mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-22 17:18:32 +01:00
Customizer: Avoid SecurityError
s when the Customizer is embedded in an origin other than wp-admin.
props mattwiebe. fixes #31687. Built from https://develop.svn.wordpress.org/trunk@31885 git-svn-id: http://core.svn.wordpress.org/trunk@31864 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
1ad0eaf416
commit
7925e4c912
@ -1929,6 +1929,25 @@
|
||||
|
||||
this.query = $.extend( params.query || {}, { customize_messenger_channel: this.channel() });
|
||||
|
||||
// This avoids SecurityErrors when setting a window object in x-origin iframe'd scenarios.
|
||||
this.targetWindow.set = function( to ) {
|
||||
var from = this._value;
|
||||
|
||||
to = this._setter.apply( this, arguments );
|
||||
to = this.validate( to );
|
||||
|
||||
if ( null === to || from === to ) {
|
||||
return this;
|
||||
}
|
||||
|
||||
this._value = to;
|
||||
this._dirty = true;
|
||||
|
||||
this.callbacks.fireWith( this, [ to, from ] );
|
||||
|
||||
return this;
|
||||
};
|
||||
|
||||
this.run( deferred );
|
||||
},
|
||||
|
||||
@ -2118,9 +2137,7 @@
|
||||
tmpl = api.settings.documentTitleTmpl;
|
||||
title = tmpl.replace( '%s', documentTitle );
|
||||
document.title = title;
|
||||
if ( window !== window.parent ) {
|
||||
window.parent.document.title = document.title;
|
||||
}
|
||||
api.trigger( 'title', title );
|
||||
};
|
||||
|
||||
/**
|
||||
@ -2799,6 +2816,11 @@
|
||||
window.location = api.settings.url.activated;
|
||||
});
|
||||
|
||||
// Pass titles to the parent
|
||||
api.bind( 'title', function( newTitle ) {
|
||||
parent.send( 'title', newTitle );
|
||||
});
|
||||
|
||||
// Initialize the connection with the parent frame.
|
||||
parent.send( 'ready' );
|
||||
|
||||
|
4
wp-admin/js/customize-controls.min.js
vendored
4
wp-admin/js/customize-controls.min.js
vendored
File diff suppressed because one or more lines are too long
@ -155,6 +155,10 @@ window.wp = window.wp || {};
|
||||
Loader.saved( false );
|
||||
} );
|
||||
|
||||
this.messenger.bind( 'title', function( newTitle ){
|
||||
window.document.title = newTitle;
|
||||
});
|
||||
|
||||
this.pushState( src );
|
||||
|
||||
this.trigger( 'open' );
|
||||
|
2
wp-includes/js/customize-loader.min.js
vendored
2
wp-includes/js/customize-loader.min.js
vendored
@ -1 +1 @@
|
||||
window.wp=window.wp||{},function(a,b){var c,d=wp.customize;b.extend(b.support,{history:!(!window.history||!history.pushState),hashchange:"onhashchange"in window&&(void 0===document.documentMode||document.documentMode>7)}),c=b.extend({},d.Events,{initialize:function(){this.body=b(document.body),c.settings&&b.support.postMessage&&(b.support.cors||!c.settings.isCrossDomain)&&(this.window=b(window),this.element=b('<div id="customize-container" />').appendTo(this.body),this.bind("open",this.overlay.show),this.bind("close",this.overlay.hide),b("#wpbody").on("click",".load-customize",function(a){a.preventDefault(),c.link=b(this),c.open(c.link.attr("href"))}),b.support.history&&this.window.on("popstate",c.popstate),b.support.hashchange&&(this.window.on("hashchange",c.hashchange),this.window.triggerHandler("hashchange")))},popstate:function(a){var b=a.originalEvent.state;b&&b.customize?c.open(b.customize):c.active&&c.close()},hashchange:function(){var a=window.location.toString().split("#")[1];a&&0===a.indexOf("wp_customize=on")&&c.open(c.settings.url+"?"+a),a||b.support.history||c.close()},beforeunload:function(){return c.saved()?void 0:c.settings.l10n.saveAlert},open:function(a){if(!this.active){if(c.settings.browser.mobile)return window.location=a;this.originalDocumentTitle=document.title,this.active=!0,this.body.addClass("customize-loading"),this.saved=new d.Value(!0),this.iframe=b("<iframe />",{src:a,title:c.settings.l10n.mainIframeTitle}).appendTo(this.element),this.iframe.one("load",this.loaded),this.messenger=new d.Messenger({url:a,channel:"loader",targetWindow:this.iframe[0].contentWindow}),this.messenger.bind("ready",function(){c.messenger.send("back")}),this.messenger.bind("close",function(){b.support.history?history.back():b.support.hashchange?window.location.hash="":c.close()}),b(window).on("beforeunload",this.beforeunload),this.messenger.bind("activated",function(a){a&&(window.location=a)}),this.messenger.bind("saved",function(){c.saved(!0)}),this.messenger.bind("change",function(){c.saved(!1)}),this.pushState(a),this.trigger("open")}},pushState:function(a){var c=a.split("?")[1];b.support.history&&window.location.href!==a?history.pushState({customize:a},"",a):!b.support.history&&b.support.hashchange&&c&&(window.location.hash="wp_customize=on&"+c),this.trigger("open")},opened:function(){c.body.addClass("customize-active full-overlay-active")},close:function(){if(this.active){if(!this.saved()&&!confirm(c.settings.l10n.saveAlert))return void history.forward();this.active=!1,this.trigger("close"),this.originalDocumentTitle&&(document.title=this.originalDocumentTitle),this.link&&this.link.focus()}},closed:function(){c.iframe.remove(),c.messenger.destroy(),c.iframe=null,c.messenger=null,c.saved=null,c.body.removeClass("customize-active full-overlay-active").removeClass("customize-loading"),b(window).off("beforeunload",c.beforeunload)},loaded:function(){c.body.removeClass("customize-loading")},overlay:{show:function(){this.element.fadeIn(200,c.opened)},hide:function(){this.element.fadeOut(200,c.closed)}}}),b(function(){c.settings=_wpCustomizeLoaderSettings,c.initialize()}),d.Loader=c}(wp,jQuery);
|
||||
window.wp=window.wp||{},function(a,b){var c,d=wp.customize;b.extend(b.support,{history:!(!window.history||!history.pushState),hashchange:"onhashchange"in window&&(void 0===document.documentMode||document.documentMode>7)}),c=b.extend({},d.Events,{initialize:function(){this.body=b(document.body),c.settings&&b.support.postMessage&&(b.support.cors||!c.settings.isCrossDomain)&&(this.window=b(window),this.element=b('<div id="customize-container" />').appendTo(this.body),this.bind("open",this.overlay.show),this.bind("close",this.overlay.hide),b("#wpbody").on("click",".load-customize",function(a){a.preventDefault(),c.link=b(this),c.open(c.link.attr("href"))}),b.support.history&&this.window.on("popstate",c.popstate),b.support.hashchange&&(this.window.on("hashchange",c.hashchange),this.window.triggerHandler("hashchange")))},popstate:function(a){var b=a.originalEvent.state;b&&b.customize?c.open(b.customize):c.active&&c.close()},hashchange:function(){var a=window.location.toString().split("#")[1];a&&0===a.indexOf("wp_customize=on")&&c.open(c.settings.url+"?"+a),a||b.support.history||c.close()},beforeunload:function(){return c.saved()?void 0:c.settings.l10n.saveAlert},open:function(a){if(!this.active){if(c.settings.browser.mobile)return window.location=a;this.originalDocumentTitle=document.title,this.active=!0,this.body.addClass("customize-loading"),this.saved=new d.Value(!0),this.iframe=b("<iframe />",{src:a,title:c.settings.l10n.mainIframeTitle}).appendTo(this.element),this.iframe.one("load",this.loaded),this.messenger=new d.Messenger({url:a,channel:"loader",targetWindow:this.iframe[0].contentWindow}),this.messenger.bind("ready",function(){c.messenger.send("back")}),this.messenger.bind("close",function(){b.support.history?history.back():b.support.hashchange?window.location.hash="":c.close()}),b(window).on("beforeunload",this.beforeunload),this.messenger.bind("activated",function(a){a&&(window.location=a)}),this.messenger.bind("saved",function(){c.saved(!0)}),this.messenger.bind("change",function(){c.saved(!1)}),this.messenger.bind("title",function(a){window.document.title=a}),this.pushState(a),this.trigger("open")}},pushState:function(a){var c=a.split("?")[1];b.support.history&&window.location.href!==a?history.pushState({customize:a},"",a):!b.support.history&&b.support.hashchange&&c&&(window.location.hash="wp_customize=on&"+c),this.trigger("open")},opened:function(){c.body.addClass("customize-active full-overlay-active")},close:function(){if(this.active){if(!this.saved()&&!confirm(c.settings.l10n.saveAlert))return void history.forward();this.active=!1,this.trigger("close"),this.originalDocumentTitle&&(document.title=this.originalDocumentTitle),this.link&&this.link.focus()}},closed:function(){c.iframe.remove(),c.messenger.destroy(),c.iframe=null,c.messenger=null,c.saved=null,c.body.removeClass("customize-active full-overlay-active").removeClass("customize-loading"),b(window).off("beforeunload",c.beforeunload)},loaded:function(){c.body.removeClass("customize-loading")},overlay:{show:function(){this.element.fadeIn(200,c.opened)},hide:function(){this.element.fadeOut(200,c.closed)}}}),b(function(){c.settings=_wpCustomizeLoaderSettings,c.initialize()}),d.Loader=c}(wp,jQuery);
|
@ -4,7 +4,7 @@
|
||||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '4.2-beta2-31884';
|
||||
$wp_version = '4.2-beta2-31885';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
Loading…
Reference in New Issue
Block a user