Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#20862 closed defect (bug) (fixed)

Limit false positives when enabling WP_Customize_Manager

Reported by: nacin Owned by: ryan
Milestone: 3.4 Priority: lowest
Severity: major Version: 3.4
Component: Customize Keywords:
Focuses: Cc:


I'm doing some final reviews of some of our more intricate 3.4 features, to see where plugin conflicts are most likely.

For instantiating the customizer, this is our current check:

( isset( $_REQUEST['customize'] ) && 'on' == $_REQUEST['customize'] ) || 'customize.php' == basename( $_SERVER['PHP_SELF'] )
  1. While ?customize=something in itself will not conflict with this (we avoid registering a query var), we should consider making this $_REQUEST['wp_customize'] to avoid any chance of ?customize=on conflicting with a theme. Since we now have customize.php for direct URL access, it won't make our user-side URLs any uglier.
  1. That customize.php check will catch plugins with a customize.php file that is directly accessed. While this is going to be a rare conflict, we should include an is_admin() check to ensure we are only looking in the wp-admin directory.

Severity = major in that things will break if there is a conflict. Priority = lowest in that the chance of a conflict is rare.

Attachments (1)

20862.diff (2.3 KB) - added by nacin 3 years ago.

Download all attachments as: .zip

Change History (2)

3 years ago

#1 @ryan
3 years ago

  • Owner set to ryan
  • Resolution set to fixed
  • Status changed from new to closed

In [21016]:

Namespace the customize request arg to prevent collision with plugins and themes. Props nacin. fixes #20862

Note: See TracTickets for help on using tickets.