WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Customizer: Use `esc_url_raw` to escape customizer URL settings to prevent double encoding. 

props westonruter, ocean90.
fixes #26569.
Built from https://develop.svn.wordpress.org/trunk@27574


git-svn-id: http://core.svn.wordpress.org/trunk@27417 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Dominik Schilling 2014-03-17 22:16:15 +00:00
parent b6233e15a3
commit 6197d52c73
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
wp-admin/customize.php
View File

@ -208,15 +208,15 @@ do_action( 'customize_controls_print_scripts' );
'active' => $wp_customize->is_theme_active(), 'active' => $wp_customize->is_theme_active(),
), ),
'url' => array( 'url' => array(
'preview' => esc_url( $url ? $url : home_url( '/' ) ), 'preview' => esc_url_raw( $url ? $url : home_url( '/' ) ),
'parent' => esc_url( admin_url() ), 'parent' => esc_url_raw( admin_url() ),
'activated' => admin_url( 'themes.php?activated=true&previewed' ), 'activated' => esc_url_raw( admin_url( 'themes.php?activated=true&previewed' ) ),
'ajax' => esc_url( admin_url( 'admin-ajax.php', 'relative' ) ), 'ajax' => esc_url_raw( admin_url( 'admin-ajax.php', 'relative' ) ),
'allowed' => array_map( 'esc_url', $allowed_urls ), 'allowed' => array_map( 'esc_url_raw', $allowed_urls ),
'isCrossDomain' => $cross_domain, 'isCrossDomain' => $cross_domain,
'fallback' => $fallback_url, 'fallback' => esc_url_raw( $fallback_url ),
'home' => esc_url( home_url( '/' ) ), 'home' => esc_url_raw( home_url( '/' ) ),
'login' => $login_url, 'login' => esc_url_raw( $login_url ),
), ),
'browser' => array( 'browser' => array(
'mobile' => wp_is_mobile(), 'mobile' => wp_is_mobile(),
@ -225,9 +225,9 @@ do_action( 'customize_controls_print_scripts' );
'settings' => array(), 'settings' => array(),
'controls' => array(), 'controls' => array(),
'nonce' => array( 'nonce' => array(
'save' => wp_create_nonce( 'save-customize_' . $wp_customize->get_stylesheet() ), 'save' => wp_create_nonce( 'save-customize_' . $wp_customize->get_stylesheet() ),
'preview' => wp_create_nonce( 'preview-customize_' . $wp_customize->get_stylesheet() ) 'preview' => wp_create_nonce( 'preview-customize_' . $wp_customize->get_stylesheet() )
), ),
); );
// Prepare Customize Setting objects to pass to Javascript. // Prepare Customize Setting objects to pass to Javascript.