WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

#20877 closed defect (bug) (fixed)

Customizer should return to front-end, when launched from front-end

Reported by: kovshenin Owned by: ryan
Milestone: 3.4 Priority: low
Severity: normal Version: 3.4
Component: Customize Keywords: has-patch commit
Focuses: Cc:

Description

When launching the Customizer (Live Preview) from the front-end using the admin bar (toolbar), upon hitting the Close button, you'd expect it to return you where you were, but instead it takes you to themes.php in the admin panel. Jane agreed it would be better to return to front-end, but was also concerned it was too late to make such a change.

Attachments (4)

20877.diff (1.9 KB) - added by nacin 2 years ago.
20877.2.diff (2.0 KB) - added by nacin 2 years ago.
20877.3.diff (4.1 KB) - added by koopersmith 2 years ago.
20877.4.diff (4.2 KB) - added by nacin 2 years ago.

Download all attachments as: .zip

Change History (14)

comment:1 nacin2 years ago

  • Milestone changed from Awaiting Review to 3.4
  • Priority changed from normal to low

I'll slate this for 3.4 for investigation. Not concerned about it, but it could be easy.

The customizer should probably listen to wp_http_referer(), which means we could potentially use ?_wp_http_referer here.

comment:2 nacin2 years ago

  • Component changed from Themes to Appearance

comment:3 nacin2 years ago

  • Owner set to nacin
  • Status changed from new to accepted

nacin2 years ago

comment:4 nacin2 years ago

Attached patch opens the preview on the current front-end page you are on, and then returns you to that front-end page when you are done. Needs to be tested on mapped/unmapped, SSL/non-SSL, etc.. If the domain is invalid (say, ?url=http://wordpress.org) you end up with a white screen.

comment:5 nacin2 years ago

  • Keywords has-patch added

nacin2 years ago

koopersmith2 years ago

comment:6 koopersmith2 years ago

Patch redirects URL parameters that aren't valid to the home page.

nacin2 years ago

comment:7 nacin2 years ago

20877.4.diff adds some same-origin checking via wp_validate_redirect(). This ensures that the $return value is also clean (at least to the domain), which 20877.3.diff does not handle.

Last edited 2 years ago by nacin (previous) (diff)

comment:8 nacin2 years ago

  • Keywords commit added
  • Owner changed from nacin to ryan
  • Status changed from accepted to assigned

comment:9 koopersmith2 years ago

Patch is good by me.

comment:10 ryan2 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In [21028]:

Customizer: Redirect back to referrer. If referrer is a front end page, load that page in the customizer preview. Props nacin, koopersmith. fixes #20877

Note: See TracTickets for help on using tickets.