| [ Index ] |
PHP Cross Reference of WordPress Trunk (Updated Daily) |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * WordPress Customize Manager classes 4 * 5 * @package WordPress 6 * @subpackage Customize 7 * @since 3.4.0 8 */ 9 10 /** 11 * Customize Manager class. 12 * 13 * Bootstraps the Customize experience on the server-side. 14 * 15 * Sets up the theme-switching process if a theme other than the active one is 16 * being previewed and customized. 17 * 18 * Serves as a factory for Customize Controls and Settings, and 19 * instantiates default Customize Controls and Settings. 20 * 21 * @since 3.4.0 22 */ 23 #[AllowDynamicProperties] 24 final class WP_Customize_Manager { 25 /** 26 * An instance of the theme being previewed. 27 * 28 * @since 3.4.0 29 * @var WP_Theme 30 */ 31 protected $theme; 32 33 /** 34 * The directory name of the previously active theme (within the theme_root). 35 * 36 * @since 3.4.0 37 * @var string 38 */ 39 protected $original_stylesheet; 40 41 /** 42 * Whether this is a Customizer pageload. 43 * 44 * @since 3.4.0 45 * @var bool 46 */ 47 protected $previewing = false; 48 49 /** 50 * Methods and properties dealing with managing widgets in the Customizer. 51 * 52 * @since 3.9.0 53 * @var WP_Customize_Widgets 54 */ 55 public $widgets; 56 57 /** 58 * Methods and properties dealing with managing nav menus in the Customizer. 59 * 60 * @since 4.3.0 61 * @var WP_Customize_Nav_Menus 62 */ 63 public $nav_menus; 64 65 /** 66 * Methods and properties dealing with selective refresh in the Customizer preview. 67 * 68 * @since 4.5.0 69 * @var WP_Customize_Selective_Refresh 70 */ 71 public $selective_refresh; 72 73 /** 74 * Registered instances of WP_Customize_Setting. 75 * 76 * @since 3.4.0 77 * @var array 78 */ 79 protected $settings = array(); 80 81 /** 82 * Sorted top-level instances of WP_Customize_Panel and WP_Customize_Section. 83 * 84 * @since 4.0.0 85 * @var array 86 */ 87 protected $containers = array(); 88 89 /** 90 * Registered instances of WP_Customize_Panel. 91 * 92 * @since 4.0.0 93 * @var array 94 */ 95 protected $panels = array(); 96 97 /** 98 * List of core components. 99 * 100 * @since 4.5.0 101 * @var array 102 */ 103 protected $components = array( 'nav_menus' ); 104 105 /** 106 * Registered instances of WP_Customize_Section. 107 * 108 * @since 3.4.0 109 * @var array 110 */ 111 protected $sections = array(); 112 113 /** 114 * Registered instances of WP_Customize_Control. 115 * 116 * @since 3.4.0 117 * @var array 118 */ 119 protected $controls = array(); 120 121 /** 122 * Panel types that may be rendered from JS templates. 123 * 124 * @since 4.3.0 125 * @var array 126 */ 127 protected $registered_panel_types = array(); 128 129 /** 130 * Section types that may be rendered from JS templates. 131 * 132 * @since 4.3.0 133 * @var array 134 */ 135 protected $registered_section_types = array(); 136 137 /** 138 * Control types that may be rendered from JS templates. 139 * 140 * @since 4.1.0 141 * @var array 142 */ 143 protected $registered_control_types = array(); 144 145 /** 146 * Initial URL being previewed. 147 * 148 * @since 4.4.0 149 * @var string 150 */ 151 protected $preview_url; 152 153 /** 154 * URL to link the user to when closing the Customizer. 155 * 156 * @since 4.4.0 157 * @var string 158 */ 159 protected $return_url; 160 161 /** 162 * Mapping of 'panel', 'section', 'control' to the ID which should be autofocused. 163 * 164 * @since 4.4.0 165 * @var string[] 166 */ 167 protected $autofocus = array(); 168 169 /** 170 * Messenger channel. 171 * 172 * @since 4.7.0 173 * @var string 174 */ 175 protected $messenger_channel; 176 177 /** 178 * Whether the autosave revision of the changeset should be loaded. 179 * 180 * @since 4.9.0 181 * @var bool 182 */ 183 protected $autosaved = false; 184 185 /** 186 * Whether the changeset branching is allowed. 187 * 188 * @since 4.9.0 189 * @var bool 190 */ 191 protected $branching = true; 192 193 /** 194 * Whether settings should be previewed. 195 * 196 * @since 4.9.0 197 * @var bool 198 */ 199 protected $settings_previewed = true; 200 201 /** 202 * Whether a starter content changeset was saved. 203 * 204 * @since 4.9.0 205 * @var bool 206 */ 207 protected $saved_starter_content_changeset = false; 208 209 /** 210 * Unsanitized values for Customize Settings parsed from $_POST['customized']. 211 * 212 * @var array 213 */ 214 private $_post_values; 215 216 /** 217 * Changeset UUID. 218 * 219 * @since 4.7.0 220 * @var string 221 */ 222 private $_changeset_uuid; 223 224 /** 225 * Changeset post ID. 226 * 227 * @since 4.7.0 228 * @var int|false 229 */ 230 private $_changeset_post_id; 231 232 /** 233 * Changeset data loaded from a customize_changeset post. 234 * 235 * @since 4.7.0 236 * @var array|null 237 */ 238 private $_changeset_data; 239 240 /** 241 * Constructor. 242 * 243 * @since 3.4.0 244 * @since 4.7.0 Added `$args` parameter. 245 * 246 * @param array $args { 247 * Args. 248 * 249 * @type null|string|false $changeset_uuid Changeset UUID, the `post_name` for the customize_changeset post containing the customized state. 250 * Defaults to `null` resulting in a UUID to be immediately generated. If `false` is provided, then 251 * then the changeset UUID will be determined during `after_setup_theme`: when the 252 * `customize_changeset_branching` filter returns false, then the default UUID will be that 253 * of the most recent `customize_changeset` post that has a status other than 'auto-draft', 254 * 'publish', or 'trash'. Otherwise, if changeset branching is enabled, then a random UUID will be used. 255 * @type string $theme Theme to be previewed (for theme switch). Defaults to customize_theme or theme query params. 256 * @type string $messenger_channel Messenger channel. Defaults to customize_messenger_channel query param. 257 * @type bool $settings_previewed If settings should be previewed. Defaults to true. 258 * @type bool $branching If changeset branching is allowed; otherwise, changesets are linear. Defaults to true. 259 * @type bool $autosaved If data from a changeset's autosaved revision should be loaded if it exists. Defaults to false. 260 * } 261 */ 262 public function __construct( $args = array() ) { 263 264 $args = array_merge( 265 array_fill_keys( array( 'changeset_uuid', 'theme', 'messenger_channel', 'settings_previewed', 'autosaved', 'branching' ), null ), 266 $args 267 ); 268 269 // Note that the UUID format will be validated in the setup_theme() method. 270 if ( ! isset( $args['changeset_uuid'] ) ) { 271 $args['changeset_uuid'] = wp_generate_uuid4(); 272 } 273 274 /* 275 * The theme and messenger_channel should be supplied via $args, 276 * but they are also looked at in the $_REQUEST global here for back-compat. 277 */ 278 if ( ! isset( $args['theme'] ) ) { 279 if ( isset( $_REQUEST['customize_theme'] ) ) { 280 $args['theme'] = wp_unslash( $_REQUEST['customize_theme'] ); 281 } elseif ( isset( $_REQUEST['theme'] ) ) { // Deprecated. 282 $args['theme'] = wp_unslash( $_REQUEST['theme'] ); 283 } 284 } 285 if ( ! isset( $args['messenger_channel'] ) && isset( $_REQUEST['customize_messenger_channel'] ) ) { 286 $args['messenger_channel'] = sanitize_key( wp_unslash( $_REQUEST['customize_messenger_channel'] ) ); 287 } 288 289 // Do not load 'widgets' component if a block theme is activated. 290 if ( ! wp_is_block_theme() ) { 291 $this->components[] = 'widgets'; 292 } 293 294 $this->original_stylesheet = get_stylesheet(); 295 $this->theme = wp_get_theme( 0 === validate_file( $args['theme'] ) ? $args['theme'] : null ); 296 $this->messenger_channel = $args['messenger_channel']; 297 $this->_changeset_uuid = $args['changeset_uuid']; 298 299 foreach ( array( 'settings_previewed', 'autosaved', 'branching' ) as $key ) { 300 if ( isset( $args[ $key ] ) ) { 301 $this->$key = (bool) $args[ $key ]; 302 } 303 } 304 305 require_once ABSPATH . WPINC . '/class-wp-customize-setting.php'; 306 require_once ABSPATH . WPINC . '/class-wp-customize-panel.php'; 307 require_once ABSPATH . WPINC . '/class-wp-customize-section.php'; 308 require_once ABSPATH . WPINC . '/class-wp-customize-control.php'; 309 310 require_once ABSPATH . WPINC . '/customize/class-wp-customize-color-control.php'; 311 require_once ABSPATH . WPINC . '/customize/class-wp-customize-media-control.php'; 312 require_once ABSPATH . WPINC . '/customize/class-wp-customize-upload-control.php'; 313 require_once ABSPATH . WPINC . '/customize/class-wp-customize-image-control.php'; 314 require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-image-control.php'; 315 require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-position-control.php'; 316 require_once ABSPATH . WPINC . '/customize/class-wp-customize-cropped-image-control.php'; 317 require_once ABSPATH . WPINC . '/customize/class-wp-customize-site-icon-control.php'; 318 require_once ABSPATH . WPINC . '/customize/class-wp-customize-header-image-control.php'; 319 require_once ABSPATH . WPINC . '/customize/class-wp-customize-theme-control.php'; 320 require_once ABSPATH . WPINC . '/customize/class-wp-customize-code-editor-control.php'; 321 require_once ABSPATH . WPINC . '/customize/class-wp-widget-area-customize-control.php'; 322 require_once ABSPATH . WPINC . '/customize/class-wp-widget-form-customize-control.php'; 323 require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-control.php'; 324 require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-control.php'; 325 require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-location-control.php'; 326 require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-name-control.php'; 327 require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-locations-control.php'; 328 require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-auto-add-control.php'; 329 330 require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menus-panel.php'; 331 332 require_once ABSPATH . WPINC . '/customize/class-wp-customize-themes-panel.php'; 333 require_once ABSPATH . WPINC . '/customize/class-wp-customize-themes-section.php'; 334 require_once ABSPATH . WPINC . '/customize/class-wp-customize-sidebar-section.php'; 335 require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-section.php'; 336 337 require_once ABSPATH . WPINC . '/customize/class-wp-customize-custom-css-setting.php'; 338 require_once ABSPATH . WPINC . '/customize/class-wp-customize-filter-setting.php'; 339 require_once ABSPATH . WPINC . '/customize/class-wp-customize-header-image-setting.php'; 340 require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-image-setting.php'; 341 require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-setting.php'; 342 require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-setting.php'; 343 344 /** 345 * Filters the core Customizer components to load. 346 * 347 * This allows Core components to be excluded from being instantiated by 348 * filtering them out of the array. Note that this filter generally runs 349 * during the {@see 'plugins_loaded'} action, so it cannot be added 350 * in a theme. 351 * 352 * @since 4.4.0 353 * 354 * @see WP_Customize_Manager::__construct() 355 * 356 * @param string[] $components Array of core components to load. 357 * @param WP_Customize_Manager $manager WP_Customize_Manager instance. 358 */ 359 $components = apply_filters( 'customize_loaded_components', $this->components, $this ); 360 361 require_once ABSPATH . WPINC . '/customize/class-wp-customize-selective-refresh.php'; 362 $this->selective_refresh = new WP_Customize_Selective_Refresh( $this ); 363 364 if ( in_array( 'widgets', $components, true ) ) { 365 require_once ABSPATH . WPINC . '/class-wp-customize-widgets.php'; 366 $this->widgets = new WP_Customize_Widgets( $this ); 367 } 368 369 if ( in_array( 'nav_menus', $components, true ) ) { 370 require_once ABSPATH . WPINC . '/class-wp-customize-nav-menus.php'; 371 $this->nav_menus = new WP_Customize_Nav_Menus( $this ); 372 } 373 374 add_action( 'setup_theme', array( $this, 'setup_theme' ) ); 375 add_action( 'wp_loaded', array( $this, 'wp_loaded' ) ); 376 377 // Do not spawn cron (especially the alternate cron) while running the Customizer. 378 remove_action( 'init', 'wp_cron' ); 379 380 // Do not run update checks when rendering the controls. 381 remove_action( 'admin_init', '_maybe_update_core' ); 382 remove_action( 'admin_init', '_maybe_update_plugins' ); 383 remove_action( 'admin_init', '_maybe_update_themes' ); 384 385 add_action( 'wp_ajax_customize_save', array( $this, 'save' ) ); 386 add_action( 'wp_ajax_customize_trash', array( $this, 'handle_changeset_trash_request' ) ); 387 add_action( 'wp_ajax_customize_refresh_nonces', array( $this, 'refresh_nonces' ) ); 388 add_action( 'wp_ajax_customize_load_themes', array( $this, 'handle_load_themes_request' ) ); 389 add_filter( 'heartbeat_settings', array( $this, 'add_customize_screen_to_heartbeat_settings' ) ); 390 add_filter( 'heartbeat_received', array( $this, 'check_changeset_lock_with_heartbeat' ), 10, 3 ); 391 add_action( 'wp_ajax_customize_override_changeset_lock', array( $this, 'handle_override_changeset_lock_request' ) ); 392 add_action( 'wp_ajax_customize_dismiss_autosave_or_lock', array( $this, 'handle_dismiss_autosave_or_lock_request' ) ); 393 394 add_action( 'customize_register', array( $this, 'register_controls' ) ); 395 add_action( 'customize_register', array( $this, 'register_dynamic_settings' ), 11 ); // Allow code to create settings first. 396 add_action( 'customize_controls_init', array( $this, 'prepare_controls' ) ); 397 add_action( 'customize_controls_enqueue_scripts', array( $this, 'enqueue_control_scripts' ) ); 398 399 // Render Common, Panel, Section, and Control templates. 400 add_action( 'customize_controls_print_footer_scripts', array( $this, 'render_panel_templates' ), 1 ); 401 add_action( 'customize_controls_print_footer_scripts', array( $this, 'render_section_templates' ), 1 ); 402 add_action( 'customize_controls_print_footer_scripts', array( $this, 'render_control_templates' ), 1 ); 403 404 // Export header video settings with the partial response. 405 add_filter( 'customize_render_partials_response', array( $this, 'export_header_video_settings' ), 10, 3 ); 406 407 // Export the settings to JS via the _wpCustomizeSettings variable. 408 add_action( 'customize_controls_print_footer_scripts', array( $this, 'customize_pane_settings' ), 1000 ); 409 410 // Add theme update notices. 411 if ( current_user_can( 'install_themes' ) || current_user_can( 'update_themes' ) ) { 412 require_once ABSPATH . 'wp-admin/includes/update.php'; 413 add_action( 'customize_controls_print_footer_scripts', 'wp_print_admin_notice_templates' ); 414 } 415 } 416 417 /** 418 * Returns true if it's an Ajax request. 419 * 420 * @since 3.4.0 421 * @since 4.2.0 Added `$action` param. 422 * 423 * @param string|null $action Whether the supplied Ajax action is being run. 424 * @return bool True if it's an Ajax request, false otherwise. 425 */ 426 public function doing_ajax( $action = null ) { 427 if ( ! wp_doing_ajax() ) { 428 return false; 429 } 430 431 if ( ! $action ) { 432 return true; 433 } else { 434 /* 435 * Note: we can't just use doing_action( "wp_ajax_{$action}" ) because we need 436 * to check before admin-ajax.php gets to that point. 437 */ 438 return isset( $_REQUEST['action'] ) && wp_unslash( $_REQUEST['action'] ) === $action; 439 } 440 } 441 442 /** 443 * Custom wp_die wrapper. Returns either the standard message for UI 444 * or the Ajax message. 445 * 446 * @since 3.4.0 447 * 448 * @param string|WP_Error $ajax_message Ajax return. 449 * @param string $message Optional. UI message. 450 */ 451 protected function wp_die( $ajax_message, $message = null ) { 452 if ( $this->doing_ajax() ) { 453 wp_die( $ajax_message ); 454 } 455 456 if ( ! $message ) { 457 $message = __( 'An error occurred while customizing. Please refresh the page and try again.' ); 458 } 459 460 if ( $this->messenger_channel ) { 461 ob_start(); 462 wp_enqueue_scripts(); 463 wp_print_scripts( array( 'customize-base' ) ); 464 465 $settings = array( 466 'messengerArgs' => array( 467 'channel' => $this->messenger_channel, 468 'url' => wp_customize_url(), 469 ), 470 'error' => $ajax_message, 471 ); 472 $message .= ob_get_clean(); 473 ob_start(); 474 ?> 475 <script> 476 ( function( api, settings ) { 477 var preview = new api.Messenger( settings.messengerArgs ); 478 preview.send( 'iframe-loading-error', settings.error ); 479 } )( wp.customize, <?php echo wp_json_encode( $settings ); ?> ); 480 </script> 481 <?php 482 $message .= wp_get_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) ); 483 } 484 485 wp_die( $message ); 486 } 487 488 /** 489 * Returns the Ajax wp_die() handler if it's a customized request. 490 * 491 * @since 3.4.0 492 * @deprecated 4.7.0 493 * 494 * @return callable Die handler. 495 */ 496 public function wp_die_handler() { 497 _deprecated_function( __METHOD__, '4.7.0' ); 498 499 if ( $this->doing_ajax() || isset( $_POST['customized'] ) ) { 500 return '_ajax_wp_die_handler'; 501 } 502 503 return '_default_wp_die_handler'; 504 } 505 506 /** 507 * Starts preview and customize theme. 508 * 509 * Check if customize query variable exist. Init filters to filter the active theme. 510 * 511 * @since 3.4.0 512 * 513 * @global string $pagenow The filename of the current screen. 514 */ 515 public function setup_theme() { 516 global $pagenow; 517 518 // Check permissions for customize.php access since this method is called before customize.php can run any code. 519 if ( 'customize.php' === $pagenow && ! current_user_can( 'customize' ) ) { 520 if ( ! is_user_logged_in() ) { 521 auth_redirect(); 522 } else { 523 wp_die( 524 '<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' . 525 '<p>' . __( 'Sorry, you are not allowed to customize this site.' ) . '</p>', 526 403 527 ); 528 } 529 return; 530 } 531 532 // If a changeset was provided is invalid. 533 if ( isset( $this->_changeset_uuid ) && false !== $this->_changeset_uuid && ! wp_is_uuid( $this->_changeset_uuid ) ) { 534 $this->wp_die( -1, __( 'Invalid changeset UUID' ) ); 535 } 536 537 /* 538 * Clear incoming post data if the user lacks a CSRF token (nonce). Note that the customizer 539 * application will inject the customize_preview_nonce query parameter into all Ajax requests. 540 * For similar behavior elsewhere in WordPress, see rest_cookie_check_errors() which logs out 541 * a user when a valid nonce isn't present. 542 */ 543 $has_post_data_nonce = ( 544 check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'nonce', false ) 545 || 546 check_ajax_referer( 'save-customize_' . $this->get_stylesheet(), 'nonce', false ) 547 || 548 check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'customize_preview_nonce', false ) 549 ); 550 if ( ! current_user_can( 'customize' ) || ! $has_post_data_nonce ) { 551 unset( $_POST['customized'] ); 552 unset( $_REQUEST['customized'] ); 553 } 554 555 /* 556 * If unauthenticated then require a valid changeset UUID to load the preview. 557 * In this way, the UUID serves as a secret key. If the messenger channel is present, 558 * then send unauthenticated code to prompt re-auth. 559 */ 560 if ( ! current_user_can( 'customize' ) && ! $this->changeset_post_id() ) { 561 $this->wp_die( $this->messenger_channel ? 0 : -1, __( 'Non-existent changeset UUID.' ) ); 562 } 563 564 if ( ! headers_sent() ) { 565 send_origin_headers(); 566 } 567 568 // Hide the admin bar if we're embedded in the customizer iframe. 569 if ( $this->messenger_channel ) { 570 show_admin_bar( false ); 571 } 572 573 if ( $this->is_theme_active() ) { 574 // Once the theme is loaded, we'll validate it. 575 add_action( 'after_setup_theme', array( $this, 'after_setup_theme' ) ); 576 } else { 577 /* 578 * If the requested theme is not the active theme and the user doesn't have 579 * the switch_themes cap, bail. 580 */ 581 if ( ! current_user_can( 'switch_themes' ) ) { 582 $this->wp_die( -1, __( 'Sorry, you are not allowed to edit theme options on this site.' ) ); 583 } 584 585 // If the theme has errors while loading, bail. 586 if ( $this->theme()->errors() ) { 587 $this->wp_die( -1, $this->theme()->errors()->get_error_message() ); 588 } 589 590 // If the theme isn't allowed per multisite settings, bail. 591 if ( ! $this->theme()->is_allowed() ) { 592 $this->wp_die( -1, __( 'The requested theme does not exist.' ) ); 593 } 594 } 595 596 // Make sure changeset UUID is established immediately after the theme is loaded. 597 add_action( 'after_setup_theme', array( $this, 'establish_loaded_changeset' ), 5 ); 598 599 /* 600 * Import theme starter content for fresh installations when landing in the customizer. 601 * Import starter content at after_setup_theme:100 so that any 602 * add_theme_support( 'starter-content' ) calls will have been made. 603 */ 604 if ( get_option( 'fresh_site' ) && 'customize.php' === $pagenow ) { 605 add_action( 'after_setup_theme', array( $this, 'import_theme_starter_content' ), 100 ); 606 } 607 608 $this->start_previewing_theme(); 609 } 610 611 /** 612 * Establishes the loaded changeset. 613 * 614 * This method runs right at after_setup_theme and applies the 'customize_changeset_branching' filter to determine 615 * whether concurrent changesets are allowed. Then if the Customizer is not initialized with a `changeset_uuid` param, 616 * this method will determine which UUID should be used. If changeset branching is disabled, then the most saved 617 * changeset will be loaded by default. Otherwise, if there are no existing saved changesets or if changeset branching is 618 * enabled, then a new UUID will be generated. 619 * 620 * @since 4.9.0 621 * 622 * @global string $pagenow The filename of the current screen. 623 */ 624 public function establish_loaded_changeset() { 625 global $pagenow; 626 627 if ( empty( $this->_changeset_uuid ) ) { 628 $changeset_uuid = null; 629 630 if ( ! $this->branching() && $this->is_theme_active() ) { 631 $unpublished_changeset_posts = $this->get_changeset_posts( 632 array( 633 'post_status' => array_diff( get_post_stati(), array( 'auto-draft', 'publish', 'trash', 'inherit', 'private' ) ), 634 'exclude_restore_dismissed' => false, 635 'author' => 'any', 636 'posts_per_page' => 1, 637 'order' => 'DESC', 638 'orderby' => 'date', 639 ) 640 ); 641 $unpublished_changeset_post = array_shift( $unpublished_changeset_posts ); 642 if ( ! empty( $unpublished_changeset_post ) && wp_is_uuid( $unpublished_changeset_post->post_name ) ) { 643 $changeset_uuid = $unpublished_changeset_post->post_name; 644 } 645 } 646 647 // If no changeset UUID has been set yet, then generate a new one. 648 if ( empty( $changeset_uuid ) ) { 649 $changeset_uuid = wp_generate_uuid4(); 650 } 651 652 $this->_changeset_uuid = $changeset_uuid; 653 } 654 655 if ( is_admin() && 'customize.php' === $pagenow ) { 656 $this->set_changeset_lock( $this->changeset_post_id() ); 657 } 658 } 659 660 /** 661 * Callback to validate a theme once it is loaded 662 * 663 * @since 3.4.0 664 */ 665 public function after_setup_theme() { 666 $doing_ajax_or_is_customized = ( $this->doing_ajax() || isset( $_POST['customized'] ) ); 667 if ( ! $doing_ajax_or_is_customized && ! validate_current_theme() ) { 668 wp_redirect( 'themes.php?broken=true' ); 669 exit; 670 } 671 } 672 673 /** 674 * If the theme to be previewed isn't the active theme, add filter callbacks 675 * to swap it out at runtime. 676 * 677 * @since 3.4.0 678 */ 679 public function start_previewing_theme() { 680 // Bail if we're already previewing. 681 if ( $this->is_preview() ) { 682 return; 683 } 684 685 $this->previewing = true; 686 687 if ( ! $this->is_theme_active() ) { 688 add_filter( 'template', array( $this, 'get_template' ) ); 689 add_filter( 'stylesheet', array( $this, 'get_stylesheet' ) ); 690 add_filter( 'pre_option_current_theme', array( $this, 'current_theme' ) ); 691 692 // @link: https://core.trac.wordpress.org/ticket/20027 693 add_filter( 'pre_option_stylesheet', array( $this, 'get_stylesheet' ) ); 694 add_filter( 'pre_option_template', array( $this, 'get_template' ) ); 695 696 // Handle custom theme roots. 697 add_filter( 'pre_option_stylesheet_root', array( $this, 'get_stylesheet_root' ) ); 698 add_filter( 'pre_option_template_root', array( $this, 'get_template_root' ) ); 699 } 700 701 /** 702 * Fires once the Customizer theme preview has started. 703 * 704 * @since 3.4.0 705 * 706 * @param WP_Customize_Manager $manager WP_Customize_Manager instance. 707 */ 708 do_action( 'start_previewing_theme', $this ); 709 } 710 711 /** 712 * Stops previewing the selected theme. 713 * 714 * Removes filters to change the active theme. 715 * 716 * @since 3.4.0 717 */ 718 public function stop_previewing_theme() { 719 if ( ! $this->is_preview() ) { 720 return; 721 } 722 723 $this->previewing = false; 724 725 if ( ! $this->is_theme_active() ) { 726 remove_filter( 'template', array( $this, 'get_template' ) ); 727 remove_filter( 'stylesheet', array( $this, 'get_stylesheet' ) ); 728 remove_filter( 'pre_option_current_theme', array( $this, 'current_theme' ) ); 729 730 // @link: https://core.trac.wordpress.org/ticket/20027 731 remove_filter( 'pre_option_stylesheet', array( $this, 'get_stylesheet' ) ); 732 remove_filter( 'pre_option_template', array( $this, 'get_template' ) ); 733 734 // Handle custom theme roots. 735 remove_filter( 'pre_option_stylesheet_root', array( $this, 'get_stylesheet_root' ) ); 736 remove_filter( 'pre_option_template_root', array( $this, 'get_template_root' ) ); 737 } 738 739 /** 740 * Fires once the Customizer theme preview has stopped. 741 * 742 * @since 3.4.0 743 * 744 * @param WP_Customize_Manager $manager WP_Customize_Manager instance. 745 */ 746 do_action( 'stop_previewing_theme', $this ); 747 } 748 749 /** 750 * Gets whether settings are or will be previewed. 751 * 752 * @since 4.9.0 753 * 754 * @see WP_Customize_Setting::preview() 755 * 756 * @return bool 757 */ 758 public function settings_previewed() { 759 return $this->settings_previewed; 760 } 761 762 /** 763 * Gets whether data from a changeset's autosaved revision should be loaded if it exists. 764 * 765 * @since 4.9.0 766 * 767 * @see WP_Customize_Manager::changeset_data() 768 * 769 * @return bool Is using autosaved changeset revision. 770 */ 771 public function autosaved() { 772 return $this->autosaved; 773 } 774 775 /** 776 * Whether the changeset branching is allowed. 777 * 778 * @since 4.9.0 779 * 780 * @see WP_Customize_Manager::establish_loaded_changeset() 781 * 782 * @return bool Is changeset branching. 783 */ 784 public function branching() { 785 786 /** 787 * Filters whether or not changeset branching is allowed. 788 * 789 * By default in core, when changeset branching is not allowed, changesets will operate 790 * linearly in that only one saved changeset will exist at a time (with a 'draft' or 791 * 'future' status). This makes the Customizer operate in a way that is similar to going to 792 * "edit" to one existing post: all users will be making changes to the same post, and autosave 793 * revisions will be made for that post. 794 * 795 * By contrast, when changeset branching is allowed, then the model is like users going 796 * to "add new" for a page and each user makes changes independently of each other since 797 * they are all operating on their own separate pages, each getting their own separate 798 * initial auto-drafts and then once initially saved, autosave revisions on top of that 799 * user's specific post. 800 * 801 * Since linear changesets are deemed to be more suitable for the majority of WordPress users, 802 * they are the default. For WordPress sites that have heavy site management in the Customizer 803 * by multiple users then branching changesets should be enabled by means of this filter. 804 * 805 * @since 4.9.0 806 * 807 * @param bool $allow_branching Whether branching is allowed. If `false`, the default, 808 * then only one saved changeset exists at a time. 809 * @param WP_Customize_Manager $wp_customize Manager instance. 810 */ 811 $this->branching = apply_filters( 'customize_changeset_branching', $this->branching, $this ); 812 813 return $this->branching; 814 } 815 816 /** 817 * Gets the changeset UUID. 818 * 819 * @since 4.7.0 820 * 821 * @see WP_Customize_Manager::establish_loaded_changeset() 822 * 823 * @return string UUID. 824 */ 825 public function changeset_uuid() { 826 if ( empty( $this->_changeset_uuid ) ) { 827 $this->establish_loaded_changeset(); 828 } 829 return $this->_changeset_uuid; 830 } 831 832 /** 833 * Gets the theme being customized. 834 * 835 * @since 3.4.0 836 * 837 * @return WP_Theme 838 */ 839 public function theme() { 840 if ( ! $this->theme ) { 841 $this->theme = wp_get_theme(); 842 } 843 return $this->theme; 844 } 845 846 /** 847 * Gets the registered settings. 848 * 849 * @since 3.4.0 850 * 851 * @return array 852 */ 853 public function settings() { 854 return $this->settings; 855 } 856 857 /** 858 * Gets the registered controls. 859 * 860 * @since 3.4.0 861 * 862 * @return array 863 */ 864 public function controls() { 865 return $this->controls; 866 } 867 868 /** 869 * Gets the registered containers. 870 * 871 * @since 4.0.0 872 * 873 * @return array 874 */ 875 public function containers() { 876 return $this->containers; 877 } 878 879 /** 880 * Gets the registered sections. 881 * 882 * @since 3.4.0 883 * 884 * @return array 885 */ 886 public function sections() { 887 return $this->sections; 888 } 889 890 /** 891 * Gets the registered panels. 892 * 893 * @since 4.0.0 894 * 895 * @return array Panels. 896 */ 897 public function panels() { 898 return $this->panels; 899 } 900 901 /** 902 * Checks if the current theme is active. 903 * 904 * @since 3.4.0 905 * 906 * @return bool 907 */ 908 public function is_theme_active() { 909 return $this->get_stylesheet() === $this->original_stylesheet; 910 } 911 912 /** 913 * Registers styles/scripts and initialize the preview of each setting 914 * 915 * @since 3.4.0 916 */ 917 public function wp_loaded() { 918 919 /* 920 * Unconditionally register core types for panels, sections, and controls 921 * in case plugin unhooks all customize_register actions. 922 */ 923 $this->register_panel_type( 'WP_Customize_Panel' ); 924 $this->register_panel_type( 'WP_Customize_Themes_Panel' ); 925 $this->register_section_type( 'WP_Customize_Section' ); 926 $this->register_section_type( 'WP_Customize_Sidebar_Section' ); 927 $this->register_section_type( 'WP_Customize_Themes_Section' ); 928 $this->register_control_type( 'WP_Customize_Color_Control' ); 929 $this->register_control_type( 'WP_Customize_Media_Control' ); 930 $this->register_control_type( 'WP_Customize_Upload_Control' ); 931 $this->register_control_type( 'WP_Customize_Image_Control' ); 932 $this->register_control_type( 'WP_Customize_Background_Image_Control' ); 933 $this->register_control_type( 'WP_Customize_Background_Position_Control' ); 934 $this->register_control_type( 'WP_Customize_Cropped_Image_Control' ); 935 $this->register_control_type( 'WP_Customize_Site_Icon_Control' ); 936 $this->register_control_type( 'WP_Customize_Theme_Control' ); 937 $this->register_control_type( 'WP_Customize_Code_Editor_Control' ); 938 $this->register_control_type( 'WP_Customize_Date_Time_Control' ); 939 940 /** 941 * Fires once WordPress has loaded, allowing scripts and styles to be initialized. 942 * 943 * @since 3.4.0 944 * 945 * @param WP_Customize_Manager $manager WP_Customize_Manager instance. 946 */ 947 do_action( 'customize_register', $this ); 948 949 if ( $this->settings_previewed() ) { 950 foreach ( $this->settings as $setting ) { 951 $setting->preview(); 952 } 953 } 954 955 if ( $this->is_preview() && ! is_admin() ) { 956 $this->customize_preview_init(); 957 } 958 } 959 960 /** 961 * Prevents Ajax requests from following redirects when previewing a theme 962 * by issuing a 200 response instead of a 30x. 963 * 964 * Instead, the JS will sniff out the location header. 965 * 966 * @since 3.4.0 967 * @deprecated 4.7.0 968 * 969 * @param int $status Status. 970 * @return int 971 */ 972 public function wp_redirect_status( $status ) { 973 _deprecated_function( __FUNCTION__, '4.7.0' ); 974 975 if ( $this->is_preview() && ! is_admin() ) { 976 return 200; 977 } 978 979 return $status; 980 } 981 982 /** 983 * Finds the changeset post ID for a given changeset UUID. 984 * 985 * @since 4.7.0 986 * 987 * @param string $uuid Changeset UUID. 988 * @return int|null Returns post ID on success and null on failure. 989 */ 990 public function find_changeset_post_id( $uuid ) { 991 $cache_group = 'customize_changeset_post'; 992 $changeset_post_id = wp_cache_get( $uuid, $cache_group ); 993 if ( $changeset_post_id && 'customize_changeset' === get_post_type( $changeset_post_id ) ) { 994 return $changeset_post_id; 995 } 996 997 $changeset_post_query = new WP_Query( 998 array( 999 'post_type' => 'customize_changeset', 1000 'post_status' => get_post_stati(), 1001 'name' => $uuid, 1002 'posts_per_page' => 1, 1003 'no_found_rows' => true, 1004 'cache_results' => true, 1005 'update_post_meta_cache' => false, 1006 'update_post_term_cache' => false, 1007 'lazy_load_term_meta' => false, 1008 ) 1009 ); 1010 if ( ! empty( $changeset_post_query->posts ) ) { 1011 // Note: 'fields'=>'ids' is not being used in order to cache the post object as it will be needed. 1012 $changeset_post_id = $changeset_post_query->posts[0]->ID; 1013 wp_cache_set( $uuid, $changeset_post_id, $cache_group ); 1014 return $changeset_post_id; 1015 } 1016 1017 return null; 1018 } 1019 1020 /** 1021 * Gets changeset posts. 1022 * 1023 * @since 4.9.0 1024 * 1025 * @param array $args { 1026 * Args to pass into `get_posts()` to query changesets. 1027 * 1028 * @type int $posts_per_page Number of posts to return. Defaults to -1 (all posts). 1029 * @type int $author Post author. Defaults to current user. 1030 * @type string $post_status Status of changeset. Defaults to 'auto-draft'. 1031 * @type bool $exclude_restore_dismissed Whether to exclude changeset auto-drafts that have been dismissed. Defaults to true. 1032 * } 1033 * @return WP_Post[] Auto-draft changesets. 1034 */ 1035 protected function get_changeset_posts( $args = array() ) { 1036 $default_args = array( 1037 'exclude_restore_dismissed' => true, 1038 'posts_per_page' => -1, 1039 'post_type' => 'customize_changeset', 1040 'post_status' => 'auto-draft', 1041 'order' => 'DESC', 1042 'orderby' => 'date', 1043 'no_found_rows' => true, 1044 'cache_results' => true, 1045 'update_post_meta_cache' => false, 1046 'update_post_term_cache' => false, 1047 'lazy_load_term_meta' => false, 1048 ); 1049 if ( get_current_user_id() ) { 1050 $default_args['author'] = get_current_user_id(); 1051 } 1052 $args = array_merge( $default_args, $args ); 1053 1054 if ( ! empty( $args['exclude_restore_dismissed'] ) ) { 1055 unset( $args['exclude_restore_dismissed'] ); 1056 $args['meta_query'] = array( 1057 array( 1058 'key' => '_customize_restore_dismissed', 1059 'compare' => 'NOT EXISTS', 1060 ), 1061 ); 1062 } 1063 1064 return get_posts( $args ); 1065 } 1066 1067 /** 1068 * Dismisses all of the current user's auto-drafts (other than the present one). 1069 * 1070 * @since 4.9.0 1071 * @return int The number of auto-drafts that were dismissed. 1072 */ 1073 protected function dismiss_user_auto_draft_changesets() { 1074 $changeset_autodraft_posts = $this->get_changeset_posts( 1075 array( 1076 'post_status' => 'auto-draft', 1077 'exclude_restore_dismissed' => true, 1078 'posts_per_page' => -1, 1079 ) 1080 ); 1081 $dismissed = 0; 1082 foreach ( $changeset_autodraft_posts as $autosave_autodraft_post ) { 1083 if ( $autosave_autodraft_post->ID === $this->changeset_post_id() ) { 1084 continue; 1085 } 1086 if ( update_post_meta( $autosave_autodraft_post->ID, '_customize_restore_dismissed', true ) ) { 1087 ++$dismissed; 1088 } 1089 } 1090 return $dismissed; 1091 } 1092 1093 /** 1094 * Gets the changeset post ID for the loaded changeset. 1095 * 1096 * @since 4.7.0 1097 * 1098 * @return int|null Post ID on success or null if there is no post yet saved. 1099 */ 1100 public function changeset_post_id() { 1101 if ( ! isset( $this->_changeset_post_id ) ) { 1102 $post_id = $this->find_changeset_post_id( $this->changeset_uuid() ); 1103 if ( ! $post_id ) { 1104 $post_id = false; 1105 } 1106 $this->_changeset_post_id = $post_id; 1107 } 1108 if ( false === $this->_changeset_post_id ) { 1109 return null; 1110 } 1111 return $this->_changeset_post_id; 1112 } 1113 1114 /** 1115 * Gets the data stored in a changeset post. 1116 * 1117 * @since 4.7.0 1118 * 1119 * @param int $post_id Changeset post ID. 1120 * @return array|WP_Error Changeset data or WP_Error on error. 1121 */ 1122 protected function get_changeset_post_data( $post_id ) { 1123 if ( ! $post_id ) { 1124 return new WP_Error( 'empty_post_id' ); 1125 } 1126 $changeset_post = get_post( $post_id ); 1127 if ( ! $changeset_post ) { 1128 return new WP_Error( 'missing_post' ); 1129 } 1130 if ( 'revision' === $changeset_post->post_type ) { 1131 if ( 'customize_changeset' !== get_post_type( $changeset_post->post_parent ) ) { 1132 return new WP_Error( 'wrong_post_type' ); 1133 } 1134 } elseif ( 'customize_changeset' !== $changeset_post->post_type ) { 1135 return new WP_Error( 'wrong_post_type' ); 1136 } 1137 $changeset_data = json_decode( $changeset_post->post_content, true ); 1138 $last_error = json_last_error(); 1139 if ( $last_error ) { 1140 return new WP_Error( 'json_parse_error', '', $last_error ); 1141 } 1142 if ( ! is_array( $changeset_data ) ) { 1143 return new WP_Error( 'expected_array' ); 1144 } 1145 return $changeset_data; 1146 } 1147 1148 /** 1149 * Gets changeset data. 1150 * 1151 * @since 4.7.0 1152 * @since 4.9.0 This will return the changeset's data with a user's autosave revision merged on top, if one exists and $autosaved is true. 1153 * 1154 * @return array Changeset data. 1155 */ 1156 public function changeset_data() { 1157 if ( isset( $this->_changeset_data ) ) { 1158 return $this->_changeset_data; 1159 } 1160 $changeset_post_id = $this->changeset_post_id(); 1161 if ( ! $changeset_post_id ) { 1162 $this->_changeset_data = array(); 1163 } else { 1164 if ( $this->autosaved() && is_user_logged_in() ) { 1165 $autosave_post = wp_get_post_autosave( $changeset_post_id, get_current_user_id() ); 1166 if ( $autosave_post ) { 1167 $data = $this->get_changeset_post_data( $autosave_post->ID ); 1168 if ( ! is_wp_error( $data ) ) { 1169 $this->_changeset_data = $data; 1170 } 1171 } 1172 } 1173 1174 // Load data from the changeset if it was not loaded from an autosave. 1175 if ( ! isset( $this->_changeset_data ) ) { 1176 $data = $this->get_changeset_post_data( $changeset_post_id ); 1177 if ( ! is_wp_error( $data ) ) { 1178 $this->_changeset_data = $data; 1179 } else { 1180 $this->_changeset_data = array(); 1181 } 1182 } 1183 } 1184 return $this->_changeset_data; 1185 } 1186 1187 /** 1188 * Starter content setting IDs. 1189 * 1190 * @since 4.7.0 1191 * @var array 1192 */ 1193 protected $pending_starter_content_settings_ids = array(); 1194 1195 /** 1196 * Imports theme starter content into the customized state. 1197 * 1198 * @since 4.7.0 1199 * 1200 * @param array $starter_content Starter content. Defaults to `get_theme_starter_content()`. 1201 */ 1202 public function import_theme_starter_content( $starter_content = array() ) { 1203 if ( empty( $starter_content ) ) { 1204 $starter_content = get_theme_starter_content(); 1205 } 1206 1207 $changeset_data = array(); 1208 if ( $this->changeset_post_id() ) { 1209 /* 1210 * Don't re-import starter content into a changeset saved persistently. 1211 * This will need to be revisited in the future once theme switching 1212 * is allowed with drafted/scheduled changesets, since switching to 1213 * another theme could result in more starter content being applied. 1214 * However, when doing an explicit save it is currently possible for 1215 * nav menus and nav menu items specifically to lose their starter_content 1216 * flags, thus resulting in duplicates being created since they fail 1217 * to get re-used. See #40146. 1218 */ 1219 if ( 'auto-draft' !== get_post_status( $this->changeset_post_id() ) ) { 1220 return; 1221 } 1222 1223 $changeset_data = $this->get_changeset_post_data( $this->changeset_post_id() ); 1224 } 1225 1226 $sidebars_widgets = isset( $starter_content['widgets'] ) && ! empty( $this->widgets ) ? $starter_content['widgets'] : array(); 1227 $attachments = isset( $starter_content['attachments'] ) && ! empty( $this->nav_menus ) ? $starter_content['attachments'] : array(); 1228 $posts = isset( $starter_content['posts'] ) && ! empty( $this->nav_menus ) ? $starter_content['posts'] : array(); 1229 $options = isset( $starter_content['options'] ) ? $starter_content['options'] : array(); 1230 $nav_menus = isset( $starter_content['nav_menus'] ) && ! empty( $this->nav_menus ) ? $starter_content['nav_menus'] : array(); 1231 $theme_mods = isset( $starter_content['theme_mods'] ) ? $starter_content['theme_mods'] : array(); 1232 1233 // Widgets. 1234 $max_widget_numbers = array(); 1235 foreach ( $sidebars_widgets as $sidebar_id => $widgets ) { 1236 $sidebar_widget_ids = array(); 1237 foreach ( $widgets as $widget ) { 1238 list( $id_base, $instance ) = $widget; 1239 1240 if ( ! isset( $max_widget_numbers[ $id_base ] ) ) { 1241 1242 // When $settings is an array-like object, get an intrinsic array for use with array_keys(). 1243 $settings = get_option( "widget_{$id_base}", array() ); 1244 if ( $settings instanceof ArrayObject || $settings instanceof ArrayIterator ) { 1245 $settings = $settings->getArrayCopy(); 1246 } 1247 1248 unset( $settings['_multiwidget'] ); 1249 1250 // Find the max widget number for this type. 1251 $widget_numbers = array_keys( $settings ); 1252 if ( count( $widget_numbers ) > 0 ) { 1253 $widget_numbers[] = 1; 1254 $max_widget_numbers[ $id_base ] = max( ...$widget_numbers ); 1255 } else { 1256 $max_widget_numbers[ $id_base ] = 1; 1257 } 1258 } 1259 $max_widget_numbers[ $id_base ] += 1; 1260 1261 $widget_id = sprintf( '%s-%d', $id_base, $max_widget_numbers[ $id_base ] ); 1262 $setting_id = sprintf( 'widget_%s[%d]', $id_base, $max_widget_numbers[ $id_base ] ); 1263 1264 $setting_value = $this->widgets->sanitize_widget_js_instance( $instance ); 1265 if ( empty( $changeset_data[ $setting_id ] ) || ! empty( $changeset_data[ $setting_id ]['starter_content'] ) ) { 1266 $this->set_post_value( $setting_id, $setting_value ); 1267 $this->pending_starter_content_settings_ids[] = $setting_id; 1268 } 1269 $sidebar_widget_ids[] = $widget_id; 1270 } 1271 1272 $setting_id = sprintf( 'sidebars_widgets[%s]', $sidebar_id ); 1273 if ( empty( $changeset_data[ $setting_id ] ) || ! empty( $changeset_data[ $setting_id ]['starter_content'] ) ) { 1274 $this->set_post_value( $setting_id, $sidebar_widget_ids ); 1275 $this->pending_starter_content_settings_ids[] = $setting_id; 1276 } 1277 } 1278 1279 $starter_content_auto_draft_post_ids = array(); 1280 if ( ! empty( $changeset_data['nav_menus_created_posts']['value'] ) ) { 1281 $starter_content_auto_draft_post_ids = array_merge( $starter_content_auto_draft_post_ids, $changeset_data['nav_menus_created_posts']['value'] ); 1282 } 1283 1284 // Make an index of all the posts needed and what their slugs are. 1285 $needed_posts = array(); 1286 $attachments = $this->prepare_starter_content_attachments( $attachments ); 1287 foreach ( $attachments as $attachment ) { 1288 $key = 'attachment:' . $attachment['post_name']; 1289 $needed_posts[ $key ] = true; 1290 } 1291 foreach ( array_keys( $posts ) as $post_symbol ) { 1292 if ( empty( $posts[ $post_symbol ]['post_name'] ) && empty( $posts[ $post_symbol ]['post_title'] ) ) { 1293 unset( $posts[ $post_symbol ] ); 1294 continue; 1295 } 1296 if ( empty( $posts[ $post_symbol ]['post_name'] ) ) { 1297 $posts[ $post_symbol ]['post_name'] = sanitize_title( $posts[ $post_symbol ]['post_title'] ); 1298 } 1299 if ( empty( $posts[ $post_symbol ]['post_type'] ) ) { 1300 $posts[ $post_symbol ]['post_type'] = 'post'; 1301 } 1302 $needed_posts[ $posts[ $post_symbol ]['post_type'] . ':' . $posts[ $post_symbol ]['post_name'] ] = true; 1303 } 1304 $all_post_slugs = array_merge( 1305 wp_list_pluck( $attachments, 'post_name' ), 1306 wp_list_pluck( $posts, 'post_name' ) 1307 ); 1308 1309 /* 1310 * Obtain all post types referenced in starter content to use in query. 1311 * This is needed because 'any' will not account for post types not yet registered. 1312 */ 1313 $post_types = array_filter( array_merge( array( 'attachment' ), wp_list_pluck( $posts, 'post_type' ) ) ); 1314 1315 // Re-use auto-draft starter content posts referenced in the current customized state. 1316 $existing_starter_content_posts = array(); 1317 if ( ! empty( $starter_content_auto_draft_post_ids ) ) { 1318 $existing_posts_query = new WP_Query( 1319 array( 1320 'post__in' => $starter_content_auto_draft_post_ids, 1321 'post_status' => 'auto-draft', 1322 'post_type' => $post_types, 1323 'posts_per_page' => -1, 1324 ) 1325 ); 1326 foreach ( $existing_posts_query->posts as $existing_post ) { 1327 $post_name = $existing_post->post_name; 1328 if ( empty( $post_name ) ) { 1329 $post_name = get_post_meta( $existing_post->ID, '_customize_draft_post_name', true ); 1330 } 1331 $existing_starter_content_posts[ $existing_post->post_type . ':' . $post_name ] = $existing_post; 1332 } 1333 } 1334 1335 // Re-use non-auto-draft posts. 1336 if ( ! empty( $all_post_slugs ) ) { 1337 $existing_posts_query = new WP_Query( 1338 array( 1339 'post_name__in' => $all_post_slugs, 1340 'post_status' => array_diff( get_post_stati(), array( 'auto-draft' ) ), 1341 'post_type' => 'any', 1342 'posts_per_page' => -1, 1343 ) 1344 ); 1345 foreach ( $existing_posts_query->posts as $existing_post ) { 1346 $key = $existing_post->post_type . ':' . $existing_post->post_name; 1347 if ( isset( $needed_posts[ $key ] ) && ! isset( $existing_starter_content_posts[ $key ] ) ) { 1348 $existing_starter_content_posts[ $key ] = $existing_post; 1349 } 1350 } 1351 } 1352 1353 // Attachments are technically posts but handled differently. 1354 if ( ! empty( $attachments ) ) { 1355 1356 $attachment_ids = array(); 1357 1358 foreach ( $attachments as $symbol => $attachment ) { 1359 $file_array = array( 1360 'name' => $attachment['file_name'], 1361 ); 1362 $file_path = $attachment['file_path']; 1363 $attachment_id = null; 1364 $attached_file = null; 1365 if ( isset( $existing_starter_content_posts[ 'attachment:' . $attachment['post_name'] ] ) ) { 1366 $attachment_post = $existing_starter_content_posts[ 'attachment:' . $attachment['post_name'] ]; 1367 $attachment_id = $attachment_post->ID; 1368 $attached_file = get_attached_file( $attachment_id ); 1369 if ( empty( $attached_file ) || ! file_exists( $attached_file ) ) { 1370 $attachment_id = null; 1371 $attached_file = null; 1372 } elseif ( $this->get_stylesheet() !== get_post_meta( $attachment_post->ID, '_starter_content_theme', true ) ) { 1373 1374 // Re-generate attachment metadata since it was previously generated for a different theme. 1375 $metadata = wp_generate_attachment_metadata( $attachment_post->ID, $attached_file ); 1376 wp_update_attachment_metadata( $attachment_id, $metadata ); 1377 update_post_meta( $attachment_id, '_starter_content_theme', $this->get_stylesheet() ); 1378 } 1379 } 1380 1381 // Insert the attachment auto-draft because it doesn't yet exist or the attached file is gone. 1382 if ( ! $attachment_id ) { 1383 1384 // Copy file to temp location so that original file won't get deleted from theme after sideloading. 1385 $temp_file_name = wp_tempnam( wp_basename( $file_path ) ); 1386 if ( $temp_file_name && copy( $file_path, $temp_file_name ) ) { 1387 $file_array['tmp_name'] = $temp_file_name; 1388 } 1389 if ( empty( $file_array['tmp_name'] ) ) { 1390 continue; 1391 } 1392 1393 $attachment_post_data = array_merge( 1394 wp_array_slice_assoc( $attachment, array( 'post_title', 'post_content', 'post_excerpt' ) ), 1395 array( 1396 'post_status' => 'auto-draft', // So attachment will be garbage collected in a week if changeset is never published. 1397 ) 1398 ); 1399 1400 $attachment_id = media_handle_sideload( $file_array, 0, null, $attachment_post_data ); 1401 if ( is_wp_error( $attachment_id ) ) { 1402 continue; 1403 } 1404 update_post_meta( $attachment_id, '_starter_content_theme', $this->get_stylesheet() ); 1405 update_post_meta( $attachment_id, '_customize_draft_post_name', $attachment['post_name'] ); 1406 } 1407 1408 $attachment_ids[ $symbol ] = $attachment_id; 1409 } 1410 $starter_content_auto_draft_post_ids = array_merge( $starter_content_auto_draft_post_ids, array_values( $attachment_ids ) ); 1411 } 1412 1413 // Posts & pages. 1414 if ( ! empty( $posts ) ) { 1415 foreach ( array_keys( $posts ) as $post_symbol ) { 1416 if ( empty( $posts[ $post_symbol ]['post_type'] ) || empty( $posts[ $post_symbol ]['post_name'] ) ) { 1417 continue; 1418 } 1419 $post_type = $posts[ $post_symbol ]['post_type']; 1420 if ( ! empty( $posts[ $post_symbol ]['post_name'] ) ) { 1421 $post_name = $posts[ $post_symbol ]['post_name']; 1422 } elseif ( ! empty( $posts[ $post_symbol ]['post_title'] ) ) { 1423 $post_name = sanitize_title( $posts[ $post_symbol ]['post_title'] ); 1424 } else { 1425 continue; 1426 } 1427 1428 // Use existing auto-draft post if one already exists with the same type and name. 1429 if ( isset( $existing_starter_content_posts[ $post_type . ':' . $post_name ] ) ) { 1430 $posts[ $post_symbol ]['ID'] = $existing_starter_content_posts[ $post_type . ':' . $post_name ]->ID; 1431 continue; 1432 } 1433 1434 // Translate the featured image symbol. 1435 if ( ! empty( $posts[ $post_symbol ]['thumbnail'] ) 1436 && preg_match( '/^{{(?P<symbol>.+)}}$/', $posts[ $post_symbol ]['thumbnail'], $matches ) 1437 && isset( $attachment_ids[ $matches['symbol'] ] ) ) { 1438 $posts[ $post_symbol ]['meta_input']['_thumbnail_id'] = $attachment_ids[ $matches['symbol'] ]; 1439 } 1440 1441 if ( ! empty( $posts[ $post_symbol ]['template'] ) ) { 1442 $posts[ $post_symbol ]['meta_input']['_wp_page_template'] = $posts[ $post_symbol ]['template']; 1443 } 1444 1445 $r = $this->nav_menus->insert_auto_draft_post( $posts[ $post_symbol ] ); 1446 if ( $r instanceof WP_Post ) { 1447 $posts[ $post_symbol ]['ID'] = $r->ID; 1448 } 1449 } 1450 1451 $starter_content_auto_draft_post_ids = array_merge( $starter_content_auto_draft_post_ids, wp_list_pluck( $posts, 'ID' ) ); 1452 } 1453 1454 // The nav_menus_created_posts setting is why nav_menus component is dependency for adding posts. 1455 if ( ! empty( $this->nav_menus ) && ! empty( $starter_content_auto_draft_post_ids ) ) { 1456 $setting_id = 'nav_menus_created_posts'; 1457 $this->set_post_value( $setting_id, array_unique( array_values( $starter_content_auto_draft_post_ids ) ) ); 1458 $this->pending_starter_content_settings_ids[] = $setting_id; 1459 } 1460 1461 // Nav menus. 1462 $placeholder_id = -1; 1463 $reused_nav_menu_setting_ids = array(); 1464 foreach ( $nav_menus as $nav_menu_location => $nav_menu ) { 1465 1466 $nav_menu_term_id = null; 1467 $nav_menu_setting_id = null; 1468 $matches = array(); 1469 1470 // Look for an existing placeholder menu with starter content to re-use. 1471 foreach ( $changeset_data as $setting_id => $setting_params ) { 1472 $can_reuse = ( 1473 ! empty( $setting_params['starter_content'] ) 1474 && 1475 ! in_array( $setting_id, $reused_nav_menu_setting_ids, true ) 1476 && 1477 preg_match( '#^nav_menu\[(?P<nav_menu_id>-?\d+)\]$#', $setting_id, $matches ) 1478 ); 1479 if ( $can_reuse ) { 1480 $nav_menu_term_id = (int) $matches['nav_menu_id']; 1481 $nav_menu_setting_id = $setting_id; 1482 $reused_nav_menu_setting_ids[] = $setting_id; 1483 break; 1484 } 1485 } 1486 1487 if ( ! $nav_menu_term_id ) { 1488 while ( isset( $changeset_data[ sprintf( 'nav_menu[%d]', $placeholder_id ) ] ) ) { 1489 --$placeholder_id; 1490 } 1491 $nav_menu_term_id = $placeholder_id; 1492 $nav_menu_setting_id = sprintf( 'nav_menu[%d]', $placeholder_id ); 1493 } 1494 1495 $this->set_post_value( 1496 $nav_menu_setting_id, 1497 array( 1498 'name' => isset( $nav_menu['name'] ) ? $nav_menu['name'] : $nav_menu_location, 1499 ) 1500 ); 1501 $this->pending_starter_content_settings_ids[] = $nav_menu_setting_id; 1502 1503 // @todo Add support for menu_item_parent. 1504 $position = 0; 1505 foreach ( $nav_menu['items'] as $nav_menu_item ) { 1506 $nav_menu_item_setting_id = sprintf( 'nav_menu_item[%d]', $placeholder_id-- ); 1507 if ( ! isset( $nav_menu_item['position'] ) ) { 1508 $nav_menu_item['position'] = $position++; 1509 } 1510 $nav_menu_item['nav_menu_term_id'] = $nav_menu_term_id; 1511 1512 if ( isset( $nav_menu_item['object_id'] ) ) { 1513 if ( 'post_type' === $nav_menu_item['type'] && preg_match( '/^{{(?P<symbol>.+)}}$/', $nav_menu_item['object_id'], $matches ) && isset( $posts[ $matches['symbol'] ] ) ) { 1514 $nav_menu_item['object_id'] = $posts[ $matches['symbol'] ]['ID']; 1515 if ( empty( $nav_menu_item['title'] ) ) { 1516 $original_object = get_post( $nav_menu_item['object_id'] ); 1517 $nav_menu_item['title'] = $original_object->post_title; 1518 } 1519 } else { 1520 continue; 1521 } 1522 } else { 1523 $nav_menu_item['object_id'] = 0; 1524 } 1525 1526 if ( empty( $changeset_data[ $nav_menu_item_setting_id ] ) || ! empty( $changeset_data[ $nav_menu_item_setting_id ]['starter_content'] ) ) { 1527 $this->set_post_value( $nav_menu_item_setting_id, $nav_menu_item ); 1528 $this->pending_starter_content_settings_ids[] = $nav_menu_item_setting_id; 1529 } 1530 } 1531 1532 $setting_id = sprintf( 'nav_menu_locations[%s]', $nav_menu_location ); 1533 if ( empty( $changeset_data[ $setting_id ] ) || ! empty( $changeset_data[ $setting_id ]['starter_content'] ) ) { 1534 $this->set_post_value( $setting_id, $nav_menu_term_id ); 1535 $this->pending_starter_content_settings_ids[] = $setting_id; 1536 } 1537 } 1538 1539 // Options. 1540 foreach ( $options as $name => $value ) { 1541 1542 // Serialize the value to check for post symbols. 1543 $value = maybe_serialize( $value ); 1544 1545 if ( is_serialized( $value ) ) { 1546 if ( preg_match( '/s:\d+:"{{(?P<symbol>.+)}}"/', $value, $matches ) ) { 1547 if ( isset( $posts[ $matches['symbol'] ] ) ) { 1548 $symbol_match = $posts[ $matches['symbol'] ]['ID']; 1549 } elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) { 1550 $symbol_match = $attachment_ids[ $matches['symbol'] ]; 1551 } 1552 1553 // If we have any symbol matches, update the values. 1554 if ( isset( $symbol_match ) ) { 1555 // Replace found string matches with post IDs. 1556 $value = str_replace( $matches[0], "i:{$symbol_match}", $value ); 1557 } else { 1558 continue; 1559 } 1560 } 1561 } elseif ( preg_match( '/^{{(?P<symbol>.+)}}$/', $value, $matches ) ) { 1562 if ( isset( $posts[ $matches['symbol'] ] ) ) { 1563 $value = $posts[ $matches['symbol'] ]['ID']; 1564 } elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) { 1565 $value = $attachment_ids[ $matches['symbol'] ]; 1566 } else { 1567 continue; 1568 } 1569 } 1570 1571 // Unserialize values after checking for post symbols, so they can be properly referenced. 1572 $value = maybe_unserialize( $value ); 1573 1574 if ( empty( $changeset_data[ $name ] ) || ! empty( $changeset_data[ $name ]['starter_content'] ) ) { 1575 $this->set_post_value( $name, $value ); 1576 $this->pending_starter_content_settings_ids[] = $name; 1577 } 1578 } 1579 1580 // Theme mods. 1581 foreach ( $theme_mods as $name => $value ) { 1582 1583 // Serialize the value to check for post symbols. 1584 $value = maybe_serialize( $value ); 1585 1586 // Check if value was serialized. 1587 if ( is_serialized( $value ) ) { 1588 if ( preg_match( '/s:\d+:"{{(?P<symbol>.+)}}"/', $value, $matches ) ) { 1589 if ( isset( $posts[ $matches['symbol'] ] ) ) { 1590 $symbol_match = $posts[ $matches['symbol'] ]['ID']; 1591 } elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) { 1592 $symbol_match = $attachment_ids[ $matches['symbol'] ]; 1593 } 1594 1595 // If we have any symbol matches, update the values. 1596 if ( isset( $symbol_match ) ) { 1597 // Replace found string matches with post IDs. 1598 $value = str_replace( $matches[0], "i:{$symbol_match}", $value ); 1599 } else { 1600 continue; 1601 } 1602 } 1603 } elseif ( preg_match( '/^{{(?P<symbol>.+)}}$/', $value, $matches ) ) { 1604 if ( isset( $posts[ $matches['symbol'] ] ) ) { 1605 $value = $posts[ $matches['symbol'] ]['ID']; 1606 } elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) { 1607 $value = $attachment_ids[ $matches['symbol'] ]; 1608 } else { 1609 continue; 1610 } 1611 } 1612 1613 // Unserialize values after checking for post symbols, so they can be properly referenced. 1614 $value = maybe_unserialize( $value ); 1615 1616 // Handle header image as special case since setting has a legacy format. 1617 if ( 'header_image' === $name ) { 1618 $name = 'header_image_data'; 1619 $metadata = wp_get_attachment_metadata( $value ); 1620 if ( empty( $metadata ) ) { 1621 continue; 1622 } 1623 $value = array( 1624 'attachment_id' => $value, 1625 'url' => wp_get_attachment_url( $value ), 1626 'height' => $metadata['height'], 1627 'width' => $metadata['width'], 1628 ); 1629 } elseif ( 'background_image' === $name ) { 1630 $value = wp_get_attachment_url( $value ); 1631 } 1632 1633 if ( empty( $changeset_data[ $name ] ) || ! empty( $changeset_data[ $name ]['starter_content'] ) ) { 1634 $this->set_post_value( $name, $value ); 1635 $this->pending_starter_content_settings_ids[] = $name; 1636 } 1637 } 1638 1639 if ( ! empty( $this->pending_starter_content_settings_ids ) ) { 1640 if ( did_action( 'customize_register' ) ) { 1641 $this->_save_starter_content_changeset(); 1642 } else { 1643 add_action( 'customize_register', array( $this, '_save_starter_content_changeset' ), 1000 ); 1644 } 1645 } 1646 } 1647 1648 /** 1649 * Prepares starter content attachments. 1650 * 1651 * Ensure that the attachments are valid and that they have slugs and file name/path. 1652 * 1653 * @since 4.7.0 1654 * 1655 * @param array $attachments Attachments. 1656 * @return array Prepared attachments. 1657 */ 1658 protected function prepare_starter_content_attachments( $attachments ) { 1659 $prepared_attachments = array(); 1660 if ( empty( $attachments ) ) { 1661 return $prepared_attachments; 1662 } 1663 1664 // Such is The WordPress Way. 1665 require_once ABSPATH . 'wp-admin/includes/file.php'; 1666 require_once ABSPATH . 'wp-admin/includes/media.php'; 1667 require_once ABSPATH . 'wp-admin/includes/image.php'; 1668 1669 foreach ( $attachments as $symbol => $attachment ) { 1670 1671 // A file is required and URLs to files are not currently allowed. 1672 if ( empty( $attachment['file'] ) || preg_match( '#^https?://$#', $attachment['file'] ) ) { 1673 continue; 1674 } 1675 1676 $file_path = null; 1677 if ( file_exists( $attachment['file'] ) ) { 1678 $file_path = $attachment['file']; // Could be absolute path to file in plugin. 1679 } elseif ( is_child_theme() && file_exists( get_stylesheet_directory() . '/' . $attachment['file'] ) ) { 1680 $file_path = get_stylesheet_directory() . '/' . $attachment['file']; 1681 } elseif ( file_exists( get_template_directory() . '/' . $attachment['file'] ) ) { 1682 $file_path = get_template_directory() . '/' . $attachment['file']; 1683 } else { 1684 continue; 1685 } 1686 $file_name = wp_basename( $attachment['file'] ); 1687 1688 // Skip file types that are not recognized. 1689 $checked_filetype = wp_check_filetype( $file_name ); 1690 if ( empty( $checked_filetype['type'] ) ) { 1691 continue; 1692 } 1693 1694 // Ensure post_name is set since not automatically derived from post_title for new auto-draft posts. 1695 if ( empty( $attachment['post_name'] ) ) { 1696 if ( ! empty( $attachment['post_title'] ) ) { 1697 $attachment['post_name'] = sanitize_title( $attachment['post_title'] ); 1698 } else { 1699 $attachment['post_name'] = sanitize_title( preg_replace( '/\.\w+$/', '', $file_name ) ); 1700 } 1701 } 1702 1703 $attachment['file_name'] = $file_name; 1704 $attachment['file_path'] = $file_path; 1705 $prepared_attachments[ $symbol ] = $attachment; 1706 } 1707 return $prepared_attachments; 1708 } 1709 1710 /** 1711 * Saves starter content changeset. 1712 * 1713 * @since 4.7.0 1714 */ 1715 public function _save_starter_content_changeset() { 1716 1717 if ( empty( $this->pending_starter_content_settings_ids ) ) { 1718 return; 1719 } 1720 1721 $this->save_changeset_post( 1722 array( 1723 'data' => array_fill_keys( $this->pending_starter_content_settings_ids, array( 'starter_content' => true ) ), 1724 'starter_content' => true, 1725 ) 1726 ); 1727 $this->saved_starter_content_changeset = true; 1728 1729 $this->pending_starter_content_settings_ids = array(); 1730 } 1731 1732 /** 1733 * Gets dirty pre-sanitized setting values in the current customized state. 1734 * 1735 * The returned array consists of a merge of three sources: 1736 * 1. If the theme is not currently active, then the base array is any stashed 1737 * theme mods that were modified previously but never published. 1738 * 2. The values from the current changeset, if it exists. 1739 * 3. If the user can customize, the values parsed from the incoming 1740 * `$_POST['customized']` JSON data. 1741 * 4. Any programmatically-set post values via `WP_Customize_Manager::set_post_value()`. 1742 * 1743 * The name "unsanitized_post_values" is a carry-over from when the customized 1744 * state was exclusively sourced from `$_POST['customized']`. Nevertheless, 1745 * the value returned will come from the current changeset post and from the 1746 * incoming post data. 1747 * 1748 * @since 4.1.1 1749 * @since 4.7.0 Added `$args` parameter and merging with changeset values and stashed theme mods. 1750 * 1751 * @param array $args { 1752 * Args. 1753 * 1754 * @type bool $exclude_changeset Whether the changeset values should also be excluded. Defaults to false. 1755 * @type bool $exclude_post_data Whether the post input values should also be excluded. Defaults to false when lacking the customize capability. 1756 * } 1757 * @return array 1758 */ 1759 public function unsanitized_post_values( $args = array() ) { 1760 $args = array_merge( 1761 array( 1762 'exclude_changeset' => false, 1763 'exclude_post_data' => ! current_user_can( 'customize' ), 1764 ), 1765 $args 1766 ); 1767 1768 $values = array(); 1769 1770 // Let default values be from the stashed theme mods if doing a theme switch and if no changeset is present. 1771 if ( ! $this->is_theme_active() ) { 1772 $stashed_theme_mods = get_option( 'customize_stashed_theme_mods' ); 1773 $stylesheet = $this->get_stylesheet(); 1774 if ( isset( $stashed_theme_mods[ $stylesheet ] ) ) { 1775 $values = array_merge( $values, wp_list_pluck( $stashed_theme_mods[ $stylesheet ], 'value' ) ); 1776 } 1777 } 1778 1779 if ( ! $args['exclude_changeset'] ) { 1780 foreach ( $this->changeset_data() as $setting_id => $setting_params ) { 1781 if ( ! array_key_exists( 'value', $setting_params ) ) { 1782 continue; 1783 } 1784 if ( isset( $setting_params['type'] ) && 'theme_mod' === $setting_params['type'] ) { 1785 1786 // Ensure that theme mods values are only used if they were saved under the active theme. 1787 $namespace_pattern = '/^(?P<stylesheet>.+?)::(?P<setting_id>.+)$/'; 1788 if ( preg_match( $namespace_pattern, $setting_id, $matches ) && $this->get_stylesheet() === $matches['stylesheet'] ) { 1789 $values[ $matches['setting_id'] ] = $setting_params['value']; 1790 } 1791 } else { 1792 $values[ $setting_id ] = $setting_params['value']; 1793 } 1794 } 1795 } 1796 1797 if ( ! $args['exclude_post_data'] ) { 1798 if ( ! isset( $this->_post_values ) ) { 1799 if ( isset( $_POST['customized'] ) ) { 1800 $post_values = json_decode( wp_unslash( $_POST['customized'] ), true ); 1801 } else { 1802 $post_values = array(); 1803 } 1804 if ( is_array( $post_values ) ) { 1805 $this->_post_values = $post_values; 1806 } else { 1807 $this->_post_values = array(); 1808 } 1809 } 1810 $values = array_merge( $values, $this->_post_values ); 1811 } 1812 return $values; 1813 } 1814 1815 /** 1816 * Returns the sanitized value for a given setting from the current customized state. 1817 * 1818 * The name "post_value" is a carry-over from when the customized state was exclusively 1819 * sourced from `$_POST['customized']`. Nevertheless, the value returned will come 1820 * from the current changeset post and from the incoming post data. 1821 * 1822 * @since 3.4.0 1823 * @since 4.1.1 Introduced the `$default_value` parameter. 1824 * @since 4.6.0 `$default_value` is now returned early when the setting post value is invalid. 1825 * 1826 * @see WP_REST_Server::dispatch() 1827 * @see WP_REST_Request::sanitize_params() 1828 * @see WP_REST_Request::has_valid_params() 1829 * 1830 * @param WP_Customize_Setting $setting A WP_Customize_Setting derived object. 1831 * @param mixed $default_value Value returned if `$setting` has no post value (added in 4.2.0) 1832 * or the post value is invalid (added in 4.6.0). 1833 * @return string|mixed Sanitized value or the `$default_value` provided. 1834 */ 1835 public function post_value( $setting, $default_value = null ) { 1836 $post_values = $this->unsanitized_post_values(); 1837 if ( ! array_key_exists( $setting->id, $post_values ) ) { 1838 return $default_value; 1839 } 1840 1841 $value = $post_values[ $setting->id ]; 1842 $valid = $setting->validate( $value ); 1843 if ( is_wp_error( $valid ) ) { 1844 return $default_value; 1845 } 1846 1847 $value = $setting->sanitize( $value ); 1848 if ( is_null( $value ) || is_wp_error( $value ) ) { 1849 return $default_value; 1850 } 1851 1852 return $value; 1853 } 1854 1855 /** 1856 * Overrides a setting's value in the current customized state. 1857 * 1858 * The name "post_value" is a carry-over from when the customized state was 1859 * exclusively sourced from `$_POST['customized']`. 1860 * 1861 * @since 4.2.0 1862 * 1863 * @param string $setting_id ID for the WP_Customize_Setting instance. 1864 * @param mixed $value Post value. 1865 */ 1866 public function set_post_value( $setting_id, $value ) { 1867 $this->unsanitized_post_values(); // Populate _post_values from $_POST['customized']. 1868 $this->_post_values[ $setting_id ] = $value; 1869 1870 /** 1871 * Announces when a specific setting's unsanitized post value has been set. 1872 * 1873 * Fires when the WP_Customize_Manager::set_post_value() method is called. 1874 * 1875 * The dynamic portion of the hook name, `$setting_id`, refers to the setting ID. 1876 * 1877 * @since 4.4.0 1878 * 1879 * @param mixed $value Unsanitized setting post value. 1880 * @param WP_Customize_Manager $manager WP_Customize_Manager instance. 1881 */ 1882 do_action( "customize_post_value_set_{$setting_id}", $value, $this ); 1883 1884 /** 1885 * Announces when any setting's unsanitized post value has been set. 1886 * 1887 * Fires when the WP_Customize_Manager::set_post_value() method is called. 1888 * 1889 * This is useful for `WP_Customize_Setting` instances to watch 1890 * in order to update a cached previewed value. 1891 * 1892 * @since 4.4.0 1893 * 1894 * @param string $setting_id Setting ID. 1895 * @param mixed $value Unsanitized setting post value. 1896 * @param WP_Customize_Manager $manager WP_Customize_Manager instance. 1897 */ 1898 do_action( 'customize_post_value_set', $setting_id, $value, $this ); 1899 } 1900 1901 /** 1902 * Prints JavaScript settings. 1903 * 1904 * @since 3.4.0 1905 */ 1906 public function customize_preview_init() { 1907 1908 /* 1909 * Now that Customizer previews are loaded into iframes via GET requests 1910 * and natural URLs with transaction UUIDs added, we need to ensure that 1911 * the responses are never cached by proxies. In practice, this will not 1912 * be needed if the user is logged-in anyway. But if anonymous access is 1913 * allowed then the auth cookies would not be sent and WordPress would 1914 * not send no-cache headers by default. 1915 */ 1916 if ( ! headers_sent() ) { 1917 nocache_headers(); 1918 header( 'X-Robots: noindex, nofollow, noarchive' ); 1919 header( 'X-Robots-Tag: noindex, nofollow, noarchive' ); 1920 } 1921 add_filter( 'wp_robots', 'wp_robots_no_robots' ); 1922 add_filter( 'wp_headers', array( $this, 'filter_iframe_security_headers' ) ); 1923 1924 /* 1925 * If preview is being served inside the customizer preview iframe, and 1926 * if the user doesn't have customize capability, then it is assumed 1927 * that the user's session has expired and they need to re-authenticate. 1928 */ 1929 if ( $this->messenger_channel && ! current_user_can( 'customize' ) ) { 1930 $this->wp_die( 1931 -1, 1932 sprintf( 1933 /* translators: %s: customize_messenger_channel */ 1934 __( 'Unauthorized. You may remove the %s param to preview as frontend.' ), 1935 '<code>customize_messenger_channel<code>' 1936 ) 1937 ); 1938 return; 1939 } 1940 1941 $this->prepare_controls(); 1942 1943 add_filter( 'wp_redirect', array( $this, 'add_state_query_params' ) ); 1944 1945 wp_enqueue_script( 'customize-preview' ); 1946 wp_enqueue_style( 'customize-preview' ); 1947 add_action( 'wp_head', array( $this, 'customize_preview_loading_style' ) ); 1948 add_action( 'wp_head', array( $this, 'remove_frameless_preview_messenger_channel' ) ); 1949 add_action( 'wp_footer', array( $this, 'customize_preview_settings' ), 20 ); 1950 add_filter( 'get_edit_post_link', '__return_empty_string' ); 1951 1952 /** 1953 * Fires once the Customizer preview has initialized and JavaScript 1954 * settings have been printed. 1955 * 1956 * @since 3.4.0 1957 * 1958 * @param WP_Customize_Manager $manager WP_Customize_Manager instance. 1959 */ 1960 do_action( 'customize_preview_init', $this ); 1961 } 1962 1963 /** 1964 * Filters the X-Frame-Options and Content-Security-Policy headers to ensure frontend can load in customizer. 1965 * 1966 * @since 4.7.0 1967 * 1968 * @param array $headers Headers. 1969 * @return array Headers. 1970 */ 1971 public function filter_iframe_security_headers( $headers ) { 1972 $headers['X-Frame-Options'] = 'SAMEORIGIN'; 1973 $headers['Content-Security-Policy'] = "frame-ancestors 'self'"; 1974 return $headers; 1975 } 1976 1977 /** 1978 * Adds customize state query params to a given URL if preview is allowed. 1979 * 1980 * @since 4.7.0 1981 * 1982 * @see wp_redirect() 1983 * @see WP_Customize_Manager::get_allowed_url() 1984 * 1985 * @param string $url URL. 1986 * @return string URL. 1987 */ 1988 public function add_state_query_params( $url ) { 1989 $parsed_original_url = wp_parse_url( $url ); 1990 $is_allowed = false; 1991 foreach ( $this->get_allowed_urls() as $allowed_url ) { 1992 $parsed_allowed_url = wp_parse_url( $allowed_url ); 1993 $is_allowed = ( 1994 $parsed_allowed_url['scheme'] === $parsed_original_url['scheme'] 1995 && 1996 $parsed_allowed_url['host'] === $parsed_original_url['host'] 1997 && 1998 str_starts_with( $parsed_original_url['path'], $parsed_allowed_url['path'] ) 1999 ); 2000 if ( $is_allowed ) { 2001 break; 2002 } 2003 } 2004 2005 if ( $is_allowed ) { 2006 $query_params = array( 2007 'customize_changeset_uuid' => $this->changeset_uuid(), 2008 ); 2009 if ( ! $this->is_theme_active() ) { 2010 $query_params['customize_theme'] = $this->get_stylesheet(); 2011 } 2012 if ( $this->messenger_channel ) { 2013 $query_params['customize_messenger_channel'] = $this->messenger_channel; 2014 } 2015 $url = add_query_arg( $query_params, $url ); 2016 } 2017 2018 return $url; 2019 } 2020 2021 /** 2022 * Prevents sending a 404 status when returning the response for the customize 2023 * preview, since it causes the jQuery Ajax to fail. Send 200 instead. 2024 * 2025 * @since 4.0.0 2026 * @deprecated 4.7.0 2027 */ 2028 public function customize_preview_override_404_status() { 2029 _deprecated_function( __METHOD__, '4.7.0' ); 2030 } 2031 2032 /** 2033 * Prints base element for preview frame. 2034 * 2035 * @since 3.4.0 2036 * @deprecated 4.7.0 2037 */ 2038 public function customize_preview_base() { 2039 _deprecated_function( __METHOD__, '4.7.0' ); 2040 } 2041 2042 /** 2043 * Prints a workaround to handle HTML5 tags in IE < 9. 2044 * 2045 * @since 3.4.0 2046 * @deprecated 4.7.0 Customizer no longer supports IE8, so all supported browsers recognize HTML5. 2047 */ 2048 public function customize_preview_html5() { 2049 _deprecated_function( __FUNCTION__, '4.7.0' ); 2050 } 2051 2052 /** 2053 * Prints CSS for loading indicators for the Customizer preview. 2054 * 2055 * @since 4.2.0 2056 */ 2057 public function customize_preview_loading_style() { 2058 ?> 2059 <style> 2060 body.wp-customizer-unloading { 2061 opacity: 0.25; 2062 cursor: progress !important; 2063 -webkit-transition: opacity 0.5s; 2064 transition: opacity 0.5s; 2065 } 2066 body.wp-customizer-unloading * { 2067 pointer-events: none !important; 2068 } 2069 form.customize-unpreviewable, 2070 form.customize-unpreviewable input, 2071 form.customize-unpreviewable select, 2072 form.customize-unpreviewable button, 2073 a.customize-unpreviewable, 2074 area.customize-unpreviewable { 2075 cursor: not-allowed !important; 2076 } 2077 </style> 2078 <?php 2079 } 2080 2081 /** 2082 * Removes customize_messenger_channel query parameter from the preview window when it is not in an iframe. 2083 * 2084 * This ensures that the admin bar will be shown. It also ensures that link navigation will 2085 * work as expected since the parent frame is not being sent the URL to navigate to. 2086 * 2087 * @since 4.7.0 2088 */ 2089 public function remove_frameless_preview_messenger_channel() { 2090 if ( ! $this->messenger_channel ) { 2091 return; 2092 } 2093 ob_start(); 2094 ?> 2095 <script> 2096 ( function() { 2097 if ( parent !== window ) { 2098 return; 2099 } 2100 const url = new URL( location.href ); 2101 if ( url.searchParams.has( 'customize_messenger_channel' ) ) { 2102 url.searchParams.delete( 'customize_messenger_channel' ); 2103 location.replace( url ); 2104 } 2105 } )(); 2106 </script> 2107 <?php 2108 wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) ); 2109 } 2110 2111 /** 2112 * Prints JavaScript settings for preview frame. 2113 * 2114 * @since 3.4.0 2115 */ 2116 public function customize_preview_settings() { 2117 $post_values = $this->unsanitized_post_values( array( 'exclude_changeset' => true ) ); 2118 $setting_validities = $this->validate_setting_values( $post_values ); 2119 $exported_setting_validities = array_map( array( $this, 'prepare_setting_validity_for_js' ), $setting_validities ); 2120 2121 // Note that the REQUEST_URI is not passed into home_url() since this breaks subdirectory installations. 2122 $self_url = empty( $_SERVER['REQUEST_URI'] ) ? home_url( '/' ) : sanitize_url( wp_unslash( $_SERVER['REQUEST_URI'] ) ); 2123 $state_query_params = array( 2124 'customize_theme', 2125 'customize_changeset_uuid', 2126 'customize_messenger_channel', 2127 ); 2128 $self_url = remove_query_arg( $state_query_params, $self_url ); 2129 2130 $allowed_urls = $this->get_allowed_urls(); 2131 $allowed_hosts = array(); 2132 foreach ( $allowed_urls as $allowed_url ) { 2133 $parsed = wp_parse_url( $allowed_url ); 2134 if ( empty( $parsed['host'] ) ) { 2135 continue; 2136 } 2137 $host = $parsed['host']; 2138 if ( ! empty( $parsed['port'] ) ) { 2139 $host .= ':' . $parsed['port']; 2140 } 2141 $allowed_hosts[] = $host; 2142 } 2143 2144 $switched_locale = switch_to_user_locale( get_current_user_id() ); 2145 $l10n = array( 2146 'shiftClickToEdit' => __( 'Shift-click to edit this element.' ), 2147 'linkUnpreviewable' => __( 'This link is not live-previewable.' ), 2148 'formUnpreviewable' => __( 'This form is not live-previewable.' ), 2149 ); 2150 if ( $switched_locale ) { 2151 restore_previous_locale(); 2152 } 2153 2154 $settings = array( 2155 'changeset' => array( 2156 'uuid' => $this->changeset_uuid(), 2157 'autosaved' => $this->autosaved(), 2158 ), 2159 'timeouts' => array( 2160 'selectiveRefresh' => 250, 2161 'keepAliveSend' => 1000, 2162 ), 2163 'theme' => array( 2164 'stylesheet' => $this->get_stylesheet(), 2165 'active' => $this->is_theme_active(), 2166 'isBlockTheme' => wp_is_block_theme(), 2167 ), 2168 'url' => array( 2169 'self' => $self_url, 2170 'allowed' => array_map( 'sanitize_url', $this->get_allowed_urls() ), 2171 'allowedHosts' => array_unique( $allowed_hosts ), 2172 'isCrossDomain' => $this->is_cross_domain(), 2173 ), 2174 'channel' => $this->messenger_channel, 2175 'activePanels' => array(), 2176 'activeSections' => array(), 2177 'activeControls' => array(), 2178 'settingValidities' => $exported_setting_validities, 2179 'nonce' => current_user_can( 'customize' ) ? $this->get_nonces() : array(), 2180 'l10n' => $l10n, 2181 '_dirty' => array_keys( $post_values ), 2182 ); 2183 2184 foreach ( $this->panels as $panel_id => $panel ) { 2185 if ( $panel->check_capabilities() ) { 2186 $settings['activePanels'][ $panel_id ] = $panel->active(); 2187 foreach ( $panel->sections as $section_id => $section ) { 2188 if ( $section->check_capabilities() ) { 2189 $settings['activeSections'][ $section_id ] = $section->active(); 2190 } 2191 } 2192 } 2193 } 2194 foreach ( $this->sections as $id => $section ) { 2195 if ( $section->check_capabilities() ) { 2196 $settings['activeSections'][ $id ] = $section->active(); 2197 } 2198 } 2199 foreach ( $this->controls as $id => $control ) { 2200 if ( $control->check_capabilities() ) { 2201 $settings['activeControls'][ $id ] = $control->active(); 2202 } 2203 } 2204 2205 ob_start(); 2206 ?> 2207 <script> 2208 var _wpCustomizeSettings = <?php echo wp_json_encode( $settings ); ?>; 2209 _wpCustomizeSettings.values = {}; 2210 (function( v ) { 2211 <?php 2212 /* 2213 * Serialize settings separately from the initial _wpCustomizeSettings 2214 * serialization in order to avoid a peak memory usage spike. 2215 * @todo We may not even need to export the values at all since the pane syncs them anyway. 2216 */ 2217 foreach ( $this->settings as $id => $setting ) { 2218 if ( $setting->check_capabilities() ) { 2219 printf( 2220 "v[%s] = %s;\n", 2221 wp_json_encode( $id ), 2222 wp_json_encode( $setting->js_value() ) 2223 ); 2224 } 2225 } 2226 ?> 2227 })( _wpCustomizeSettings.values ); 2228 </script> 2229 <?php 2230 wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) ); 2231 } 2232 2233 /** 2234 * Prints a signature so we can ensure the Customizer was properly executed. 2235 * 2236 * @since 3.4.0 2237 * @deprecated 4.7.0 2238 */ 2239 public function customize_preview_signature() { 2240 _deprecated_function( __METHOD__, '4.7.0' ); 2241 } 2242 2243 /** 2244 * Removes the signature in case we experience a case where the Customizer was not properly executed. 2245 * 2246 * @since 3.4.0 2247 * @deprecated 4.7.0 2248 * 2249 * @param callable|null $callback Optional. Value passed through for {@see 'wp_die_handler'} filter. 2250 * Default null. 2251 * @return callable|null Value passed through for {@see 'wp_die_handler'} filter. 2252 */ 2253 public function remove_preview_signature( $callback = null ) { 2254 _deprecated_function( __METHOD__, '4.7.0' ); 2255 2256 return $callback; 2257 } 2258 2259 /** 2260 * Determines whether it is a theme preview or not. 2261 * 2262 * @since 3.4.0 2263 * 2264 * @return bool True if it's a preview, false if not. 2265 */ 2266 public function is_preview() { 2267 return (bool) $this->previewing; 2268 } 2269 2270 /** 2271 * Retrieves the template name of the previewed theme. 2272 * 2273 * @since 3.4.0 2274 * 2275 * @return string Template name. 2276 */ 2277 public function get_template() { 2278 return $this->theme()->get_template(); 2279 } 2280 2281 /** 2282 * Retrieves the stylesheet name of the previewed theme. 2283 * 2284 * @since 3.4.0 2285 * 2286 * @return string Stylesheet name. 2287 */ 2288 public function get_stylesheet() { 2289 return $this->theme()->get_stylesheet(); 2290 } 2291 2292 /** 2293 * Retrieves the template root of the previewed theme. 2294 * 2295 * @since 3.4.0 2296 * 2297 * @return string Theme root. 2298 */ 2299 public function get_template_root() { 2300 return get_raw_theme_root( $this->get_template(), true ); 2301 } 2302 2303 /** 2304 * Retrieves the stylesheet root of the previewed theme. 2305 * 2306 * @since 3.4.0 2307 * 2308 * @return string Theme root. 2309 */ 2310 public function get_stylesheet_root() { 2311 return get_raw_theme_root( $this->get_stylesheet(), true ); 2312 } 2313 2314 /** 2315 * Filters the active theme and return the name of the previewed theme. 2316 * 2317 * @since 3.4.0 2318 * 2319 * @param mixed $current_theme {@internal Parameter is not used} 2320 * @return string Theme name. 2321 */ 2322 public function current_theme( $current_theme ) { 2323 return $this->theme()->display( 'Name' ); 2324 } 2325 2326 /** 2327 * Validates setting values. 2328 * 2329 * Validation is skipped for unregistered settings or for values that are 2330 * already null since they will be skipped anyway. Sanitization is applied 2331 * to values that pass validation, and values that become null or `WP_Error` 2332 * after sanitizing are marked invalid. 2333 * 2334 * @since 4.6.0 2335 * 2336 * @see WP_REST_Request::has_valid_params() 2337 * @see WP_Customize_Setting::validate() 2338 * 2339 * @param array $setting_values Mapping of setting IDs to values to validate and sanitize. 2340 * @param array $options { 2341 * Options. 2342 * 2343 * @type bool $validate_existence Whether a setting's existence will be checked. 2344 * @type bool $validate_capability Whether the setting capability will be checked. 2345 * } 2346 * @return array Mapping of setting IDs to return value of validate method calls, either `true` or `WP_Error`. 2347 */ 2348 public function validate_setting_values( $setting_values, $options = array() ) { 2349 $options = wp_parse_args( 2350 $options, 2351 array( 2352 'validate_capability' => false, 2353 'validate_existence' => false, 2354 ) 2355 ); 2356 2357 $validities = array(); 2358 foreach ( $setting_values as $setting_id => $unsanitized_value ) { 2359 $setting = $this->get_setting( $setting_id ); 2360 if ( ! $setting ) { 2361 if ( $options['validate_existence'] ) { 2362 $validities[ $setting_id ] = new WP_Error( 'unrecognized', __( 'Setting does not exist or is unrecognized.' ) ); 2363 } 2364 continue; 2365 } 2366 if ( $options['validate_capability'] && ! current_user_can( $setting->capability ) ) { 2367 $validity = new WP_Error( 'unauthorized', __( 'Unauthorized to modify setting due to capability.' ) ); 2368 } else { 2369 if ( is_null( $unsanitized_value ) ) { 2370 continue; 2371 } 2372 $validity = $setting->validate( $unsanitized_value ); 2373 } 2374 if ( ! is_wp_error( $validity ) ) { 2375 /** This filter is documented in wp-includes/class-wp-customize-setting.php */ 2376 $late_validity = apply_filters( "customize_validate_{$setting->id}", new WP_Error(), $unsanitized_value, $setting ); 2377 if ( is_wp_error( $late_validity ) && $late_validity->has_errors() ) { 2378 $validity = $late_validity; 2379 } 2380 } 2381 if ( ! is_wp_error( $validity ) ) { 2382 $value = $setting->sanitize( $unsanitized_value ); 2383 if ( is_null( $value ) ) { 2384 $validity = false; 2385 } elseif ( is_wp_error( $value ) ) { 2386 $validity = $value; 2387 } 2388 } 2389 if ( false === $validity ) { 2390 $validity = new WP_Error( 'invalid_value', __( 'Invalid value.' ) ); 2391 } 2392 $validities[ $setting_id ] = $validity; 2393 } 2394 return $validities; 2395 } 2396 2397 /** 2398 * Prepares setting validity for exporting to the client (JS). 2399 * 2400 * Converts `WP_Error` instance into array suitable for passing into the 2401 * `wp.customize.Notification` JS model. 2402 * 2403 * @since 4.6.0 2404 * 2405 * @param true|WP_Error $validity Setting validity. 2406 * @return true|array If `$validity` was a WP_Error, the error codes will be array-mapped 2407 * to their respective `message` and `data` to pass into the 2408 * `wp.customize.Notification` JS model. 2409 */ 2410 public function prepare_setting_validity_for_js( $validity ) { 2411 if ( is_wp_error( $validity ) ) { 2412 $notification = array(); 2413 foreach ( $validity->errors as $error_code => $error_messages ) { 2414 $notification[ $error_code ] = array( 2415 'message' => implode( ' ', $error_messages ), 2416 'data' => $validity->get_error_data( $error_code ), 2417 ); 2418 } 2419 return $notification; 2420 } else { 2421 return true; 2422 } 2423 } 2424 2425 /** 2426 * Handles customize_save WP Ajax request to save/update a changeset. 2427 * 2428 * @since 3.4.0 2429 * @since 4.7.0 The semantics of this method have changed to update a changeset, optionally to also change the status and other attributes. 2430 */ 2431 public function save() { 2432 if ( ! is_user_logged_in() ) { 2433 wp_send_json_error( 'unauthenticated' ); 2434 } 2435 2436 if ( ! $this->is_preview() ) { 2437 wp_send_json_error( 'not_preview' ); 2438 } 2439 2440 $action = 'save-customize_' . $this->get_stylesheet(); 2441 if ( ! check_ajax_referer( $action, 'nonce', false ) ) { 2442 wp_send_json_error( 'invalid_nonce' ); 2443 } 2444 2445 $changeset_post_id = $this->changeset_post_id(); 2446 $is_new_changeset = empty( $changeset_post_id ); 2447 if ( $is_new_changeset ) { 2448 if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->create_posts ) ) { 2449 wp_send_json_error( 'cannot_create_changeset_post' ); 2450 } 2451 } else { 2452 if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->edit_post, $changeset_post_id ) ) { 2453 wp_send_json_error( 'cannot_edit_changeset_post' ); 2454 } 2455 } 2456 2457 if ( ! empty( $_POST['customize_changeset_data'] ) ) { 2458 $input_changeset_data = json_decode( wp_unslash( $_POST['customize_changeset_data'] ), true ); 2459 if ( ! is_array( $input_changeset_data ) ) { 2460 wp_send_json_error( 'invalid_customize_changeset_data' ); 2461 } 2462 } else { 2463 $input_changeset_data = array(); 2464 } 2465 2466 // Validate title. 2467 $changeset_title = null; 2468 if ( isset( $_POST['customize_changeset_title'] ) ) { 2469 $changeset_title = sanitize_text_field( wp_unslash( $_POST['customize_changeset_title'] ) ); 2470 } 2471 2472 // Validate changeset status param. 2473 $is_publish = null; 2474 $changeset_status = null; 2475 if ( isset( $_POST['customize_changeset_status'] ) ) { 2476 $changeset_status = wp_unslash( $_POST['customize_changeset_status'] ); 2477 if ( ! get_post_status_object( $changeset_status ) || ! in_array( $changeset_status, array( 'draft', 'pending', 'publish', 'future' ), true ) ) { 2478 wp_send_json_error( 'bad_customize_changeset_status', 400 ); 2479 } 2480 $is_publish = ( 'publish' === $changeset_status || 'future' === $changeset_status ); 2481 if ( $is_publish && ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->publish_posts ) ) { 2482 wp_send_json_error( 'changeset_publish_unauthorized', 403 ); 2483 } 2484 } 2485 2486 /* 2487 * Validate changeset date param. Date is assumed to be in local time for 2488 * the WP if in MySQL format (YYYY-MM-DD HH:MM:SS). Otherwise, the date 2489 * is parsed with strtotime() so that ISO date format may be supplied 2490 * or a string like "+10 minutes". 2491 */ 2492 $changeset_date_gmt = null; 2493 if ( isset( $_POST['customize_changeset_date'] ) ) { 2494 $changeset_date = wp_unslash( $_POST['customize_changeset_date'] ); 2495 if ( preg_match( '/^\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d$/', $changeset_date ) ) { 2496 $mm = substr( $changeset_date, 5, 2 ); 2497 $jj = substr( $changeset_date, 8, 2 ); 2498 $aa = substr( $changeset_date, 0, 4 ); 2499 $valid_date = wp_checkdate( $mm, $jj, $aa, $changeset_date ); 2500 if ( ! $valid_date ) { 2501 wp_send_json_error( 'bad_customize_changeset_date', 400 ); 2502 } 2503 $changeset_date_gmt = get_gmt_from_date( $changeset_date ); 2504 } else { 2505 $timestamp = strtotime( $changeset_date ); 2506 if ( ! $timestamp ) { 2507 wp_send_json_error( 'bad_customize_changeset_date', 400 ); 2508 } 2509 $changeset_date_gmt = gmdate( 'Y-m-d H:i:s', $timestamp ); 2510 } 2511 } 2512 2513 $lock_user_id = null; 2514 $autosave = ! empty( $_POST['customize_changeset_autosave'] ); 2515 if ( ! $is_new_changeset ) { 2516 $lock_user_id = wp_check_post_lock( $this->changeset_post_id() ); 2517 } 2518 2519 // Force request to autosave when changeset is locked. 2520 if ( $lock_user_id && ! $autosave ) { 2521 $autosave = true; 2522 $changeset_status = null; 2523 $changeset_date_gmt = null; 2524 } 2525 2526 if ( $autosave && ! defined( 'DOING_AUTOSAVE' ) ) { // Back-compat. 2527 define( 'DOING_AUTOSAVE', true ); 2528 } 2529 2530 $autosaved = false; 2531 $r = $this->save_changeset_post( 2532 array( 2533 'status' => $changeset_status, 2534 'title' => $changeset_title, 2535 'date_gmt' => $changeset_date_gmt, 2536 'data' => $input_changeset_data, 2537 'autosave' => $autosave, 2538 ) 2539 ); 2540 if ( $autosave && ! is_wp_error( $r ) ) { 2541 $autosaved = true; 2542 } 2543 2544 // If the changeset was locked and an autosave request wasn't itself an error, then now explicitly return with a failure. 2545 if ( $lock_user_id && ! is_wp_error( $r ) ) { 2546 $r = new WP_Error( 2547 'changeset_locked', 2548 __( 'Changeset is being edited by other user.' ), 2549 array( 2550 'lock_user' => $this->get_lock_user_data( $lock_user_id ), 2551 ) 2552 ); 2553 } 2554 2555 if ( is_wp_error( $r ) ) { 2556 $response = array( 2557 'message' => $r->get_error_message(), 2558 'code' => $r->get_error_code(), 2559 ); 2560 if ( is_array( $r->get_error_data() ) ) { 2561 $response = array_merge( $response, $r->get_error_data() ); 2562 } else { 2563 $response['data'] = $r->get_error_data(); 2564 } 2565 } else { 2566 $response = $r; 2567 $changeset_post = get_post( $this->changeset_post_id() ); 2568 2569 // Dismiss all other auto-draft changeset posts for this user (they serve like autosave revisions), as there should only be one. 2570 if ( $is_new_changeset ) { 2571 $this->dismiss_user_auto_draft_changesets(); 2572 } 2573 2574 // Note that if the changeset status was publish, then it will get set to Trash if revisions are not supported. 2575 $response['changeset_status'] = $changeset_post->post_status; 2576 if ( $is_publish && 'trash' === $response['changeset_status'] ) { 2577 $response['changeset_status'] = 'publish'; 2578 } 2579 2580 if ( 'publish' !== $response['changeset_status'] ) { 2581 $this->set_changeset_lock( $changeset_post->ID ); 2582 } 2583 2584 if ( 'future' === $response['changeset_status'] ) { 2585 $response['changeset_date'] = $changeset_post->post_date; 2586 } 2587 2588 if ( 'publish' === $response['changeset_status'] || 'trash' === $response['changeset_status'] ) { 2589 $response['next_changeset_uuid'] = wp_generate_uuid4(); 2590 } 2591 } 2592 2593 if ( $autosave ) { 2594 $response['autosaved'] = $autosaved; 2595 } 2596 2597 if ( isset( $response['setting_validities'] ) ) { 2598 $response['setting_validities'] = array_map( array( $this, 'prepare_setting_validity_for_js' ), $response['setting_validities'] ); 2599 } 2600 2601 /** 2602 * Filters response data for a successful customize_save Ajax request. 2603 * 2604 * This filter does not apply if there was a nonce or authentication failure. 2605 * 2606 * @since 4.2.0 2607 * 2608 * @param array $response Additional information passed back to the 'saved' 2609 * event on `wp.customize`. 2610 * @param WP_Customize_Manager $manager WP_Customize_Manager instance. 2611 */ 2612 $response = apply_filters( 'customize_save_response', $response, $this ); 2613 2614 if ( is_wp_error( $r ) ) { 2615 wp_send_json_error( $response ); 2616 } else { 2617 wp_send_json_success( $response ); 2618 } 2619 } 2620 2621 /** 2622 * Saves the post for the loaded changeset. 2623 * 2624 * @since 4.7.0 2625 * 2626 * @param array $args { 2627 * Args for changeset post. 2628 * 2629 * @type array $data Optional additional changeset data. Values will be merged on top of any existing post values. 2630 * @type string $status Post status. Optional. If supplied, the save will be transactional and a post revision will be allowed. 2631 * @type string $title Post title. Optional. 2632 * @type string $date_gmt Date in GMT. Optional. 2633 * @type int $user_id ID for user who is saving the changeset. Optional, defaults to the current user ID. 2634 * @type bool $starter_content Whether the data is starter content. If false (default), then $starter_content will be cleared for any $data being saved. 2635 * @type bool $autosave Whether this is a request to create an autosave revision. 2636 * } 2637 * 2638 * @return array|WP_Error Returns array on success and WP_Error with array data on error. 2639 */ 2640 public function save_changeset_post( $args = array() ) { 2641 2642 $args = array_merge( 2643 array( 2644 'status' => null, 2645 'title' => null, 2646 'data' => array(), 2647 'date_gmt' => null, 2648 'user_id' => get_current_user_id(), 2649 'starter_content' => false, 2650 'autosave' => false, 2651 ), 2652 $args 2653 ); 2654 2655 $changeset_post_id = $this->changeset_post_id(); 2656 $existing_changeset_data = array(); 2657 if ( $changeset_post_id ) { 2658 $existing_status = get_post_status( $changeset_post_id ); 2659 if ( 'publish' === $existing_status || 'trash' === $existing_status ) { 2660 return new WP_Error( 2661 'changeset_already_published', 2662 __( 'The previous set of changes has already been published. Please try saving your current set of changes again.' ), 2663 array( 2664 'next_changeset_uuid' => wp_generate_uuid4(), 2665 ) 2666 ); 2667 } 2668 2669 $existing_changeset_data = $this->get_changeset_post_data( $changeset_post_id ); 2670 if ( is_wp_error( $existing_changeset_data ) ) { 2671 return $existing_changeset_data; 2672 } 2673 } 2674 2675 // Fail if attempting to publish but publish hook is missing. 2676 if ( 'publish' === $args['status'] && false === has_action( 'transition_post_status', '_wp_customize_publish_changeset' ) ) { 2677 return new WP_Error( 'missing_publish_callback' ); 2678 } 2679 2680 // Validate date. 2681 $now = gmdate( 'Y-m-d H:i:59' ); 2682 if ( $args['date_gmt'] ) { 2683 $is_future_dated = ( mysql2date( 'U', $args['date_gmt'], false ) > mysql2date( 'U', $now, false ) ); 2684 if ( ! $is_future_dated ) { 2685 return new WP_Error( 'not_future_date', __( 'You must supply a future date to schedule.' ) ); // Only future dates are allowed. 2686 } 2687 2688 if ( ! $this->is_theme_active() && ( 'future' === $args['status'] || $is_future_dated ) ) { 2689 return new WP_Error( 'cannot_schedule_theme_switches' ); // This should be allowed in the future, when theme is a regular setting. 2690 } 2691 $will_remain_auto_draft = ( ! $args['status'] && ( ! $changeset_post_id || 'auto-draft' === get_post_status( $changeset_post_id ) ) ); 2692 if ( $will_remain_auto_draft ) { 2693 return new WP_Error( 'cannot_supply_date_for_auto_draft_changeset' ); 2694 } 2695 } elseif ( $changeset_post_id && 'future' === $args['status'] ) { 2696 2697 // Fail if the new status is future but the existing post's date is not in the future. 2698 $changeset_post = get_post( $changeset_post_id ); 2699 if ( mysql2date( 'U', $changeset_post->post_date_gmt, false ) <= mysql2date( 'U', $now, false ) ) { 2700 return new WP_Error( 'not_future_date', __( 'You must supply a future date to schedule.' ) ); 2701 } 2702 } 2703 2704 if ( ! empty( $is_future_dated ) && 'publish' === $args['status'] ) { 2705 $args['status'] = 'future'; 2706 } 2707 2708 // Validate autosave param. See _wp_post_revision_fields() for why these fields are disallowed. 2709 if ( $args['autosave'] ) { 2710 if ( $args['date_gmt'] ) { 2711 return new WP_Error( 'illegal_autosave_with_date_gmt' ); 2712 } elseif ( $args['status'] ) { 2713 return new WP_Error( 'illegal_autosave_with_status' ); 2714 } elseif ( $args['user_id'] && get_current_user_id() !== $args['user_id'] ) { 2715 return new WP_Error( 'illegal_autosave_with_non_current_user' ); 2716 } 2717 } 2718 2719 // The request was made via wp.customize.previewer.save(). 2720 $update_transactionally = (bool) $args['status']; 2721 $allow_revision = (bool) $args['status']; 2722 2723 // Amend post values with any supplied data. 2724 foreach ( $args['data'] as $setting_id => $setting_params ) { 2725 if ( is_array( $setting_params ) && array_key_exists( 'value', $setting_params ) ) { 2726 $this->set_post_value( $setting_id, $setting_params['value'] ); // Add to post values so that they can be validated and sanitized. 2727 } 2728 } 2729 2730 // Note that in addition to post data, this will include any stashed theme mods. 2731 $post_values = $this->unsanitized_post_values( 2732 array( 2733 'exclude_changeset' => true, 2734 'exclude_post_data' => false, 2735 ) 2736 ); 2737 $this->add_dynamic_settings( array_keys( $post_values ) ); // Ensure settings get created even if they lack an input value. 2738 2739 /* 2740 * Get list of IDs for settings that have values different from what is currently 2741 * saved in the changeset. By skipping any values that are already the same, the 2742 * subset of changed settings can be passed into validate_setting_values to prevent 2743 * an underprivileged modifying a single setting for which they have the capability 2744 * from being blocked from saving. This also prevents a user from touching of the 2745 * previous saved settings and overriding the associated user_id if they made no change. 2746 */ 2747 $changed_setting_ids = array(); 2748 foreach ( $post_values as $setting_id => $setting_value ) { 2749 $setting = $this->get_setting( $setting_id ); 2750 2751 if ( $setting && 'theme_mod' === $setting->type ) { 2752 $prefixed_setting_id = $this->get_stylesheet() . '::' . $setting->id; 2753 } else { 2754 $prefixed_setting_id = $setting_id; 2755 } 2756 2757 $is_value_changed = ( 2758 ! isset( $existing_changeset_data[ $prefixed_setting_id ] ) 2759 || 2760 ! array_key_exists( 'value', $existing_changeset_data[ $prefixed_setting_id ] ) 2761 || 2762 $existing_changeset_data[ $prefixed_setting_id ]['value'] !== $setting_value 2763 ); 2764 if ( $is_value_changed ) { 2765 $changed_setting_ids[] = $setting_id; 2766 } 2767 } 2768 2769 /** 2770 * Fires before save validation happens. 2771 * 2772 * Plugins can add just-in-time {@see 'customize_validate_{$this->ID}'} filters 2773 * at this point to catch any settings registered after `customize_register`. 2774 * The dynamic portion of the hook name, `$this->ID` refers to the setting ID. 2775 * 2776 * @since 4.6.0 2777 * 2778 * @param WP_Customize_Manager $manager WP_Customize_Manager instance. 2779 */ 2780 do_action( 'customize_save_validation_before', $this ); 2781 2782 // Validate settings. 2783 $validated_values = array_merge( 2784 array_fill_keys( array_keys( $args['data'] ), null ), // Make sure existence/capability checks are done on value-less setting updates. 2785 $post_values 2786 ); 2787 $setting_validities = $this->validate_setting_values( 2788 $validated_values, 2789 array( 2790 'validate_capability' => true, 2791 'validate_existence' => true, 2792 ) 2793 ); 2794 $invalid_setting_count = count( array_filter( $setting_validities, 'is_wp_error' ) ); 2795 2796 /* 2797 * Short-circuit if there are invalid settings the update is transactional. 2798 * A changeset update is transactional when a status is supplied in the request. 2799 */ 2800 if ( $update_transactionally && $invalid_setting_count > 0 ) { 2801 $response = array( 2802 'setting_validities' => $setting_validities, 2803 /* translators: %s: Number of invalid settings. */ 2804 'message' => sprintf( _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', $invalid_setting_count ), number_format_i18n( $invalid_setting_count ) ), 2805 ); 2806 return new WP_Error( 'transaction_fail', '', $response ); 2807 } 2808 2809 // Obtain/merge data for changeset. 2810 $original_changeset_data = $this->get_changeset_post_data( $changeset_post_id ); 2811 $data = $original_changeset_data; 2812 if ( is_wp_error( $data ) ) { 2813 $data = array(); 2814 } 2815 2816 // Ensure that all post values are included in the changeset data. 2817 foreach ( $post_values as $setting_id => $post_value ) { 2818 if ( ! isset( $args['data'][ $setting_id ] ) ) { 2819 $args['data'][ $setting_id ] = array(); 2820 } 2821 if ( ! isset( $args['data'][ $setting_id ]['value'] ) ) { 2822 $args['data'][ $setting_id ]['value'] = $post_value; 2823 } 2824 } 2825 2826 foreach ( $args['data'] as $setting_id => $setting_params ) { 2827 $setting = $this->get_setting( $setting_id ); 2828 if ( ! $setting || ! $setting->check_capabilities() ) { 2829 continue; 2830 } 2831 2832 // Skip updating changeset for invalid setting values. 2833 if ( isset( $setting_validities[ $setting_id ] ) && is_wp_error( $setting_validities[ $setting_id ] ) ) { 2834 continue; 2835 } 2836 2837 $changeset_setting_id = $setting_id; 2838 if ( 'theme_mod' === $setting->type ) { 2839 $changeset_setting_id = sprintf( '%s::%s', $this->get_stylesheet(), $setting_id ); 2840 } 2841 2842 if ( null === $setting_params ) { 2843 // Remove setting from changeset entirely. 2844 unset( $data[ $changeset_setting_id ] ); 2845 } else { 2846 2847 if ( ! isset( $data[ $changeset_setting_id ] ) ) { 2848 $data[ $changeset_setting_id ] = array(); 2849 } 2850 2851 // Merge any additional setting params that have been supplied with the existing params. 2852 $merged_setting_params = array_merge( $data[ $changeset_setting_id ], $setting_params ); 2853 2854 // Skip updating setting params if unchanged (ensuring the user_id is not overwritten). 2855 if ( $data[ $changeset_setting_id ] === $merged_setting_params ) { 2856 continue; 2857 } 2858 2859 $data[ $changeset_setting_id ] = array_merge( 2860 $merged_setting_params, 2861 array( 2862 'type' => $setting->type, 2863 'user_id' => $args['user_id'], 2864 'date_modified_gmt' => current_time( 'mysql', true ), 2865 ) 2866 ); 2867 2868 // Clear starter_content flag in data if changeset is not explicitly being updated for starter content. 2869 if ( empty( $args['starter_content'] ) ) { 2870 unset( $data[ $changeset_setting_id ]['starter_content'] ); 2871 } 2872 } 2873 } 2874 2875 $filter_context = array( 2876 'uuid' => $this->changeset_uuid(), 2877 'title' => $args['title'], 2878 'status' => $args['status'], 2879 'date_gmt' => $args['date_gmt'], 2880 'post_id' => $changeset_post_id, 2881 'previous_data' => is_wp_error( $original_changeset_data ) ? array() : $original_changeset_data, 2882 'manager' => $this, 2883 ); 2884 2885 /** 2886 * Filters the settings' data that will be persisted into the changeset. 2887 * 2888 * Plugins may amend additional data (such as additional meta for settings) into the changeset with this filter. 2889 * 2890 * @since 4.7.0 2891 * 2892 * @param array $data Updated changeset data, mapping setting IDs to arrays containing a $value item and optionally other metadata. 2893 * @param array $context { 2894 * Filter context. 2895 * 2896 * @type string $uuid Changeset UUID. 2897 * @type string $title Requested title for the changeset post. 2898 * @type string $status Requested status for the changeset post. 2899 * @type string $date_gmt Requested date for the changeset post in MySQL format and GMT timezone. 2900 * @type int|false $post_id Post ID for the changeset, or false if it doesn't exist yet. 2901 * @type array $previous_data Previous data contained in the changeset. 2902 * @type WP_Customize_Manager $manager Manager instance. 2903 * } 2904 */ 2905 $data = apply_filters( 'customize_changeset_save_data', $data, $filter_context ); 2906 2907 // Switch theme if publishing changes now. 2908 if ( 'publish' === $args['status'] && ! $this->is_theme_active() ) { 2909 // Temporarily stop previewing the theme to allow switch_themes() to operate properly. 2910 $this->stop_previewing_theme(); 2911 switch_theme( $this->get_stylesheet() ); 2912 update_option( 'theme_switched_via_customizer', true ); 2913 $this->start_previewing_theme(); 2914 } 2915 2916 // Gather the data for wp_insert_post()/wp_update_post(). 2917 $post_array = array( 2918 // JSON_UNESCAPED_SLASHES is only to improve readability as slashes needn't be escaped in storage. 2919 'post_content' => wp_json_encode( $data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT ), 2920 ); 2921 if ( $args['title'] ) { 2922 $post_array['post_title'] = $args['title']; 2923 } 2924 if ( $changeset_post_id ) { 2925 $post_array['ID'] = $changeset_post_id; 2926 } else { 2927 $post_array['post_type'] = 'customize_changeset'; 2928 $post_array['post_name'] = $this->changeset_uuid(); 2929 $post_array['post_status'] = 'auto-draft'; 2930 } 2931 if ( $args['status'] ) { 2932 $post_array['post_status'] = $args['status']; 2933 } 2934 2935 // Reset post date to now if we are publishing, otherwise pass post_date_gmt and translate for post_date. 2936 if ( 'publish' === $args['status'] ) { 2937 $post_array['post_date_gmt'] = '0000-00-00 00:00:00'; 2938 $post_array['post_date'] = '0000-00-00 00:00:00'; 2939 } elseif ( $args['date_gmt'] ) { 2940 $post_array['post_date_gmt'] = $args['date_gmt']; 2941 $post_array['post_date'] = get_date_from_gmt( $args['date_gmt'] ); 2942 } elseif ( $changeset_post_id && 'auto-draft' === get_post_status( $changeset_post_id ) ) { 2943 /* 2944 * Keep bumping the date for the auto-draft whenever it is modified; 2945 * this extends its life, preserving it from garbage-collection via 2946 * wp_delete_auto_drafts(). 2947 */ 2948 $post_array['post_date'] = current_time( 'mysql' ); 2949 $post_array['post_date_gmt'] = ''; 2950 } 2951 2952 $this->store_changeset_revision = $allow_revision; 2953 add_filter( 'wp_save_post_revision_post_has_changed', array( $this, '_filter_revision_post_has_changed' ), 5, 3 ); 2954 2955 /* 2956 * Update the changeset post. The publish_customize_changeset action will cause the settings in the 2957 * changeset to be saved via WP_Customize_Setting::save(). Updating a post with publish status will 2958 * trigger WP_Customize_Manager::publish_changeset_values(). 2959 */ 2960 add_filter( 'wp_insert_post_data', array( $this, 'preserve_insert_changeset_post_content' ), 5, 3 ); 2961 if ( $changeset_post_id ) { 2962 if ( $args['autosave'] && 'auto-draft' !== get_post_status( $changeset_post_id ) ) { 2963 // See _wp_translate_postdata() for why this is required as it will use the edit_post meta capability. 2964 add_filter( 'map_meta_cap', array( $this, 'grant_edit_post_capability_for_changeset' ), 10, 4 ); 2965 2966 $post_array['post_ID'] = $post_array['ID']; 2967 $post_array['post_type'] = 'customize_changeset'; 2968 2969 $r = wp_create_post_autosave( wp_slash( $post_array ) ); 2970 2971 remove_filter( 'map_meta_cap', array( $this, 'grant_edit_post_capability_for_changeset' ), 10 ); 2972 } else { 2973 $post_array['edit_date'] = true; // Prevent date clearing. 2974 2975 $r = wp_update_post( wp_slash( $post_array ), true ); 2976 2977 // Delete autosave revision for user when the changeset is updated. 2978 if ( ! empty( $args['user_id'] ) ) { 2979 $autosave_draft = wp_get_post_autosave( $changeset_post_id, $args['user_id'] ); 2980 if ( $autosave_draft ) { 2981 wp_delete_post( $autosave_draft->ID, true ); 2982 } 2983 } 2984 } 2985 } else { 2986 $r = wp_insert_post( wp_slash( $post_array ), true ); 2987 if ( ! is_wp_error( $r ) ) { 2988 $this->_changeset_post_id = $r; // Update cached post ID for the loaded changeset. 2989 } 2990 } 2991 remove_filter( 'wp_insert_post_data', array( $this, 'preserve_insert_changeset_post_content' ), 5 ); 2992 2993 $this->_changeset_data = null; // Reset so WP_Customize_Manager::changeset_data() will re-populate with updated contents. 2994 2995 remove_filter( 'wp_save_post_revision_post_has_changed', array( $this, '_filter_revision_post_has_changed' ) ); 2996 2997 $response = array( 2998 'setting_validities' => $setting_validities, 2999 ); 3000 3001 if ( is_wp_error( $r ) ) { 3002 $response['changeset_post_save_failure'] = $r->get_error_code(); 3003 return new WP_Error( 'changeset_post_save_failure', '', $response ); 3004 } 3005 3006 return $response; 3007 } 3008 3009 /** 3010 * Preserves the initial JSON post_content passed to save into the post. 3011 * 3012 * This is needed to prevent KSES and other {@see 'content_save_pre'} filters 3013 * from corrupting JSON data. 3014 * 3015 * Note that WP_Customize_Manager::validate_setting_values() have already 3016 * run on the setting values being serialized as JSON into the post content 3017 * so it is pre-sanitized. 3018 * 3019 * Also, the sanitization logic is re-run through the respective 3020 * WP_Customize_Setting::sanitize() method when being read out of the 3021 * changeset, via WP_Customize_Manager::post_value(), and this sanitized 3022 * value will also be sent into WP_Customize_Setting::update() for 3023 * persisting to the DB. 3024 * 3025 * Multiple users can collaborate on a single changeset, where one user may 3026 * have the unfiltered_html capability but another may not. A user with 3027 * unfiltered_html may add a script tag to some field which needs to be kept 3028 * intact even when another user updates the changeset to modify another field 3029 * when they do not have unfiltered_html. 3030 * 3031 * @since 5.4.1 3032 * 3033 * @param array $data An array of slashed and processed post data. 3034 * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. 3035 * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as originally passed to wp_insert_post(). 3036 * @return array Filtered post data. 3037 */ 3038 public function preserve_insert_changeset_post_content( $data, $postarr, $unsanitized_postarr ) { 3039 if ( 3040 isset( $data['post_type'] ) && 3041 isset( $unsanitized_postarr['post_content'] ) && 3042 'customize_changeset' === $data['post_type'] || 3043 ( 3044 'revision' === $data['post_type'] && 3045 ! empty( $data['post_parent'] ) && 3046 'customize_changeset' === get_post_type( $data['post_parent'] ) 3047 ) 3048 ) { 3049 $data['post_content'] = $unsanitized_postarr['post_content']; 3050 } 3051 return $data; 3052 } 3053 3054 /** 3055 * Trashes or deletes a changeset post. 3056 * 3057 * The following re-formulates the logic from `wp_trash_post()` as done in 3058 * `wp_publish_post()`. The reason for bypassing `wp_trash_post()` is that it 3059 * will mutate the the `post_content` and the `post_name` when they should be 3060 * untouched. 3061 * 3062 * @since 4.9.0 3063 * 3064 * @see wp_trash_post() 3065 * @global wpdb $wpdb WordPress database abstraction object. 3066 * 3067 * @param int|WP_Post $post The changeset post. 3068 * @return mixed A WP_Post object for the trashed post or an empty value on failure. 3069 */ 3070 public function trash_changeset_post( $post ) { 3071 global $wpdb; 3072 3073 $post = get_post( $post ); 3074 3075 if ( ! ( $post instanceof WP_Post ) ) { 3076 return $post; 3077 } 3078 $post_id = $post->ID; 3079 3080 if ( ! EMPTY_TRASH_DAYS ) { 3081 return wp_delete_post( $post_id, true ); 3082 } 3083 3084 if ( 'trash' === get_post_status( $post ) ) { 3085 return false; 3086 } 3087 3088 $previous_status = $post->post_status; 3089 3090 /** This filter is documented in wp-includes/post.php */ 3091 $check = apply_filters( 'pre_trash_post', null, $post, $previous_status ); 3092 if ( null !== $check ) { 3093 return $check; 3094 } 3095 3096 /** This action is documented in wp-includes/post.php */ 3097 do_action( 'wp_trash_post', $post_id, $previous_status ); 3098 3099 add_post_meta( $post_id, '_wp_trash_meta_status', $previous_status ); 3100 add_post_meta( $post_id, '_wp_trash_meta_time', time() ); 3101 3102 $new_status = 'trash'; 3103 $wpdb->update( $wpdb->posts, array( 'post_status' => $new_status ), array( 'ID' => $post->ID ) ); 3104 clean_post_cache( $post->ID ); 3105 3106 $post->post_status = $new_status; 3107 wp_transition_post_status( $new_status, $previous_status, $post ); 3108 3109 /** This action is documented in wp-includes/post.php */ 3110 do_action( "edit_post_{$post->post_type}", $post->ID, $post ); 3111 3112 /** This action is documented in wp-includes/post.php */ 3113 do_action( 'edit_post', $post->ID, $post ); 3114 3115 /** This action is documented in wp-includes/post.php */ 3116 do_action( "save_post_{$post->post_type}", $post->ID, $post, true ); 3117 3118 /** This action is documented in wp-includes/post.php */ 3119 do_action( 'save_post', $post->ID, $post, true ); 3120 3121 /** This action is documented in wp-includes/post.php */ 3122 do_action( 'wp_insert_post', $post->ID, $post, true ); 3123 3124 wp_after_insert_post( get_post( $post_id ), true, $post ); 3125 3126 wp_trash_post_comments( $post_id ); 3127 3128 /** This action is documented in wp-includes/post.php */ 3129 do_action( 'trashed_post', $post_id, $previous_status ); 3130 3131 return $post; 3132 } 3133 3134 /** 3135 * Handles request to trash a changeset. 3136 * 3137 * @since 4.9.0 3138 */ 3139 public function handle_changeset_trash_request() { 3140 if ( ! is_user_logged_in() ) { 3141 wp_send_json_error( 'unauthenticated' ); 3142 } 3143 3144 if ( ! $this->is_preview() ) { 3145 wp_send_json_error( 'not_preview' ); 3146 } 3147 3148 if ( ! check_ajax_referer( 'trash_customize_changeset', 'nonce', false ) ) { 3149 wp_send_json_error( 3150 array( 3151 'code' => 'invalid_nonce', 3152 'message' => __( 'There was an authentication problem. Please reload and try again.' ), 3153 ) 3154 ); 3155 } 3156 3157 $changeset_post_id = $this->changeset_post_id(); 3158 3159 if ( ! $changeset_post_id ) { 3160 wp_send_json_error( 3161 array( 3162 'message' => __( 'No changes saved yet, so there is nothing to trash.' ), 3163 'code' => 'non_existent_changeset', 3164 ) 3165 ); 3166 return; 3167 } 3168 3169 if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->delete_post, $changeset_post_id ) ) { 3170 wp_send_json_error( 3171 array( 3172 'code' => 'changeset_trash_unauthorized', 3173 'message' => __( 'Unable to trash changes.' ), 3174 ) 3175 ); 3176 } 3177 3178 $lock_user = (int) wp_check_post_lock( $changeset_post_id ); 3179 3180 if ( $lock_user && get_current_user_id() !== $lock_user ) { 3181 wp_send_json_error( 3182 array( 3183 'code' => 'changeset_locked', 3184 'message' => __( 'Changeset is being edited by other user.' ), 3185 'lockUser' => $this->get_lock_user_data( $lock_user ), 3186 ) 3187 ); 3188 } 3189 3190 if ( 'trash' === get_post_status( $changeset_post_id ) ) { 3191 wp_send_json_error( 3192 array( 3193 'message' => __( 'Changes have already been trashed.' ), 3194 'code' => 'changeset_already_trashed', 3195 ) 3196 ); 3197 return; 3198 } 3199 3200 $r = $this->trash_changeset_post( $changeset_post_id ); 3201 if ( ! ( $r instanceof WP_Post ) ) { 3202 wp_send_json_error( 3203 array( 3204 'code' => 'changeset_trash_failure', 3205 'message' => __( 'Unable to trash changes.' ), 3206 ) 3207 ); 3208 } 3209 3210 wp_send_json_success( 3211 array( 3212 'message' => __( 'Changes trashed successfully.' ), 3213 ) 3214 ); 3215 } 3216 3217 /** 3218 * Re-maps 'edit_post' meta cap for a customize_changeset post to be the same as 'customize' maps. 3219 * 3220 * There is essentially a "meta meta" cap in play here, where 'edit_post' meta cap maps to 3221 * the 'customize' meta cap which then maps to 'edit_theme_options'. This is currently 3222 * required in core for `wp_create_post_autosave()` because it will call 3223 * `_wp_translate_postdata()` which in turn will check if a user can 'edit_post', but the 3224 * the caps for the customize_changeset post type are all mapping to the meta capability. 3225 * This should be able to be removed once #40922 is addressed in core. 3226 * 3227 * @since 4.9.0 3228 * 3229 * @link https://core.trac.wordpress.org/ticket/40922 3230 * @see WP_Customize_Manager::save_changeset_post() 3231 * @see _wp_translate_postdata() 3232 * 3233 * @param string[] $caps Array of the user's capabilities. 3234 * @param string $cap Capability name. 3235 * @param int $user_id The user ID. 3236 * @param array $args Adds the context to the cap. Typically the object ID. 3237 * @return array Capabilities. 3238 */ 3239 public function grant_edit_post_capability_for_changeset( $caps, $cap, $user_id, $args ) { 3240 if ( 'edit_post' === $cap && ! empty( $args[0] ) && 'customize_changeset' === get_post_type( $args[0] ) ) { 3241 $post_type_obj = get_post_type_object( 'customize_changeset' ); 3242 $caps = map_meta_cap( $post_type_obj->cap->$cap, $user_id ); 3243 } 3244 return $caps; 3245 } 3246 3247 /** 3248 * Marks the changeset post as being currently edited by the current user. 3249 * 3250 * @since 4.9.0 3251 * 3252 * @param int $changeset_post_id Changeset post ID. 3253 * @param bool $take_over Whether to take over the changeset. Default false. 3254 */ 3255 public function set_changeset_lock( $changeset_post_id, $take_over = false ) { 3256 if ( $changeset_post_id ) { 3257 $can_override = ! (bool) get_post_meta( $changeset_post_id, '_edit_lock', true ); 3258 3259 if ( $take_over ) { 3260 $can_override = true; 3261 } 3262 3263 if ( $can_override ) { 3264 $lock = sprintf( '%s:%s', time(), get_current_user_id() ); 3265 update_post_meta( $changeset_post_id, '_edit_lock', $lock ); 3266 } else { 3267 $this->refresh_changeset_lock( $changeset_post_id ); 3268 } 3269 } 3270 } 3271 3272 /** 3273 * Refreshes changeset lock with the current time if current user edited the changeset before. 3274 * 3275 * @since 4.9.0 3276 * 3277 * @param int $changeset_post_id Changeset post ID. 3278 */ 3279 public function refresh_changeset_lock( $changeset_post_id ) { 3280 if ( ! $changeset_post_id ) { 3281 return; 3282 } 3283 3284 $lock = get_post_meta( $changeset_post_id, '_edit_lock', true ); 3285 $lock = explode( ':', $lock ); 3286 3287 if ( $lock && ! empty( $lock[1] ) ) { 3288 $user_id = (int) $lock[1]; 3289 $current_user_id = get_current_user_id(); 3290 if ( $user_id === $current_user_id ) { 3291 $lock = sprintf( '%s:%s', time(), $user_id ); 3292 update_post_meta( $changeset_post_id, '_edit_lock', $lock ); 3293 } 3294 } 3295 } 3296 3297 /** 3298 * Filters heartbeat settings for the Customizer. 3299 * 3300 * @since 4.9.0 3301 * 3302 * @global string $pagenow The filename of the current screen. 3303 * 3304 * @param array $settings Current settings to filter. 3305 * @return array Heartbeat settings. 3306 */ 3307 public function add_customize_screen_to_heartbeat_settings( $settings ) { 3308 global $pagenow; 3309 3310 if ( 'customize.php' === $pagenow ) { 3311 $settings['screenId'] = 'customize'; 3312 } 3313 3314 return $settings; 3315 } 3316 3317 /** 3318 * Gets lock user data. 3319 * 3320 * @since 4.9.0 3321 * 3322 * @param int $user_id User ID. 3323 * @return array|null User data formatted for client. 3324 */ 3325 protected function get_lock_user_data( $user_id ) { 3326 if ( ! $user_id ) { 3327 return null; 3328 } 3329 3330 $lock_user = get_userdata( $user_id ); 3331 3332 if ( ! $lock_user ) { 3333 return null; 3334 } 3335 3336 $user_details = array( 3337 'id' => $lock_user->ID, 3338 'name' => $lock_user->display_name, 3339 ); 3340 3341 if ( get_option( 'show_avatars' ) ) { 3342 $user_details['avatar'] = get_avatar_url( $lock_user->ID, array( 'size' => 128 ) ); 3343 } 3344 3345 return $user_details; 3346 } 3347 3348 /** 3349 * Checks locked changeset with heartbeat API. 3350 * 3351 * @since 4.9.0 3352 * 3353 * @param array $response The Heartbeat response. 3354 * @param array $data The $_POST data sent. 3355 * @param string $screen_id The screen id. 3356 * @return array The Heartbeat response. 3357 */ 3358 public function check_changeset_lock_with_heartbeat( $response, $data, $screen_id ) { 3359 if ( isset( $data['changeset_uuid'] ) ) { 3360 $changeset_post_id = $this->find_changeset_post_id( $data['changeset_uuid'] ); 3361 } else { 3362 $changeset_post_id = $this->changeset_post_id(); 3363 } 3364 3365 if ( 3366 array_key_exists( 'check_changeset_lock', $data ) 3367 && 'customize' === $screen_id 3368 && $changeset_post_id 3369 && current_user_can( get_post_type_object( 'customize_changeset' )->cap->edit_post, $changeset_post_id ) 3370 ) { 3371 $lock_user_id = wp_check_post_lock( $changeset_post_id ); 3372 3373 if ( $lock_user_id ) { 3374 $response['customize_changeset_lock_user'] = $this->get_lock_user_data( $lock_user_id ); 3375 } else { 3376 3377 // Refreshing time will ensure that the user is sitting on customizer and has not closed the customizer tab. 3378 $this->refresh_changeset_lock( $changeset_post_id ); 3379 } 3380 } 3381 3382 return $response; 3383 } 3384 3385 /** 3386 * Removes changeset lock when take over request is sent via Ajax. 3387 * 3388 * @since 4.9.0 3389 */ 3390 public function handle_override_changeset_lock_request() { 3391 if ( ! $this->is_preview() ) { 3392 wp_send_json_error( 'not_preview', 400 ); 3393 } 3394 3395 if ( ! check_ajax_referer( 'customize_override_changeset_lock', 'nonce', false ) ) { 3396 wp_send_json_error( 3397 array( 3398 'code' => 'invalid_nonce', 3399 'message' => __( 'Security check failed.' ), 3400 ) 3401 ); 3402 } 3403 3404 $changeset_post_id = $this->changeset_post_id(); 3405 3406 if ( empty( $changeset_post_id ) ) { 3407 wp_send_json_error( 3408 array( 3409 'code' => 'no_changeset_found_to_take_over', 3410 'message' => __( 'No changeset found to take over' ), 3411 ) 3412 ); 3413 } 3414 3415 if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->edit_post, $changeset_post_id ) ) { 3416 wp_send_json_error( 3417 array( 3418 'code' => 'cannot_remove_changeset_lock', 3419 'message' => __( 'Sorry, you are not allowed to take over.' ), 3420 ) 3421 ); 3422 } 3423 3424 $this->set_changeset_lock( $changeset_post_id, true ); 3425 3426 wp_send_json_success( 'changeset_taken_over' ); 3427 } 3428 3429 /** 3430 * Determines whether a changeset revision should be made. 3431 * 3432 * @since 4.7.0 3433 * @var bool 3434 */ 3435 protected $store_changeset_revision; 3436 3437 /** 3438 * Filters whether a changeset has changed to create a new revision. 3439 * 3440 * Note that this will not be called while a changeset post remains in auto-draft status. 3441 * 3442 * @since 4.7.0 3443 * 3444 * @param bool $post_has_changed Whether the post has changed. 3445 * @param WP_Post $latest_revision The latest revision post object. 3446 * @param WP_Post $post The post object. 3447 * @return bool Whether a revision should be made. 3448 */ 3449 public function _filter_revision_post_has_changed( $post_has_changed, $latest_revision, $post ) { 3450 unset( $latest_revision ); 3451 if ( 'customize_changeset' === $post->post_type ) { 3452 $post_has_changed = $this->store_changeset_revision; 3453 } 3454 return $post_has_changed; 3455 } 3456 3457 /** 3458 * Publishes the values of a changeset. 3459 * 3460 * This will publish the values contained in a changeset, even changesets that do not 3461 * correspond to current manager instance. This is called by 3462 * `_wp_customize_publish_changeset()` when a customize_changeset post is 3463 * transitioned to the `publish` status. As such, this method should not be 3464 * called directly and instead `wp_publish_post()` should be used. 3465 * 3466 * Please note that if the settings in the changeset are for a non-activated 3467 * theme, the theme must first be switched to (via `switch_theme()`) before 3468 * invoking this method. 3469 * 3470 * @since 4.7.0 3471 * 3472 * @see _wp_customize_publish_changeset() 3473 * @global wpdb $wpdb WordPress database abstraction object. 3474 * 3475 * @param int $changeset_post_id ID for customize_changeset post. Defaults to the changeset for the current manager instance. 3476 * @return true|WP_Error True or error info. 3477 */ 3478 public function _publish_changeset_values( $changeset_post_id ) { 3479 global $wpdb; 3480 3481 $publishing_changeset_data = $this->get_changeset_post_data( $changeset_post_id ); 3482 if ( is_wp_error( $publishing_changeset_data ) ) { 3483 return $publishing_changeset_data; 3484 } 3485 3486 $changeset_post = get_post( $changeset_post_id ); 3487 3488 /* 3489 * Temporarily override the changeset context so that it will be read 3490 * in calls to unsanitized_post_values() and so that it will be available 3491 * on the $wp_customize object passed to hooks during the save logic. 3492 */ 3493 $previous_changeset_post_id = $this->_changeset_post_id; 3494 $this->_changeset_post_id = $changeset_post_id; 3495 $previous_changeset_uuid = $this->_changeset_uuid; 3496 $this->_changeset_uuid = $changeset_post->post_name; 3497 $previous_changeset_data = $this->_changeset_data; 3498 $this->_changeset_data = $publishing_changeset_data; 3499 3500 // Parse changeset data to identify theme mod settings and user IDs associated with settings to be saved. 3501 $setting_user_ids = array(); 3502 $theme_mod_settings = array(); 3503 $namespace_pattern = '/^(?P<stylesheet>.+?)::(?P<setting_id>.+)$/'; 3504 $matches = array(); 3505 foreach ( $this->_changeset_data as $raw_setting_id => $setting_params ) { 3506 $actual_setting_id = null; 3507 $is_theme_mod_setting = ( 3508 isset( $setting_params['value'] ) 3509 && 3510 isset( $setting_params['type'] ) 3511 && 3512 'theme_mod' === $setting_params['type'] 3513 && 3514 preg_match( $namespace_pattern, $raw_setting_id, $matches ) 3515 ); 3516 if ( $is_theme_mod_setting ) { 3517 if ( ! isset( $theme_mod_settings[ $matches['stylesheet'] ] ) ) { 3518 $theme_mod_settings[ $matches['stylesheet'] ] = array(); 3519 } 3520 $theme_mod_settings[ $matches['stylesheet'] ][ $matches['setting_id'] ] = $setting_params; 3521 3522 if ( $this->get_stylesheet() === $matches['stylesheet'] ) { 3523 $actual_setting_id = $matches['setting_id']; 3524 } 3525 } else { 3526 $actual_setting_id = $raw_setting_id; 3527 } 3528 3529 // Keep track of the user IDs for settings actually for this theme. 3530 if ( $actual_setting_id && isset( $setting_params['user_id'] ) ) { 3531 $setting_user_ids[ $actual_setting_id ] = $setting_params['user_id']; 3532 } 3533 } 3534 3535 $changeset_setting_values = $this->unsanitized_post_values( 3536 array( 3537 'exclude_post_data' => true, 3538 'exclude_changeset' => false, 3539 ) 3540 ); 3541 $changeset_setting_ids = array_keys( $changeset_setting_values ); 3542 $this->add_dynamic_settings( $changeset_setting_ids ); 3543 3544 /** 3545 * Fires once the theme has switched in the Customizer, but before settings 3546 * have been saved. 3547 * 3548 * @since 3.4.0 3549 * 3550 * @param WP_Customize_Manager $manager WP_Customize_Manager instance. 3551 */ 3552 do_action( 'customize_save', $this ); 3553 3554 /* 3555 * Ensure that all settings will allow themselves to be saved. Note that 3556 * this is safe because the setting would have checked the capability 3557 * when the setting value was written into the changeset. So this is why 3558 * an additional capability check is not required here. 3559 */ 3560 $original_setting_capabilities = array(); 3561 foreach ( $changeset_setting_ids as $setting_id ) { 3562 $setting = $this->get_setting( $setting_id ); 3563 if ( $setting && ! isset( $setting_user_ids[ $setting_id ] ) ) { 3564 $original_setting_capabilities[ $setting->id ] = $setting->capability; 3565 $setting->capability = 'exist'; 3566 } 3567 } 3568 3569 $original_user_id = get_current_user_id(); 3570 foreach ( $changeset_setting_ids as $setting_id ) { 3571 $setting = $this->get_setting( $setting_id ); 3572 if ( $setting ) { 3573 /* 3574 * Set the current user to match the user who saved the value into 3575 * the changeset so that any filters that apply during the save 3576 * process will respect the original user's capabilities. This 3577 * will ensure, for example, that KSES won't strip unsafe HTML 3578 * when a scheduled changeset publishes via WP Cron. 3579 */ 3580 if ( isset( $setting_user_ids[ $setting_id ] ) ) { 3581 wp_set_current_user( $setting_user_ids[ $setting_id ] ); 3582 } else { 3583 wp_set_current_user( $original_user_id ); 3584 } 3585 3586 $setting->save(); 3587 } 3588 } 3589 wp_set_current_user( $original_user_id ); 3590 3591 // Update the stashed theme mod settings, removing the active theme's stashed settings, if activated. 3592 if ( did_action( 'switch_theme' ) ) { 3593 $other_theme_mod_settings = $theme_mod_settings; 3594 unset( $other_theme_mod_settings[ $this->get_stylesheet() ] ); 3595 $this->update_stashed_theme_mod_settings( $other_theme_mod_settings ); 3596 } 3597 3598 /** 3599 * Fires after Customize settings have been saved. 3600 * 3601 * @since 3.6.0 3602 * 3603 * @param WP_Customize_Manager $manager WP_Customize_Manager instance. 3604 */ 3605 do_action( 'customize_save_after', $this ); 3606 3607 // Restore original capabilities. 3608 foreach ( $original_setting_capabilities as $setting_id => $capability ) { 3609 $setting = $this->get_setting( $setting_id ); 3610 if ( $setting ) { 3611 $setting->capability = $capability; 3612 } 3613 } 3614 3615 // Restore original changeset data. 3616 $this->_changeset_data = $previous_changeset_data; 3617 $this->_changeset_post_id = $previous_changeset_post_id; 3618 $this->_changeset_uuid = $previous_changeset_uuid; 3619 3620 /* 3621 * Convert all autosave revisions into their own auto-drafts so that users can be prompted to 3622 * restore them when a changeset is published, but they had been locked out from including 3623 * their changes in the changeset. 3624 */ 3625 $revisions = wp_get_post_revisions( $changeset_post_id, array( 'check_enabled' => false ) ); 3626 foreach ( $revisions as $revision ) { 3627 if ( str_contains( $revision->post_name, "{$changeset_post_id}-autosave" ) ) { 3628 $wpdb->update( 3629 $wpdb->posts, 3630 array( 3631 'post_status' => 'auto-draft', 3632 'post_type' => 'customize_changeset', 3633 'post_name' => wp_generate_uuid4(), 3634 'post_parent' => 0, 3635 ), 3636 array( 3637 'ID' => $revision->ID, 3638 ) 3639 ); 3640 clean_post_cache( $revision->ID ); 3641 } 3642 } 3643 3644 return true; 3645 } 3646 3647 /** 3648 * Updates stashed theme mod settings. 3649 * 3650 * @since 4.7.0 3651 * 3652 * @param array $inactive_theme_mod_settings Mapping of stylesheet to arrays of theme mod settings. 3653 * @return array|false Returns array of updated stashed theme mods or false if the update failed or there were no changes. 3654 */ 3655 protected function update_stashed_theme_mod_settings( $inactive_theme_mod_settings ) { 3656 $stashed_theme_mod_settings = get_option( 'customize_stashed_theme_mods' ); 3657 if ( empty( $stashed_theme_mod_settings ) ) { 3658 $stashed_theme_mod_settings = array(); 3659 } 3660 3661 // Delete any stashed theme mods for the active theme since they would have been loaded and saved upon activation. 3662 unset( $stashed_theme_mod_settings[ $this->get_stylesheet() ] ); 3663 3664 // Merge inactive theme mods with the stashed theme mod settings. 3665 foreach ( $inactive_theme_mod_settings as $stylesheet => $theme_mod_settings ) { 3666 if ( ! isset( $stashed_theme_mod_settings[ $stylesheet ] ) ) { 3667 $stashed_theme_mod_settings[ $stylesheet ] = array(); 3668 } 3669 3670 $stashed_theme_mod_settings[ $stylesheet ] = array_merge( 3671 $stashed_theme_mod_settings[ $stylesheet ], 3672 $theme_mod_settings 3673 ); 3674 } 3675 3676 $autoload = false; 3677 $result = update_option( 'customize_stashed_theme_mods', $stashed_theme_mod_settings, $autoload ); 3678 if ( ! $result ) { 3679 return false; 3680 } 3681 return $stashed_theme_mod_settings; 3682 } 3683 3684 /** 3685 * Refreshes nonces for the current preview. 3686 * 3687 * @since 4.2.0 3688 */ 3689 public function refresh_nonces() { 3690 if ( ! $this->is_preview() ) { 3691 wp_send_json_error( 'not_preview' ); 3692 } 3693 3694 wp_send_json_success( $this->get_nonces() ); 3695 } 3696 3697 /** 3698 * Deletes a given auto-draft changeset or the autosave revision for a given changeset or delete changeset lock. 3699 * 3700 * @since 4.9.0 3701 */ 3702 public function handle_dismiss_autosave_or_lock_request() { 3703 // Calls to dismiss_user_auto_draft_changesets() and wp_get_post_autosave() require non-zero get_current_user_id(). 3704 if ( ! is_user_logged_in() ) { 3705 wp_send_json_error( 'unauthenticated', 401 ); 3706 } 3707 3708 if ( ! $this->is_preview() ) { 3709 wp_send_json_error( 'not_preview', 400 ); 3710 } 3711 3712 if ( ! check_ajax_referer( 'customize_dismiss_autosave_or_lock', 'nonce', false ) ) { 3713 wp_send_json_error( 'invalid_nonce', 403 ); 3714 } 3715 3716 $changeset_post_id = $this->changeset_post_id(); 3717 $dismiss_lock = ! empty( $_POST['dismiss_lock'] ); 3718 $dismiss_autosave = ! empty( $_POST['dismiss_autosave'] ); 3719 3720 if ( $dismiss_lock ) { 3721 if ( empty( $changeset_post_id ) && ! $dismiss_autosave ) { 3722 wp_send_json_error( 'no_changeset_to_dismiss_lock', 404 ); 3723 } 3724 if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->edit_post, $changeset_post_id ) && ! $dismiss_autosave ) { 3725 wp_send_json_error( 'cannot_remove_changeset_lock', 403 ); 3726 } 3727 3728 delete_post_meta( $changeset_post_id, '_edit_lock' ); 3729 3730 if ( ! $dismiss_autosave ) { 3731 wp_send_json_success( 'changeset_lock_dismissed' ); 3732 } 3733 } 3734 3735 if ( $dismiss_autosave ) { 3736 if ( empty( $changeset_post_id ) || 'auto-draft' === get_post_status( $changeset_post_id ) ) { 3737 $dismissed = $this->dismiss_user_auto_draft_changesets(); 3738 if ( $dismissed > 0 ) { 3739 wp_send_json_success( 'auto_draft_dismissed' ); 3740 } else { 3741 wp_send_json_error( 'no_auto_draft_to_delete', 404 ); 3742 } 3743 } else { 3744 $revision = wp_get_post_autosave( $changeset_post_id, get_current_user_id() ); 3745 3746 if ( $revision ) { 3747 if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->delete_post, $changeset_post_id ) ) { 3748 wp_send_json_error( 'cannot_delete_autosave_revision', 403 ); 3749 } 3750 3751 if ( ! wp_delete_post( $revision->ID, true ) ) { 3752 wp_send_json_error( 'autosave_revision_deletion_failure', 500 ); 3753 } else { 3754 wp_send_json_success( 'autosave_revision_deleted' ); 3755 } 3756 } else { 3757 wp_send_json_error( 'no_autosave_revision_to_delete', 404 ); 3758 } 3759 } 3760 } 3761 3762 wp_send_json_error( 'unknown_error', 500 ); 3763 } 3764 3765 /** 3766 * Adds a customize setting. 3767 * 3768 * @since 3.4.0 3769 * @since 4.5.0 Return added WP_Customize_Setting instance. 3770 * 3771 * @see WP_Customize_Setting::__construct() 3772 * @link https://developer.wordpress.org/themes/customize-api 3773 * 3774 * @param WP_Customize_Setting|string $id Customize Setting object, or ID. 3775 * @param array $args Optional. Array of properties for the new Setting object. 3776 * See WP_Customize_Setting::__construct() for information 3777 * on accepted arguments. Default empty array. 3778 * @return WP_Customize_Setting The instance of the setting that was added. 3779 */ 3780 public function add_setting( $id, $args = array() ) { 3781 if ( $id instanceof WP_Customize_Setting ) { 3782 $setting = $id; 3783 } else { 3784 $class = 'WP_Customize_Setting'; 3785 3786 /** This filter is documented in wp-includes/class-wp-customize-manager.php */ 3787 $args = apply_filters( 'customize_dynamic_setting_args', $args, $id ); 3788 3789 /** This filter is documented in wp-includes/class-wp-customize-manager.php */ 3790 $class = apply_filters( 'customize_dynamic_setting_class', $class, $id, $args ); 3791 3792 $setting = new $class( $this, $id, $args ); 3793 } 3794 3795 $this->settings[ $setting->id ] = $setting; 3796 return $setting; 3797 } 3798 3799 /** 3800 * Registers any dynamically-created settings, such as those from $_POST['customized'] 3801 * that have no corresponding setting created. 3802 * 3803 * This is a mechanism to "wake up" settings that have been dynamically created 3804 * on the front end and have been sent to WordPress in `$_POST['customized']`. When WP 3805 * loads, the dynamically-created settings then will get created and previewed 3806 * even though they are not directly created statically with code. 3807 * 3808 * @since 4.2.0 3809 * 3810 * @param array $setting_ids The setting IDs to add. 3811 * @return array The WP_Customize_Setting objects added. 3812 */ 3813 public function add_dynamic_settings( $setting_ids ) { 3814 $new_settings = array(); 3815 foreach ( $setting_ids as $setting_id ) { 3816 // Skip settings already created. 3817 if ( $this->get_setting( $setting_id ) ) { 3818 continue; 3819 } 3820 3821 $setting_args = false; 3822 $setting_class = 'WP_Customize_Setting'; 3823 3824 /** 3825 * Filters a dynamic setting's constructor args. 3826 * 3827 * For a dynamic setting to be registered, this filter must be employed 3828 * to override the default false value with an array of args to pass to 3829 * the WP_Customize_Setting constructor. 3830 * 3831 * @since 4.2.0 3832 * 3833 * @param false|array $setting_args The arguments to the WP_Customize_Setting constructor. 3834 * @param string $setting_id ID for dynamic setting, usually coming from `$_POST['customized']`. 3835 */ 3836 $setting_args = apply_filters( 'customize_dynamic_setting_args', $setting_args, $setting_id ); 3837 if ( false === $setting_args ) { 3838 continue; 3839 } 3840 3841 /** 3842 * Allow non-statically created settings to be constructed with custom WP_Customize_Setting subclass. 3843 * 3844 * @since 4.2.0 3845 * 3846 * @param string $setting_class WP_Customize_Setting or a subclass. 3847 * @param string $setting_id ID for dynamic setting, usually coming from `$_POST['customized']`. 3848 * @param array $setting_args WP_Customize_Setting or a subclass. 3849 */ 3850 $setting_class = apply_filters( 'customize_dynamic_setting_class', $setting_class, $setting_id, $setting_args ); 3851 3852 $setting = new $setting_class( $this, $setting_id, $setting_args ); 3853 3854 $this->add_setting( $setting ); 3855 $new_settings[] = $setting; 3856 } 3857 return $new_settings; 3858 } 3859 3860 /** 3861 * Retrieves a customize setting. 3862 * 3863 * @since 3.4.0 3864 * 3865 * @param string $id Customize Setting ID. 3866 * @return WP_Customize_Setting|void The setting, if set. 3867 */ 3868 public function get_setting( $id ) { 3869 if ( isset( $this->settings[ $id ] ) ) { 3870 return $this->settings[ $id ]; 3871 } 3872 } 3873 3874 /** 3875 * Removes a customize setting. 3876 * 3877 * Note that removing the setting doesn't destroy the WP_Customize_Setting instance or remove its filters. 3878 * 3879 * @since 3.4.0 3880 * 3881 * @param string $id Customize Setting ID. 3882 */ 3883 public function remove_setting( $id ) { 3884 unset( $this->settings[ $id ] ); 3885 } 3886 3887 /** 3888 * Adds a customize panel. 3889 * 3890 * @since 4.0.0 3891 * @since 4.5.0 Return added WP_Customize_Panel instance. 3892 * 3893 * @see WP_Customize_Panel::__construct() 3894 * 3895 * @param WP_Customize_Panel|string $id Customize Panel object, or ID. 3896 * @param array $args Optional. Array of properties for the new Panel object. 3897 * See WP_Customize_Panel::__construct() for information 3898 * on accepted arguments. Default empty array. 3899 * @return WP_Customize_Panel The instance of the panel that was added. 3900 */ 3901 public function add_panel( $id, $args = array() ) { 3902 if ( $id instanceof WP_Customize_Panel ) { 3903 $panel = $id; 3904 } else { 3905 $panel = new WP_Customize_Panel( $this, $id, $args ); 3906 } 3907 3908 $this->panels[ $panel->id ] = $panel; 3909 return $panel; 3910 } 3911 3912 /** 3913 * Retrieves a customize panel. 3914 * 3915 * @since 4.0.0 3916 * 3917 * @param string $id Panel ID to get. 3918 * @return WP_Customize_Panel|void Requested panel instance, if set. 3919 */ 3920 public function get_panel( $id ) { 3921 if ( isset( $this->panels[ $id ] ) ) { 3922 return $this->panels[ $id ]; 3923 } 3924 } 3925 3926 /** 3927 * Removes a customize panel. 3928 * 3929 * Note that removing the panel doesn't destroy the WP_Customize_Panel instance or remove its filters. 3930 * 3931 * @since 4.0.0 3932 * 3933 * @param string $id Panel ID to remove. 3934 */ 3935 public function remove_panel( $id ) { 3936 // Removing core components this way is _doing_it_wrong(). 3937 if ( in_array( $id, $this->components, true ) ) { 3938 _doing_it_wrong( 3939 __METHOD__, 3940 sprintf( 3941 /* translators: 1: Panel ID, 2: Link to 'customize_loaded_components' filter reference. */ 3942 __( 'Removing %1$s manually will cause PHP warnings. Use the %2$s filter instead.' ), 3943 $id, 3944 sprintf( 3945 '<a href="%1$s">%2$s</a>', 3946 esc_url( 'https://developer.wordpress.org/reference/hooks/customize_loaded_components/' ), 3947 '<code>customize_loaded_components</code>' 3948 ) 3949 ), 3950 '4.5.0' 3951 ); 3952 } 3953 unset( $this->panels[ $id ] ); 3954 } 3955 3956 /** 3957 * Registers a customize panel type. 3958 * 3959 * Registered types are eligible to be rendered via JS and created dynamically. 3960 * 3961 * @since 4.3.0 3962 * 3963 * @see WP_Customize_Panel 3964 * 3965 * @param string $panel Name of a custom panel which is a subclass of WP_Customize_Panel. 3966 */ 3967 public function register_panel_type( $panel ) { 3968 $this->registered_panel_types[] = $panel; 3969 } 3970 3971 /** 3972 * Renders JS templates for all registered panel types. 3973 * 3974 * @since 4.3.0 3975 */ 3976 public function render_panel_templates() { 3977 foreach ( $this->registered_panel_types as $panel_type ) { 3978 $panel = new $panel_type( $this, 'temp', array() ); 3979 $panel->print_template(); 3980 } 3981 } 3982 3983 /** 3984 * Adds a customize section. 3985 * 3986 * @since 3.4.0 3987 * @since 4.5.0 Return added WP_Customize_Section instance. 3988 * 3989 * @see WP_Customize_Section::__construct() 3990 * 3991 * @param WP_Customize_Section|string $id Customize Section object, or ID. 3992 * @param array $args Optional. Array of properties for the new Section object. 3993 * See WP_Customize_Section::__construct() for information 3994 * on accepted arguments. Default empty array. 3995 * @return WP_Customize_Section The instance of the section that was added. 3996 */ 3997 public function add_section( $id, $args = array() ) { 3998 if ( $id instanceof WP_Customize_Section ) { 3999 $section = $id; 4000 } else { 4001 $section = new WP_Customize_Section( $this, $id, $args ); 4002 } 4003 4004 $this->sections[ $section->id ] = $section; 4005 return $section; 4006 } 4007 4008 /** 4009 * Retrieves a customize section. 4010 * 4011 * @since 3.4.0 4012 * 4013 * @param string $id Section ID. 4014 * @return WP_Customize_Section|void The section, if set. 4015 */ 4016 public function get_section( $id ) { 4017 if ( isset( $this->sections[ $id ] ) ) { 4018 return $this->sections[ $id ]; 4019 } 4020 } 4021 4022 /** 4023 * Removes a customize section. 4024 * 4025 * Note that removing the section doesn't destroy the WP_Customize_Section instance or remove its filters. 4026 * 4027 * @since 3.4.0 4028 * 4029 * @param string $id Section ID. 4030 */ 4031 public function remove_section( $id ) { 4032 unset( $this->sections[ $id ] ); 4033 } 4034 4035 /** 4036 * Registers a customize section type. 4037 * 4038 * Registered types are eligible to be rendered via JS and created dynamically. 4039 * 4040 * @since 4.3.0 4041 * 4042 * @see WP_Customize_Section 4043 * 4044 * @param string $section Name of a custom section which is a subclass of WP_Customize_Section. 4045 */ 4046 public function register_section_type( $section ) { 4047 $this->registered_section_types[] = $section; 4048 } 4049 4050 /** 4051 * Renders JS templates for all registered section types. 4052 * 4053 * @since 4.3.0 4054 */ 4055 public function render_section_templates() { 4056 foreach ( $this->registered_section_types as $section_type ) { 4057 $section = new $section_type( $this, 'temp', array() ); 4058 $section->print_template(); 4059 } 4060 } 4061 4062 /** 4063 * Adds a customize control. 4064 * 4065 * @since 3.4.0 4066 * @since 4.5.0 Return added WP_Customize_Control instance. 4067 * 4068 * @see WP_Customize_Control::__construct() 4069 * 4070 * @param WP_Customize_Control|string $id Customize Control object, or ID. 4071 * @param array $args Optional. Array of properties for the new Control object. 4072 * See WP_Customize_Control::__construct() for information 4073 * on accepted arguments. Default empty array. 4074 * @return WP_Customize_Control The instance of the control that was added. 4075 */ 4076 public function add_control( $id, $args = array() ) { 4077 if ( $id instanceof WP_Customize_Control ) { 4078 $control = $id; 4079 } else { 4080 $control = new WP_Customize_Control( $this, $id, $args ); 4081 } 4082 4083 $this->controls[ $control->id ] = $control; 4084 return $control; 4085 } 4086 4087 /** 4088 * Retrieves a customize control. 4089 * 4090 * @since 3.4.0 4091 * 4092 * @param string $id ID of the control. 4093 * @return WP_Customize_Control|void The control object, if set. 4094 */ 4095 public function get_control( $id ) { 4096 if ( isset( $this->controls[ $id ] ) ) { 4097 return $this->controls[ $id ]; 4098 } 4099 } 4100 4101 /** 4102 * Removes a customize control. 4103 * 4104 * Note that removing the control doesn't destroy the WP_Customize_Control instance or remove its filters. 4105 * 4106 * @since 3.4.0 4107 * 4108 * @param string $id ID of the control. 4109 */ 4110 public function remove_control( $id ) { 4111 unset( $this->controls[ $id ] ); 4112 } 4113 4114 /** 4115 * Registers a customize control type. 4116 * 4117 * Registered types are eligible to be rendered via JS and created dynamically. 4118 * 4119 * @since 4.1.0 4120 * 4121 * @param string $control Name of a custom control which is a subclass of 4122 * WP_Customize_Control. 4123 */ 4124 public function register_control_type( $control ) { 4125 $this->registered_control_types[] = $control; 4126 } 4127 4128 /** 4129 * Renders JS templates for all registered control types. 4130 * 4131 * @since 4.1.0 4132 */ 4133 public function render_control_templates() { 4134 if ( $this->branching() ) { 4135 $l10n = array( 4136 /* translators: %s: User who is customizing the changeset in customizer. */ 4137 'locked' => __( '%s is already customizing this changeset. Please wait until they are done to try customizing. Your latest changes have been autosaved.' ), 4138 /* translators: %s: User who is customizing the changeset in customizer. */ 4139 'locked_allow_override' => __( '%s is already customizing this changeset. Do you want to take over?' ), 4140 ); 4141 } else { 4142 $l10n = array( 4143 /* translators: %s: User who is customizing the changeset in customizer. */ 4144 'locked' => __( '%s is already customizing this site. Please wait until they are done to try customizing. Your latest changes have been autosaved.' ), 4145 /* translators: %s: User who is customizing the changeset in customizer. */ 4146 'locked_allow_override' => __( '%s is already customizing this site. Do you want to take over?' ), 4147 ); 4148 } 4149 4150 foreach ( $this->registered_control_types as $control_type ) { 4151 $control = new $control_type( 4152 $this, 4153 'temp', 4154 array( 4155 'settings' => array(), 4156 ) 4157 ); 4158 $control->print_template(); 4159 } 4160 ?> 4161 4162 <script type="text/html" id="tmpl-customize-control-default-content"> 4163 <# 4164 var inputId = _.uniqueId( 'customize-control-default-input-' ); 4165 var descriptionId = _.uniqueId( 'customize-control-default-description-' ); 4166 var describedByAttr = data.description ? ' aria-describedby="' + descriptionId + '" ' : ''; 4167 #> 4168 <# switch ( data.type ) { 4169 case 'checkbox': #> 4170 <span class="customize-inside-control-row"> 4171 <input 4172 id="{{ inputId }}" 4173 {{{ describedByAttr }}} 4174 type="checkbox" 4175 value="{{ data.value }}" 4176 data-customize-setting-key-link="default" 4177 > 4178 <label for="{{ inputId }}"> 4179 {{ data.label }} 4180 </label> 4181 <# if ( data.description ) { #> 4182 <span id="{{ descriptionId }}" class="description customize-control-description">{{{ data.description }}}</span> 4183 <# } #> 4184 </span> 4185 <# 4186 break; 4187 case 'radio': 4188 if ( ! data.choices ) { 4189 return; 4190 } 4191 #> 4192 <# if ( data.label ) { #> 4193 <label for="{{ inputId }}" class="customize-control-title"> 4194 {{ data.label }} 4195 </label> 4196 <# } #> 4197 <# if ( data.description ) { #> 4198 <span id="{{ descriptionId }}" class="description customize-control-description">{{{ data.description }}}</span> 4199 <# } #> 4200 <# _.each( data.choices, function( val, key ) { #> 4201 <span class="customize-inside-control-row"> 4202 <# 4203 var value, text; 4204 if ( _.isObject( val ) ) { 4205 value = val.value; 4206 text = val.text; 4207 } else { 4208 value = key; 4209 text = val; 4210 } 4211 #> 4212 <input 4213 id="{{ inputId + '-' + value }}" 4214 type="radio" 4215 value="{{ value }}" 4216 name="{{ inputId }}" 4217 data-customize-setting-key-link="default" 4218 {{{ describedByAttr }}} 4219 > 4220 <label for="{{ inputId + '-' + value }}">{{ text }}</label> 4221 </span> 4222 <# } ); #> 4223 <# 4224 break; 4225 default: 4226 #> 4227 <# if ( data.label ) { #> 4228 <label for="{{ inputId }}" class="customize-control-title"> 4229 {{ data.label }} 4230 </label> 4231 <# } #> 4232 <# if ( data.description ) { #> 4233 <span id="{{ descriptionId }}" class="description customize-control-description">{{{ data.description }}}</span> 4234 <# } #> 4235 4236 <# 4237 var inputAttrs = { 4238 id: inputId, 4239 'data-customize-setting-key-link': 'default' 4240 }; 4241 if ( 'textarea' === data.type ) { 4242 inputAttrs.rows = '5'; 4243 } else if ( 'button' === data.type ) { 4244 inputAttrs['class'] = 'button button-secondary'; 4245 inputAttrs.type = 'button'; 4246 } else { 4247 inputAttrs.type = data.type; 4248 } 4249 if ( data.description ) { 4250 inputAttrs['aria-describedby'] = descriptionId; 4251 } 4252 _.extend( inputAttrs, data.input_attrs ); 4253 #> 4254 4255 <# if ( 'button' === data.type ) { #> 4256 <button 4257 <# _.each( _.extend( inputAttrs ), function( value, key ) { #> 4258 {{{ key }}}="{{ value }}" 4259 <# } ); #> 4260 >{{ inputAttrs.value }}</button> 4261 <# } else if ( 'textarea' === data.type ) { #> 4262 <textarea 4263 <# _.each( _.extend( inputAttrs ), function( value, key ) { #> 4264 {{{ key }}}="{{ value }}" 4265 <# }); #> 4266 >{{ inputAttrs.value }}</textarea> 4267 <# } else if ( 'select' === data.type ) { #> 4268 <# delete inputAttrs.type; #> 4269 <select 4270 <# _.each( _.extend( inputAttrs ), function( value, key ) { #> 4271 {{{ key }}}="{{ value }}" 4272 <# }); #> 4273 > 4274 <# _.each( data.choices, function( val, key ) { #> 4275 <# 4276 var value, text; 4277 if ( _.isObject( val ) ) { 4278 value = val.value; 4279 text = val.text; 4280 } else { 4281 value = key; 4282 text = val; 4283 } 4284 #> 4285 <option value="{{ value }}">{{ text }}</option> 4286 <# } ); #> 4287 </select> 4288 <# } else { #> 4289 <input 4290 <# _.each( _.extend( inputAttrs ), function( value, key ) { #> 4291 {{{ key }}}="{{ value }}" 4292 <# }); #> 4293 > 4294 <# } #> 4295 <# } #> 4296 </script> 4297 4298 <script type="text/html" id="tmpl-customize-notification"> 4299 <li class="notice notice-{{ data.type || 'info' }} {{ data.alt ? 'notice-alt' : '' }} {{ data.dismissible ? 'is-dismissible' : '' }} {{ data.containerClasses || '' }}" data-code="{{ data.code }}" data-type="{{ data.type }}"> 4300 <div class="notification-message">{{{ data.message || data.code }}}</div> 4301 <# if ( data.dismissible ) { #> 4302 <button type="button" class="notice-dismiss"><span class="screen-reader-text"> 4303 <?php 4304 /* translators: Hidden accessibility text. */ 4305 _e( 'Dismiss' ); 4306 ?> 4307 </span></button> 4308 <# } #> 4309 </li> 4310 </script> 4311 4312 <script type="text/html" id="tmpl-customize-changeset-locked-notification"> 4313 <li class="notice notice-{{ data.type || 'info' }} {{ data.containerClasses || '' }}" data-code="{{ data.code }}" data-type="{{ data.type }}"> 4314 <div class="notification-message customize-changeset-locked-message {{ data.lockUser.avatar ? 'has-avatar' : '' }}"> 4315 <# if ( data.lockUser.avatar ) { #> 4316 <img class="customize-changeset-locked-avatar" src="{{ data.lockUser.avatar }}" alt="{{ data.lockUser.name }}" /> 4317 <# } #> 4318 <p class="currently-editing"> 4319 <# if ( data.message ) { #> 4320 {{{ data.message }}} 4321 <# } else if ( data.allowOverride ) { #> 4322 <?php 4323 echo esc_html( sprintf( $l10n['locked_allow_override'], '{{ data.lockUser.name }}' ) ); 4324 ?> 4325 <# } else { #> 4326 <?php 4327 echo esc_html( sprintf( $l10n['locked'], '{{ data.lockUser.name }}' ) ); 4328 ?> 4329 <# } #> 4330 </p> 4331 <p class="notice notice-error notice-alt" hidden></p> 4332 <p class="action-buttons"> 4333 <# if ( data.returnUrl !== data.previewUrl ) { #> 4334 <a class="button customize-notice-go-back-button" href="{{ data.returnUrl }}"><?php _e( 'Go back' ); ?></a> 4335 <# } #> 4336 <a class="button customize-notice-preview-button" href="{{ data.frontendPreviewUrl }}"><?php _e( 'Preview' ); ?></a> 4337 <# if ( data.allowOverride ) { #> 4338 <button class="button button-primary wp-tab-last customize-notice-take-over-button"><?php _e( 'Take over' ); ?></button> 4339 <# } #> 4340 </p> 4341 </div> 4342 </li> 4343 </script> 4344 4345 <script type="text/html" id="tmpl-customize-code-editor-lint-error-notification"> 4346 <li class="notice notice-{{ data.type || 'info' }} {{ data.alt ? 'notice-alt' : '' }} {{ data.dismissible ? 'is-dismissible' : '' }} {{ data.containerClasses || '' }}" data-code="{{ data.code }}" data-type="{{ data.type }}"> 4347 <div class="notification-message">{{{ data.message || data.code }}}</div> 4348 4349 <p> 4350 <# var elementId = 'el-' + String( Math.random() ); #> 4351 <input id="{{ elementId }}" type="checkbox"> 4352 <label for="{{ elementId }}"><?php _e( 'Update anyway, even though it might break your site?' ); ?></label> 4353 </p> 4354 </li> 4355 </script> 4356 4357 <?php 4358 /* The following template is obsolete in core but retained for plugins. */ 4359 ?> 4360 <script type="text/html" id="tmpl-customize-control-notifications"> 4361 <ul> 4362 <# _.each( data.notifications, function( notification ) { #> 4363 <li class="notice notice-{{ notification.type || 'info' }} {{ data.altNotice ? 'notice-alt' : '' }}" data-code="{{ notification.code }}" data-type="{{ notification.type }}">{{{ notification.message || notification.code }}}</li> 4364 <# } ); #> 4365 </ul> 4366 </script> 4367 4368 <script type="text/html" id="tmpl-customize-preview-link-control" > 4369 <# var elementPrefix = _.uniqueId( 'el' ) + '-' #> 4370 <p class="customize-control-title"> 4371 <?php esc_html_e( 'Share Preview Link' ); ?> 4372 </p> 4373 <p class="description customize-control-description"><?php esc_html_e( 'See how changes would look live on your website, and share the preview with people who can\'t access the Customizer.' ); ?></p> 4374 <div class="customize-control-notifications-container"></div> 4375 <div class="preview-link-wrapper"> 4376 <label for="{{ elementPrefix }}customize-preview-link-input" class="screen-reader-text"> 4377 <?php 4378 /* translators: Hidden accessibility text. */ 4379 esc_html_e( 'Preview Link' ); 4380 ?> 4381 </label> 4382 <a href="" target=""> 4383 <span class="preview-control-element" data-component="url"></span> 4384 <span class="screen-reader-text"> 4385 <?php 4386 /* translators: Hidden accessibility text. */ 4387 _e( '(opens in a new tab)' ); 4388 ?> 4389 </span> 4390 </a> 4391 <input id="{{ elementPrefix }}customize-preview-link-input" readonly tabindex="-1" class="preview-control-element" data-component="input"> 4392 <button class="customize-copy-preview-link preview-control-element button button-secondary" data-component="button" data-copy-text="<?php esc_attr_e( 'Copy' ); ?>" data-copied-text="<?php esc_attr_e( 'Copied' ); ?>" ><?php esc_html_e( 'Copy' ); ?></button> 4393 </div> 4394 </script> 4395 <script type="text/html" id="tmpl-customize-selected-changeset-status-control"> 4396 <# var inputId = _.uniqueId( 'customize-selected-changeset-status-control-input-' ); #> 4397 <# var descriptionId = _.uniqueId( 'customize-selected-changeset-status-control-description-' ); #> 4398 <# if ( data.label ) { #> 4399 <label for="{{ inputId }}" class="customize-control-title">{{ data.label }}</label> 4400 <# } #> 4401 <# if ( data.description ) { #> 4402 <span id="{{ descriptionId }}" class="description customize-control-description">{{{ data.description }}}</span> 4403 <# } #> 4404 <# _.each( data.choices, function( choice ) { #> 4405 <# var choiceId = inputId + '-' + choice.status; #> 4406 <span class="customize-inside-control-row"> 4407 <input id="{{ choiceId }}" type="radio" value="{{ choice.status }}" name="{{ inputId }}" data-customize-setting-key-link="default"> 4408 <label for="{{ choiceId }}">{{ choice.label }}</label> 4409 </span> 4410 <# } ); #> 4411 </script> 4412 <?php 4413 } 4414 4415 /** 4416 * Helper function to compare two objects by priority, ensuring sort stability via instance_number. 4417 * 4418 * @since 3.4.0 4419 * @deprecated 4.7.0 Use wp_list_sort() 4420 * 4421 * @param WP_Customize_Panel|WP_Customize_Section|WP_Customize_Control $a Object A. 4422 * @param WP_Customize_Panel|WP_Customize_Section|WP_Customize_Control $b Object B. 4423 * @return int 4424 */ 4425 protected function _cmp_priority( $a, $b ) { 4426 _deprecated_function( __METHOD__, '4.7.0', 'wp_list_sort' ); 4427 4428 if ( $a->priority === $b->priority ) { 4429 return $a->instance_number - $b->instance_number; 4430 } else { 4431 return $a->priority - $b->priority; 4432 } 4433 } 4434 4435 /** 4436 * Prepares panels, sections, and controls. 4437 * 4438 * For each, check if required related components exist, 4439 * whether the user has the necessary capabilities, 4440 * and sort by priority. 4441 * 4442 * @since 3.4.0 4443 */ 4444 public function prepare_controls() { 4445 4446 $controls = array(); 4447 $this->controls = wp_list_sort( 4448 $this->controls, 4449 array( 4450 'priority' => 'ASC', 4451 'instance_number' => 'ASC', 4452 ), 4453 'ASC', 4454 true 4455 ); 4456 4457 foreach ( $this->controls as $id => $control ) { 4458 if ( ! isset( $this->sections[ $control->section ] ) || ! $control->check_capabilities() ) { 4459 continue; 4460 } 4461 4462 $this->sections[ $control->section ]->controls[] = $control; 4463 $controls[ $id ] = $control; 4464 } 4465 $this->controls = $controls; 4466 4467 // Prepare sections. 4468 $this->sections = wp_list_sort( 4469 $this->sections, 4470 array( 4471 'priority' => 'ASC', 4472 'instance_number' => 'ASC', 4473 ), 4474 'ASC', 4475 true 4476 ); 4477 $sections = array(); 4478 4479 foreach ( $this->sections as $section ) { 4480 if ( ! $section->check_capabilities() ) { 4481 continue; 4482 } 4483 4484 $section->controls = wp_list_sort( 4485 $section->controls, 4486 array( 4487 'priority' => 'ASC', 4488 'instance_number' => 'ASC', 4489 ) 4490 ); 4491 4492 if ( ! $section->panel ) { 4493 // Top-level section. 4494 $sections[ $section->id ] = $section; 4495 } else { 4496 // This section belongs to a panel. 4497 if ( isset( $this->panels [ $section->panel ] ) ) { 4498 $this->panels[ $section->panel ]->sections[ $section->id ] = $section; 4499 } 4500 } 4501 } 4502 $this->sections = $sections; 4503 4504 // Prepare panels. 4505 $this->panels = wp_list_sort( 4506 $this->panels, 4507 array( 4508 'priority' => 'ASC', 4509 'instance_number' => 'ASC', 4510 ), 4511 'ASC', 4512 true 4513 ); 4514 $panels = array(); 4515 4516 foreach ( $this->panels as $panel ) { 4517 if ( ! $panel->check_capabilities() ) { 4518 continue; 4519 } 4520 4521 $panel->sections = wp_list_sort( 4522 $panel->sections, 4523 array( 4524 'priority' => 'ASC', 4525 'instance_number' => 'ASC', 4526 ), 4527 'ASC', 4528 true 4529 ); 4530 $panels[ $panel->id ] = $panel; 4531 } 4532 $this->panels = $panels; 4533 4534 // Sort panels and top-level sections together. 4535 $this->containers = array_merge( $this->panels, $this->sections ); 4536 $this->containers = wp_list_sort( 4537 $this->containers, 4538 array( 4539 'priority' => 'ASC', 4540 'instance_number' => 'ASC', 4541 ), 4542 'ASC', 4543 true 4544 ); 4545 } 4546 4547 /** 4548 * Enqueues scripts for customize controls. 4549 * 4550 * @since 3.4.0 4551 */ 4552 public function enqueue_control_scripts() { 4553 foreach ( $this->controls as $control ) { 4554 $control->enqueue(); 4555 } 4556 4557 if ( ! is_multisite() && ( current_user_can( 'install_themes' ) || current_user_can( 'update_themes' ) || current_user_can( 'delete_themes' ) ) ) { 4558 wp_enqueue_script( 'updates' ); 4559 wp_localize_script( 4560 'updates', 4561 '_wpUpdatesItemCounts', 4562 array( 4563 'totals' => wp_get_update_data(), 4564 ) 4565 ); 4566 } 4567 } 4568 4569 /** 4570 * Determines whether the user agent is iOS. 4571 * 4572 * @since 4.4.0 4573 * 4574 * @return bool Whether the user agent is iOS. 4575 */ 4576 public function is_ios() { 4577 return wp_is_mobile() && preg_match( '/iPad|iPod|iPhone/', $_SERVER['HTTP_USER_AGENT'] ); 4578 } 4579 4580 /** 4581 * Gets the template string for the Customizer pane document title. 4582 * 4583 * @since 4.4.0 4584 * 4585 * @return string The template string for the document title. 4586 */ 4587 public function get_document_title_template() { 4588 if ( $this->is_theme_active() ) { 4589 /* translators: %s: Document title from the preview. */ 4590 $document_title_tmpl = __( 'Customize: %s' ); 4591 } else { 4592 /* translators: %s: Document title from the preview. */ 4593 $document_title_tmpl = __( 'Live Preview: %s' ); 4594 } 4595 $document_title_tmpl = html_entity_decode( $document_title_tmpl, ENT_QUOTES, 'UTF-8' ); // Because exported to JS and assigned to document.title. 4596 return $document_title_tmpl; 4597 } 4598 4599 /** 4600 * Sets the initial URL to be previewed. 4601 * 4602 * URL is validated. 4603 * 4604 * @since 4.4.0 4605 * 4606 * @param string $preview_url URL to be previewed. 4607 */ 4608 public function set_preview_url( $preview_url ) { 4609 $preview_url = sanitize_url( $preview_url ); 4610 $this->preview_url = wp_validate_redirect( $preview_url, home_url( '/' ) ); 4611 } 4612 4613 /** 4614 * Gets the initial URL to be previewed. 4615 * 4616 * @since 4.4.0 4617 * 4618 * @return string URL being previewed. 4619 */ 4620 public function get_preview_url() { 4621 if ( empty( $this->preview_url ) ) { 4622 $preview_url = home_url( '/' ); 4623 } else { 4624 $preview_url = $this->preview_url; 4625 } 4626 return $preview_url; 4627 } 4628 4629 /** 4630 * Determines whether the admin and the frontend are on different domains. 4631 * 4632 * @since 4.7.0 4633 * 4634 * @return bool Whether cross-domain. 4635 */ 4636 public function is_cross_domain() { 4637 $admin_origin = wp_parse_url( admin_url() ); 4638 $home_origin = wp_parse_url( home_url() ); 4639 $cross_domain = ( strtolower( $admin_origin['host'] ) !== strtolower( $home_origin['host'] ) ); 4640 return $cross_domain; 4641 } 4642 4643 /** 4644 * Gets URLs allowed to be previewed. 4645 * 4646 * If the front end and the admin are served from the same domain, load the 4647 * preview over ssl if the Customizer is being loaded over ssl. This avoids 4648 * insecure content warnings. This is not attempted if the admin and front end 4649 * are on different domains to avoid the case where the front end doesn't have 4650 * ssl certs. Domain mapping plugins can allow other urls in these conditions 4651 * using the customize_allowed_urls filter. 4652 * 4653 * @since 4.7.0 4654 * 4655 * @return array Allowed URLs. 4656 */ 4657 public function get_allowed_urls() { 4658 $allowed_urls = array( home_url( '/' ) ); 4659 4660 if ( is_ssl() && ! $this->is_cross_domain() ) { 4661 $allowed_urls[] = home_url( '/', 'https' ); 4662 } 4663 4664 /** 4665 * Filters the list of URLs allowed to be clicked and followed in the Customizer preview. 4666 * 4667 * @since 3.4.0 4668 * 4669 * @param string[] $allowed_urls An array of allowed URLs. 4670 */ 4671 $allowed_urls = array_unique( apply_filters( 'customize_allowed_urls', $allowed_urls ) ); 4672 4673 return $allowed_urls; 4674 } 4675 4676 /** 4677 * Gets messenger channel. 4678 * 4679 * @since 4.7.0 4680 * 4681 * @return string Messenger channel. 4682 */ 4683 public function get_messenger_channel() { 4684 return $this->messenger_channel; 4685 } 4686 4687 /** 4688 * Sets URL to link the user to when closing the Customizer. 4689 * 4690 * URL is validated. 4691 * 4692 * @since 4.4.0 4693 * 4694 * @param string $return_url URL for return link. 4695 */ 4696 public function set_return_url( $return_url ) { 4697 $return_url = sanitize_url( $return_url ); 4698 $return_url = remove_query_arg( wp_removable_query_args(), $return_url ); 4699 $return_url = wp_validate_redirect( $return_url ); 4700 $this->return_url = $return_url; 4701 } 4702 4703 /** 4704 * Gets URL to link the user to when closing the Customizer. 4705 * 4706 * @since 4.4.0 4707 * 4708 * @global array $_registered_pages 4709 * 4710 * @return string URL for link to close Customizer. 4711 */ 4712 public function get_return_url() { 4713 global $_registered_pages; 4714 4715 $referer = wp_get_referer(); 4716 $excluded_referer_basenames = array( 'customize.php', 'wp-login.php' ); 4717 4718 if ( $this->return_url ) { 4719 $return_url = $this->return_url; 4720 4721 $return_url_basename = wp_basename( parse_url( $this->return_url, PHP_URL_PATH ) ); 4722 $return_url_query = parse_url( $this->return_url, PHP_URL_QUERY ); 4723 4724 if ( 'themes.php' === $return_url_basename && $return_url_query ) { 4725 parse_str( $return_url_query, $query_vars ); 4726 4727 /* 4728 * If the return URL is a page added by a theme to the Appearance menu via add_submenu_page(), 4729 * verify that it belongs to the active theme, otherwise fall back to the Themes screen. 4730 */ 4731 if ( isset( $query_vars['page'] ) && ! isset( $_registered_pages[ "appearance_page_{$query_vars['page']}" ] ) ) { 4732 $return_url = admin_url( 'themes.php' ); 4733 } 4734 } 4735 } elseif ( $referer && ! in_array( wp_basename( parse_url( $referer, PHP_URL_PATH ) ), $excluded_referer_basenames, true ) ) { 4736 $return_url = $referer; 4737 } elseif ( $this->preview_url ) { 4738 $return_url = $this->preview_url; 4739 } else { 4740 $return_url = home_url( '/' ); 4741 } 4742 4743 return $return_url; 4744 } 4745 4746 /** 4747 * Sets the autofocused constructs. 4748 * 4749 * @since 4.4.0 4750 * 4751 * @param array $autofocus { 4752 * Mapping of 'panel', 'section', 'control' to the ID which should be autofocused. 4753 * 4754 * @type string $control ID for control to be autofocused. 4755 * @type string $section ID for section to be autofocused. 4756 * @type string $panel ID for panel to be autofocused. 4757 * } 4758 */ 4759 public function set_autofocus( $autofocus ) { 4760 $this->autofocus = array_filter( wp_array_slice_assoc( $autofocus, array( 'panel', 'section', 'control' ) ), 'is_string' ); 4761 } 4762 4763 /** 4764 * Gets the autofocused constructs. 4765 * 4766 * @since 4.4.0 4767 * 4768 * @return string[] { 4769 * Mapping of 'panel', 'section', 'control' to the ID which should be autofocused. 4770 * 4771 * @type string $control ID for control to be autofocused. 4772 * @type string $section ID for section to be autofocused. 4773 * @type string $panel ID for panel to be autofocused. 4774 * } 4775 */ 4776 public function get_autofocus() { 4777 return $this->autofocus; 4778 } 4779 4780 /** 4781 * Gets nonces for the Customizer. 4782 * 4783 * @since 4.5.0 4784 * 4785 * @return array Nonces. 4786 */ 4787 public function get_nonces() { 4788 $nonces = array( 4789 'save' => wp_create_nonce( 'save-customize_' . $this->get_stylesheet() ), 4790 'preview' => wp_create_nonce( 'preview-customize_' . $this->get_stylesheet() ), 4791 'switch_themes' => wp_create_nonce( 'switch_themes' ), 4792 'dismiss_autosave_or_lock' => wp_create_nonce( 'customize_dismiss_autosave_or_lock' ), 4793 'override_lock' => wp_create_nonce( 'customize_override_changeset_lock' ), 4794 'trash' => wp_create_nonce( 'trash_customize_changeset' ), 4795 ); 4796 4797 /** 4798 * Filters nonces for Customizer. 4799 * 4800 * @since 4.2.0 4801 * 4802 * @param string[] $nonces Array of refreshed nonces for save and 4803 * preview actions. 4804 * @param WP_Customize_Manager $manager WP_Customize_Manager instance. 4805 */ 4806 $nonces = apply_filters( 'customize_refresh_nonces', $nonces, $this ); 4807 4808 return $nonces; 4809 } 4810 4811 /** 4812 * Prints JavaScript settings for parent window. 4813 * 4814 * @since 4.4.0 4815 */ 4816 public function customize_pane_settings() { 4817 4818 $login_url = add_query_arg( 4819 array( 4820 'interim-login' => 1, 4821 'customize-login' => 1, 4822 ), 4823 wp_login_url() 4824 ); 4825 4826 // Ensure dirty flags are set for modified settings. 4827 foreach ( array_keys( $this->unsanitized_post_values() ) as $setting_id ) { 4828 $setting = $this->get_setting( $setting_id ); 4829 if ( $setting ) { 4830 $setting->dirty = true; 4831 } 4832 } 4833 4834 $autosave_revision_post = null; 4835 $autosave_autodraft_post = null; 4836 $changeset_post_id = $this->changeset_post_id(); 4837 if ( ! $this->saved_starter_content_changeset && ! $this->autosaved() ) { 4838 if ( $changeset_post_id ) { 4839 if ( is_user_logged_in() ) { 4840 $autosave_revision_post = wp_get_post_autosave( $changeset_post_id, get_current_user_id() ); 4841 } 4842 } else { 4843 $autosave_autodraft_posts = $this->get_changeset_posts( 4844 array( 4845 'posts_per_page' => 1, 4846 'post_status' => 'auto-draft', 4847 'exclude_restore_dismissed' => true, 4848 ) 4849 ); 4850 if ( ! empty( $autosave_autodraft_posts ) ) { 4851 $autosave_autodraft_post = array_shift( $autosave_autodraft_posts ); 4852 } 4853 } 4854 } 4855 4856 $current_user_can_publish = current_user_can( get_post_type_object( 'customize_changeset' )->cap->publish_posts ); 4857 4858 // @todo Include all of the status labels here from script-loader.php, and then allow it to be filtered. 4859 $status_choices = array(); 4860 if ( $current_user_can_publish ) { 4861 $status_choices[] = array( 4862 'status' => 'publish', 4863 'label' => __( 'Publish' ), 4864 ); 4865 } 4866 $status_choices[] = array( 4867 'status' => 'draft', 4868 'label' => __( 'Save Draft' ), 4869 ); 4870 if ( $current_user_can_publish ) { 4871 $status_choices[] = array( 4872 'status' => 'future', 4873 'label' => _x( 'Schedule', 'customizer changeset action/button label' ), 4874 ); 4875 } 4876 4877 // Prepare Customizer settings to pass to JavaScript. 4878 $changeset_post = null; 4879 if ( $changeset_post_id ) { 4880 $changeset_post = get_post( $changeset_post_id ); 4881 } 4882 4883 // Determine initial date to be at present or future, not past. 4884 $current_time = current_time( 'mysql', false ); 4885 $initial_date = $current_time; 4886 if ( $changeset_post ) { 4887 $initial_date = get_the_time( 'Y-m-d H:i:s', $changeset_post->ID ); 4888 if ( $initial_date < $current_time ) { 4889 $initial_date = $current_time; 4890 } 4891 } 4892 4893 $lock_user_id = false; 4894 if ( $this->changeset_post_id() ) { 4895 $lock_user_id = wp_check_post_lock( $this->changeset_post_id() ); 4896 } 4897 4898 $settings = array( 4899 'changeset' => array( 4900 'uuid' => $this->changeset_uuid(), 4901 'branching' => $this->branching(), 4902 'autosaved' => $this->autosaved(), 4903 'hasAutosaveRevision' => ! empty( $autosave_revision_post ), 4904 'latestAutoDraftUuid' => $autosave_autodraft_post ? $autosave_autodraft_post->post_name : null, 4905 'status' => $changeset_post ? $changeset_post->post_status : '', 4906 'currentUserCanPublish' => $current_user_can_publish, 4907 'publishDate' => $initial_date, 4908 'statusChoices' => $status_choices, 4909 'lockUser' => $lock_user_id ? $this->get_lock_user_data( $lock_user_id ) : null, 4910 ), 4911 'initialServerDate' => $current_time, 4912 'dateFormat' => get_option( 'date_format' ), 4913 'timeFormat' => get_option( 'time_format' ), 4914 'initialServerTimestamp' => floor( microtime( true ) * 1000 ), 4915 'initialClientTimestamp' => -1, // To be set with JS below. 4916 'timeouts' => array( 4917 'windowRefresh' => 250, 4918 'changesetAutoSave' => AUTOSAVE_INTERVAL * 1000, 4919 'keepAliveCheck' => 2500, 4920 'reflowPaneContents' => 100, 4921 'previewFrameSensitivity' => 2000, 4922 ), 4923 'theme' => array( 4924 'stylesheet' => $this->get_stylesheet(), 4925 'active' => $this->is_theme_active(), 4926 '_canInstall' => current_user_can( 'install_themes' ), 4927 ), 4928 'url' => array( 4929 'preview' => sanitize_url( $this->get_preview_url() ), 4930 'return' => sanitize_url( $this->get_return_url() ), 4931 'parent' => sanitize_url( admin_url() ), 4932 'activated' => sanitize_url( home_url( '/' ) ), 4933 'ajax' => sanitize_url( admin_url( 'admin-ajax.php', 'relative' ) ), 4934 'allowed' => array_map( 'sanitize_url', $this->get_allowed_urls() ), 4935 'isCrossDomain' => $this->is_cross_domain(), 4936 'home' => sanitize_url( home_url( '/' ) ), 4937 'login' => sanitize_url( $login_url ), 4938 ), 4939 'browser' => array( 4940 'mobile' => wp_is_mobile(), 4941 'ios' => $this->is_ios(), 4942 ), 4943 'panels' => array(), 4944 'sections' => array(), 4945 'nonce' => $this->get_nonces(), 4946 'autofocus' => $this->get_autofocus(), 4947 'documentTitleTmpl' => $this->get_document_title_template(), 4948 'previewableDevices' => $this->get_previewable_devices(), 4949 'l10n' => array( 4950 'confirmDeleteTheme' => __( 'Are you sure you want to delete this theme?' ), 4951 /* translators: %d: Number of theme search results, which cannot currently consider singular vs. plural forms. */ 4952 'themeSearchResults' => __( '%d themes found' ), 4953 /* translators: %d: Number of themes being displayed, which cannot currently consider singular vs. plural forms. */ 4954 'announceThemeCount' => __( 'Displaying %d themes' ), 4955 /* translators: %s: Theme name. */ 4956 'announceThemeDetails' => __( 'Showing details for theme: %s' ), 4957 ), 4958 ); 4959 4960 // Temporarily disable installation in Customizer. See #42184. 4961 $filesystem_method = get_filesystem_method(); 4962 ob_start(); 4963 $filesystem_credentials_are_stored = request_filesystem_credentials( self_admin_url() ); 4964 ob_end_clean(); 4965 if ( 'direct' !== $filesystem_method && ! $filesystem_credentials_are_stored ) { 4966 $settings['theme']['_filesystemCredentialsNeeded'] = true; 4967 } 4968 4969 // Prepare Customize Section objects to pass to JavaScript. 4970 foreach ( $this->sections() as $id => $section ) { 4971 if ( $section->check_capabilities() ) { 4972 $settings['sections'][ $id ] = $section->json(); 4973 } 4974 } 4975 4976 // Prepare Customize Panel objects to pass to JavaScript. 4977 foreach ( $this->panels() as $panel_id => $panel ) { 4978 if ( $panel->check_capabilities() ) { 4979 $settings['panels'][ $panel_id ] = $panel->json(); 4980 foreach ( $panel->sections as $section_id => $section ) { 4981 if ( $section->check_capabilities() ) { 4982 $settings['sections'][ $section_id ] = $section->json(); 4983 } 4984 } 4985 } 4986 } 4987 4988 ob_start(); 4989 ?> 4990 <script> 4991 var _wpCustomizeSettings = <?php echo wp_json_encode( $settings ); ?>; 4992 _wpCustomizeSettings.initialClientTimestamp = _.now(); 4993 _wpCustomizeSettings.controls = {}; 4994 _wpCustomizeSettings.settings = {}; 4995 <?php 4996 4997 // Serialize settings one by one to improve memory usage. 4998 echo "(function ( s ){\n"; 4999 foreach ( $this->settings() as $setting ) { 5000 if ( $setting->check_capabilities() ) { 5001 printf( 5002 "s[%s] = %s;\n", 5003 wp_json_encode( $setting->id ), 5004 wp_json_encode( $setting->json() ) 5005 ); 5006 } 5007 } 5008 echo "})( _wpCustomizeSettings.settings );\n"; 5009 5010 // Serialize controls one by one to improve memory usage. 5011 echo "(function ( c ){\n"; 5012 foreach ( $this->controls() as $control ) { 5013 if ( $control->check_capabilities() ) { 5014 printf( 5015 "c[%s] = %s;\n", 5016 wp_json_encode( $control->id ), 5017 wp_json_encode( $control->json() ) 5018 ); 5019 } 5020 } 5021 echo "})( _wpCustomizeSettings.controls );\n"; 5022 ?> 5023 </script> 5024 <?php 5025 wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) ); 5026 } 5027 5028 /** 5029 * Returns a list of devices to allow previewing. 5030 * 5031 * @since 4.5.0 5032 * 5033 * @return array List of devices with labels and default setting. 5034 */ 5035 public function get_previewable_devices() { 5036 $devices = array( 5037 'desktop' => array( 5038 'label' => __( 'Enter desktop preview mode' ), 5039 'default' => true, 5040 ), 5041 'tablet' => array( 5042 'label' => __( 'Enter tablet preview mode' ), 5043 ), 5044 'mobile' => array( 5045 'label' => __( 'Enter mobile preview mode' ), 5046 ), 5047 ); 5048 5049 /** 5050 * Filters the available devices to allow previewing in the Customizer. 5051 * 5052 * @since 4.5.0 5053 * 5054 * @see WP_Customize_Manager::get_previewable_devices() 5055 * 5056 * @param array $devices List of devices with labels and default setting. 5057 */ 5058 $devices = apply_filters( 'customize_previewable_devices', $devices ); 5059 5060 return $devices; 5061 } 5062 5063 /** 5064 * Registers some default controls. 5065 * 5066 * @since 3.4.0 5067 */ 5068 public function register_controls() { 5069 5070 /* Themes (controls are loaded via ajax) */ 5071 5072 $this->add_panel( 5073 new WP_Customize_Themes_Panel( 5074 $this, 5075 'themes', 5076 array( 5077 'title' => $this->theme()->display( 'Name' ), 5078 'description' => ( 5079 '<p>' . __( 'Looking for a theme? You can search or browse the WordPress.org theme directory, install and preview themes, then activate them right here.' ) . '</p>' . 5080 '<p>' . __( 'While previewing a new theme, you can continue to tailor things like widgets and menus, and explore theme-specific options.' ) . '</p>' 5081 ), 5082 'capability' => 'switch_themes', 5083 'priority' => 0, 5084 ) 5085 ) 5086 ); 5087 5088 $this->add_section( 5089 new WP_Customize_Themes_Section( 5090 $this, 5091 'installed_themes', 5092 array( 5093 'title' => __( 'Installed themes' ), 5094 'action' => 'installed', 5095 'capability' => 'switch_themes', 5096 'panel' => 'themes', 5097 'priority' => 0, 5098 ) 5099 ) 5100 ); 5101 5102 if ( ! is_multisite() ) { 5103 $this->add_section( 5104 new WP_Customize_Themes_Section( 5105 $this, 5106 'wporg_themes', 5107 array( 5108 'title' => __( 'WordPress.org themes' ), 5109 'action' => 'wporg', 5110 'filter_type' => 'remote', 5111 'capability' => 'install_themes', 5112 'panel' => 'themes', 5113 'priority' => 5, 5114 ) 5115 ) 5116 ); 5117 } 5118 5119 // Themes Setting (unused - the theme is considerably more fundamental to the Customizer experience). 5120 $this->add_setting( 5121 new WP_Customize_Filter_Setting( 5122 $this, 5123 'active_theme', 5124 array( 5125 'capability' => 'switch_themes', 5126 ) 5127 ) 5128 ); 5129 5130 /* Site Identity */ 5131 5132 $this->add_section( 5133 'title_tagline', 5134 array( 5135 'title' => __( 'Site Identity' ), 5136 'priority' => 20, 5137 ) 5138 ); 5139 5140 $this->add_setting( 5141 'blogname', 5142 array( 5143 'default' => get_option( 'blogname' ), 5144 'type' => 'option', 5145 'capability' => 'manage_options', 5146 ) 5147 ); 5148 5149 $this->add_control( 5150 'blogname', 5151 array( 5152 'label' => __( 'Site Title' ), 5153 'section' => 'title_tagline', 5154 ) 5155 ); 5156 5157 $this->add_setting( 5158 'blogdescription', 5159 array( 5160 'default' => get_option( 'blogdescription' ), 5161 'type' => 'option', 5162 'capability' => 'manage_options', 5163 ) 5164 ); 5165 5166 $this->add_control( 5167 'blogdescription', 5168 array( 5169 'label' => __( 'Tagline' ), 5170 'section' => 'title_tagline', 5171 ) 5172 ); 5173 5174 // Add a setting to hide header text if the theme doesn't support custom headers. 5175 if ( ! current_theme_supports( 'custom-header', 'header-text' ) ) { 5176 $this->add_setting( 5177 'header_text', 5178 array( 5179 'theme_supports' => array( 'custom-logo', 'header-text' ), 5180 'default' => 1, 5181 'sanitize_callback' => 'absint', 5182 ) 5183 ); 5184 5185 $this->add_control( 5186 'header_text', 5187 array( 5188 'label' => __( 'Display Site Title and Tagline' ), 5189 'section' => 'title_tagline', 5190 'settings' => 'header_text', 5191 'type' => 'checkbox', 5192 ) 5193 ); 5194 } 5195 5196 $this->add_setting( 5197 'site_icon', 5198 array( 5199 'type' => 'option', 5200 'capability' => 'manage_options', 5201 'transport' => 'postMessage', // Previewed with JS in the Customizer controls window. 5202 ) 5203 ); 5204 5205 $this->add_control( 5206 new WP_Customize_Site_Icon_Control( 5207 $this, 5208 'site_icon', 5209 array( 5210 'label' => __( 'Site Icon' ), 5211 'description' => sprintf( 5212 /* translators: 1: pixel value for icon size. 2: pixel value for icon size. */ 5213 '<p>' . __( 'The Site Icon is what you see in browser tabs, bookmark bars, and within the WordPress mobile apps. It should be square and at least <code>%1$s by %2$s</code> pixels.' ) . '</p>', 5214 512, 5215 512 5216 ), 5217 'section' => 'title_tagline', 5218 'priority' => 60, 5219 'height' => 512, 5220 'width' => 512, 5221 ) 5222 ) 5223 ); 5224 5225 $this->add_setting( 5226 'custom_logo', 5227 array( 5228 'theme_supports' => array( 'custom-logo' ), 5229 'transport' => 'postMessage', 5230 ) 5231 ); 5232 5233 $custom_logo_args = get_theme_support( 'custom-logo' ); 5234 $this->add_control( 5235 new WP_Customize_Cropped_Image_Control( 5236 $this, 5237 'custom_logo', 5238 array( 5239 'label' => __( 'Logo' ), 5240 'section' => 'title_tagline', 5241 'priority' => 8, 5242 'height' => isset( $custom_logo_args[0]['height'] ) ? $custom_logo_args[0]['height'] : null, 5243 'width' => isset( $custom_logo_args[0]['width'] ) ? $custom_logo_args[0]['width'] : null, 5244 'flex_height' => isset( $custom_logo_args[0]['flex-height'] ) ? $custom_logo_args[0]['flex-height'] : null, 5245 'flex_width' => isset( $custom_logo_args[0]['flex-width'] ) ? $custom_logo_args[0]['flex-width'] : null, 5246 'button_labels' => array( 5247 'select' => __( 'Select logo' ), 5248 'change' => __( 'Change logo' ), 5249 'remove' => __( 'Remove' ), 5250 'default' => __( 'Default' ), 5251 'placeholder' => __( 'No logo selected' ), 5252 'frame_title' => __( 'Select logo' ), 5253 'frame_button' => __( 'Choose logo' ), 5254 ), 5255 ) 5256 ) 5257 ); 5258 5259 $this->selective_refresh->add_partial( 5260 'custom_logo', 5261 array( 5262 'settings' => array( 'custom_logo' ), 5263 'selector' => '.custom-logo-link', 5264 'render_callback' => array( $this, '_render_custom_logo_partial' ), 5265 'container_inclusive' => true, 5266 ) 5267 ); 5268 5269 /* Colors */ 5270 5271 $this->add_section( 5272 'colors', 5273 array( 5274 'title' => __( 'Colors' ), 5275 'priority' => 40, 5276 ) 5277 ); 5278 5279 $this->add_setting( 5280 'header_textcolor', 5281 array( 5282 'theme_supports' => array( 'custom-header', 'header-text' ), 5283 'default' => get_theme_support( 'custom-header', 'default-text-color' ), 5284 5285 'sanitize_callback' => array( $this, '_sanitize_header_textcolor' ), 5286 'sanitize_js_callback' => 'maybe_hash_hex_color', 5287 ) 5288 ); 5289 5290 // Input type: checkbox, with custom value. 5291 $this->add_control( 5292 'display_header_text', 5293 array( 5294 'settings' => 'header_textcolor', 5295 'label' => __( 'Display Site Title and Tagline' ), 5296 'section' => 'title_tagline', 5297 'type' => 'checkbox', 5298 'priority' => 40, 5299 ) 5300 ); 5301 5302 $this->add_control( 5303 new WP_Customize_Color_Control( 5304 $this, 5305 'header_textcolor', 5306 array( 5307 'label' => __( 'Header Text Color' ), 5308 'section' => 'colors', 5309 ) 5310 ) 5311 ); 5312 5313 // Input type: color, with sanitize_callback. 5314 $this->add_setting( 5315 'background_color', 5316 array( 5317 'default' => get_theme_support( 'custom-background', 'default-color' ), 5318 'theme_supports' => 'custom-background', 5319 5320 'sanitize_callback' => 'sanitize_hex_color_no_hash', 5321 'sanitize_js_callback' => 'maybe_hash_hex_color', 5322 ) 5323 ); 5324 5325 $this->add_control( 5326 new WP_Customize_Color_Control( 5327 $this, 5328 'background_color', 5329 array( 5330 'label' => __( 'Background Color' ), 5331 'section' => 'colors', 5332 ) 5333 ) 5334 ); 5335 5336 /* Custom Header */ 5337 5338 if ( current_theme_supports( 'custom-header', 'video' ) ) { 5339 $title = __( 'Header Media' ); 5340 $description = '<p>' . __( 'If you add a video, the image will be used as a fallback while the video loads.' ) . '</p>'; 5341 5342 $width = absint( get_theme_support( 'custom-header', 'width' ) ); 5343 $height = absint( get_theme_support( 'custom-header', 'height' ) ); 5344 if ( $width && $height ) { 5345 $control_description = sprintf( 5346 /* translators: 1: .mp4, 2: Header size in pixels. */ 5347 __( 'Upload your video in %1$s format and minimize its file size for best results. Your theme recommends dimensions of %2$s pixels.' ), 5348 '<code>.mp4</code>', 5349 sprintf( '<strong>%s × %s</strong>', $width, $height ) 5350 ); 5351 } elseif ( $width ) { 5352 $control_description = sprintf( 5353 /* translators: 1: .mp4, 2: Header width in pixels. */ 5354 __( 'Upload your video in %1$s format and minimize its file size for best results. Your theme recommends a width of %2$s pixels.' ), 5355 '<code>.mp4</code>', 5356 sprintf( '<strong>%s</strong>', $width ) 5357 ); 5358 } else { 5359 $control_description = sprintf( 5360 /* translators: 1: .mp4, 2: Header height in pixels. */ 5361 __( 'Upload your video in %1$s format and minimize its file size for best results. Your theme recommends a height of %2$s pixels.' ), 5362 '<code>.mp4</code>', 5363 sprintf( '<strong>%s</strong>', $height ) 5364 ); 5365 } 5366 } else { 5367 $title = __( 'Header Image' ); 5368 $description = ''; 5369 $control_description = ''; 5370 } 5371 5372 $this->add_section( 5373 'header_image', 5374 array( 5375 'title' => $title, 5376 'description' => $description, 5377 'theme_supports' => 'custom-header', 5378 'priority' => 60, 5379 ) 5380 ); 5381 5382 $this->add_setting( 5383 'header_video', 5384 array( 5385 'theme_supports' => array( 'custom-header', 'video' ), 5386 'transport' => 'postMessage', 5387 'sanitize_callback' => 'absint', 5388 'validate_callback' => array( $this, '_validate_header_video' ), 5389 ) 5390 ); 5391 5392 $this->add_setting( 5393 'external_header_video', 5394 array( 5395 'theme_supports' => array( 'custom-header', 'video' ), 5396 'transport' => 'postMessage', 5397 'sanitize_callback' => array( $this, '_sanitize_external_header_video' ), 5398 'validate_callback' => array( $this, '_validate_external_header_video' ), 5399 ) 5400 ); 5401 5402 $this->add_setting( 5403 new WP_Customize_Filter_Setting( 5404 $this, 5405 'header_image', 5406 array( 5407 'default' => sprintf( get_theme_support( 'custom-header', 'default-image' ), get_template_directory_uri(), get_stylesheet_directory_uri() ), 5408 'theme_supports' => 'custom-header', 5409 ) 5410 ) 5411 ); 5412 5413 $this->add_setting( 5414 new WP_Customize_Header_Image_Setting( 5415 $this, 5416 'header_image_data', 5417 array( 5418 'theme_supports' => 'custom-header', 5419 ) 5420 ) 5421 ); 5422 5423 /* 5424 * Switch image settings to postMessage when video support is enabled since 5425 * it entails that the_custom_header_markup() will be used, and thus selective 5426 * refresh can be utilized. 5427 */ 5428 if ( current_theme_supports( 'custom-header', 'video' ) ) { 5429 $this->get_setting( 'header_image' )->transport = 'postMessage'; 5430 $this->get_setting( 'header_image_data' )->transport = 'postMessage'; 5431 } 5432 5433 $this->add_control( 5434 new WP_Customize_Media_Control( 5435 $this, 5436 'header_video', 5437 array( 5438 'theme_supports' => array( 'custom-header', 'video' ), 5439 'label' => __( 'Header Video' ), 5440 'description' => $control_description, 5441 'section' => 'header_image', 5442 'mime_type' => 'video', 5443 'active_callback' => 'is_header_video_active', 5444 ) 5445 ) 5446 ); 5447 5448 $this->add_control( 5449 'external_header_video', 5450 array( 5451 'theme_supports' => array( 'custom-header', 'video' ), 5452 'type' => 'url', 5453 'description' => __( 'Or, enter a YouTube URL:' ), 5454 'section' => 'header_image', 5455 'active_callback' => 'is_header_video_active', 5456 ) 5457 ); 5458 5459 $this->add_control( new WP_Customize_Header_Image_Control( $this ) ); 5460 5461 $this->selective_refresh->add_partial( 5462 'custom_header', 5463 array( 5464 'selector' => '#wp-custom-header', 5465 'render_callback' => 'the_custom_header_markup', 5466 'settings' => array( 'header_video', 'external_header_video', 'header_image' ), // The image is used as a video fallback here. 5467 'container_inclusive' => true, 5468 ) 5469 ); 5470 5471 /* Custom Background */ 5472 5473 $this->add_section( 5474 'background_image', 5475 array( 5476 'title' => __( 'Background Image' ), 5477 'theme_supports' => 'custom-background', 5478 'priority' => 80, 5479 ) 5480 ); 5481 5482 $this->add_setting( 5483 'background_image', 5484 array( 5485 'default' => get_theme_support( 'custom-background', 'default-image' ), 5486 'theme_supports' => 'custom-background', 5487 'sanitize_callback' => array( $this, '_sanitize_background_setting' ), 5488 ) 5489 ); 5490 5491 $this->add_setting( 5492 new WP_Customize_Background_Image_Setting( 5493 $this, 5494 'background_image_thumb', 5495 array( 5496 'theme_supports' => 'custom-background', 5497 'sanitize_callback' => array( $this, '_sanitize_background_setting' ), 5498 ) 5499 ) 5500 ); 5501 5502 $this->add_control( new WP_Customize_Background_Image_Control( $this ) ); 5503 5504 $this->add_setting( 5505 'background_preset', 5506 array( 5507 'default' => get_theme_support( 'custom-background', 'default-preset' ), 5508 'theme_supports' => 'custom-background', 5509 'sanitize_callback' => array( $this, '_sanitize_background_setting' ), 5510 ) 5511 ); 5512 5513 $this->add_control( 5514 'background_preset', 5515 array( 5516 'label' => _x( 'Preset', 'Background Preset' ), 5517 'section' => 'background_image', 5518 'type' => 'select', 5519 'choices' => array( 5520 'default' => _x( 'Default', 'Default Preset' ), 5521 'fill' => __( 'Fill Screen' ), 5522 'fit' => __( 'Fit to Screen' ), 5523 'repeat' => _x( 'Repeat', 'Repeat Image' ), 5524 'custom' => _x( 'Custom', 'Custom Preset' ), 5525 ), 5526 ) 5527 ); 5528 5529 $this->add_setting( 5530 'background_position_x', 5531 array( 5532 'default' => get_theme_support( 'custom-background', 'default-position-x' ), 5533 'theme_supports' => 'custom-background', 5534 'sanitize_callback' => array( $this, '_sanitize_background_setting' ), 5535 ) 5536 ); 5537 5538 $this->add_setting( 5539 'background_position_y', 5540 array( 5541 'default' => get_theme_support( 'custom-background', 'default-position-y' ), 5542 'theme_supports' => 'custom-background', 5543 'sanitize_callback' => array( $this, '_sanitize_background_setting' ), 5544 ) 5545 ); 5546 5547 $this->add_control( 5548 new WP_Customize_Background_Position_Control( 5549 $this, 5550 'background_position', 5551 array( 5552 'label' => __( 'Image Position' ), 5553 'section' => 'background_image', 5554 'settings' => array( 5555 'x' => 'background_position_x', 5556 'y' => 'background_position_y', 5557 ), 5558 ) 5559 ) 5560 ); 5561 5562 $this->add_setting( 5563 'background_size', 5564 array( 5565 'default' => get_theme_support( 'custom-background', 'default-size' ), 5566 'theme_supports' => 'custom-background', 5567 'sanitize_callback' => array( $this, '_sanitize_background_setting' ), 5568 ) 5569 ); 5570 5571 $this->add_control( 5572 'background_size', 5573 array( 5574 'label' => __( 'Image Size' ), 5575 'section' => 'background_image', 5576 'type' => 'select', 5577 'choices' => array( 5578 'auto' => _x( 'Original', 'Original Size' ), 5579 'contain' => __( 'Fit to Screen' ), 5580 'cover' => __( 'Fill Screen' ), 5581 ), 5582 ) 5583 ); 5584 5585 $this->add_setting( 5586 'background_repeat', 5587 array( 5588 'default' => get_theme_support( 'custom-background', 'default-repeat' ), 5589 'sanitize_callback' => array( $this, '_sanitize_background_setting' ), 5590 'theme_supports' => 'custom-background', 5591 ) 5592 ); 5593 5594 $this->add_control( 5595 'background_repeat', 5596 array( 5597 'label' => __( 'Repeat Background Image' ), 5598 'section' => 'background_image', 5599 'type' => 'checkbox', 5600 ) 5601 ); 5602 5603 $this->add_setting( 5604 'background_attachment', 5605 array( 5606 'default' => get_theme_support( 'custom-background', 'default-attachment' ), 5607 'sanitize_callback' => array( $this, '_sanitize_background_setting' ), 5608 'theme_supports' => 'custom-background', 5609 ) 5610 ); 5611 5612 $this->add_control( 5613 'background_attachment', 5614 array( 5615 'label' => __( 'Scroll with Page' ), 5616 'section' => 'background_image', 5617 'type' => 'checkbox', 5618 ) 5619 ); 5620 5621 /* 5622 * If the theme is using the default background callback, we can update 5623 * the background CSS using postMessage. 5624 */ 5625 if ( get_theme_support( 'custom-background', 'wp-head-callback' ) === '_custom_background_cb' ) { 5626 foreach ( array( 'color', 'image', 'preset', 'position_x', 'position_y', 'size', 'repeat', 'attachment' ) as $prop ) { 5627 $this->get_setting( 'background_' . $prop )->transport = 'postMessage'; 5628 } 5629 } 5630 5631 /* 5632 * Static Front Page 5633 * See also https://core.trac.wordpress.org/ticket/19627 which introduces the static-front-page theme_support. 5634 * The following replicates behavior from options-reading.php. 5635 */ 5636 5637 $this->add_section( 5638 'static_front_page', 5639 array( 5640 'title' => __( 'Homepage Settings' ), 5641 'priority' => 120, 5642 'description' => __( 'You can choose what’s displayed on the homepage of your site. It can be posts in reverse chronological order (classic blog), or a fixed/static page. To set a static homepage, you first need to create two Pages. One will become the homepage, and the other will be where your posts are displayed.' ), 5643 'active_callback' => array( $this, 'has_published_pages' ), 5644 ) 5645 ); 5646 5647 $this->add_setting( 5648 'show_on_front', 5649 array( 5650 'default' => get_option( 'show_on_front' ), 5651 'capability' => 'manage_options', 5652 'type' => 'option', 5653 ) 5654 ); 5655 5656 $this->add_control( 5657 'show_on_front', 5658 array( 5659 'label' => __( 'Your homepage displays' ), 5660 'section' => 'static_front_page', 5661 'type' => 'radio', 5662 'choices' => array( 5663 'posts' => __( 'Your latest posts' ), 5664 'page' => __( 'A static page' ), 5665 ), 5666 ) 5667 ); 5668 5669 $this->add_setting( 5670 'page_on_front', 5671 array( 5672 'type' => 'option', 5673 'capability' => 'manage_options', 5674 ) 5675 ); 5676 5677 $this->add_control( 5678 'page_on_front', 5679 array( 5680 'label' => __( 'Homepage' ), 5681 'section' => 'static_front_page', 5682 'type' => 'dropdown-pages', 5683 'allow_addition' => true, 5684 ) 5685 ); 5686 5687 $this->add_setting( 5688 'page_for_posts', 5689 array( 5690 'type' => 'option', 5691 'capability' => 'manage_options', 5692 ) 5693 ); 5694 5695 $this->add_control( 5696 'page_for_posts', 5697 array( 5698 'label' => __( 'Posts page' ), 5699 'section' => 'static_front_page', 5700 'type' => 'dropdown-pages', 5701 'allow_addition' => true, 5702 ) 5703 ); 5704 5705 /* Custom CSS */ 5706 $section_description = '<p>'; 5707 $section_description .= __( 'Add your own CSS code here to customize the appearance and layout of your site.' ); 5708 $section_description .= sprintf( 5709 ' <a href="%1$s" class="external-link" target="_blank">%2$s<span class="screen-reader-text"> %3$s</span></a>', 5710 esc_url( __( 'https://developer.wordpress.org/advanced-administration/wordpress/css/' ) ), 5711 __( 'Learn more about CSS' ), 5712 /* translators: Hidden accessibility text. */ 5713 __( '(opens in a new tab)' ) 5714 ); 5715 $section_description .= '</p>'; 5716 5717 $section_description .= '<p id="editor-keyboard-trap-help-1">' . __( 'When using a keyboard to navigate:' ) . '</p>'; 5718 $section_description .= '<ul>'; 5719 $section_description .= '<li id="editor-keyboard-trap-help-2">' . __( 'In the editing area, the Tab key enters a tab character.' ) . '</li>'; 5720 $section_description .= '<li id="editor-keyboard-trap-help-3">' . __( 'To move away from this area, press the Esc key followed by the Tab key.' ) . '</li>'; 5721 $section_description .= '<li id="editor-keyboard-trap-help-4">' . __( 'Screen reader users: when in forms mode, you may need to press the Esc key twice.' ) . '</li>'; 5722 $section_description .= '</ul>'; 5723 5724 if ( 'false' !== wp_get_current_user()->syntax_highlighting ) { 5725 $section_description .= '<p>'; 5726 $section_description .= sprintf( 5727 /* translators: 1: Link to user profile, 2: Additional link attributes, 3: Accessibility text. */ 5728 __( 'The edit field automatically highlights code syntax. You can disable this in your <a href="%1$s" %2$s>user profile%3$s</a> to work in plain text mode.' ), 5729 esc_url( get_edit_profile_url() ), 5730 'class="external-link" target="_blank"', 5731 sprintf( 5732 '<span class="screen-reader-text"> %s</span>', 5733 /* translators: Hidden accessibility text. */ 5734 __( '(opens in a new tab)' ) 5735 ) 5736 ); 5737 $section_description .= '</p>'; 5738 } 5739 5740 $section_description .= '<p class="section-description-buttons">'; 5741 $section_description .= '<button type="button" class="button-link section-description-close">' . __( 'Close' ) . '</button>'; 5742 $section_description .= '</p>'; 5743 5744 $this->add_section( 5745 'custom_css', 5746 array( 5747 'title' => __( 'Additional CSS' ), 5748 'priority' => 200, 5749 'description_hidden' => true, 5750 'description' => $section_description, 5751 ) 5752 ); 5753 5754 $custom_css_setting = new WP_Customize_Custom_CSS_Setting( 5755 $this, 5756 sprintf( 'custom_css[%s]', get_stylesheet() ), 5757 array( 5758 'capability' => 'edit_css', 5759 'default' => '', 5760 ) 5761 ); 5762 $this->add_setting( $custom_css_setting ); 5763 5764 $this->add_control( 5765 new WP_Customize_Code_Editor_Control( 5766 $this, 5767 'custom_css', 5768 array( 5769 'label' => __( 'CSS code' ), 5770 'section' => 'custom_css', 5771 'settings' => array( 'default' => $custom_css_setting->id ), 5772 'code_type' => 'text/css', 5773 'input_attrs' => array( 5774 'aria-describedby' => 'editor-keyboard-trap-help-1 editor-keyboard-trap-help-2 editor-keyboard-trap-help-3 editor-keyboard-trap-help-4', 5775 ), 5776 ) 5777 ) 5778 ); 5779 } 5780 5781 /** 5782 * Returns whether there are published pages. 5783 * 5784 * Used as active callback for static front page section and controls. 5785 * 5786 * @since 4.7.0 5787 * 5788 * @return bool Whether there are published (or to be published) pages. 5789 */ 5790 public function has_published_pages() { 5791 5792 $setting = $this->get_setting( 'nav_menus_created_posts' ); 5793 if ( $setting ) { 5794 foreach ( $setting->value() as $post_id ) { 5795 if ( 'page' === get_post_type( $post_id ) ) { 5796 return true; 5797 } 5798 } 5799 } 5800 5801 return 0 !== count( 5802 get_pages( 5803 array( 5804 'number' => 1, 5805 'hierarchical' => 0, 5806 ) 5807 ) 5808 ); 5809 } 5810 5811 /** 5812 * Adds settings from the POST data that were not added with code, e.g. dynamically-created settings for Widgets 5813 * 5814 * @since 4.2.0 5815 * 5816 * @see add_dynamic_settings() 5817 */ 5818 public function register_dynamic_settings() { 5819 $setting_ids = array_keys( $this->unsanitized_post_values() ); 5820 $this->add_dynamic_settings( $setting_ids ); 5821 } 5822 5823 /** 5824 * Loads themes into the theme browsing/installation UI. 5825 * 5826 * @since 4.9.0 5827 */ 5828 public function handle_load_themes_request() { 5829 check_ajax_referer( 'switch_themes', 'nonce' ); 5830 5831 if ( ! current_user_can( 'switch_themes' ) ) { 5832 wp_die( -1 ); 5833 } 5834 5835 if ( empty( $_POST['theme_action'] ) ) { 5836 wp_send_json_error( 'missing_theme_action' ); 5837 } 5838 $theme_action = sanitize_key( $_POST['theme_action'] ); 5839 $themes = array(); 5840 $args = array(); 5841 5842 // Define query filters based on user input. 5843 if ( ! array_key_exists( 'search', $_POST ) ) { 5844 $args['search'] = ''; 5845 } else { 5846 $args['search'] = sanitize_text_field( wp_unslash( $_POST['search'] ) ); 5847 } 5848 5849 if ( ! array_key_exists( 'tags', $_POST ) ) { 5850 $args['tag'] = ''; 5851 } else { 5852 $args['tag'] = array_map( 'sanitize_text_field', wp_unslash( (array) $_POST['tags'] ) ); 5853 } 5854 5855 if ( ! array_key_exists( 'page', $_POST ) ) { 5856 $args['page'] = 1; 5857 } else { 5858 $args['page'] = absint( $_POST['page'] ); 5859 } 5860 5861 require_once ABSPATH . 'wp-admin/includes/theme.php'; 5862 5863 if ( 'installed' === $theme_action ) { 5864 5865 // Load all installed themes from wp_prepare_themes_for_js(). 5866 $themes = array( 'themes' => array() ); 5867 foreach ( wp_prepare_themes_for_js() as $theme ) { 5868 $theme['type'] = 'installed'; 5869 $theme['active'] = ( isset( $_POST['customized_theme'] ) && $_POST['customized_theme'] === $theme['id'] ); 5870 $themes['themes'][] = $theme; 5871 } 5872 } elseif ( 'wporg' === $theme_action ) { 5873 5874 // Load WordPress.org themes from the .org API and normalize data to match installed theme objects. 5875 if ( ! current_user_can( 'install_themes' ) ) { 5876 wp_die( -1 ); 5877 } 5878 5879 // Arguments for all queries. 5880 $wporg_args = array( 5881 'per_page' => 100, 5882 'fields' => array( 5883 'reviews_url' => true, // Explicitly request the reviews URL to be linked from the customizer. 5884 ), 5885 ); 5886 5887 $args = array_merge( $wporg_args, $args ); 5888 5889 if ( '' === $args['search'] && '' === $args['tag'] ) { 5890 $args['browse'] = 'new'; // Sort by latest themes by default. 5891 } 5892 5893 // Load themes from the .org API. 5894 $themes = themes_api( 'query_themes', $args ); 5895 if ( is_wp_error( $themes ) ) { 5896 wp_send_json_error(); 5897 } 5898 5899 // This list matches the allowed tags in wp-admin/includes/theme-install.php. 5900 $themes_allowedtags = array_fill_keys( 5901 array( 'a', 'abbr', 'acronym', 'code', 'pre', 'em', 'strong', 'div', 'p', 'ul', 'ol', 'li', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'img' ), 5902 array() 5903 ); 5904 $themes_allowedtags['a'] = array_fill_keys( array( 'href', 'title', 'target' ), true ); 5905 $themes_allowedtags['acronym']['title'] = true; 5906 $themes_allowedtags['abbr']['title'] = true; 5907 $themes_allowedtags['img'] = array_fill_keys( array( 'src', 'class', 'alt' ), true ); 5908 5909 // Prepare a list of installed themes to check against before the loop. 5910 $installed_themes = array(); 5911 $wp_themes = wp_get_themes(); 5912 foreach ( $wp_themes as $theme ) { 5913 $installed_themes[] = $theme->get_stylesheet(); 5914 } 5915 $update_php = network_admin_url( 'update.php?action=install-theme' ); 5916 5917 // Set up properties for themes available on WordPress.org. 5918 foreach ( $themes->themes as &$theme ) { 5919 $theme->install_url = add_query_arg( 5920 array( 5921 'theme' => $theme->slug, 5922 '_wpnonce' => wp_create_nonce( 'install-theme_' . $theme->slug ), 5923 ), 5924 $update_php 5925 ); 5926 5927 $theme->name = wp_kses( $theme->name, $themes_allowedtags ); 5928 $theme->version = wp_kses( $theme->version, $themes_allowedtags ); 5929 $theme->description = wp_kses( $theme->description, $themes_allowedtags ); 5930 $theme->stars = wp_star_rating( 5931 array( 5932 'rating' => $theme->rating, 5933 'type' => 'percent', 5934 'number' => $theme->num_ratings, 5935 'echo' => false, 5936 ) 5937 ); 5938 $theme->num_ratings = number_format_i18n( $theme->num_ratings ); 5939 $theme->preview_url = set_url_scheme( $theme->preview_url ); 5940 5941 // Handle themes that are already installed as installed themes. 5942 if ( in_array( $theme->slug, $installed_themes, true ) ) { 5943 $theme->type = 'installed'; 5944 } else { 5945 $theme->type = $theme_action; 5946 } 5947 5948 // Set active based on customized theme. 5949 $theme->active = ( isset( $_POST['customized_theme'] ) && $_POST['customized_theme'] === $theme->slug ); 5950 5951 // Map available theme properties to installed theme properties. 5952 $theme->id = $theme->slug; 5953 $theme->screenshot = array( $theme->screenshot_url ); 5954 $theme->authorAndUri = wp_kses( $theme->author['display_name'], $themes_allowedtags ); 5955 $theme->compatibleWP = is_wp_version_compatible( $theme->requires ); // phpcs:ignore WordPress.NamingConventions.ValidVariableName 5956 $theme->compatiblePHP = is_php_version_compatible( $theme->requires_php ); // phpcs:ignore WordPress.NamingConventions.ValidVariableName 5957 5958 if ( isset( $theme->parent ) ) { 5959 $theme->parent = $theme->parent['slug']; 5960 } else { 5961 $theme->parent = false; 5962 } 5963 unset( $theme->slug ); 5964 unset( $theme->screenshot_url ); 5965 unset( $theme->author ); 5966 } // End foreach(). 5967 } // End if(). 5968 5969 /** 5970 * Filters the theme data loaded in the customizer. 5971 * 5972 * This allows theme data to be loading from an external source, 5973 * or modification of data loaded from `wp_prepare_themes_for_js()` 5974 * or WordPress.org via `themes_api()`. 5975 * 5976 * @since 4.9.0 5977 * 5978 * @see wp_prepare_themes_for_js() 5979 * @see themes_api() 5980 * @see WP_Customize_Manager::__construct() 5981 * 5982 * @param array|stdClass $themes Nested array or object of theme data. 5983 * @param array $args List of arguments, such as page, search term, and tags to query for. 5984 * @param WP_Customize_Manager $manager Instance of Customize manager. 5985 */ 5986 $themes = apply_filters( 'customize_load_themes', $themes, $args, $this ); 5987 5988 wp_send_json_success( $themes ); 5989 } 5990 5991 5992 /** 5993 * Callback for validating the header_textcolor value. 5994 * 5995 * Accepts 'blank', and otherwise uses sanitize_hex_color_no_hash(). 5996 * Returns default text color if hex color is empty. 5997 * 5998 * @since 3.4.0 5999 * 6000 * @param string $color 6001 * @return mixed 6002 */ 6003 public function _sanitize_header_textcolor( $color ) { 6004 if ( 'blank' === $color ) { 6005 return 'blank'; 6006 } 6007 6008 $color = sanitize_hex_color_no_hash( $color ); 6009 if ( empty( $color ) ) { 6010 $color = get_theme_support( 'custom-header', 'default-text-color' ); 6011 } 6012 6013 return $color; 6014 } 6015 6016 /** 6017 * Callback for validating a background setting value. 6018 * 6019 * @since 4.7.0 6020 * 6021 * @param string $value Repeat value. 6022 * @param WP_Customize_Setting $setting Setting. 6023 * @return string|WP_Error Background value or validation error. 6024 */ 6025 public function _sanitize_background_setting( $value, $setting ) { 6026 if ( 'background_repeat' === $setting->id ) { 6027 if ( ! in_array( $value, array( 'repeat-x', 'repeat-y', 'repeat', 'no-repeat' ), true ) ) { 6028 return new WP_Error( 'invalid_value', __( 'Invalid value for background repeat.' ) ); 6029 } 6030 } elseif ( 'background_attachment' === $setting->id ) { 6031 if ( ! in_array( $value, array( 'fixed', 'scroll' ), true ) ) { 6032 return new WP_Error( 'invalid_value', __( 'Invalid value for background attachment.' ) ); 6033 } 6034 } elseif ( 'background_position_x' === $setting->id ) { 6035 if ( ! in_array( $value, array( 'left', 'center', 'right' ), true ) ) { 6036 return new WP_Error( 'invalid_value', __( 'Invalid value for background position X.' ) ); 6037 } 6038 } elseif ( 'background_position_y' === $setting->id ) { 6039 if ( ! in_array( $value, array( 'top', 'center', 'bottom' ), true ) ) { 6040 return new WP_Error( 'invalid_value', __( 'Invalid value for background position Y.' ) ); 6041 } 6042 } elseif ( 'background_size' === $setting->id ) { 6043 if ( ! in_array( $value, array( 'auto', 'contain', 'cover' ), true ) ) { 6044 return new WP_Error( 'invalid_value', __( 'Invalid value for background size.' ) ); 6045 } 6046 } elseif ( 'background_preset' === $setting->id ) { 6047 if ( ! in_array( $value, array( 'default', 'fill', 'fit', 'repeat', 'custom' ), true ) ) { 6048 return new WP_Error( 'invalid_value', __( 'Invalid value for background size.' ) ); 6049 } 6050 } elseif ( 'background_image' === $setting->id || 'background_image_thumb' === $setting->id ) { 6051 $value = empty( $value ) ? '' : sanitize_url( $value ); 6052 } else { 6053 return new WP_Error( 'unrecognized_setting', __( 'Unrecognized background setting.' ) ); 6054 } 6055 return $value; 6056 } 6057 6058 /** 6059 * Exports header video settings to facilitate selective refresh. 6060 * 6061 * @since 4.7.0 6062 * 6063 * @param array $response Response. 6064 * @param WP_Customize_Selective_Refresh $selective_refresh Selective refresh component. 6065 * @param array $partials Array of partials. 6066 * @return array 6067 */ 6068 public function export_header_video_settings( $response, $selective_refresh, $partials ) { 6069 if ( isset( $partials['custom_header'] ) ) { 6070 $response['custom_header_settings'] = get_header_video_settings(); 6071 } 6072 6073 return $response; 6074 } 6075 6076 /** 6077 * Callback for validating the header_video value. 6078 * 6079 * Ensures that the selected video is less than 8MB and provides an error message. 6080 * 6081 * @since 4.7.0 6082 * 6083 * @param WP_Error $validity 6084 * @param mixed $value 6085 * @return mixed 6086 */ 6087 public function _validate_header_video( $validity, $value ) { 6088 $video = get_attached_file( absint( $value ) ); 6089 if ( $video ) { 6090 $size = filesize( $video ); 6091 if ( $size > 8 * MB_IN_BYTES ) { 6092 $validity->add( 6093 'size_too_large', 6094 __( 'This video file is too large to use as a header video. Try a shorter video or optimize the compression settings and re-upload a file that is less than 8MB. Or, upload your video to YouTube and link it with the option below.' ) 6095 ); 6096 } 6097 if ( ! str_ends_with( $video, '.mp4' ) && ! str_ends_with( $video, '.mov' ) ) { // Check for .mp4 or .mov format, which (assuming h.264 encoding) are the only cross-browser-supported formats. 6098 $validity->add( 6099 'invalid_file_type', 6100 sprintf( 6101 /* translators: 1: .mp4, 2: .mov */ 6102 __( 'Only %1$s or %2$s files may be used for header video. Please convert your video file and try again, or, upload your video to YouTube and link it with the option below.' ), 6103 '<code>.mp4</code>', 6104 '<code>.mov</code>' 6105 ) 6106 ); 6107 } 6108 } 6109 return $validity; 6110 } 6111 6112 /** 6113 * Callback for validating the external_header_video value. 6114 * 6115 * Ensures that the provided URL is supported. 6116 * 6117 * @since 4.7.0 6118 * 6119 * @param WP_Error $validity 6120 * @param mixed $value 6121 * @return mixed 6122 */ 6123 public function _validate_external_header_video( $validity, $value ) { 6124 $video = sanitize_url( $value ); 6125 if ( $video ) { 6126 if ( ! preg_match( '#^https?://(?:www\.)?(?:youtube\.com/watch|youtu\.be/)#', $video ) ) { 6127 $validity->add( 'invalid_url', __( 'Please enter a valid YouTube URL.' ) ); 6128 } 6129 } 6130 return $validity; 6131 } 6132 6133 /** 6134 * Callback for sanitizing the external_header_video value. 6135 * 6136 * @since 4.7.1 6137 * 6138 * @param string $value URL. 6139 * @return string Sanitized URL. 6140 */ 6141 public function _sanitize_external_header_video( $value ) { 6142 return sanitize_url( trim( $value ) ); 6143 } 6144 6145 /** 6146 * Callback for rendering the custom logo, used in the custom_logo partial. 6147 * 6148 * This method exists because the partial object and context data are passed 6149 * into a partial's render_callback so we cannot use get_custom_logo() as 6150 * the render_callback directly since it expects a blog ID as the first 6151 * argument. 6152 * 6153 * @see WP_Customize_Manager::register_controls() 6154 * 6155 * @since 4.5.0 6156 * 6157 * @return string Custom logo. 6158 */ 6159 public function _render_custom_logo_partial() { 6160 return get_custom_logo(); 6161 } 6162 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated : Thu Aug 14 08:20:01 2025 | Cross-referenced by PHPXref |