]> scripts.mit.edu Git - autoinstalls/wordpress.git/blobdiff - wp-includes/class-wp-customize-widgets.php
WordPress 4.6.2
[autoinstalls/wordpress.git] / wp-includes / class-wp-customize-widgets.php
index ad5742fabef53ffcd93e964219c443f89f27e525..16549ff6922623ac435a13df2a4ed1dcf5646989 100644 (file)
@@ -1,13 +1,21 @@
 <?php
 /**
- * Customize Widgets Class
- *
- * Implements widget management in the Customizer.
+ * WordPress Customize Widgets classes
  *
  * @package WordPress
  * @subpackage Customize
  * @since 3.9.0
  */
+
+/**
+ * Customize Widgets class.
+ *
+ * Implements widget management in the Customizer.
+ *
+ * @since 3.9.0
+ *
+ * @see WP_Customize_Manager
+ */
 final class WP_Customize_Widgets {
 
        /**
@@ -35,37 +43,44 @@ final class WP_Customize_Widgets {
        /**
         * @since 3.9.0
         * @access protected
-        * @var
+        * @var array
         */
-       protected $_customized;
+       protected $rendered_sidebars = array();
 
        /**
         * @since 3.9.0
         * @access protected
         * @var array
         */
-       protected $_prepreview_added_filters = array();
+       protected $rendered_widgets = array();
 
        /**
         * @since 3.9.0
         * @access protected
         * @var array
         */
-       protected $rendered_sidebars = array();
+       protected $old_sidebars_widgets = array();
 
        /**
-        * @since 3.9.0
+        * Mapping of widget ID base to whether it supports selective refresh.
+        *
+        * @since 4.5.0
         * @access protected
         * @var array
         */
-       protected $rendered_widgets = array();
+       protected $selective_refreshable_widgets;
 
        /**
-        * @since 3.9.0
+        * Mapping of setting type to setting ID pattern.
+        *
+        * @since 4.2.0
         * @access protected
         * @var array
         */
-       protected $old_sidebars_widgets = array();
+       protected $setting_id_patterns = array(
+               'widget_instance' => '/^widget_(?P<id_base>.+?)(?:\[(?P<widget_number>\d+)\])?$/',
+               'sidebar_widgets' => '/^sidebars_widgets\[(?P<sidebar_id>.+?)\]$/',
+       );
 
        /**
         * Initial loader.
@@ -78,7 +93,13 @@ final class WP_Customize_Widgets {
        public function __construct( $manager ) {
                $this->manager = $manager;
 
-               add_action( 'after_setup_theme',                       array( $this, 'setup_widget_addition_previews' ) );
+               // Skip useless hooks when the user can't manage widgets anyway.
+               if ( ! current_user_can( 'edit_theme_options' ) ) {
+                       return;
+               }
+
+               add_filter( 'customize_dynamic_setting_args',          array( $this, 'filter_customize_dynamic_setting_args' ), 10, 2 );
+               add_action( 'widgets_init',                            array( $this, 'register_settings' ), 95 );
                add_action( 'wp_loaded',                               array( $this, 'override_sidebars_widgets_for_theme_switch' ) );
                add_action( 'customize_controls_init',                 array( $this, 'customize_controls_init' ) );
                add_action( 'customize_register',                      array( $this, 'schedule_customize_register' ), 1 );
@@ -88,200 +109,147 @@ final class WP_Customize_Widgets {
                add_action( 'customize_controls_print_footer_scripts', array( $this, 'print_footer_scripts' ) );
                add_action( 'customize_controls_print_footer_scripts', array( $this, 'output_widget_control_templates' ) );
                add_action( 'customize_preview_init',                  array( $this, 'customize_preview_init' ) );
+               add_filter( 'customize_refresh_nonces',                array( $this, 'refresh_nonces' ) );
 
                add_action( 'dynamic_sidebar',                         array( $this, 'tally_rendered_widgets' ) );
                add_filter( 'is_active_sidebar',                       array( $this, 'tally_sidebars_via_is_active_sidebar_calls' ), 10, 2 );
                add_filter( 'dynamic_sidebar_has_widgets',             array( $this, 'tally_sidebars_via_dynamic_sidebar_calls' ), 10, 2 );
+
+               // Selective Refresh.
+               add_filter( 'customize_dynamic_partial_args',          array( $this, 'customize_dynamic_partial_args' ), 10, 2 );
+               add_action( 'customize_preview_init',                  array( $this, 'selective_refresh_init' ) );
        }
 
        /**
-        * Get an unslashed post value or return a default.
+        * List whether each registered widget can be use selective refresh.
         *
-        * @since 3.9.0
+        * If the theme does not support the customize-selective-refresh-widgets feature,
+        * then this will always return an empty array.
         *
-        * @access protected
+        * @since 4.5.0
+        * @access public
         *
-        * @param string $name    Post value.
-        * @param mixed  $default Default post value.
-        * @return mixed Unslashed post value or default value.
+        * @return array Mapping of id_base to support. If theme doesn't support
+        *               selective refresh, an empty array is returned.
         */
-       protected function get_post_value( $name, $default = null ) {
-               if ( ! isset( $_POST[ $name ] ) ) {
-                       return $default;
+       public function get_selective_refreshable_widgets() {
+               global $wp_widget_factory;
+               if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) {
+                       return array();
                }
-
-               return wp_unslash( $_POST[$name] );
+               if ( ! isset( $this->selective_refreshable_widgets ) ) {
+                       $this->selective_refreshable_widgets = array();
+                       foreach ( $wp_widget_factory->widgets as $wp_widget ) {
+                               $this->selective_refreshable_widgets[ $wp_widget->id_base ] = ! empty( $wp_widget->widget_options['customize_selective_refresh'] );
+                       }
+               }
+               return $this->selective_refreshable_widgets;
        }
 
        /**
-        * Set up widget addition previews.
-        *
-        * Since the widgets get registered on 'widgets_init' before the Customizer
-        * settings are set up on 'customize_register', we have to filter the options
-        * similarly to how the setting previewer will filter the options later.
-        *
-        * @since 3.9.0
+        * Determines if a widget supports selective refresh.
         *
+        * @since 4.5.0
         * @access public
+        *
+        * @param string $id_base Widget ID Base.
+        * @return bool Whether the widget can be selective refreshed.
         */
-       public function setup_widget_addition_previews() {
-               $is_customize_preview = false;
-
-               if ( ! empty( $this->manager ) && ! is_admin() && 'on' === $this->get_post_value( 'wp_customize' ) ) {
-                       $is_customize_preview = check_ajax_referer( 'preview-customize_' . $this->manager->get_stylesheet(), 'nonce', false );
-               }
-
-               $is_ajax_widget_update = false;
-               if ( $this->manager->doing_ajax() && 'update-widget' === $this->get_post_value( 'action' ) ) {
-                       $is_ajax_widget_update = check_ajax_referer( 'update-widget', 'nonce', false );
-               }
-
-               $is_ajax_customize_save = false;
-               if ( $this->manager->doing_ajax() && 'customize_save' === $this->get_post_value( 'action' ) ) {
-                       $is_ajax_customize_save = check_ajax_referer( 'save-customize_' . $this->manager->get_stylesheet(), 'nonce', false );
-               }
-
-               $is_valid_request = ( $is_ajax_widget_update || $is_customize_preview || $is_ajax_customize_save );
-               if ( ! $is_valid_request ) {
-                       return;
-               }
-
-               // Input from Customizer preview.
-               if ( isset( $_POST['customized'] ) ) {
-                       $this->_customized = json_decode( $this->get_post_value( 'customized' ), true );
-               } else { // Input from ajax widget update request.
-                       $this->_customized = array();
-                       $id_base = $this->get_post_value( 'id_base' );
-                       $widget_number = $this->get_post_value( 'widget_number', false );
-                       $option_name = 'widget_' . $id_base;
-                       $this->_customized[ $option_name ] = array();
-                       if ( preg_match( '/^[0-9]+$/', $widget_number ) ) {
-                               $option_name .= '[' . $widget_number . ']';
-                               $this->_customized[ $option_name ][ $widget_number ] = array();
-                       }
-               }
-
-               $function = array( $this, 'prepreview_added_sidebars_widgets' );
-
-               $hook = 'option_sidebars_widgets';
-               add_filter( $hook, $function );
-               $this->_prepreview_added_filters[] = compact( 'hook', 'function' );
-
-               $hook = 'default_option_sidebars_widgets';
-               add_filter( $hook, $function );
-               $this->_prepreview_added_filters[] = compact( 'hook', 'function' );
-
-               $function = array( $this, 'prepreview_added_widget_instance' );
-               foreach ( $this->_customized as $setting_id => $value ) {
-                       if ( preg_match( '/^(widget_.+?)(?:\[(\d+)\])?$/', $setting_id, $matches ) ) {
-                               $option = $matches[1];
-
-                               $hook = sprintf( 'option_%s', $option );
-                               if ( ! has_filter( $hook, $function ) ) {
-                                       add_filter( $hook, $function );
-                                       $this->_prepreview_added_filters[] = compact( 'hook', 'function' );
-                               }
-
-                               $hook = sprintf( 'default_option_%s', $option );
-                               if ( ! has_filter( $hook, $function ) ) {
-                                       add_filter( $hook, $function );
-                                       $this->_prepreview_added_filters[] = compact( 'hook', 'function' );
-                               }
-
-                               /*
-                                * Make sure the option is registered so that the update_option()
-                                * won't fail due to the filters providing a default value, which
-                                * causes the update_option() to get confused.
-                                */
-                               add_option( $option, array() );
-                       }
-               }
+       public function is_widget_selective_refreshable( $id_base ) {
+               $selective_refreshable_widgets = $this->get_selective_refreshable_widgets();
+               return ! empty( $selective_refreshable_widgets[ $id_base ] );
        }
 
        /**
-        * Ensure that newly-added widgets will appear in the widgets_sidebars.
+        * Retrieves the widget setting type given a setting ID.
         *
-        * This is necessary because the Customizer's setting preview filters
-        * are added after the widgets_init action, which is too late for the
-        * widgets to be set up properly.
+        * @since 4.2.0
+        * @access protected
         *
-        * @since 3.9.0
-        * @access public
+        * @staticvar array $cache
         *
-        * @param array $sidebars_widgets Associative array of sidebars and their widgets.
-        * @return array Filtered array of sidebars and their widgets.
+        * @param string $setting_id Setting ID.
+        * @return string|void Setting type.
         */
-       public function prepreview_added_sidebars_widgets( $sidebars_widgets ) {
-               foreach ( $this->_customized as $setting_id => $value ) {
-                       if ( preg_match( '/^sidebars_widgets\[(.+?)\]$/', $setting_id, $matches ) ) {
-                               $sidebar_id = $matches[1];
-                               $sidebars_widgets[ $sidebar_id ] = $value;
+       protected function get_setting_type( $setting_id ) {
+               static $cache = array();
+               if ( isset( $cache[ $setting_id ] ) ) {
+                       return $cache[ $setting_id ];
+               }
+               foreach ( $this->setting_id_patterns as $type => $pattern ) {
+                       if ( preg_match( $pattern, $setting_id ) ) {
+                               $cache[ $setting_id ] = $type;
+                               return $type;
                        }
                }
-               return $sidebars_widgets;
        }
 
        /**
-        * Ensure newly-added widgets have empty instances so they
-        * will be recognized.
+        * Inspects the incoming customized data for any widget settings, and dynamically adds
+        * them up-front so widgets will be initialized properly.
         *
-        * This is necessary because the Customizer's setting preview
-        * filters are added after the widgets_init action, which is
-        * too late for the widgets to be set up properly.
-        *
-        * @since 3.9.0
+        * @since 4.2.0
         * @access public
-        *
-        * @param array|bool|mixed $value Widget instance(s), false if open was empty.
-        * @return array|mixed Widget instance(s) with additions.
         */
-       public function prepreview_added_widget_instance( $value = false ) {
-               if ( ! preg_match( '/^(?:default_)?option_(widget_(.+))/', current_filter(), $matches ) ) {
-                       return $value;
+       public function register_settings() {
+               $widget_setting_ids = array();
+               $incoming_setting_ids = array_keys( $this->manager->unsanitized_post_values() );
+               foreach ( $incoming_setting_ids as $setting_id ) {
+                       if ( ! is_null( $this->get_setting_type( $setting_id ) ) ) {
+                               $widget_setting_ids[] = $setting_id;
+                       }
+               }
+               if ( $this->manager->doing_ajax( 'update-widget' ) && isset( $_REQUEST['widget-id'] ) ) {
+                       $widget_setting_ids[] = $this->get_setting_id( wp_unslash( $_REQUEST['widget-id'] ) );
                }
-               $id_base = $matches[2];
 
-               foreach ( $this->_customized as $setting_id => $setting ) {
-                       $parsed_setting_id = $this->parse_widget_setting_id( $setting_id );
-                       if ( is_wp_error( $parsed_setting_id ) || $id_base !== $parsed_setting_id['id_base'] ) {
-                               continue;
-                       }
-                       $widget_number = $parsed_setting_id['number'];
+               $settings = $this->manager->add_dynamic_settings( array_unique( $widget_setting_ids ) );
 
-                       if ( is_null( $widget_number ) ) {
-                               // Single widget.
-                               if ( false === $value ) {
-                                       $value = array();
-                               }
-                       } else {
-                               // Multi widget.
-                               if ( empty( $value ) ) {
-                                       $value = array( '_multiwidget' => 1 );
-                               }
-                               if ( ! isset( $value[ $widget_number ] ) ) {
-                                       $value[ $widget_number ] = array();
-                               }
+               /*
+                * Preview settings right away so that widgets and sidebars will get registered properly.
+                * But don't do this if a customize_save because this will cause WP to think there is nothing
+                * changed that needs to be saved.
+                */
+               if ( ! $this->manager->doing_ajax( 'customize_save' ) ) {
+                       foreach ( $settings as $setting ) {
+                               $setting->preview();
                        }
                }
-
-               return $value;
        }
 
        /**
-        * Remove pre-preview filters.
+        * Determines the arguments for a dynamically-created setting.
+        *
+        * @since 4.2.0
+        * @access public
         *
-        * Removes filters added in setup_widget_addition_previews()
-        * to ensure widgets are populating the options during
-        * 'widgets_init'.
+        * @param false|array $args       The arguments to the WP_Customize_Setting constructor.
+        * @param string      $setting_id ID for dynamic setting, usually coming from `$_POST['customized']`.
+        * @return false|array Setting arguments, false otherwise.
+        */
+       public function filter_customize_dynamic_setting_args( $args, $setting_id ) {
+               if ( $this->get_setting_type( $setting_id ) ) {
+                       $args = $this->get_setting_args( $setting_id );
+               }
+               return $args;
+       }
+
+       /**
+        * Retrieves an unslashed post value or return a default.
         *
         * @since 3.9.0
-        * @access public
+        * @access protected
+        *
+        * @param string $name    Post value.
+        * @param mixed  $default Default post value.
+        * @return mixed Unslashed post value or default value.
         */
-       public function remove_prepreview_filters() {
-               foreach ( $this->_prepreview_added_filters as $prepreview_added_filter ) {
-                       remove_filter( $prepreview_added_filter['hook'], $prepreview_added_filter['function'] );
+       protected function get_post_value( $name, $default = null ) {
+               if ( ! isset( $_POST[ $name ] ) ) {
+                       return $default;
                }
-               $this->_prepreview_added_filters = array();
+
+               return wp_unslash( $_POST[ $name ] );
        }
 
        /**
@@ -295,6 +263,9 @@ final class WP_Customize_Widgets {
         *
         * @since 3.9.0
         * @access public
+        *
+        * @global array $sidebars_widgets
+        * @global array $_wp_sidebars_widgets
         */
        public function override_sidebars_widgets_for_theme_switch() {
                global $sidebars_widgets;
@@ -310,39 +281,45 @@ final class WP_Customize_Widgets {
                $sidebars_widgets = $this->old_sidebars_widgets;
                $sidebars_widgets = retrieve_widgets( 'customize' );
                add_filter( 'option_sidebars_widgets', array( $this, 'filter_option_sidebars_widgets_for_theme_switch' ), 1 );
+               // reset global cache var used by wp_get_sidebars_widgets()
+               unset( $GLOBALS['_wp_sidebars_widgets'] );
        }
 
        /**
-        * Filter old_sidebars_widgets_data Customizer setting.
+        * Filters old_sidebars_widgets_data Customizer setting.
         *
-        * When switching themes, filter the Customizer setting
-        * old_sidebars_widgets_data to supply initial $sidebars_widgets before they
-        * were overridden by retrieve_widgets(). The value for
-        * old_sidebars_widgets_data gets set in the old theme's sidebars_widgets
+        * When switching themes, filter the Customizer setting old_sidebars_widgets_data
+        * to supply initial $sidebars_widgets before they were overridden by retrieve_widgets().
+        * The value for old_sidebars_widgets_data gets set in the old theme's sidebars_widgets
         * theme_mod.
         *
-        * @see WP_Customize_Widgets::handle_theme_switch()
         * @since 3.9.0
         * @access public
         *
+        * @see WP_Customize_Widgets::handle_theme_switch()
+        *
         * @param array $old_sidebars_widgets
+        * @return array
         */
        public function filter_customize_value_old_sidebars_widgets_data( $old_sidebars_widgets ) {
                return $this->old_sidebars_widgets;
        }
 
        /**
-        * Filter sidebars_widgets option for theme switch.
+        * Filters sidebars_widgets option for theme switch.
         *
-        * When switching themes, the retrieve_widgets() function is run when the
-        * Customizer initializes, and then the new sidebars_widgets here get
-        * supplied as the default value for the sidebars_widgets option.
+        * When switching themes, the retrieve_widgets() function is run when the Customizer initializes,
+        * and then the new sidebars_widgets here get supplied as the default value for the sidebars_widgets
+        * option.
         *
-        * @see WP_Customize_Widgets::handle_theme_switch()
         * @since 3.9.0
         * @access public
         *
+        * @see WP_Customize_Widgets::handle_theme_switch()
+        * @global array $sidebars_widgets
+        *
         * @param array $sidebars_widgets
+        * @return array
         */
        public function filter_option_sidebars_widgets_for_theme_switch( $sidebars_widgets ) {
                $sidebars_widgets = $GLOBALS['sidebars_widgets'];
@@ -351,7 +328,7 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Make sure all widgets get loaded into the Customizer.
+        * Ensures all widgets get loaded into the Customizer.
         *
         * Note: these actions are also fired in wp_ajax_update_widget().
         *
@@ -370,17 +347,16 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Ensure widgets are available for all types of previews.
+        * Ensures widgets are available for all types of previews.
         *
-        * When in preview, hook to 'customize_register' for settings
-        * after WordPress is loaded so that all filters have been
-        * initialized (e.g. Widget Visibility).
+        * When in preview, hook to {@see 'customize_register'} for settings after WordPress is loaded
+        * so that all filters have been initialized (e.g. Widget Visibility).
         *
         * @since 3.9.0
         * @access public
         */
        public function schedule_customize_register() {
-               if ( is_admin() ) { // @todo for some reason, $wp_customize->is_preview() is true here?
+               if ( is_admin() ) {
                        $this->customize_register();
                } else {
                        add_action( 'wp', array( $this, 'customize_register' ) );
@@ -388,17 +364,23 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Register Customizer settings and controls for all sidebars and widgets.
+        * Registers Customizer settings and controls for all sidebars and widgets.
         *
         * @since 3.9.0
         * @access public
+        *
+        * @global array $wp_registered_widgets
+        * @global array $wp_registered_widget_controls
+        * @global array $wp_registered_sidebars
         */
        public function customize_register() {
                global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_sidebars;
 
+               add_filter( 'sidebars_widgets', array( $this, 'preview_sidebars_widgets' ), 1 );
+
                $sidebars_widgets = array_merge(
                        array( 'wp_inactive_widgets' => array() ),
-                       array_fill_keys( array_keys( $GLOBALS['wp_registered_sidebars'] ), array() ),
+                       array_fill_keys( array_keys( $wp_registered_sidebars ), array() ),
                        wp_get_sidebars_widgets()
                );
 
@@ -412,31 +394,31 @@ final class WP_Customize_Widgets {
                foreach ( array_keys( $wp_registered_widgets ) as $widget_id ) {
                        $setting_id   = $this->get_setting_id( $widget_id );
                        $setting_args = $this->get_setting_args( $setting_id );
-
-                       $setting_args['sanitize_callback']    = array( $this, 'sanitize_widget_instance' );
-                       $setting_args['sanitize_js_callback'] = array( $this, 'sanitize_widget_js_instance' );
-
-                       $this->manager->add_setting( $setting_id, $setting_args );
-
+                       if ( ! $this->manager->get_setting( $setting_id ) ) {
+                               $this->manager->add_setting( $setting_id, $setting_args );
+                       }
                        $new_setting_ids[] = $setting_id;
                }
 
                /*
                 * Add a setting which will be supplied for the theme's sidebars_widgets
-                * theme_mod when the the theme is switched.
+                * theme_mod when the theme is switched.
                 */
                if ( ! $this->manager->is_theme_active() ) {
                        $setting_id = 'old_sidebars_widgets_data';
                        $setting_args = $this->get_setting_args( $setting_id, array(
                                'type' => 'global_variable',
+                               'dirty' => true,
                        ) );
                        $this->manager->add_setting( $setting_id, $setting_args );
                }
 
                $this->manager->add_panel( 'widgets', array(
-                       'title'       => __( 'Widgets' ),
-                       'description' => __( 'Widgets are independent sections of content that can be placed into widgetized areas provided by your theme (commonly called sidebars).' ),
-                       'priority'    => 110,
+                       'type'            => 'widgets',
+                       'title'           => __( 'Widgets' ),
+                       'description'     => __( 'Widgets are independent sections of content that can be placed into widgetized areas provided by your theme (commonly called sidebars).' ),
+                       'priority'        => 110,
+                       'active_callback' => array( $this, 'is_panel_active' ),
                ) );
 
                foreach ( $sidebars_widgets as $sidebar_id => $sidebar_widget_ids ) {
@@ -444,7 +426,7 @@ final class WP_Customize_Widgets {
                                $sidebar_widget_ids = array();
                        }
 
-                       $is_registered_sidebar = isset( $GLOBALS['wp_registered_sidebars'][$sidebar_id] );
+                       $is_registered_sidebar = is_registered_sidebar( $sidebar_id );
                        $is_inactive_widgets   = ( 'wp_inactive_widgets' === $sidebar_id );
                        $is_active_sidebar     = ( $is_registered_sidebar && ! $is_inactive_widgets );
 
@@ -452,11 +434,12 @@ final class WP_Customize_Widgets {
                        if ( $is_registered_sidebar || $is_inactive_widgets ) {
                                $setting_id   = sprintf( 'sidebars_widgets[%s]', $sidebar_id );
                                $setting_args = $this->get_setting_args( $setting_id );
-
-                               $setting_args['sanitize_callback']    = array( $this, 'sanitize_sidebar_widgets' );
-                               $setting_args['sanitize_js_callback'] = array( $this, 'sanitize_sidebar_widgets_js_instance' );
-
-                               $this->manager->add_setting( $setting_id, $setting_args );
+                               if ( ! $this->manager->get_setting( $setting_id ) ) {
+                                       if ( ! $this->manager->is_theme_active() ) {
+                                               $setting_args['dirty'] = true;
+                                       }
+                                       $this->manager->add_setting( $setting_id, $setting_args );
+                               }
                                $new_setting_ids[] = $setting_id;
 
                                // Add section to contain controls.
@@ -464,15 +447,15 @@ final class WP_Customize_Widgets {
                                if ( $is_active_sidebar ) {
 
                                        $section_args = array(
-                                               'title' => $GLOBALS['wp_registered_sidebars'][ $sidebar_id ]['name'],
-                                               'description' => $GLOBALS['wp_registered_sidebars'][ $sidebar_id ]['description'],
+                                               'title' => $wp_registered_sidebars[ $sidebar_id ]['name'],
+                                               'description' => $wp_registered_sidebars[ $sidebar_id ]['description'],
                                                'priority' => array_search( $sidebar_id, array_keys( $wp_registered_sidebars ) ),
                                                'panel' => 'widgets',
                                                'sidebar_id' => $sidebar_id,
                                        );
 
                                        /**
-                                        * Filter Customizer widget section arguments for a given sidebar.
+                                        * Filters Customizer widget section arguments for a given sidebar.
                                         *
                                         * @since 3.9.0
                                         *
@@ -500,13 +483,13 @@ final class WP_Customize_Widgets {
                        foreach ( $sidebar_widget_ids as $i => $widget_id ) {
 
                                // Skip widgets that may have gone away due to a plugin being deactivated.
-                               if ( ! $is_active_sidebar || ! isset( $GLOBALS['wp_registered_widgets'][$widget_id] ) ) {
+                               if ( ! $is_active_sidebar || ! isset( $wp_registered_widgets[$widget_id] ) ) {
                                        continue;
                                }
 
-                               $registered_widget = $GLOBALS['wp_registered_widgets'][$widget_id];
+                               $registered_widget = $wp_registered_widgets[$widget_id];
                                $setting_id        = $this->get_setting_id( $widget_id );
-                               $id_base           = $GLOBALS['wp_registered_widget_controls'][$widget_id]['id_base'];
+                               $id_base           = $wp_registered_widget_controls[$widget_id]['id_base'];
 
                                $control = new WP_Widget_Form_Customize_Control( $this->manager, $setting_id, array(
                                        'label'          => $registered_widget['name'],
@@ -523,20 +506,31 @@ final class WP_Customize_Widgets {
                        }
                }
 
-               /*
-                * We have to register these settings later than customize_preview_init
-                * so that other filters have had a chance to run.
-                */
-               if ( did_action( 'customize_preview_init' ) ) {
+               if ( ! $this->manager->doing_ajax( 'customize_save' ) ) {
                        foreach ( $new_setting_ids as $new_setting_id ) {
                                $this->manager->get_setting( $new_setting_id )->preview();
                        }
                }
-               $this->remove_prepreview_filters();
        }
 
        /**
-        * Covert a widget_id into its corresponding Customizer setting ID (option name).
+        * Determines whether the widgets panel is active, based on whether there are sidebars registered.
+        *
+        * @since 4.4.0
+        * @access public
+        *
+        * @see WP_Customize_Panel::$active_callback
+        *
+        * @global array $wp_registered_sidebars
+        * @return bool Active.
+        */
+       public function is_panel_active() {
+               global $wp_registered_sidebars;
+               return ! empty( $wp_registered_sidebars );
+       }
+
+       /**
+        * Converts a widget_id into its corresponding Customizer setting ID (option name).
         *
         * @since 3.9.0
         * @access public
@@ -555,18 +549,20 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Determine whether the widget is considered "wide".
+        * Determines whether the widget is considered "wide".
+        *
+        * Core widgets which may have controls wider than 250, but can still be shown
+        * in the narrow Customizer panel. The RSS and Text widgets in Core, for example,
+        * have widths of 400 and yet they still render fine in the Customizer panel.
         *
-        * Core widgets which may have controls wider than 250, but can
-        * still be shown in the narrow Customizer panel. The RSS and Text
-        * widgets in Core, for example, have widths of 400 and yet they
-        * still render fine in the Customizer panel. This method will
-        * return all Core widgets as being not wide, but this can be
-        * overridden with the is_wide_widget_in_customizer filter.
+        * This method will return all Core widgets as being not wide, but this can be
+        * overridden with the {@see 'is_wide_widget_in_customizer'} filter.
         *
         * @since 3.9.0
         * @access public
         *
+        * @global $wp_registered_widget_controls
+        *
         * @param string $widget_id Widget ID.
         * @return bool Whether or not the widget is a "wide" widget.
         */
@@ -579,7 +575,7 @@ final class WP_Customize_Widgets {
                $is_wide          = ( $width > 250 && ! $is_core );
 
                /**
-                * Filter whether the given widget is considered "wide".
+                * Filters whether the given widget is considered "wide".
                 *
                 * @since 3.9.0
                 *
@@ -590,7 +586,7 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Covert a widget ID into its id_base and number components.
+        * Converts a widget ID into its id_base and number components.
         *
         * @since 3.9.0
         * @access public
@@ -615,7 +611,7 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Convert a widget setting ID (option path) to its id_base and number components.
+        * Converts a widget setting ID (option path) to its id_base and number components.
         *
         * @since 3.9.0
         * @access public
@@ -636,7 +632,7 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Call admin_print_styles-widgets.php and admin_print_styles hooks to
+        * Calls admin_print_styles-widgets.php and admin_print_styles hooks to
         * allow custom styles from plugins.
         *
         * @since 3.9.0
@@ -651,7 +647,7 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Call admin_print_scripts-widgets.php and admin_print_scripts hooks to
+        * Calls admin_print_scripts-widgets.php and admin_print_scripts hooks to
         * allow custom scripts from plugins.
         *
         * @since 3.9.0
@@ -666,12 +662,18 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Enqueue scripts and styles for Customizer panel and export data to JavaScript.
+        * Enqueues scripts and styles for Customizer panel and export data to JavaScript.
         *
         * @since 3.9.0
         * @access public
+        *
+        * @global WP_Scripts $wp_scripts
+        * @global array $wp_registered_sidebars
+        * @global array $wp_registered_widgets
         */
        public function enqueue_scripts() {
+               global $wp_scripts, $wp_registered_sidebars, $wp_registered_widgets;
+
                wp_enqueue_style( 'customize-widgets' );
                wp_enqueue_script( 'customize-widgets' );
 
@@ -715,12 +717,9 @@ final class WP_Customize_Widgets {
                        </div>'
                );
 
-               global $wp_scripts;
-
                $settings = array(
-                       'nonce'                => wp_create_nonce( 'update-widget' ),
-                       'registeredSidebars'   => array_values( $GLOBALS['wp_registered_sidebars'] ),
-                       'registeredWidgets'    => $GLOBALS['wp_registered_widgets'],
+                       'registeredSidebars'   => array_values( $wp_registered_sidebars ),
+                       'registeredWidgets'    => $wp_registered_widgets,
                        'availableWidgets'     => $available_widgets, // @todo Merge this with registered_widgets
                        'l10n' => array(
                                'saveBtnLabel'     => __( 'Apply' ),
@@ -730,11 +729,17 @@ final class WP_Customize_Widgets {
                                'error'            => __( 'An error has occurred. Please reload the page and try again.' ),
                                'widgetMovedUp'    => __( 'Widget moved up' ),
                                'widgetMovedDown'  => __( 'Widget moved down' ),
+                               'noAreasRendered'  => __( 'There are no widget areas currently rendered in the preview. Navigate in the preview to a template that makes use of a widget area in order to access its widgets here.' ),
+                               'reorderModeOn'    => __( 'Reorder mode enabled' ),
+                               'reorderModeOff'   => __( 'Reorder mode closed' ),
+                               'reorderLabelOn'   => esc_attr__( 'Reorder widgets' ),
+                               'reorderLabelOff'  => esc_attr__( 'Close reorder mode' ),
                        ),
                        'tpl' => array(
                                'widgetReorderNav' => $widget_reorder_nav_tpl,
                                'moveWidgetArea'   => $move_widget_area_tpl,
                        ),
+                       'selectiveRefreshableWidgets' => $this->get_selective_refreshable_widgets(),
                );
 
                foreach ( $settings['registeredWidgets'] as &$registered_widget ) {
@@ -749,7 +754,7 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Render the widget form control templates into the DOM.
+        * Renders the widget form control templates into the DOM.
         *
         * @since 3.9.0
         * @access public
@@ -758,28 +763,45 @@ final class WP_Customize_Widgets {
                ?>
                <div id="widgets-left"><!-- compatibility with JS which looks for widget templates here -->
                <div id="available-widgets">
+                       <div class="customize-section-title">
+                               <button class="customize-section-back" tabindex="-1">
+                                       <span class="screen-reader-text"><?php _e( 'Back' ); ?></span>
+                               </button>
+                               <h3>
+                                       <span class="customize-action"><?php
+                                               /* translators: &#9656; is the unicode right-pointing triangle, and %s is the section title in the Customizer */
+                                               echo sprintf( __( 'Customizing &#9656; %s' ), esc_html( $this->manager->get_panel( 'widgets' )->title ) );
+                                       ?></span>
+                                       <?php _e( 'Add a Widget' ); ?>
+                               </h3>
+                       </div>
                        <div id="available-widgets-filter">
                                <label class="screen-reader-text" for="widgets-search"><?php _e( 'Search Widgets' ); ?></label>
                                <input type="search" id="widgets-search" placeholder="<?php esc_attr_e( 'Search widgets&hellip;' ) ?>" />
                        </div>
+                       <div id="available-widgets-list">
                        <?php foreach ( $this->get_available_widgets() as $available_widget ): ?>
                                <div id="widget-tpl-<?php echo esc_attr( $available_widget['id'] ) ?>" data-widget-id="<?php echo esc_attr( $available_widget['id'] ) ?>" class="widget-tpl <?php echo esc_attr( $available_widget['id'] ) ?>" tabindex="0">
                                        <?php echo $available_widget['control_tpl']; ?>
                                </div>
                        <?php endforeach; ?>
+                       </div><!-- #available-widgets-list -->
                </div><!-- #available-widgets -->
                </div><!-- #widgets-left -->
                <?php
        }
 
        /**
-        * Call admin_print_footer_scripts and admin_print_scripts hooks to
+        * Calls admin_print_footer_scripts and admin_print_scripts hooks to
         * allow custom scripts from plugins.
         *
         * @since 3.9.0
         * @access public
         */
        public function print_footer_scripts() {
+               /** This action is documented in wp-admin/admin-footer.php */
+               do_action( 'admin_print_footer_scripts-widgets.php' );
+
                /** This action is documented in wp-admin/admin-footer.php */
                do_action( 'admin_print_footer_scripts' );
 
@@ -788,7 +810,7 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Get common arguments to supply when constructing a Customizer setting.
+        * Retrieves common arguments to supply when constructing a Customizer setting.
         *
         * @since 3.9.0
         * @access public
@@ -801,13 +823,23 @@ final class WP_Customize_Widgets {
                $args = array(
                        'type'       => 'option',
                        'capability' => 'edit_theme_options',
-                       'transport'  => 'refresh',
                        'default'    => array(),
                );
+
+               if ( preg_match( $this->setting_id_patterns['sidebar_widgets'], $id, $matches ) ) {
+                       $args['sanitize_callback'] = array( $this, 'sanitize_sidebar_widgets' );
+                       $args['sanitize_js_callback'] = array( $this, 'sanitize_sidebar_widgets_js_instance' );
+                       $args['transport'] = current_theme_supports( 'customize-selective-refresh-widgets' ) ? 'postMessage' : 'refresh';
+               } elseif ( preg_match( $this->setting_id_patterns['widget_instance'], $id, $matches ) ) {
+                       $args['sanitize_callback'] = array( $this, 'sanitize_widget_instance' );
+                       $args['sanitize_js_callback'] = array( $this, 'sanitize_widget_js_instance' );
+                       $args['transport'] = $this->is_widget_selective_refreshable( $matches['id_base'] ) ? 'postMessage' : 'refresh';
+               }
+
                $args = array_merge( $args, $overrides );
 
                /**
-                * Filter the common arguments supplied when constructing a Customizer setting.
+                * Filters the common arguments supplied when constructing a Customizer setting.
                 *
                 * @since 3.9.0
                 *
@@ -820,7 +852,7 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Make sure that sidebar widget arrays only ever contain widget IDS.
+        * Ensures sidebar widget arrays only ever contain widget IDS.
         *
         * Used as the 'sanitize_callback' for each $sidebars_widgets setting.
         *
@@ -831,25 +863,24 @@ final class WP_Customize_Widgets {
         * @return array Array of sanitized widget IDs.
         */
        public function sanitize_sidebar_widgets( $widget_ids ) {
-               global $wp_registered_widgets;
-
-               $widget_ids           = array_map( 'strval', (array) $widget_ids );
+               $widget_ids = array_map( 'strval', (array) $widget_ids );
                $sanitized_widget_ids = array();
-
                foreach ( $widget_ids as $widget_id ) {
-                       if ( array_key_exists( $widget_id, $wp_registered_widgets ) ) {
-                               $sanitized_widget_ids[] = $widget_id;
-                       }
+                       $sanitized_widget_ids[] = preg_replace( '/[^a-z0-9_\-]/', '', $widget_id );
                }
                return $sanitized_widget_ids;
        }
 
        /**
-        * Build up an index of all available widgets for use in Backbone models.
+        * Builds up an index of all available widgets for use in Backbone models.
         *
         * @since 3.9.0
         * @access public
         *
+        * @global array $wp_registered_widgets
+        * @global array $wp_registered_widget_controls
+        * @staticvar array $available_widgets
+        *
         * @see wp_list_widgets()
         *
         * @return array List of available widgets.
@@ -915,7 +946,7 @@ final class WP_Customize_Widgets {
                                'multi_number' => ( $args['_add'] === 'multi' ) ? $args['_multi_num'] : false,
                                'is_disabled'  => $is_disabled,
                                'id_base'      => $id_base,
-                               'transport'    => 'refresh',
+                               'transport'    => $this->is_widget_selective_refreshable( $id_base ) ? 'postMessage' : 'refresh',
                                'width'        => $wp_registered_widget_controls[$widget['id']]['width'],
                                'height'       => $wp_registered_widget_controls[$widget['id']]['height'],
                                'is_wide'      => $this->is_wide_widget( $widget['id'] ),
@@ -928,10 +959,9 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Naturally order available widgets by name.
+        * Naturally orders available widgets by name.
         *
         * @since 3.9.0
-        * @static
         * @access protected
         *
         * @param array $widget_a The first widget to compare.
@@ -943,7 +973,7 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Get the widget control markup.
+        * Retrieves the widget control markup.
         *
         * @since 3.9.0
         * @access public
@@ -952,73 +982,111 @@ final class WP_Customize_Widgets {
         * @return string Widget control form HTML markup.
         */
        public function get_widget_control( $args ) {
+               $args[0]['before_form'] = '<div class="form">';
+               $args[0]['after_form'] = '</div><!-- .form -->';
+               $args[0]['before_widget_content'] = '<div class="widget-content">';
+               $args[0]['after_widget_content'] = '</div><!-- .widget-content -->';
                ob_start();
-
                call_user_func_array( 'wp_widget_control', $args );
-               $replacements = array(
-                       '<form action="" method="post">' => '<div class="form">',
-                       '</form>' => '</div><!-- .form -->',
-               );
-
                $control_tpl = ob_get_clean();
+               return $control_tpl;
+       }
 
-               $control_tpl = str_replace( array_keys( $replacements ), array_values( $replacements ), $control_tpl );
+       /**
+        * Retrieves the widget control markup parts.
+        *
+        * @since 4.4.0
+        * @access public
+        *
+        * @param array $args Widget control arguments.
+        * @return array {
+        *     @type string $control Markup for widget control wrapping form.
+        *     @type string $content The contents of the widget form itself.
+        * }
+        */
+       public function get_widget_control_parts( $args ) {
+               $args[0]['before_widget_content'] = '<div class="widget-content">';
+               $args[0]['after_widget_content'] = '</div><!-- .widget-content -->';
+               $control_markup = $this->get_widget_control( $args );
+
+               $content_start_pos = strpos( $control_markup, $args[0]['before_widget_content'] );
+               $content_end_pos = strrpos( $control_markup, $args[0]['after_widget_content'] );
+
+               $control = substr( $control_markup, 0, $content_start_pos + strlen( $args[0]['before_widget_content'] ) );
+               $control .= substr( $control_markup, $content_end_pos );
+               $content = trim( substr(
+                       $control_markup,
+                       $content_start_pos + strlen( $args[0]['before_widget_content'] ),
+                       $content_end_pos - $content_start_pos - strlen( $args[0]['before_widget_content'] )
+               ) );
 
-               return $control_tpl;
+               return compact( 'control', 'content' );
        }
 
        /**
-        * Add hooks for the Customizer preview.
+        * Adds hooks for the Customizer preview.
         *
         * @since 3.9.0
         * @access public
         */
        public function customize_preview_init() {
-               add_filter( 'sidebars_widgets',   array( $this, 'preview_sidebars_widgets' ), 1 );
                add_action( 'wp_enqueue_scripts', array( $this, 'customize_preview_enqueue' ) );
                add_action( 'wp_print_styles',    array( $this, 'print_preview_css' ), 1 );
                add_action( 'wp_footer',          array( $this, 'export_preview_data' ), 20 );
        }
 
        /**
-        * When previewing, make sure the proper previewing widgets are used.
+        * Refreshes the nonce for widget updates.
         *
-        * Because wp_get_sidebars_widgets() gets called early at init
-        * (via wp_convert_widget_settings()) and can set global variable
-        * $_wp_sidebars_widgets to the value of get_option( 'sidebars_widgets' )
-        * before the Customizer preview filter is added, we have to reset
-        * it after the filter has been added.
+        * @since 4.2.0
+        * @access public
+        *
+        * @param  array $nonces Array of nonces.
+        * @return array $nonces Array of nonces.
+        */
+       public function refresh_nonces( $nonces ) {
+               $nonces['update-widget'] = wp_create_nonce( 'update-widget' );
+               return $nonces;
+       }
+
+       /**
+        * When previewing, ensures the proper previewing widgets are used.
+        *
+        * Because wp_get_sidebars_widgets() gets called early at {@see 'init' } (via
+        * wp_convert_widget_settings()) and can set global variable `$_wp_sidebars_widgets`
+        * to the value of `get_option( 'sidebars_widgets' )` before the Customizer preview
+        * filter is added, it has to be reset after the filter has been added.
         *
         * @since 3.9.0
         * @access public
         *
         * @param array $sidebars_widgets List of widgets for the current sidebar.
+        * @return array
         */
        public function preview_sidebars_widgets( $sidebars_widgets ) {
-               $sidebars_widgets = get_option( 'sidebars_widgets' );
+               $sidebars_widgets = get_option( 'sidebars_widgets', array() );
 
                unset( $sidebars_widgets['array_version'] );
                return $sidebars_widgets;
        }
 
        /**
-        * Enqueue scripts for the Customizer preview.
+        * Enqueues scripts for the Customizer preview.
         *
         * @since 3.9.0
         * @access public
         */
        public function customize_preview_enqueue() {
                wp_enqueue_script( 'customize-preview-widgets' );
+               wp_enqueue_style( 'customize-preview' );
        }
 
        /**
-        * Insert default style for highlighted widget at early point so theme
+        * Inserts default style for highlighted widget at early point so theme
         * stylesheet can override.
         *
         * @since 3.9.0
         * @access public
-        *
-        * @action wp_print_styles
         */
        public function print_preview_css() {
                ?>
@@ -1035,23 +1103,28 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * At the very end of the page, at the very end of the wp_footer,
-        * communicate the sidebars that appeared on the page.
+        * Communicates the sidebars that appeared on the page at the very end of the page,
+        * and at the very end of the wp_footer,
         *
         * @since 3.9.0
         * @access public
+     *
+        * @global array $wp_registered_sidebars
+        * @global array $wp_registered_widgets
         */
        public function export_preview_data() {
+               global $wp_registered_sidebars, $wp_registered_widgets;
 
                // Prepare Customizer settings to pass to JavaScript.
                $settings = array(
                        'renderedSidebars'   => array_fill_keys( array_unique( $this->rendered_sidebars ), true ),
                        'renderedWidgets'    => array_fill_keys( array_keys( $this->rendered_widgets ), true ),
-                       'registeredSidebars' => array_values( $GLOBALS['wp_registered_sidebars'] ),
-                       'registeredWidgets'  => $GLOBALS['wp_registered_widgets'],
+                       'registeredSidebars' => array_values( $wp_registered_sidebars ),
+                       'registeredWidgets'  => $wp_registered_widgets,
                        'l10n'               => array(
-                               'widgetTooltip' => __( 'Shift-click to edit this widget.' ),
+                               'widgetTooltip'  => __( 'Shift-click to edit this widget.' ),
                        ),
+                       'selectiveRefreshableWidgets' => $this->get_selective_refreshable_widgets(),
                );
                foreach ( $settings['registeredWidgets'] as &$registered_widget ) {
                        unset( $registered_widget['callback'] ); // may not be JSON-serializeable
@@ -1065,7 +1138,7 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Keep track of the widgets that were rendered.
+        * Tracks the widgets that were rendered.
         *
         * @since 3.9.0
         * @access public
@@ -1090,7 +1163,7 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Determine if a sidebar is rendered on the page.
+        * Determines if a sidebar is rendered on the page.
         *
         * @since 4.0.0
         * @access public
@@ -1103,21 +1176,21 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Tally the sidebars rendered via is_active_sidebar().
+        * Tallies the sidebars rendered via is_active_sidebar().
         *
-        * Keep track of the times that is_active_sidebar() is called
-        * in the template, and assume that this means that the sidebar
-        * would be rendered on the template if there were widgets
-        * populating it.
+        * Keep track of the times that is_active_sidebar() is called in the template,
+        * and assume that this means that the sidebar would be rendered on the template
+        * if there were widgets populating it.
         *
         * @since 3.9.0
         * @access public
         *
         * @param bool   $is_active  Whether the sidebar is active.
         * @param string $sidebar_id Sidebar ID.
+        * @return bool Whether the sidebar is active.
         */
        public function tally_sidebars_via_is_active_sidebar_calls( $is_active, $sidebar_id ) {
-               if ( isset( $GLOBALS['wp_registered_sidebars'][$sidebar_id] ) ) {
+               if ( is_registered_sidebar( $sidebar_id ) ) {
                        $this->rendered_sidebars[] = $sidebar_id;
                }
                /*
@@ -1129,7 +1202,7 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Tally the sidebars rendered via dynamic_sidebar().
+        * Tallies the sidebars rendered via dynamic_sidebar().
         *
         * Keep track of the times that dynamic_sidebar() is called in the template,
         * and assume this means the sidebar would be rendered on the template if
@@ -1140,9 +1213,10 @@ final class WP_Customize_Widgets {
         *
         * @param bool   $has_widgets Whether the current sidebar has widgets.
         * @param string $sidebar_id  Sidebar ID.
+        * @return bool Whether the current sidebar has widgets.
         */
        public function tally_sidebars_via_dynamic_sidebar_calls( $has_widgets, $sidebar_id ) {
-               if ( isset( $GLOBALS['wp_registered_sidebars'][$sidebar_id] ) ) {
+               if ( is_registered_sidebar( $sidebar_id ) ) {
                        $this->rendered_sidebars[] = $sidebar_id;
                }
 
@@ -1155,7 +1229,7 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Get MAC for a serialized widget instance string.
+        * Retrieves MAC for a serialized widget instance string.
         *
         * Allows values posted back from JS to be rejected if any tampering of the
         * data has occurred.
@@ -1171,16 +1245,16 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Sanitize a widget instance.
+        * Sanitizes a widget instance.
         *
-        * Unserialize the JS-instance for storing in the options. It's important
-        * that this filter only get applied to an instance once.
+        * Unserialize the JS-instance for storing in the options. It's important that this filter
+        * only get applied to an instance *once*.
         *
         * @since 3.9.0
         * @access public
         *
         * @param array $value Widget instance to sanitize.
-        * @return array Sanitized widget instance.
+        * @return array|void Sanitized widget instance.
         */
        public function sanitize_widget_instance( $value ) {
                if ( $value === array() ) {
@@ -1191,28 +1265,28 @@ final class WP_Customize_Widgets {
                        || empty( $value['instance_hash_key'] )
                        || empty( $value['encoded_serialized_instance'] ) )
                {
-                       return null;
+                       return;
                }
 
                $decoded = base64_decode( $value['encoded_serialized_instance'], true );
                if ( false === $decoded ) {
-                       return null;
+                       return;
                }
 
-               if ( $this->get_instance_hash_key( $decoded ) !== $value['instance_hash_key'] ) {
-                       return null;
+               if ( ! hash_equals( $this->get_instance_hash_key( $decoded ), $value['instance_hash_key'] ) ) {
+                       return;
                }
 
                $instance = unserialize( $decoded );
                if ( false === $instance ) {
-                       return null;
+                       return;
                }
 
                return $instance;
        }
 
        /**
-        * Convert widget instance into JSON-representable format.
+        * Converts a widget instance into JSON-representable format.
         *
         * @since 3.9.0
         * @access public
@@ -1235,7 +1309,7 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Strip out widget IDs for widgets which are no longer registered.
+        * Strips out widget IDs for widgets which are no longer registered.
         *
         * One example where this might happen is when a plugin orphans a widget
         * in a sidebar upon deactivation.
@@ -1243,6 +1317,8 @@ final class WP_Customize_Widgets {
         * @since 3.9.0
         * @access public
         *
+        * @global array $wp_registered_widgets
+        *
         * @param array $widget_ids List of widget IDs.
         * @return array Parsed list of widget IDs.
         */
@@ -1253,13 +1329,16 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Find and invoke the widget update and control callbacks.
+        * Finds and invokes the widget update and control callbacks.
         *
-        * Requires that $_POST be populated with the instance data.
+        * Requires that `$_POST` be populated with the instance data.
         *
         * @since 3.9.0
         * @access public
         *
+        * @global array $wp_registered_widget_updates
+        * @global array $wp_registered_widget_controls
+        *
         * @param  string $widget_id Widget ID.
         * @return WP_Error|array Array containing the updated widget information.
         *                        A WP_Error object, otherwise.
@@ -1267,6 +1346,20 @@ final class WP_Customize_Widgets {
        public function call_widget_update( $widget_id ) {
                global $wp_registered_widget_updates, $wp_registered_widget_controls;
 
+               $setting_id = $this->get_setting_id( $widget_id );
+
+               /*
+                * Make sure that other setting changes have previewed since this widget
+                * may depend on them (e.g. Menus being present for Custom Menu widget).
+                */
+               if ( ! did_action( 'customize_preview_init' ) ) {
+                       foreach ( $this->manager->settings() as $setting ) {
+                               if ( $setting->id !== $setting_id ) {
+                                       $setting->preview();
+                               }
+                       }
+               }
+
                $this->start_capturing_option_updates();
                $parsed_id   = $this->parse_widget_id( $widget_id );
                $option_name = 'widget_' . $parsed_id['id_base'];
@@ -1315,8 +1408,8 @@ final class WP_Customize_Widgets {
 
                // Clean up any input vars that were manually added
                foreach ( $added_input_vars as $key ) {
-                       unset( $_POST[$key] );
-                       unset( $_REQUEST[$key] );
+                       unset( $_POST[ $key ] );
+                       unset( $_REQUEST[ $key ] );
                }
 
                // Make sure the expected option was updated.
@@ -1333,43 +1426,47 @@ final class WP_Customize_Widgets {
                        }
                }
 
+               // Obtain the widget instance.
+               $option = $this->get_captured_option( $option_name );
+               if ( null !== $parsed_id['number'] ) {
+                       $instance = $option[ $parsed_id['number'] ];
+               } else {
+                       $instance = $option;
+               }
+
+               /*
+                * Override the incoming $_POST['customized'] for a newly-created widget's
+                * setting with the new $instance so that the preview filter currently
+                * in place from WP_Customize_Setting::preview() will use this value
+                * instead of the default widget instance value (an empty array).
+                */
+               $this->manager->set_post_value( $setting_id, $this->sanitize_widget_js_instance( $instance ) );
+
                // Obtain the widget control with the updated instance in place.
                ob_start();
-
-               $form = $wp_registered_widget_controls[$widget_id];
+               $form = $wp_registered_widget_controls[ $widget_id ];
                if ( $form ) {
                        call_user_func_array( $form['callback'], $form['params'] );
                }
-
                $form = ob_get_clean();
 
-               // Obtain the widget instance.
-               $option = get_option( $option_name );
-
-               if ( null !== $parsed_id['number'] ) {
-                       $instance = $option[$parsed_id['number']];
-               } else {
-                       $instance = $option;
-               }
-
                $this->stop_capturing_option_updates();
 
                return compact( 'instance', 'form' );
        }
 
        /**
-        * Update widget settings asynchronously.
+        * Updates widget settings asynchronously.
         *
         * Allows the Customizer to update a widget using its form, but return the new
         * instance info via Ajax instead of saving it to the options table.
         *
-        * Most code here copied from wp_ajax_save_widget()
+        * Most code here copied from wp_ajax_save_widget().
         *
         * @since 3.9.0
         * @access public
         *
         * @see wp_ajax_save_widget()
-        *
         */
        public function wp_ajax_update_widget() {
 
@@ -1383,8 +1480,8 @@ final class WP_Customize_Widgets {
                        wp_die( -1 );
                }
 
-               if ( ! isset( $_POST['widget-id'] ) ) {
-                       wp_send_json_error();
+               if ( empty( $_POST['widget-id'] ) ) {
+                       wp_send_json_error( 'missing_widget-id' );
                }
 
                /** This action is documented in wp-admin/includes/ajax-actions.php */
@@ -1398,15 +1495,22 @@ final class WP_Customize_Widgets {
 
                $widget_id = $this->get_post_value( 'widget-id' );
                $parsed_id = $this->parse_widget_id( $widget_id );
-               $id_base   = $parsed_id['id_base'];
-
-               if ( isset( $_POST['widget-' . $id_base] ) && is_array( $_POST['widget-' . $id_base] ) && preg_match( '/__i__|%i%/', key( $_POST['widget-' . $id_base] ) ) ) {
-                       wp_send_json_error();
+               $id_base = $parsed_id['id_base'];
+
+               $is_updating_widget_template = (
+                       isset( $_POST[ 'widget-' . $id_base ] )
+                       &&
+                       is_array( $_POST[ 'widget-' . $id_base ] )
+                       &&
+                       preg_match( '/__i__|%i%/', key( $_POST[ 'widget-' . $id_base ] ) )
+               );
+               if ( $is_updating_widget_template ) {
+                       wp_send_json_error( 'template_widget_not_updatable' );
                }
 
                $updated_widget = $this->call_widget_update( $widget_id ); // => {instance,form}
                if ( is_wp_error( $updated_widget ) ) {
-                       wp_send_json_error();
+                       wp_send_json_error( $updated_widget->get_error_code() );
                }
 
                $form = $updated_widget['form'];
@@ -1415,9 +1519,316 @@ final class WP_Customize_Widgets {
                wp_send_json_success( compact( 'form', 'instance' ) );
        }
 
-       /***************************************************************************
-        * Option Update Capturing
-        ***************************************************************************/
+       /*
+        * Selective Refresh Methods
+        */
+
+       /**
+        * Filters arguments for dynamic widget partials.
+        *
+        * @since 4.5.0
+        * @access public
+        *
+        * @param array|false $partial_args Partial arguments.
+        * @param string      $partial_id   Partial ID.
+        * @return array (Maybe) modified partial arguments.
+        */
+       public function customize_dynamic_partial_args( $partial_args, $partial_id ) {
+               if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) {
+                       return $partial_args;
+               }
+
+               if ( preg_match( '/^widget\[(?P<widget_id>.+)\]$/', $partial_id, $matches ) ) {
+                       if ( false === $partial_args ) {
+                               $partial_args = array();
+                       }
+                       $partial_args = array_merge(
+                               $partial_args,
+                               array(
+                                       'type'                => 'widget',
+                                       'render_callback'     => array( $this, 'render_widget_partial' ),
+                                       'container_inclusive' => true,
+                                       'settings'            => array( $this->get_setting_id( $matches['widget_id'] ) ),
+                                       'capability'          => 'edit_theme_options',
+                               )
+                       );
+               }
+
+               return $partial_args;
+       }
+
+       /**
+        * Adds hooks for selective refresh.
+        *
+        * @since 4.5.0
+        * @access public
+        */
+       public function selective_refresh_init() {
+               if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) {
+                       return;
+               }
+               add_filter( 'dynamic_sidebar_params', array( $this, 'filter_dynamic_sidebar_params' ) );
+               add_filter( 'wp_kses_allowed_html', array( $this, 'filter_wp_kses_allowed_data_attributes' ) );
+               add_action( 'dynamic_sidebar_before', array( $this, 'start_dynamic_sidebar' ) );
+               add_action( 'dynamic_sidebar_after', array( $this, 'end_dynamic_sidebar' ) );
+       }
+
+       /**
+        * Inject selective refresh data attributes into widget container elements.
+        *
+        * @param array $params {
+        *     Dynamic sidebar params.
+        *
+        *     @type array $args        Sidebar args.
+        *     @type array $widget_args Widget args.
+        * }
+        * @see WP_Customize_Nav_Menus_Partial_Refresh::filter_wp_nav_menu_args()
+        *
+        * @return array Params.
+        */
+       public function filter_dynamic_sidebar_params( $params ) {
+               $sidebar_args = array_merge(
+                       array(
+                               'before_widget' => '',
+                               'after_widget' => '',
+                       ),
+                       $params[0]
+               );
+
+               // Skip widgets not in a registered sidebar or ones which lack a proper wrapper element to attach the data-* attributes to.
+               $matches = array();
+               $is_valid = (
+                       isset( $sidebar_args['id'] )
+                       &&
+                       is_registered_sidebar( $sidebar_args['id'] )
+                       &&
+                       ( isset( $this->current_dynamic_sidebar_id_stack[0] ) && $this->current_dynamic_sidebar_id_stack[0] === $sidebar_args['id'] )
+                       &&
+                       preg_match( '#^<(?P<tag_name>\w+)#', $sidebar_args['before_widget'], $matches )
+               );
+               if ( ! $is_valid ) {
+                       return $params;
+               }
+               $this->before_widget_tags_seen[ $matches['tag_name'] ] = true;
+
+               $context = array(
+                       'sidebar_id' => $sidebar_args['id'],
+               );
+               if ( isset( $this->context_sidebar_instance_number ) ) {
+                       $context['sidebar_instance_number'] = $this->context_sidebar_instance_number;
+               } else if ( isset( $sidebar_args['id'] ) && isset( $this->sidebar_instance_count[ $sidebar_args['id'] ] ) ) {
+                       $context['sidebar_instance_number'] = $this->sidebar_instance_count[ $sidebar_args['id'] ];
+               }
+
+               $attributes = sprintf( ' data-customize-partial-id="%s"', esc_attr( 'widget[' . $sidebar_args['widget_id'] . ']' ) );
+               $attributes .= ' data-customize-partial-type="widget"';
+               $attributes .= sprintf( ' data-customize-partial-placement-context="%s"', esc_attr( wp_json_encode( $context ) ) );
+               $attributes .= sprintf( ' data-customize-widget-id="%s"', esc_attr( $sidebar_args['widget_id'] ) );
+               $sidebar_args['before_widget'] = preg_replace( '#^(<\w+)#', '$1 ' . $attributes, $sidebar_args['before_widget'] );
+
+               $params[0] = $sidebar_args;
+               return $params;
+       }
+
+       /**
+        * List of the tag names seen for before_widget strings.
+        *
+        * This is used in the {@see 'filter_wp_kses_allowed_html'} filter to ensure that the
+        * data-* attributes can be whitelisted.
+        *
+        * @since 4.5.0
+        * @access protected
+        * @var array
+        */
+       protected $before_widget_tags_seen = array();
+
+       /**
+        * Ensures the HTML data-* attributes for selective refresh are allowed by kses.
+        *
+        * This is needed in case the `$before_widget` is run through wp_kses() when printed.
+        *
+        * @since 4.5.0
+        * @access public
+        *
+        * @param array $allowed_html Allowed HTML.
+        * @return array (Maybe) modified allowed HTML.
+        */
+       public function filter_wp_kses_allowed_data_attributes( $allowed_html ) {
+               foreach ( array_keys( $this->before_widget_tags_seen ) as $tag_name ) {
+                       if ( ! isset( $allowed_html[ $tag_name ] ) ) {
+                               $allowed_html[ $tag_name ] = array();
+                       }
+                       $allowed_html[ $tag_name ] = array_merge(
+                               $allowed_html[ $tag_name ],
+                               array_fill_keys( array(
+                                       'data-customize-partial-id',
+                                       'data-customize-partial-type',
+                                       'data-customize-partial-placement-context',
+                                       'data-customize-partial-widget-id',
+                                       'data-customize-partial-options',
+                               ), true )
+                       );
+               }
+               return $allowed_html;
+       }
+
+       /**
+        * Keep track of the number of times that dynamic_sidebar() was called for a given sidebar index.
+        *
+        * This helps facilitate the uncommon scenario where a single sidebar is rendered multiple times on a template.
+        *
+        * @since 4.5.0
+        * @access protected
+        * @var array
+        */
+       protected $sidebar_instance_count = array();
+
+       /**
+        * The current request's sidebar_instance_number context.
+        *
+        * @since 4.5.0
+        * @access protected
+        * @var int
+        */
+       protected $context_sidebar_instance_number;
+
+       /**
+        * Current sidebar ID being rendered.
+        *
+        * @since 4.5.0
+        * @access protected
+        * @var array
+        */
+       protected $current_dynamic_sidebar_id_stack = array();
+
+       /**
+        * Begins keeping track of the current sidebar being rendered.
+        *
+        * Insert marker before widgets are rendered in a dynamic sidebar.
+        *
+        * @since 4.5.0
+        * @access public
+        *
+        * @param int|string $index Index, name, or ID of the dynamic sidebar.
+        */
+       public function start_dynamic_sidebar( $index ) {
+               array_unshift( $this->current_dynamic_sidebar_id_stack, $index );
+               if ( ! isset( $this->sidebar_instance_count[ $index ] ) ) {
+                       $this->sidebar_instance_count[ $index ] = 0;
+               }
+               $this->sidebar_instance_count[ $index ] += 1;
+               if ( ! $this->manager->selective_refresh->is_render_partials_request() ) {
+                       printf( "\n<!--dynamic_sidebar_before:%s:%d-->\n", esc_html( $index ), intval( $this->sidebar_instance_count[ $index ] ) );
+               }
+       }
+
+       /**
+        * Finishes keeping track of the current sidebar being rendered.
+        *
+        * Inserts a marker after widgets are rendered in a dynamic sidebar.
+        *
+        * @since 4.5.0
+        * @access public
+        *
+        * @param int|string $index Index, name, or ID of the dynamic sidebar.
+        */
+       public function end_dynamic_sidebar( $index ) {
+               array_shift( $this->current_dynamic_sidebar_id_stack );
+               if ( ! $this->manager->selective_refresh->is_render_partials_request() ) {
+                       printf( "\n<!--dynamic_sidebar_after:%s:%d-->\n", esc_html( $index ), intval( $this->sidebar_instance_count[ $index ] ) );
+               }
+       }
+
+       /**
+        * Current sidebar being rendered.
+        *
+        * @since 4.5.0
+        * @access protected
+        * @var string
+        */
+       protected $rendering_widget_id;
+
+       /**
+        * Current widget being rendered.
+        *
+        * @since 4.5.0
+        * @access protected
+        * @var string
+        */
+       protected $rendering_sidebar_id;
+
+       /**
+        * Filters sidebars_widgets to ensure the currently-rendered widget is the only widget in the current sidebar.
+        *
+        * @since 4.5.0
+        * @access protected
+        *
+        * @param array $sidebars_widgets Sidebars widgets.
+        * @return array Filtered sidebars widgets.
+        */
+       public function filter_sidebars_widgets_for_rendering_widget( $sidebars_widgets ) {
+               $sidebars_widgets[ $this->rendering_sidebar_id ] = array( $this->rendering_widget_id );
+               return $sidebars_widgets;
+       }
+
+       /**
+        * Renders a specific widget using the supplied sidebar arguments.
+        *
+        * @since 4.5.0
+        * @access public
+        *
+        * @see dynamic_sidebar()
+        *
+        * @param WP_Customize_Partial $partial Partial.
+        * @param array                $context {
+        *     Sidebar args supplied as container context.
+        *
+        *     @type string $sidebar_id              ID for sidebar for widget to render into.
+        *     @type int    $sidebar_instance_number Disambiguating instance number.
+        * }
+        * @return string|false
+        */
+       public function render_widget_partial( $partial, $context ) {
+               $id_data   = $partial->id_data();
+               $widget_id = array_shift( $id_data['keys'] );
+
+               if ( ! is_array( $context )
+                       || empty( $context['sidebar_id'] )
+                       || ! is_registered_sidebar( $context['sidebar_id'] )
+               ) {
+                       return false;
+               }
+
+               $this->rendering_sidebar_id = $context['sidebar_id'];
+
+               if ( isset( $context['sidebar_instance_number'] ) ) {
+                       $this->context_sidebar_instance_number = intval( $context['sidebar_instance_number'] );
+               }
+
+               // Filter sidebars_widgets so that only the queried widget is in the sidebar.
+               $this->rendering_widget_id = $widget_id;
+
+               $filter_callback = array( $this, 'filter_sidebars_widgets_for_rendering_widget' );
+               add_filter( 'sidebars_widgets', $filter_callback, 1000 );
+
+               // Render the widget.
+               ob_start();
+               dynamic_sidebar( $this->rendering_sidebar_id = $context['sidebar_id'] );
+               $container = ob_get_clean();
+
+               // Reset variables for next partial render.
+               remove_filter( 'sidebars_widgets', $filter_callback, 1000 );
+
+               $this->context_sidebar_instance_number = null;
+               $this->rendering_sidebar_id = null;
+               $this->rendering_widget_id = null;
+
+               return $container;
+       }
+
+       //
+       // Option Update Capturing
+       //
 
        /**
         * List of captured widget option updates.
@@ -1438,20 +1849,20 @@ final class WP_Customize_Widgets {
        protected $_is_capturing_option_updates = false;
 
        /**
-        * Determine whether the captured option update should be ignored.
+        * Determines whether the captured option update should be ignored.
         *
         * @since 3.9.0
         * @access protected
         *
         * @param string $option_name Option name.
-        * @return boolean Whether the option capture is ignored.
+        * @return bool Whether the option capture is ignored.
         */
        protected function is_option_capture_ignored( $option_name ) {
                return ( 0 === strpos( $option_name, '_transient_' ) );
        }
 
        /**
-        * Retrieve captured widget option updates.
+        * Retrieves captured widget option updates.
         *
         * @since 3.9.0
         * @access protected
@@ -1463,7 +1874,26 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Get the number of captured widget option updates.
+        * Retrieves the option that was captured from being saved.
+        *
+        * @since 4.2.0
+        * @access protected
+        *
+        * @param string $option_name Option name.
+        * @param mixed  $default     Optional. Default value to return if the option does not exist. Default false.
+        * @return mixed Value set for the option.
+        */
+       protected function get_captured_option( $option_name, $default = false ) {
+               if ( array_key_exists( $option_name, $this->_captured_options ) ) {
+                       $value = $this->_captured_options[ $option_name ];
+               } else {
+                       $value = $default;
+               }
+               return $value;
+       }
+
+       /**
+        * Retrieves the number of captured widget option updates.
         *
         * @since 3.9.0
         * @access protected
@@ -1475,7 +1905,7 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Start keeping track of changes to widget options, caching new values.
+        * Begins keeping track of changes to widget options, caching new values.
         *
         * @since 3.9.0
         * @access protected
@@ -1491,44 +1921,44 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Pre-filter captured option values before updating.
+        * Pre-filters captured option values before updating.
         *
         * @since 3.9.0
         * @access public
         *
-        * @param mixed $new_value
-        * @param string $option_name
-        * @param mixed $old_value
-        * @return mixed
+        * @param mixed  $new_value   The new option value.
+        * @param string $option_name Name of the option.
+        * @param mixed  $old_value   The old option value.
+        * @return mixed Filtered option value.
         */
        public function capture_filter_pre_update_option( $new_value, $option_name, $old_value ) {
                if ( $this->is_option_capture_ignored( $option_name ) ) {
                        return;
                }
 
-               if ( ! isset( $this->_captured_options[$option_name] ) ) {
+               if ( ! isset( $this->_captured_options[ $option_name ] ) ) {
                        add_filter( "pre_option_{$option_name}", array( $this, 'capture_filter_pre_get_option' ) );
                }
 
-               $this->_captured_options[$option_name] = $new_value;
+               $this->_captured_options[ $option_name ] = $new_value;
 
                return $old_value;
        }
 
        /**
-        * Pre-filter captured option values before retrieving.
+        * Pre-filters captured option values before retrieving.
         *
         * @since 3.9.0
         * @access public
         *
-        * @param mixed $value Option
-        * @return mixed
+        * @param mixed $value Value to return instead of the option value.
+        * @return mixed Filtered option value.
         */
        public function capture_filter_pre_get_option( $value ) {
                $option_name = preg_replace( '/^pre_option_/', '', current_filter() );
 
-               if ( isset( $this->_captured_options[$option_name] ) ) {
-                       $value = $this->_captured_options[$option_name];
+               if ( isset( $this->_captured_options[ $option_name ] ) ) {
+                       $value = $this->_captured_options[ $option_name ];
 
                        /** This filter is documented in wp-includes/option.php */
                        $value = apply_filters( 'option_' . $option_name, $value );
@@ -1538,7 +1968,7 @@ final class WP_Customize_Widgets {
        }
 
        /**
-        * Undo any changes to the options since options capture began.
+        * Undoes any changes to the options since options capture began.
         *
         * @since 3.9.0
         * @access protected
@@ -1548,7 +1978,7 @@ final class WP_Customize_Widgets {
                        return;
                }
 
-               remove_filter( 'pre_update_option', array( $this, 'capture_filter_pre_update_option' ), 10, 3 );
+               remove_filter( 'pre_update_option', array( $this, 'capture_filter_pre_update_option' ), 10 );
 
                foreach ( array_keys( $this->_captured_options ) as $option_name ) {
                        remove_filter( "pre_option_{$option_name}", array( $this, 'capture_filter_pre_get_option' ) );
@@ -1557,4 +1987,52 @@ final class WP_Customize_Widgets {
                $this->_captured_options = array();
                $this->_is_capturing_option_updates = false;
        }
+
+       /**
+        * {@internal Missing Summary}
+        *
+        * See the {@see 'customize_dynamic_setting_args'} filter.
+        *
+        * @since 3.9.0
+        * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter.
+        */
+       public function setup_widget_addition_previews() {
+               _deprecated_function( __METHOD__, '4.2.0' );
+       }
+
+       /**
+        * {@internal Missing Summary}
+        *
+        * See the {@see 'customize_dynamic_setting_args'} filter.
+        *
+        * @since 3.9.0
+        * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter.
+        */
+       public function prepreview_added_sidebars_widgets() {
+               _deprecated_function( __METHOD__, '4.2.0' );
+       }
+
+       /**
+        * {@internal Missing Summary}
+        *
+        * See the {@see 'customize_dynamic_setting_args'} filter.
+        *
+        * @since 3.9.0
+        * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter.
+        */
+       public function prepreview_added_widget_instance() {
+               _deprecated_function( __METHOD__, '4.2.0' );
+       }
+
+       /**
+        * {@internal Missing Summary}
+        *
+        * See the {@see 'customize_dynamic_setting_args'} filter.
+        *
+        * @since 3.9.0
+        * @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter.
+        */
+       public function remove_prepreview_filters() {
+               _deprecated_function( __METHOD__, '4.2.0' );
+       }
 }