Theme Customizer: Validate themes with more than just an existence check.
* The current theme goes through validate_current_theme(). * If doing a preview of a different theme, we check theme->errors(). Also: * Don't attach previewing hooks when previewing the current theme. Aside from being unnecessary, this prevents issues with a theme with the error of theme_parent_invalid. * Call send_origin_headers() earlier, to allow wp_die( '0' ) to properly be returned in a domain mapping situation. * Fix the 'Save & Activate' message on themes.php. fixes #20921. git-svn-id: https://develop.svn.wordpress.org/trunk@21069 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
25e378229e
commit
7b32cc9e6b
@ -161,7 +161,7 @@ do_action( 'customize_controls_print_scripts' );
|
||||
'url' => array(
|
||||
'preview' => esc_url( $url ? $url : home_url( '/' ) ),
|
||||
'parent' => esc_url( admin_url() ),
|
||||
'activated' => esc_url( admin_url( 'themes.php?activated=true' ) ),
|
||||
'activated' => admin_url( 'themes.php?activated=true&previewed' ),
|
||||
'ajax' => esc_url( admin_url( 'admin-ajax.php', 'relative' ) ),
|
||||
'allowed' => array_map( 'esc_url', $allowed_urls ),
|
||||
'isCrossDomain' => $cross_domain,
|
||||
|
@ -92,18 +92,6 @@ wp_enqueue_script( 'customize-loader' );
|
||||
require_once('./admin-header.php');
|
||||
?>
|
||||
|
||||
<?php if ( ! validate_current_theme() ) : ?>
|
||||
<div id="message1" class="updated"><p><?php _e('The active theme is broken. Reverting to the default theme.'); ?></p></div>
|
||||
<?php elseif ( isset($_GET['activated']) ) :
|
||||
if ( isset($wp_registered_sidebars) && count( (array) $wp_registered_sidebars ) && current_user_can('edit_theme_options') ) { ?>
|
||||
<div id="message2" class="updated"><p><?php printf( __('New theme activated. This theme supports widgets, please visit the <a href="%s">widgets settings</a> screen to configure them.'), admin_url( 'widgets.php' ) ); ?></p></div><?php
|
||||
} else { ?>
|
||||
<div id="message2" class="updated"><p><?php printf( __( 'New theme activated. <a href="%s">Visit site</a>' ), home_url( '/' ) ); ?></p></div><?php
|
||||
}
|
||||
elseif ( isset($_GET['deleted']) ) : ?>
|
||||
<div id="message3" class="updated"><p><?php _e('Theme deleted.') ?></p></div>
|
||||
<?php endif; ?>
|
||||
|
||||
<div class="wrap"><?php
|
||||
screen_icon();
|
||||
if ( ! is_multisite() && current_user_can( 'install_themes' ) ) : ?>
|
||||
@ -114,6 +102,20 @@ if ( ! is_multisite() && current_user_can( 'install_themes' ) ) : ?>
|
||||
<?php endif; ?>
|
||||
</h2>
|
||||
<?php
|
||||
if ( ! validate_current_theme() || isset( $_GET['broken'] ) ) : ?>
|
||||
<div id="message1" class="updated"><p><?php _e('The active theme is broken. Reverting to the default theme.'); ?></p></div>
|
||||
<?php elseif ( isset($_GET['activated']) ) :
|
||||
if ( isset( $_GET['previewed'] ) ) { ?>
|
||||
<div id="message2" class="updated"><p><?php printf( __( 'Settings saved and theme activated. <a href="%s">Visit site</a>.' ), home_url( '/' ) ); ?></p></div>
|
||||
<?php } elseif ( isset($wp_registered_sidebars) && count( (array) $wp_registered_sidebars ) && current_user_can('edit_theme_options') ) { ?>
|
||||
<div id="message2" class="updated"><p><?php printf( __('New theme activated. This theme supports widgets, please visit the <a href="%s">widgets settings</a> screen to configure them.'), admin_url( 'widgets.php' ) ); ?></p></div><?php
|
||||
} else { ?>
|
||||
<div id="message2" class="updated"><p><?php printf( __( 'New theme activated. <a href="%s">Visit site</a>' ), home_url( '/' ) ); ?></p></div><?php
|
||||
}
|
||||
elseif ( isset($_GET['deleted']) ) : ?>
|
||||
<div id="message3" class="updated"><p><?php _e('Theme deleted.') ?></p></div>
|
||||
<?php
|
||||
endif;
|
||||
|
||||
$ct = wp_get_theme();
|
||||
$screenshot = $ct->get_screenshot();
|
||||
|
@ -72,10 +72,13 @@ final class WP_Customize_Manager {
|
||||
*
|
||||
* @since 3.4.0
|
||||
*/
|
||||
private function wp_die( $ajax_message, $message ) {
|
||||
protected function wp_die( $ajax_message, $message = null ) {
|
||||
if ( $this->doing_ajax() )
|
||||
wp_die( $ajax_message );
|
||||
|
||||
if ( ! $message )
|
||||
$message = __( 'Cheatin’ uh?' );
|
||||
|
||||
wp_die( $message );
|
||||
}
|
||||
|
||||
@ -98,29 +101,45 @@ final class WP_Customize_Manager {
|
||||
* @since 3.4.0
|
||||
*/
|
||||
public function setup_theme() {
|
||||
send_origin_headers();
|
||||
|
||||
if ( is_admin() && ! $this->doing_ajax() )
|
||||
auth_redirect();
|
||||
elseif ( $this->doing_ajax() && ! is_user_logged_in())
|
||||
wp_die( 0 );
|
||||
elseif ( $this->doing_ajax() && ! is_user_logged_in() )
|
||||
$this->wp_die( 0 );
|
||||
|
||||
send_origin_headers();
|
||||
show_admin_bar( false );
|
||||
|
||||
if ( ! current_user_can( 'edit_theme_options' ) )
|
||||
$this->wp_die( -1 );
|
||||
|
||||
$this->original_stylesheet = get_stylesheet();
|
||||
|
||||
$this->theme = wp_get_theme( isset( $_REQUEST['theme'] ) ? $_REQUEST['theme'] : null );
|
||||
|
||||
// You can't preview a theme if it doesn't exist, or if it is not allowed (unless active).
|
||||
if ( ! $this->theme->exists() )
|
||||
$this->wp_die( -1, __( 'Cheatin’ uh?' ) );
|
||||
if ( $this->is_theme_active() ) {
|
||||
// Once the theme is loaded, we'll validate it.
|
||||
add_action( 'after_setup_theme', array( $this, 'after_setup_theme' ) );
|
||||
} else {
|
||||
if ( ! current_user_can( 'switch_themes' ) )
|
||||
$this->wp_die( -1 );
|
||||
|
||||
if ( $this->theme->get_stylesheet() != get_stylesheet() && ( ! $this->theme()->is_allowed() || ! current_user_can( 'switch_themes' ) ) )
|
||||
$this->wp_die( -1, __( 'Cheatin’ uh?' ) );
|
||||
// If the theme isn't active, you can't preview it if it is not allowed or has errors.
|
||||
if ( $this->theme()->errors() )
|
||||
$this->wp_die( -1 );
|
||||
|
||||
if ( ! current_user_can( 'edit_theme_options' ) )
|
||||
$this->wp_die( -1, __( 'Cheatin’ uh?' ) );
|
||||
if ( ! $this->theme()->is_allowed() )
|
||||
$this->wp_die( -1 );
|
||||
}
|
||||
|
||||
$this->start_previewing_theme();
|
||||
show_admin_bar( false );
|
||||
}
|
||||
|
||||
function after_setup_theme() {
|
||||
if ( ! $this->doing_ajax() && ! validate_current_theme() ) {
|
||||
wp_redirect( 'themes.php?broken=true' );
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -137,17 +156,19 @@ final class WP_Customize_Manager {
|
||||
|
||||
$this->previewing = true;
|
||||
|
||||
add_filter( 'template', array( $this, 'get_template' ) );
|
||||
add_filter( 'stylesheet', array( $this, 'get_stylesheet' ) );
|
||||
add_filter( 'pre_option_current_theme', array( $this, 'current_theme' ) );
|
||||
if ( ! $this->is_theme_active() ) {
|
||||
add_filter( 'template', array( $this, 'get_template' ) );
|
||||
add_filter( 'stylesheet', array( $this, 'get_stylesheet' ) );
|
||||
add_filter( 'pre_option_current_theme', array( $this, 'current_theme' ) );
|
||||
|
||||
// @link: http://core.trac.wordpress.org/ticket/20027
|
||||
add_filter( 'pre_option_stylesheet', array( $this, 'get_stylesheet' ) );
|
||||
add_filter( 'pre_option_template', array( $this, 'get_template' ) );
|
||||
// @link: http://core.trac.wordpress.org/ticket/20027
|
||||
add_filter( 'pre_option_stylesheet', array( $this, 'get_stylesheet' ) );
|
||||
add_filter( 'pre_option_template', array( $this, 'get_template' ) );
|
||||
|
||||
// Handle custom theme roots.
|
||||
add_filter( 'pre_option_stylesheet_root', array( $this, 'get_stylesheet_root' ) );
|
||||
add_filter( 'pre_option_template_root', array( $this, 'get_template_root' ) );
|
||||
// Handle custom theme roots.
|
||||
add_filter( 'pre_option_stylesheet_root', array( $this, 'get_stylesheet_root' ) );
|
||||
add_filter( 'pre_option_template_root', array( $this, 'get_template_root' ) );
|
||||
}
|
||||
|
||||
do_action( 'start_previewing_theme', $this );
|
||||
}
|
||||
@ -165,17 +186,19 @@ final class WP_Customize_Manager {
|
||||
|
||||
$this->previewing = false;
|
||||
|
||||
remove_filter( 'template', array( $this, 'get_template' ) );
|
||||
remove_filter( 'stylesheet', array( $this, 'get_stylesheet' ) );
|
||||
remove_filter( 'pre_option_current_theme', array( $this, 'current_theme' ) );
|
||||
if ( ! $this->is_theme_active() ) {
|
||||
remove_filter( 'template', array( $this, 'get_template' ) );
|
||||
remove_filter( 'stylesheet', array( $this, 'get_stylesheet' ) );
|
||||
remove_filter( 'pre_option_current_theme', array( $this, 'current_theme' ) );
|
||||
|
||||
// @link: http://core.trac.wordpress.org/ticket/20027
|
||||
remove_filter( 'pre_option_stylesheet', array( $this, 'get_stylesheet' ) );
|
||||
remove_filter( 'pre_option_template', array( $this, 'get_template' ) );
|
||||
// @link: http://core.trac.wordpress.org/ticket/20027
|
||||
remove_filter( 'pre_option_stylesheet', array( $this, 'get_stylesheet' ) );
|
||||
remove_filter( 'pre_option_template', array( $this, 'get_template' ) );
|
||||
|
||||
// Handle custom theme roots.
|
||||
remove_filter( 'pre_option_stylesheet_root', array( $this, 'get_stylesheet_root' ) );
|
||||
remove_filter( 'pre_option_template_root', array( $this, 'get_template_root' ) );
|
||||
// Handle custom theme roots.
|
||||
remove_filter( 'pre_option_stylesheet_root', array( $this, 'get_stylesheet_root' ) );
|
||||
remove_filter( 'pre_option_template_root', array( $this, 'get_template_root' ) );
|
||||
}
|
||||
|
||||
do_action( 'stop_previewing_theme', $this );
|
||||
}
|
||||
@ -389,7 +412,7 @@ final class WP_Customize_Manager {
|
||||
* @return string Template name.
|
||||
*/
|
||||
public function get_template() {
|
||||
return $this->theme->get_template();
|
||||
return $this->theme()->get_template();
|
||||
}
|
||||
|
||||
/**
|
||||
@ -400,7 +423,7 @@ final class WP_Customize_Manager {
|
||||
* @return string Stylesheet name.
|
||||
*/
|
||||
public function get_stylesheet() {
|
||||
return $this->theme->get_stylesheet();
|
||||
return $this->theme()->get_stylesheet();
|
||||
}
|
||||
|
||||
/**
|
||||
@ -433,7 +456,7 @@ final class WP_Customize_Manager {
|
||||
* @return string Theme name.
|
||||
*/
|
||||
public function current_theme( $current_theme ) {
|
||||
return $this->theme->display('Name');
|
||||
return $this->theme()->display('Name');
|
||||
}
|
||||
|
||||
/**
|
||||
@ -448,7 +471,7 @@ final class WP_Customize_Manager {
|
||||
check_ajax_referer( 'customize_controls-' . $this->get_stylesheet(), 'nonce' );
|
||||
|
||||
// Do we have to switch themes?
|
||||
if ( $this->get_stylesheet() != $this->original_stylesheet ) {
|
||||
if ( ! $this->is_theme_active() ) {
|
||||
// Temporarily stop previewing the theme to allow switch_themes()
|
||||
// to operate properly.
|
||||
$this->stop_previewing_theme();
|
||||
@ -462,22 +485,9 @@ final class WP_Customize_Manager {
|
||||
$setting->save();
|
||||
}
|
||||
|
||||
add_action( 'admin_notices', array( $this, '_save_feedback' ) );
|
||||
|
||||
die;
|
||||
}
|
||||
|
||||
/**
|
||||
* Show an admin notice after settings are saved.
|
||||
*
|
||||
* @since 3.4.0
|
||||
*/
|
||||
public function _save_feedback() {
|
||||
?>
|
||||
<div class="updated"><p><?php printf( __( 'Settings saved and theme activated. <a href="%s">Visit site</a>.' ), home_url( '/' ) ); ?></p></div>
|
||||
<?php
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a customize setting.
|
||||
*
|
||||
|
Loading…
Reference in New Issue
Block a user