Make WordPress Core

Changeset 38396


Ignore:
Timestamp:
08/27/2016 06:04:42 AM (8 years ago)
Author:
westonruter
Message:

Customize: Circumvent the customizer attempting to preview links to static assets (such as uploaded images).

The customizer's preview POST requests to static assets result in 405 Method Not Allowed responses.

Fixes #37828.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/js/customize-controls.js

    r37955 r38396  
    32113211
    32123212            this.add( 'previewUrl', params.previewUrl ).setter( function( to ) {
    3213                 var result;
    3214 
    3215                 // Check for URLs that include "/wp-admin/" or end in "/wp-admin".
    3216                 // Strip hashes and query strings before testing.
    3217                 if ( /\/wp-admin(\/|$)/.test( to.replace( /[#?].*$/, '' ) ) )
     3213                var result, urlParser;
     3214                urlParser = document.createElement( 'a' );
     3215                urlParser.href = to;
     3216
     3217                // Abort if URL is for admin or (static) files in wp-includes or wp-content.
     3218                if ( /\/wp-(admin|includes|content)(\/|$)/.test( urlParser.pathname ) ) {
    32183219                    return null;
     3220                }
    32193221
    32203222                // Attempt to match the URL to the control frame's scheme
Note: See TracChangeset for help on using the changeset viewer.