Make WordPress Core

Changeset 36363


Ignore:
Timestamp:
01/20/2016 08:36:17 AM (9 years ago)
Author:
dd32
Message:

Customizer: Prevent erroneously directing user to login screen when closing.

Fixes issue where user gets stuck at login screen after trying to close the app if previously they had to first login to access the Customizer. Prevents WP_Customize_Manager::get_return_url() from using wp-login.php as a referer.

Merges [36261] to the 4.4 branch.
Props chandrapatel.
See #32637.
Fixes #35355.

Location:
branches/4.4
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/4.4

  • branches/4.4/src/wp-includes/class-wp-customize-manager.php

    r35724 r36363  
    15361536    public function get_return_url() {
    15371537        $referer = wp_get_referer();
     1538        $excluded_referer_basenames = array( 'customize.php', 'wp-login.php' );
     1539
    15381540        if ( $this->return_url ) {
    15391541            $return_url = $this->return_url;
    1540         } else if ( $referer && 'customize.php' !== basename( parse_url( $referer, PHP_URL_PATH ) ) ) {
     1542        } else if ( $referer && ! in_array( basename( parse_url( $referer, PHP_URL_PATH ) ), $excluded_referer_basenames, true ) ) {
    15411543            $return_url = $referer;
    15421544        } else if ( $this->preview_url ) {
  • branches/4.4/tests/phpunit/tests/customize/manager.php

    r35724 r36363  
    322322
    323323        $_SERVER['HTTP_REFERER'] = wp_slash( admin_url( 'customize.php' ) );
     324        $this->assertEquals( $preview_url, $this->manager->get_return_url() );
     325
     326        // See #35355.
     327        $_SERVER['HTTP_REFERER'] = wp_slash( admin_url( 'wp-login.php' ) );
    324328        $this->assertEquals( $preview_url, $this->manager->get_return_url() );
    325329
Note: See TracChangeset for help on using the changeset viewer.