In customize.php, check that $autofocus is an array after running wp_unslash() instead of before. This is admittedly to skip a traversable hint in Scrutinizer.

See #30224. git-svn-id: https://develop.svn.wordpress.org/trunk@30164 602fd350-edb4-49c9-b593-d223f7449a82
2014-11-01 22:16:19 +00:00 · 2014-11-01 22:16:19 +00:00 · b4d0961718
commit b4d0961718
parent 64f773e4da
1 changed files with 6 additions and 4 deletions
--- a/src/wp-admin/customize.php
+++ b/src/wp-admin/customize.php
@ -282,11 +282,13 @@ do_action( 'customize_controls_print_scripts' );
 	}

 	// Pass to frontend the Customizer construct being deeplinked
-	if ( isset( $_GET['autofocus'] ) && is_array( $_GET['autofocus'] ) ) {
+	if ( isset( $_GET['autofocus'] ) ) {
 		$autofocus = wp_unslash( $_GET['autofocus'] );
-		foreach ( $autofocus as $type => $id ) {
-			if ( isset( $settings[ $type . 's' ][ $id ] ) ) {
-				$settings['autofocus'][ $type ] = $id;
+		if ( is_array( $autofocus ) ) {
+			foreach ( $autofocus as $type => $id ) {
+				if ( isset( $settings[ $type . 's' ][ $id ] ) ) {
+					$settings['autofocus'][ $type ] = $id;
+				}
 			}
 		}
 	}