Make WordPress Core

Changeset 40331


Ignore:
Timestamp:
03/25/2017 01:34:27 PM (8 years ago)
Author:
swissspidy
Message:

Customize: Prevent links to customize.php from being generated which have query vars from wp_removable_query_args() present.

Props dlh.
See #23367, #32692.
Fixes #31850.

Merges [40313] to the 4.7 branch.

Location:
branches/4.7
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • branches/4.7

  • branches/4.7/src/wp-admin/includes/theme.php

    r39325 r40331  
    579579            $customize_action = esc_url( add_query_arg(
    580580                array(
    581                     'return' => urlencode( esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ),
     581                    'return' => urlencode( esc_url_raw( remove_query_arg( wp_removable_query_args(), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) ),
    582582                ),
    583583                wp_customize_url( $slug )
  • branches/4.7/src/wp-admin/menu.php

    r38827 r40331  
    157157    $submenu['themes.php'][5] = array( __( 'Themes' ), $appearance_cap, 'themes.php' );
    158158
    159     $customize_url = add_query_arg( 'return', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), 'customize.php' );
     159    $customize_url = add_query_arg( 'return', urlencode( remove_query_arg( wp_removable_query_args(), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ), 'customize.php' );
    160160    $submenu['themes.php'][6] = array( __( 'Customize' ), 'customize', esc_url( $customize_url ), '', 'hide-if-no-customize' );
    161161
  • branches/4.7/src/wp-admin/nav-menus.php

    r39323 r40331  
    585585                esc_url( add_query_arg( array(
    586586                    array( 'autofocus' => $focus ),
    587                     'return' => urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ),
     587                    'return' => urlencode( remove_query_arg( wp_removable_query_args(), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ),
    588588                ), admin_url( 'customize.php' ) ) ),
    589589                __( 'Manage with Live Preview' )
  • branches/4.7/src/wp-admin/widgets.php

    r39761 r40331  
    356356                array(
    357357                    array( 'autofocus' => array( 'panel' => 'widgets' ) ),
    358                     'return' => urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) )
     358                    'return' => urlencode( remove_query_arg( wp_removable_query_args(), wp_unslash( $_SERVER['REQUEST_URI'] ) ) )
    359359                ),
    360360                admin_url( 'customize.php' )
Note: See TracChangeset for help on using the changeset viewer.