WordPress.org

Make WordPress Core

Changeset 36611


Ignore:
Timestamp:
02/22/2016 05:30:30 AM (2 years ago)
Author:
westonruter
Message:

Customize: Prevent PHP notice and JS error caused by widgets and nav menus components if user only has customize capability.

Short-circuits components from initializing their hooks needlessly if current user lacks required capability.

Fixes #35895.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-customize-nav-menus.php

    r36586 r36611  
    4848        $this->previewed_menus = array();
    4949        $this->manager         = $manager;
     50
     51        // Skip useless hooks when the user can't manage nav menus anyway.
     52        if ( ! current_user_can( 'edit_theme_options' ) ) {
     53            return;
     54        }
    5055
    5156        add_filter( 'customize_refresh_nonces', array( $this, 'filter_nonces' ) );
  • trunk/src/wp-includes/class-wp-customize-widgets.php

    r36586 r36611  
    8484    public function __construct( $manager ) {
    8585        $this->manager = $manager;
     86
     87        // Skip useless hooks when the user can't manage widgets anyway.
     88        if ( ! current_user_can( 'edit_theme_options' ) ) {
     89            return;
     90        }
    8691
    8792        add_filter( 'customize_dynamic_setting_args',          array( $this, 'filter_customize_dynamic_setting_args' ), 10, 2 );
  • trunk/tests/phpunit/tests/customize/widgets.php

    r36586 r36611  
    2424        parent::setUp();
    2525        require_once( ABSPATH . WPINC . '/class-wp-customize-manager.php' );
     26
     27        $user_id = self::factory()->user->create( array( 'role' => 'administrator' ) );
     28        wp_set_current_user( $user_id );
    2629        $GLOBALS['wp_customize'] = new WP_Customize_Manager();
    2730        $this->manager = $GLOBALS['wp_customize'];
     
    4144        remove_action( 'after_setup_theme', 'twentysixteen_setup' );
    4245        remove_action( 'customize_register', 'twentysixteen_customize_register', 11 );
    43 
    44         $user_id = self::factory()->user->create( array( 'role' => 'administrator' ) );
    45         wp_set_current_user( $user_id );
    4646
    4747        $this->backup_registered_sidebars = $GLOBALS['wp_registered_sidebars'];
Note: See TracChangeset for help on using the changeset viewer.