Customize: Circumvent the customizer attempting to preview links to static assets (such as uploaded images).

The customizer's preview POST requests to static assets result in 405 Method Not Allowed responses.

Fixes #37828.

Built from https://develop.svn.wordpress.org/trunk@38396


git-svn-id: http://core.svn.wordpress.org/trunk@38337 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/js/customize-controls.js

@@ -3210,12 +3210,14 @@
 			// ssl certs.
 
 			this.add( 'previewUrl', params.previewUrl ).setter( function( to ) {
-				var result;
+				var result, urlParser;
+				urlParser = document.createElement( 'a' );
+				urlParser.href = to;
 
-				// Check for URLs that include "/wp-admin/" or end in "/wp-admin".
-				// Strip hashes and query strings before testing.
-				if ( /\/wp-admin(\/|$)/.test( to.replace( /[#?].*$/, '' ) ) )
+				// Abort if URL is for admin or (static) files in wp-includes or wp-content.
+				if ( /\/wp-(admin|includes|content)(\/|$)/.test( urlParser.pathname ) ) {
 					return null;
+				}
 
 				// Attempt to match the URL to the control frame's scheme
 				// and check if it's allowed. If not, try the original URL.

wp-includes/version.php

@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.7-alpha-38395';
+$wp_version = '4.7-alpha-38396';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.