In `customize.php`, check that `$autofocus` is an `array` after running `wp_unslash()` instead of before. This is admittedly to skip a traversable hint in Scrutinizer.

See #30224.

Built from https://develop.svn.wordpress.org/trunk@30164


git-svn-id: http://core.svn.wordpress.org/trunk@30164 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/customize.php

@@ -282,11 +282,13 @@ do_action( 'customize_controls_print_scripts' );
 	}
 
 	// Pass to frontend the Customizer construct being deeplinked
-	if ( isset( $_GET['autofocus'] ) && is_array( $_GET['autofocus'] ) ) {
+	if ( isset( $_GET['autofocus'] ) ) {
 		$autofocus = wp_unslash( $_GET['autofocus'] );
-		foreach ( $autofocus as $type => $id ) {
-			if ( isset( $settings[ $type . 's' ][ $id ] ) ) {
-				$settings['autofocus'][ $type ] = $id;
+		if ( is_array( $autofocus ) ) {
+			foreach ( $autofocus as $type => $id ) {
+				if ( isset( $settings[ $type . 's' ][ $id ] ) ) {
+					$settings['autofocus'][ $type ] = $id;
+				}
 			}
 		}
 	}

wp-includes/version.php

@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.1-alpha-30163';
+$wp_version = '4.1-alpha-30164';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.