WordPress.org

Make WordPress Core

#20877 closed defect (bug) (fixed)

Customizer should return to front-end, when launched from front-end

Reported by: kovshenin Owned by: ryan
Milestone: 3.4 Priority: low
Severity: normal Version: 3.4
Component: Appearance Keywords: has-patch commit
Focuses: Cc:

Description

When launching the Customizer (Live Preview) from the front-end using the admin bar (toolbar), upon hitting the Close button, you'd expect it to return you where you were, but instead it takes you to themes.php in the admin panel. Jane agreed it would be better to return to front-end, but was also concerned it was too late to make such a change.

Attachments (4)

20877.diff (1.9 KB) - added by nacin 23 months ago.
20877.2.diff (2.0 KB) - added by nacin 23 months ago.
20877.3.diff (4.1 KB) - added by koopersmith 23 months ago.
20877.4.diff (4.2 KB) - added by nacin 23 months ago.

Download all attachments as: .zip

Change History (14)

comment:1 nacin23 months ago

  • Milestone changed from Awaiting Review to 3.4
  • Priority changed from normal to low

I'll slate this for 3.4 for investigation. Not concerned about it, but it could be easy.

The customizer should probably listen to wp_http_referer(), which means we could potentially use ?_wp_http_referer here.

comment:2 nacin23 months ago

  • Component changed from Themes to Appearance

comment:3 nacin23 months ago

  • Owner set to nacin
  • Status changed from new to accepted

nacin23 months ago

comment:4 nacin23 months ago

Attached patch opens the preview on the current front-end page you are on, and then returns you to that front-end page when you are done. Needs to be tested on mapped/unmapped, SSL/non-SSL, etc.. If the domain is invalid (say, ?url=http://wordpress.org) you end up with a white screen.

comment:5 nacin23 months ago

  • Keywords has-patch added

nacin23 months ago

koopersmith23 months ago

comment:6 koopersmith23 months ago

Patch redirects URL parameters that aren't valid to the home page.

nacin23 months ago

comment:7 nacin23 months ago

20877.4.diff adds some same-origin checking via wp_validate_redirect(). This ensures that the $return value is also clean (at least to the domain), which 20877.3.diff does not handle.

Last edited 23 months ago by nacin (previous) (diff)

comment:8 nacin23 months ago

  • Keywords commit added
  • Owner changed from nacin to ryan
  • Status changed from accepted to assigned

comment:9 koopersmith23 months ago

Patch is good by me.

comment:10 ryan23 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In [21028]:

Customizer: Redirect back to referrer. If referrer is a front end page, load that page in the customizer preview. Props nacin, koopersmith. fixes #20877

Note: See TracTickets for help on using tickets.