Customizer: Use `esc_url_raw` to escape customizer URL settings to prevent double encoding.

props westonruter, ocean90. fixes #26569. git-svn-id: https://develop.svn.wordpress.org/trunk@27574 602fd350-edb4-49c9-b593-d223f7449a82
2014-03-17 22:15:27 +00:00 · 2014-03-17 22:15:27 +00:00 · d23e0a556c
parent 0ab93452d1
commit d23e0a556c
1 changed files with 11 additions and 11 deletions
--- a/src/wp-admin/customize.php
+++ b/src/wp-admin/customize.php
@ -208,15 +208,15 @@ do_action( 'customize_controls_print_scripts' );
 			'active'     => $wp_customize->is_theme_active(),
 		),
 		'url'      => array(
-			'preview'       => esc_url( $url ? $url : home_url( '/' ) ),
+			'preview'       => esc_url_raw( $url ? $url : home_url( '/' ) ),
-			'parent'        => esc_url( admin_url() ),
+			'parent'        => esc_url_raw( admin_url() ),
-			'activated'     => admin_url( 'themes.php?activated=true&previewed' ),
+			'activated'     => esc_url_raw( admin_url( 'themes.php?activated=true&previewed' ) ),
-			'ajax'          => esc_url( admin_url( 'admin-ajax.php', 'relative' ) ),
+			'ajax'          => esc_url_raw( admin_url( 'admin-ajax.php', 'relative' ) ),
-			'allowed'       => array_map( 'esc_url', $allowed_urls ),
+			'allowed'       => array_map( 'esc_url_raw', $allowed_urls ),
 			'isCrossDomain' => $cross_domain,
-			'fallback'      => $fallback_url,
+			'fallback'      => esc_url_raw( $fallback_url ),
-			'home'          => esc_url( home_url( '/' ) ),
+			'home'          => esc_url_raw( home_url( '/' ) ),
-			'login'         => $login_url,
+			'login'         => esc_url_raw( $login_url ),
 		),
 		'browser'  => array(
 			'mobile' => wp_is_mobile(),