.php
r20995 r21010 79 79 */ 80 80 public function setup_theme() { 81 if ( ! ( isset( $_REQUEST['customize'] ) && 'on' == $_REQUEST['customize'] ) && ! basename( $_SERVER['PHP_SELF'] ) == 'customize.php' )82 return;83 84 81 send_origin_headers(); 82 83 $this->original_stylesheet = get_stylesheet(); 84 85 $this->theme = wp_get_theme( isset( $_REQUEST['theme'] ) ? $_REQUEST['theme'] : null ); 86 87 // You can't preview a theme if it doesn't exist, or if it is not allowed (unless active). 88 if ( ! $this->theme->exists() ) 89 wp_die( __( 'Cheatin’ uh?' ) ); 90 91 if ( $this->theme->get_stylesheet() != get_stylesheet() && ( ! $this->theme()->is_allowed() || ! current_user_can( 'switch_themes' ) ) ) 92 wp_die( __( 'Cheatin’ uh?' ) ); 93 94 if ( ! current_user_can( 'edit_theme_options' ) ) 95 wp_die( __( 'Cheatin’ uh?' ) ); 85 96 86 97 $this->start_previewing_theme(); … … 96 107 */ 97 108 public function start_previewing_theme() { 98 if ( $this->is_preview() || false === $this->theme || ( $this->theme && ! $this->theme->exists() ) ) 109 // Bail if we're already previewing. 110 if ( $this->is_preview() ) 99 111 return; 100 101 // Initialize $theme and $original_stylesheet if they do not yet exist.102 if ( ! isset( $this->theme ) ) {103 $this->theme = wp_get_theme( isset( $_REQUEST['theme'] ) ? $_REQUEST['theme'] : null );104 if ( ! $this->theme->exists() ) {105 $this->theme = false;106 return;107 }108 }109 110 $this->original_stylesheet = get_stylesheet();111 112 112 113 $this->previewing = true; … … 420 421 die; 421 422 422 check_ajax_referer( 'customize_controls ', 'nonce' );423 check_ajax_referer( 'customize_controls-' . $this->get_stylesheet(), 'nonce' ); 423 424 424 425 // Do we have to switch themes? 425 426 if ( $this->get_stylesheet() != $this->original_stylesheet ) { 426 if ( ! current_user_can( 'switch_themes' ) )427 die;428 429 427 // Temporarily stop previewing the theme to allow switch_themes() 430 428 // to operate properly. -
trunk/wp-includes/js/customize-loader.dev.js
r20988 r21010 18 18 // Check for settings, postMessage support, and whether we require CORS support. 19 19 if ( ! Loader.settings || ! $.support.postMessage || ( ! $.support.cors && Loader.settings.isCrossDomain ) ) { 20 this.body.removeClass( 'customize-support' ).addClass( 'no-customize-support' );21 20 return; 22 21 } 23 24 this.body.removeClass( 'no-customize-support' ).addClass( 'customize-support' );25 22 26 23 this.window = $( window );
Note: See TracChangeset
for help on using the changeset viewer.