WordPress.org

Make WordPress Core

Changeset 36611


Ignore:
Timestamp:
02/22/16 05:30:30 (19 months ago)
Author:
westonruter
Message:

Customize: Prevent PHP notice and JS error caused by widgets and nav menus components if user only has customize capability.

Short-circuits components from initializing their hooks needlessly if current user lacks required capability.

Fixes #35895.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-customize-nav-menus.php

    r36586 r36611  
    4848        $this->previewed_menus = array(); 
    4949        $this->manager         = $manager; 
     50 
     51        // Skip useless hooks when the user can't manage nav menus anyway. 
     52        if ( ! current_user_can( 'edit_theme_options' ) ) { 
     53            return; 
     54        } 
    5055 
    5156        add_filter( 'customize_refresh_nonces', array( $this, 'filter_nonces' ) ); 
  • trunk/src/wp-includes/class-wp-customize-widgets.php

    r36586 r36611  
    8484    public function __construct( $manager ) { 
    8585        $this->manager = $manager; 
     86 
     87        // Skip useless hooks when the user can't manage widgets anyway. 
     88        if ( ! current_user_can( 'edit_theme_options' ) ) { 
     89            return; 
     90        } 
    8691 
    8792        add_filter( 'customize_dynamic_setting_args',          array( $this, 'filter_customize_dynamic_setting_args' ), 10, 2 ); 
  • trunk/tests/phpunit/tests/customize/widgets.php

    r36586 r36611  
    2424        parent::setUp(); 
    2525        require_once( ABSPATH . WPINC . '/class-wp-customize-manager.php' ); 
     26 
     27        $user_id = self::factory()->user->create( array( 'role' => 'administrator' ) ); 
     28        wp_set_current_user( $user_id ); 
    2629        $GLOBALS['wp_customize'] = new WP_Customize_Manager(); 
    2730        $this->manager = $GLOBALS['wp_customize']; 
     
    4144        remove_action( 'after_setup_theme', 'twentysixteen_setup' ); 
    4245        remove_action( 'customize_register', 'twentysixteen_customize_register', 11 ); 
    43  
    44         $user_id = self::factory()->user->create( array( 'role' => 'administrator' ) ); 
    45         wp_set_current_user( $user_id ); 
    4646 
    4747        $this->backup_registered_sidebars = $GLOBALS['wp_registered_sidebars']; 
Note: See TracChangeset for help on using the changeset viewer.