Customize: Circumvent the customizer attempting to preview links to static assets (such as uploaded images).

The customizer's preview POST requests to static assets result in 405 Method Not Allowed responses.

Fixes #37828.

Built from https://develop.svn.wordpress.org/trunk@38396


git-svn-id: http://core.svn.wordpress.org/trunk@38337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Weston Ruter 2016-08-27 06:05:29 +00:00
parent e05a033bcb
commit e6ed174135
3 changed files with 8 additions and 6 deletions

View File

@ -3210,12 +3210,14 @@
// ssl certs. // ssl certs.
this.add( 'previewUrl', params.previewUrl ).setter( function( to ) { this.add( 'previewUrl', params.previewUrl ).setter( function( to ) {
var result; var result, urlParser;
urlParser = document.createElement( 'a' );
urlParser.href = to;
// Check for URLs that include "/wp-admin/" or end in "/wp-admin". // Abort if URL is for admin or (static) files in wp-includes or wp-content.
// Strip hashes and query strings before testing. if ( /\/wp-(admin|includes|content)(\/|$)/.test( urlParser.pathname ) ) {
if ( /\/wp-admin(\/|$)/.test( to.replace( /[#?].*$/, '' ) ) )
return null; return null;
}
// Attempt to match the URL to the control frame's scheme // Attempt to match the URL to the control frame's scheme
// and check if it's allowed. If not, try the original URL. // and check if it's allowed. If not, try the original URL.

File diff suppressed because one or more lines are too long

View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.7-alpha-38395'; $wp_version = '4.7-alpha-38396';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.