X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/0461a5f2e55c8d5f1fde96ca2e83117152573c7d..refs/tags/wordpress-4.0:/wp-admin/customize.php diff --git a/wp-admin/customize.php b/wp-admin/customize.php index b1485d1f..3cfa0c78 100644 --- a/wp-admin/customize.php +++ b/wp-admin/customize.php @@ -12,16 +12,26 @@ define( 'IFRAME_REQUEST', true ); /** Load WordPress Administration Bootstrap */ require_once( dirname( __FILE__ ) . '/admin.php' ); -if ( ! current_user_can( 'edit_theme_options' ) ) +if ( ! current_user_can( 'customize' ) ) { wp_die( __( 'Cheatin’ uh?' ) ); +} wp_reset_vars( array( 'url', 'return' ) ); -$url = urldecode( $url ); +$url = wp_unslash( $url ); $url = wp_validate_redirect( $url, home_url( '/' ) ); -if ( $return ) - $return = wp_validate_redirect( urldecode( $return ) ); -if ( ! $return ) - $return = $url; +if ( $return ) { + $return = wp_unslash( $return ); + $return = wp_validate_redirect( $return ); +} +if ( ! $return ) { + if ( $url ) { + $return = $url; + } elseif ( current_user_can( 'edit_theme_options' ) || current_user_can( 'switch_themes' ) ) { + $return = admin_url( 'themes.php' ); + } else { + $return = admin_url(); + } +} global $wp_scripts, $wp_customize; @@ -63,7 +73,7 @@ $body_class = 'wp-core-ui wp-customizer js'; if ( wp_is_mobile() ) : $body_class .= ' mobile'; - ?> - - + + + theme()->get_screenshot(); - $cannot_expand = ! ( $screenshot || $wp_customize->theme()->get('Description') ); + $cannot_expand = ! ( $wp_customize->is_theme_active() || $screenshot || $wp_customize->theme()->get('Description') ); ?>