WordPress.org

Make WordPress Core

Changeset 36261


Ignore:
Timestamp:
01/11/2016 06:50:30 PM (4 years ago)
Author:
westonruter
Message:

Customizer: Prevent erroneously directing user to login screen when closing.

Fixes issue where user gets stuck at login screen after trying to close the app if previously they had to first login to access the Customizer. Prevents WP_Customize_Manager::get_return_url() from using wp-login.php as a referer.

Props chandrapatel.
See #32637.
Fixes #35355.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-customize-manager.php

    r36219 r36261  
    15801580    public function get_return_url() {
    15811581        $referer = wp_get_referer();
     1582        $excluded_referer_basenames = array( 'customize.php', 'wp-login.php' );
     1583
    15821584        if ( $this->return_url ) {
    15831585            $return_url = $this->return_url;
    1584         } else if ( $referer && 'customize.php' !== basename( parse_url( $referer, PHP_URL_PATH ) ) ) {
     1586        } else if ( $referer && ! in_array( basename( parse_url( $referer, PHP_URL_PATH ) ), $excluded_referer_basenames, true ) ) {
    15851587            $return_url = $referer;
    15861588        } else if ( $this->preview_url ) {
  • trunk/tests/phpunit/tests/customize/manager.php

    r35810 r36261  
    321321
    322322        $_SERVER['HTTP_REFERER'] = wp_slash( admin_url( 'customize.php' ) );
     323        $this->assertEquals( $preview_url, $this->manager->get_return_url() );
     324
     325        // See #35355.
     326        $_SERVER['HTTP_REFERER'] = wp_slash( admin_url( 'wp-login.php' ) );
    323327        $this->assertEquals( $preview_url, $this->manager->get_return_url() );
    324328
Note: See TracChangeset for help on using the changeset viewer.