sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Customize: Circumvent the customizer attempting to preview links to static assets (such as uploaded images).

Browse Source 
The customizer's preview POST requests to static assets result in 405 Method Not Allowed responses.

Fixes #37828.


git-svn-id: https://develop.svn.wordpress.org/trunk@38396 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Weston Ruter 2016-08-27 06:04:42 +00:00
parent 5d4485b184
commit a8b98b7924
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/wp-admin/js/customize-controls.js
View File

@ -3210,12 +3210,14 @@
// ssl certs. // ssl certs.
this.add( 'previewUrl', params.previewUrl ).setter( function( to ) { this.add( 'previewUrl', params.previewUrl ).setter( function( to ) {
var result; var result, urlParser;
urlParser = document.createElement( 'a' );
urlParser.href = to;
// Check for URLs that include "/wp-admin/" or end in "/wp-admin". // Abort if URL is for admin or (static) files in wp-includes or wp-content.
// Strip hashes and query strings before testing. if ( /\/wp-(admin|includes|content)(\/|$)/.test( urlParser.pathname ) ) {
if ( /\/wp-admin(\/|$)/.test( to.replace( /[#?].*$/, '' ) ) )
return null; return null;
}
// Attempt to match the URL to the control frame's scheme // Attempt to match the URL to the control frame's scheme
// and check if it's allowed. If not, try the original URL. // and check if it's allowed. If not, try the original URL.