WordPress.org

Make WordPress Core

Changeset 40313


Ignore:
Timestamp:
03/22/17 23:03:28 (3 months ago)
Author:
westonruter
Message:

Customize: Prevent links to customize.php from being generated which have query vars from wp_removable_query_args() present.

Props dlh.
See #23367, #32692.
Fixes #31850.

Location:
trunk/src/wp-admin
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/theme.php

    r39325 r40313  
    579579            $customize_action = esc_url( add_query_arg( 
    580580                array( 
    581                     'return' => urlencode( esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ), 
     581                    'return' => urlencode( esc_url_raw( remove_query_arg( wp_removable_query_args(), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) ), 
    582582                ), 
    583583                wp_customize_url( $slug ) 
  • trunk/src/wp-admin/menu.php

    r39540 r40313  
    158158    $submenu['themes.php'][5] = array( __( 'Themes' ), $appearance_cap, 'themes.php' ); 
    159159 
    160     $customize_url = add_query_arg( 'return', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), 'customize.php' ); 
     160    $customize_url = add_query_arg( 'return', urlencode( remove_query_arg( wp_removable_query_args(), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ), 'customize.php' ); 
    161161    $submenu['themes.php'][6] = array( __( 'Customize' ), 'customize', esc_url( $customize_url ), '', 'hide-if-no-customize' ); 
    162162 
  • trunk/src/wp-admin/nav-menus.php

    r39543 r40313  
    585585            esc_url( add_query_arg( array( 
    586586                array( 'autofocus' => $focus ), 
    587                 'return' => urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), 
     587                'return' => urlencode( remove_query_arg( wp_removable_query_args(), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ), 
    588588            ), admin_url( 'customize.php' ) ) ), 
    589589            __( 'Manage with Live Preview' ) 
  • trunk/src/wp-admin/widgets.php

    r39760 r40313  
    358358            array( 
    359359                array( 'autofocus' => array( 'panel' => 'widgets' ) ), 
    360                 'return' => urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ) 
     360                'return' => urlencode( remove_query_arg( wp_removable_query_args(), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) 
    361361            ), 
    362362            admin_url( 'customize.php' ) 
Note: See TracChangeset for help on using the changeset viewer.