WordPress.org

Make WordPress Core


Ignore:
Timestamp:
03/22/2017 11:03:28 PM (3 years ago)
Author:
westonruter
Message:

Customize: Prevent links to customize.php from being generated which have query vars from wp_removable_query_args() present.

Props dlh.
See #23367, #32692.
Fixes #31850.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/menu.php

    r39540 r40313  
    158158    $submenu['themes.php'][5] = array( __( 'Themes' ), $appearance_cap, 'themes.php' );
    159159
    160     $customize_url = add_query_arg( 'return', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), 'customize.php' );
     160    $customize_url = add_query_arg( 'return', urlencode( remove_query_arg( wp_removable_query_args(), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ), 'customize.php' );
    161161    $submenu['themes.php'][6] = array( __( 'Customize' ), 'customize', esc_url( $customize_url ), '', 'hide-if-no-customize' );
    162162
Note: See TracChangeset for help on using the changeset viewer.