diff --git a/wp-includes/class-wp-customize-manager.php b/wp-includes/class-wp-customize-manager.php index d047620ca1..ec7c251a68 100644 --- a/wp-includes/class-wp-customize-manager.php +++ b/wp-includes/class-wp-customize-manager.php @@ -1728,12 +1728,12 @@ final class WP_Customize_Manager { } continue; } - if ( is_null( $unsanitized_value ) ) { - continue; - } if ( $options['validate_capability'] && ! current_user_can( $setting->capability ) ) { $validity = new WP_Error( 'unauthorized', __( 'Unauthorized to modify setting due to capability.' ) ); } else { + if ( is_null( $unsanitized_value ) ) { + continue; + } $validity = $setting->validate( $unsanitized_value ); } if ( ! is_wp_error( $validity ) ) { @@ -2030,7 +2030,6 @@ final class WP_Customize_Manager { $changed_setting_ids[] = $setting_id; } } - $post_values = wp_array_slice_assoc( $post_values, $changed_setting_ids ); /** * Fires before save validation happens. @@ -2046,7 +2045,11 @@ final class WP_Customize_Manager { do_action( 'customize_save_validation_before', $this ); // Validate settings. - $setting_validities = $this->validate_setting_values( $post_values, array( + $validated_values = array_merge( + array_fill_keys( array_keys( $args['data'] ), null ), // Make sure existence/capability checks are done on value-less setting updates. + $post_values + ); + $setting_validities = $this->validate_setting_values( $validated_values, array( 'validate_capability' => true, 'validate_existence' => true, ) ); @@ -2064,10 +2067,6 @@ final class WP_Customize_Manager { return new WP_Error( 'transaction_fail', '', $response ); } - $response = array( - 'setting_validities' => $setting_validities, - ); - // Obtain/merge data for changeset. $original_changeset_data = $this->get_changeset_post_data( $changeset_post_id ); $data = $original_changeset_data; @@ -2105,14 +2104,21 @@ final class WP_Customize_Manager { // Remove setting from changeset entirely. unset( $data[ $changeset_setting_id ] ); } else { - // Merge any additional setting params that have been supplied with the existing params. + if ( ! isset( $data[ $changeset_setting_id ] ) ) { $data[ $changeset_setting_id ] = array(); } + // Merge any additional setting params that have been supplied with the existing params. + $merged_setting_params = array_merge( $data[ $changeset_setting_id ], $setting_params ); + + // Skip updating setting params if unchanged (ensuring the user_id is not overwritten). + if ( $data[ $changeset_setting_id ] === $merged_setting_params ) { + continue; + } + $data[ $changeset_setting_id ] = array_merge( - $data[ $changeset_setting_id ], - $setting_params, + $merged_setting_params, array( 'type' => $setting->type, 'user_id' => $args['user_id'], @@ -2220,6 +2226,10 @@ final class WP_Customize_Manager { remove_filter( 'wp_save_post_revision_post_has_changed', array( $this, '_filter_revision_post_has_changed' ) ); + $response = array( + 'setting_validities' => $setting_validities, + ); + if ( is_wp_error( $r ) ) { $response['changeset_post_save_failure'] = $r->get_error_code(); return new WP_Error( 'changeset_post_save_failure', '', $response ); diff --git a/wp-includes/version.php b/wp-includes/version.php index 25a2fc8afb..1f96357596 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.7-beta4-39319'; +$wp_version = '4.7-beta4-39320'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.