Customizer should return to front-end, when launched from front-end

[kovshenin]

When launching the Customizer (Live Preview) from the front-end using the admin bar (toolbar), upon hitting the Close button, you'd expect it to return you where you were, but instead it takes you to themes.php in the admin panel. Jane agreed it would be better to return to front-end, but was also concerned it was too late to make such a change.

[nacin]

I'll slate this for 3.4 for investigation. Not concerned about it, but it could be easy.

The customizer should probably listen to wp_http_referer(), which means we could potentially use ?_wp_http_referer here.

[nacin]

Attached patch opens the preview on the current front-end page you are on, and then returns you to that front-end page when you are done. Needs to be tested on mapped/unmapped, SSL/non-SSL, etc.. If the domain is invalid (say, ?url=​http://wordpress.org) you end up with a white screen.

[koopersmith]

Patch redirects URL parameters that aren't valid to the home page.

[nacin]

20877.4.diff​ adds some same-origin checking via wp_validate_redirect(). This ensures that the $return value is also clean (at least to the domain), which 20877.3.diff​ does not handle.

[koopersmith]

Patch is good by me.

[ryan]

In [21028]:

Customizer: Redirect back to referrer. If referrer is a front end page, load that page in the customizer preview. Props nacin, koopersmith. fixes #20877