Make WordPress Core

Opened 10 years ago

Closed 10 years ago

#20877 closed defect (bug) (fixed)

Customizer should return to front-end, when launched from front-end

Reported by: kovshenin Owned by: ryan
Milestone: 3.4 Priority: low
Severity: normal Version: 3.4
Component: Customize Keywords: has-patch commit
Focuses: Cc:


When launching the Customizer (Live Preview) from the front-end using the admin bar (toolbar), upon hitting the Close button, you'd expect it to return you where you were, but instead it takes you to themes.php in the admin panel. Jane agreed it would be better to return to front-end, but was also concerned it was too late to make such a change.

Attachments (4)

20877.diff (1.9 KB) - added by nacin 10 years ago.
20877.2.diff (2.0 KB) - added by nacin 10 years ago.
20877.3.diff (4.1 KB) - added by koopersmith 10 years ago.
20877.4.diff (4.2 KB) - added by nacin 10 years ago.

Download all attachments as: .zip

Change History (14)

#1 @nacin
10 years ago

  • Milestone changed from Awaiting Review to 3.4
  • Priority changed from normal to low

I'll slate this for 3.4 for investigation. Not concerned about it, but it could be easy.

The customizer should probably listen to wp_http_referer(), which means we could potentially use ?_wp_http_referer here.

#2 @nacin
10 years ago

  • Component changed from Themes to Appearance

#3 @nacin
10 years ago

  • Owner set to nacin
  • Status changed from new to accepted

10 years ago

#4 @nacin
10 years ago

Attached patch opens the preview on the current front-end page you are on, and then returns you to that front-end page when you are done. Needs to be tested on mapped/unmapped, SSL/non-SSL, etc.. If the domain is invalid (say, ?url=http://wordpress.org) you end up with a white screen.

#5 @nacin
10 years ago

  • Keywords has-patch added

10 years ago

10 years ago

#6 @koopersmith
10 years ago

Patch redirects URL parameters that aren't valid to the home page.

10 years ago

#7 @nacin
10 years ago

20877.4.diff adds some same-origin checking via wp_validate_redirect(). This ensures that the $return value is also clean (at least to the domain), which 20877.3.diff does not handle.

Last edited 10 years ago by nacin (previous) (diff)

#8 @nacin
10 years ago

  • Keywords commit added
  • Owner changed from nacin to ryan
  • Status changed from accepted to assigned

#9 @koopersmith
10 years ago

Patch is good by me.

#10 @ryan
10 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In [21028]:

Customizer: Redirect back to referrer. If referrer is a front end page, load that page in the customizer preview. Props nacin, koopersmith. fixes #20877

Note: See TracTickets for help on using tickets.