Changeset 29026 for trunk/src/wp-admin/customize.php

Timestamp:

07/08/2014 05:14:20 PM (11 years ago)

Author:

helen

Message:

When accessing the Customizer from the admin menu, make sure the user is returned to the originating page upon close. We should still investigate the general usage of customize-loader.js moving forward, but this approach fixes the immediate issue. props westonruter. fixes #25457.

File:

• trunk/src/wp-admin/customize.php (modified) (1 diff)

trunk/src/wp-admin/customize.php

@@ -13 +13 @@
 require_once( dirname( __FILE__ ) . '/admin.php' );
 
-if ( ! current_user_can( 'edit_theme_options' ) )
+if ( ! current_user_can( 'edit_theme_options' ) ) {
     wp_die( __( 'Cheatin’ uh?' ) );
+}
 
 wp_reset_vars( array( 'url', 'return' ) );
-$url = urldecode( $url );
+$url = wp_unslash( $url );
 $url = wp_validate_redirect( $url, home_url( '/' ) );
-if ( $return )
-    $return = wp_validate_redirect( urldecode( $return ) );
-if ( ! $return )
+if ( $return ) {
+    $return = wp_unslash( $return );
+    $return = wp_validate_redirect( $return );
+}
+if ( ! $return ) {
     $return = $url;
+}
 
 global $wp_scripts, $wp_customize;