/wp-includes/class-wp-customize-manager.php

  1. <?php 
  2. /** 
  3. * WordPress Customize Manager classes 
  4. * 
  5. * @package WordPress 
  6. * @subpackage Customize 
  7. * @since 3.4.0 
  8. */ 
  9.  
  10. /** 
  11. * Customize Manager class. 
  12. * 
  13. * Bootstraps the Customize experience on the server-side. 
  14. * 
  15. * Sets up the theme-switching process if a theme other than the active one is 
  16. * being previewed and customized. 
  17. * 
  18. * Serves as a factory for Customize Controls and Settings, and 
  19. * instantiates default Customize Controls and Settings. 
  20. * 
  21. * @since 3.4.0 
  22. */ 
  23. final class WP_Customize_Manager { 
  24. /** 
  25. * An instance of the theme being previewed. 
  26. * 
  27. * @since 3.4.0 
  28. * @access protected 
  29. * @var WP_Theme 
  30. */ 
  31. protected $theme; 
  32.  
  33. /** 
  34. * The directory name of the previously active theme (within the theme_root). 
  35. * 
  36. * @since 3.4.0 
  37. * @access protected 
  38. * @var string 
  39. */ 
  40. protected $original_stylesheet; 
  41.  
  42. /** 
  43. * Whether this is a Customizer pageload. 
  44. * 
  45. * @since 3.4.0 
  46. * @access protected 
  47. * @var bool 
  48. */ 
  49. protected $previewing = false; 
  50.  
  51. /** 
  52. * Methods and properties dealing with managing widgets in the Customizer. 
  53. * 
  54. * @since 3.9.0 
  55. * @access public 
  56. * @var WP_Customize_Widgets 
  57. */ 
  58. public $widgets; 
  59.  
  60. /** 
  61. * Methods and properties dealing with managing nav menus in the Customizer. 
  62. * 
  63. * @since 4.3.0 
  64. * @access public 
  65. * @var WP_Customize_Nav_Menus 
  66. */ 
  67. public $nav_menus; 
  68.  
  69. /** 
  70. * Methods and properties dealing with selective refresh in the Customizer preview. 
  71. * 
  72. * @since 4.5.0 
  73. * @access public 
  74. * @var WP_Customize_Selective_Refresh 
  75. */ 
  76. public $selective_refresh; 
  77.  
  78. /** 
  79. * Registered instances of WP_Customize_Setting. 
  80. * 
  81. * @since 3.4.0 
  82. * @access protected 
  83. * @var array 
  84. */ 
  85. protected $settings = array(); 
  86.  
  87. /** 
  88. * Sorted top-level instances of WP_Customize_Panel and WP_Customize_Section. 
  89. * 
  90. * @since 4.0.0 
  91. * @access protected 
  92. * @var array 
  93. */ 
  94. protected $containers = array(); 
  95.  
  96. /** 
  97. * Registered instances of WP_Customize_Panel. 
  98. * 
  99. * @since 4.0.0 
  100. * @access protected 
  101. * @var array 
  102. */ 
  103. protected $panels = array(); 
  104.  
  105. /** 
  106. * List of core components. 
  107. * 
  108. * @since 4.5.0 
  109. * @access protected 
  110. * @var array 
  111. */ 
  112. protected $components = array( 'widgets', 'nav_menus' ); 
  113.  
  114. /** 
  115. * Registered instances of WP_Customize_Section. 
  116. * 
  117. * @since 3.4.0 
  118. * @access protected 
  119. * @var array 
  120. */ 
  121. protected $sections = array(); 
  122.  
  123. /** 
  124. * Registered instances of WP_Customize_Control. 
  125. * 
  126. * @since 3.4.0 
  127. * @access protected 
  128. * @var array 
  129. */ 
  130. protected $controls = array(); 
  131.  
  132. /** 
  133. * Panel types that may be rendered from JS templates. 
  134. * 
  135. * @since 4.3.0 
  136. * @access protected 
  137. * @var array 
  138. */ 
  139. protected $registered_panel_types = array(); 
  140.  
  141. /** 
  142. * Section types that may be rendered from JS templates. 
  143. * 
  144. * @since 4.3.0 
  145. * @access protected 
  146. * @var array 
  147. */ 
  148. protected $registered_section_types = array(); 
  149.  
  150. /** 
  151. * Control types that may be rendered from JS templates. 
  152. * 
  153. * @since 4.1.0 
  154. * @access protected 
  155. * @var array 
  156. */ 
  157. protected $registered_control_types = array(); 
  158.  
  159. /** 
  160. * Initial URL being previewed. 
  161. * 
  162. * @since 4.4.0 
  163. * @access protected 
  164. * @var string 
  165. */ 
  166. protected $preview_url; 
  167.  
  168. /** 
  169. * URL to link the user to when closing the Customizer. 
  170. * 
  171. * @since 4.4.0 
  172. * @access protected 
  173. * @var string 
  174. */ 
  175. protected $return_url; 
  176.  
  177. /** 
  178. * Mapping of 'panel', 'section', 'control' to the ID which should be autofocused. 
  179. * 
  180. * @since 4.4.0 
  181. * @access protected 
  182. * @var array 
  183. */ 
  184. protected $autofocus = array(); 
  185.  
  186. /** 
  187. * Messenger channel. 
  188. * 
  189. * @since 4.7.0 
  190. * @access protected 
  191. * @var string 
  192. */ 
  193. protected $messenger_channel; 
  194.  
  195. /** 
  196. * Unsanitized values for Customize Settings parsed from $_POST['customized']. 
  197. * 
  198. * @var array 
  199. */ 
  200. private $_post_values; 
  201.  
  202. /** 
  203. * Changeset UUID. 
  204. * 
  205. * @since 4.7.0 
  206. * @access private 
  207. * @var string 
  208. */ 
  209. private $_changeset_uuid; 
  210.  
  211. /** 
  212. * Changeset post ID. 
  213. * 
  214. * @since 4.7.0 
  215. * @access private 
  216. * @var int|false 
  217. */ 
  218. private $_changeset_post_id; 
  219.  
  220. /** 
  221. * Changeset data loaded from a customize_changeset post. 
  222. * 
  223. * @since 4.7.0 
  224. * @access private 
  225. * @var array 
  226. */ 
  227. private $_changeset_data; 
  228.  
  229. /** 
  230. * Constructor. 
  231. * 
  232. * @since 3.4.0 
  233. * @since 4.7.0 Added $args param. 
  234. * 
  235. * @param array $args { 
  236. * Args. 
  237. * 
  238. * @type string $changeset_uuid Changeset UUID, the post_name for the customize_changeset post containing the customized state. Defaults to new UUID. 
  239. * @type string $theme Theme to be previewed (for theme switch). Defaults to customize_theme or theme query params. 
  240. * @type string $messenger_channel Messenger channel. Defaults to customize_messenger_channel query param. 
  241. * } 
  242. */ 
  243. public function __construct( $args = array() ) { 
  244.  
  245. $args = array_merge( 
  246. array_fill_keys( array( 'changeset_uuid', 'theme', 'messenger_channel' ), null ),  
  247. $args 
  248. ); 
  249.  
  250. // Note that the UUID format will be validated in the setup_theme() method. 
  251. if ( ! isset( $args['changeset_uuid'] ) ) { 
  252. $args['changeset_uuid'] = wp_generate_uuid4(); 
  253.  
  254. // The theme and messenger_channel should be supplied via $args, but they are also looked at in the $_REQUEST global here for back-compat. 
  255. if ( ! isset( $args['theme'] ) ) { 
  256. if ( isset( $_REQUEST['customize_theme'] ) ) { 
  257. $args['theme'] = wp_unslash( $_REQUEST['customize_theme'] ); 
  258. } elseif ( isset( $_REQUEST['theme'] ) ) { // Deprecated. 
  259. $args['theme'] = wp_unslash( $_REQUEST['theme'] ); 
  260. if ( ! isset( $args['messenger_channel'] ) && isset( $_REQUEST['customize_messenger_channel'] ) ) { 
  261. $args['messenger_channel'] = sanitize_key( wp_unslash( $_REQUEST['customize_messenger_channel'] ) ); 
  262.  
  263. $this->original_stylesheet = get_stylesheet(); 
  264. $this->theme = wp_get_theme( $args['theme'] ); 
  265. $this->messenger_channel = $args['messenger_channel']; 
  266. $this->_changeset_uuid = $args['changeset_uuid']; 
  267.  
  268. require_once( ABSPATH . WPINC . '/class-wp-customize-setting.php' ); 
  269. require_once( ABSPATH . WPINC . '/class-wp-customize-panel.php' ); 
  270. require_once( ABSPATH . WPINC . '/class-wp-customize-section.php' ); 
  271. require_once( ABSPATH . WPINC . '/class-wp-customize-control.php' ); 
  272.  
  273. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-color-control.php' ); 
  274. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-media-control.php' ); 
  275. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-upload-control.php' ); 
  276. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-image-control.php' ); 
  277. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-background-image-control.php' ); 
  278. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-background-position-control.php' ); 
  279. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-cropped-image-control.php' ); 
  280. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-site-icon-control.php' ); 
  281. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-header-image-control.php' ); 
  282. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-theme-control.php' ); 
  283. require_once( ABSPATH . WPINC . '/customize/class-wp-widget-area-customize-control.php' ); 
  284. require_once( ABSPATH . WPINC . '/customize/class-wp-widget-form-customize-control.php' ); 
  285. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-control.php' ); 
  286. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-control.php' ); 
  287. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-location-control.php' ); 
  288. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-name-control.php' ); 
  289. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-auto-add-control.php' ); 
  290. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-new-menu-control.php' ); 
  291.  
  292. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menus-panel.php' ); 
  293.  
  294. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-themes-section.php' ); 
  295. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-sidebar-section.php' ); 
  296. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-section.php' ); 
  297. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-new-menu-section.php' ); 
  298.  
  299. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-custom-css-setting.php' ); 
  300. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-filter-setting.php' ); 
  301. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-header-image-setting.php' ); 
  302. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-background-image-setting.php' ); 
  303. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-setting.php' ); 
  304. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-setting.php' ); 
  305.  
  306. /** 
  307. * Filters the core Customizer components to load. 
  308. * 
  309. * This allows Core components to be excluded from being instantiated by 
  310. * filtering them out of the array. Note that this filter generally runs 
  311. * during the {@see 'plugins_loaded'} action, so it cannot be added 
  312. * in a theme. 
  313. * 
  314. * @since 4.4.0 
  315. * 
  316. * @see WP_Customize_Manager::__construct() 
  317. * 
  318. * @param array $components List of core components to load. 
  319. * @param WP_Customize_Manager $this WP_Customize_Manager instance. 
  320. */ 
  321. $components = apply_filters( 'customize_loaded_components', $this->components, $this ); 
  322.  
  323. require_once( ABSPATH . WPINC . '/customize/class-wp-customize-selective-refresh.php' ); 
  324. $this->selective_refresh = new WP_Customize_Selective_Refresh( $this ); 
  325.  
  326. if ( in_array( 'widgets', $components, true ) ) { 
  327. require_once( ABSPATH . WPINC . '/class-wp-customize-widgets.php' ); 
  328. $this->widgets = new WP_Customize_Widgets( $this ); 
  329.  
  330. if ( in_array( 'nav_menus', $components, true ) ) { 
  331. require_once( ABSPATH . WPINC . '/class-wp-customize-nav-menus.php' ); 
  332. $this->nav_menus = new WP_Customize_Nav_Menus( $this ); 
  333.  
  334. add_action( 'setup_theme', array( $this, 'setup_theme' ) ); 
  335. add_action( 'wp_loaded', array( $this, 'wp_loaded' ) ); 
  336.  
  337. // Do not spawn cron (especially the alternate cron) while running the Customizer. 
  338. remove_action( 'init', 'wp_cron' ); 
  339.  
  340. // Do not run update checks when rendering the controls. 
  341. remove_action( 'admin_init', '_maybe_update_core' ); 
  342. remove_action( 'admin_init', '_maybe_update_plugins' ); 
  343. remove_action( 'admin_init', '_maybe_update_themes' ); 
  344.  
  345. add_action( 'wp_ajax_customize_save', array( $this, 'save' ) ); 
  346. add_action( 'wp_ajax_customize_refresh_nonces', array( $this, 'refresh_nonces' ) ); 
  347.  
  348. add_action( 'customize_register', array( $this, 'register_controls' ) ); 
  349. add_action( 'customize_register', array( $this, 'register_dynamic_settings' ), 11 ); // allow code to create settings first 
  350. add_action( 'customize_controls_init', array( $this, 'prepare_controls' ) ); 
  351. add_action( 'customize_controls_enqueue_scripts', array( $this, 'enqueue_control_scripts' ) ); 
  352.  
  353. // Render Panel, Section, and Control templates. 
  354. add_action( 'customize_controls_print_footer_scripts', array( $this, 'render_panel_templates' ), 1 ); 
  355. add_action( 'customize_controls_print_footer_scripts', array( $this, 'render_section_templates' ), 1 ); 
  356. add_action( 'customize_controls_print_footer_scripts', array( $this, 'render_control_templates' ), 1 ); 
  357.  
  358. // Export header video settings with the partial response. 
  359. add_filter( 'customize_render_partials_response', array( $this, 'export_header_video_settings' ), 10, 3 ); 
  360.  
  361. // Export the settings to JS via the _wpCustomizeSettings variable. 
  362. add_action( 'customize_controls_print_footer_scripts', array( $this, 'customize_pane_settings' ), 1000 ); 
  363.  
  364. /** 
  365. * Return true if it's an Ajax request. 
  366. * 
  367. * @since 3.4.0 
  368. * @since 4.2.0 Added `$action` param. 
  369. * @access public 
  370. * 
  371. * @param string|null $action Whether the supplied Ajax action is being run. 
  372. * @return bool True if it's an Ajax request, false otherwise. 
  373. */ 
  374. public function doing_ajax( $action = null ) { 
  375. if ( ! wp_doing_ajax() ) { 
  376. return false; 
  377.  
  378. if ( ! $action ) { 
  379. return true; 
  380. } else { 
  381. /** 
  382. * Note: we can't just use doing_action( "wp_ajax_{$action}" ) because we need 
  383. * to check before admin-ajax.php gets to that point. 
  384. */ 
  385. return isset( $_REQUEST['action'] ) && wp_unslash( $_REQUEST['action'] ) === $action; 
  386.  
  387. /** 
  388. * Custom wp_die wrapper. Returns either the standard message for UI 
  389. * or the Ajax message. 
  390. * 
  391. * @since 3.4.0 
  392. * 
  393. * @param mixed $ajax_message Ajax return 
  394. * @param mixed $message UI message 
  395. */ 
  396. protected function wp_die( $ajax_message, $message = null ) { 
  397. if ( $this->doing_ajax() ) { 
  398. wp_die( $ajax_message ); 
  399.  
  400. if ( ! $message ) { 
  401. $message = __( 'Cheatin’ uh?' ); 
  402.  
  403. if ( $this->messenger_channel ) { 
  404. ob_start(); 
  405. wp_enqueue_scripts(); 
  406. wp_print_scripts( array( 'customize-base' ) ); 
  407.  
  408. $settings = array( 
  409. 'messengerArgs' => array( 
  410. 'channel' => $this->messenger_channel,  
  411. 'url' => wp_customize_url(),  
  412. ),  
  413. 'error' => $ajax_message,  
  414. ); 
  415. ?> 
  416. <script> 
  417. ( function( api, settings ) { 
  418. var preview = new api.Messenger( settings.messengerArgs ); 
  419. preview.send( 'iframe-loading-error', settings.error ); 
  420. } )( wp.customize, <?php echo wp_json_encode( $settings ) ?> ); 
  421. </script> 
  422. <?php 
  423. $message .= ob_get_clean(); 
  424.  
  425. wp_die( $message ); 
  426.  
  427. /** 
  428. * Return the Ajax wp_die() handler if it's a customized request. 
  429. * 
  430. * @since 3.4.0 
  431. * @deprecated 4.7.0 
  432. * 
  433. * @return callable Die handler. 
  434. */ 
  435. public function wp_die_handler() { 
  436. _deprecated_function( __METHOD__, '4.7.0' ); 
  437.  
  438. if ( $this->doing_ajax() || isset( $_POST['customized'] ) ) { 
  439. return '_ajax_wp_die_handler'; 
  440.  
  441. return '_default_wp_die_handler'; 
  442.  
  443. /** 
  444. * Start preview and customize theme. 
  445. * 
  446. * Check if customize query variable exist. Init filters to filter the current theme. 
  447. * 
  448. * @since 3.4.0 
  449. */ 
  450. public function setup_theme() { 
  451. global $pagenow; 
  452.  
  453. // Check permissions for customize.php access since this method is called before customize.php can run any code,  
  454. if ( 'customize.php' === $pagenow && ! current_user_can( 'customize' ) ) { 
  455. if ( ! is_user_logged_in() ) { 
  456. auth_redirect(); 
  457. } else { 
  458. wp_die( 
  459. '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 
  460. '<p>' . __( 'Sorry, you are not allowed to customize this site.' ) . '</p>',  
  461. 403 
  462. ); 
  463. return; 
  464.  
  465. if ( ! preg_match( '/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/', $this->_changeset_uuid ) ) { 
  466. $this->wp_die( -1, __( 'Invalid changeset UUID' ) ); 
  467.  
  468. /** 
  469. * If unauthenticated then require a valid changeset UUID to load the preview. 
  470. * In this way, the UUID serves as a secret key. If the messenger channel is present,  
  471. * then send unauthenticated code to prompt re-auth. 
  472. */ 
  473. if ( ! current_user_can( 'customize' ) && ! $this->changeset_post_id() ) { 
  474. $this->wp_die( $this->messenger_channel ? 0 : -1, __( 'Non-existent changeset UUID.' ) ); 
  475.  
  476. if ( ! headers_sent() ) { 
  477. send_origin_headers(); 
  478.  
  479. // Hide the admin bar if we're embedded in the customizer iframe. 
  480. if ( $this->messenger_channel ) { 
  481. show_admin_bar( false ); 
  482.  
  483. if ( $this->is_theme_active() ) { 
  484. // Once the theme is loaded, we'll validate it. 
  485. add_action( 'after_setup_theme', array( $this, 'after_setup_theme' ) ); 
  486. } else { 
  487. // If the requested theme is not the active theme and the user doesn't have the 
  488. // switch_themes cap, bail. 
  489. if ( ! current_user_can( 'switch_themes' ) ) { 
  490. $this->wp_die( -1, __( 'Sorry, you are not allowed to edit theme options on this site.' ) ); 
  491.  
  492. // If the theme has errors while loading, bail. 
  493. if ( $this->theme()->errors() ) { 
  494. $this->wp_die( -1, $this->theme()->errors()->get_error_message() ); 
  495.  
  496. // If the theme isn't allowed per multisite settings, bail. 
  497. if ( ! $this->theme()->is_allowed() ) { 
  498. $this->wp_die( -1, __( 'The requested theme does not exist.' ) ); 
  499.  
  500. /** 
  501. * Import theme starter content for fresh installs when landing in the customizer. 
  502. * Import starter content at after_setup_theme:100 so that any 
  503. * add_theme_support( 'starter-content' ) calls will have been made. 
  504. */ 
  505. if ( get_option( 'fresh_site' ) && 'customize.php' === $pagenow ) { 
  506. add_action( 'after_setup_theme', array( $this, 'import_theme_starter_content' ), 100 ); 
  507.  
  508. $this->start_previewing_theme(); 
  509.  
  510. /** 
  511. * Callback to validate a theme once it is loaded 
  512. * 
  513. * @since 3.4.0 
  514. */ 
  515. public function after_setup_theme() { 
  516. $doing_ajax_or_is_customized = ( $this->doing_ajax() || isset( $_POST['customized'] ) ); 
  517. if ( ! $doing_ajax_or_is_customized && ! validate_current_theme() ) { 
  518. wp_redirect( 'themes.php?broken=true' ); 
  519. exit; 
  520.  
  521. /** 
  522. * If the theme to be previewed isn't the active theme, add filter callbacks 
  523. * to swap it out at runtime. 
  524. * 
  525. * @since 3.4.0 
  526. */ 
  527. public function start_previewing_theme() { 
  528. // Bail if we're already previewing. 
  529. if ( $this->is_preview() ) { 
  530. return; 
  531.  
  532. $this->previewing = true; 
  533.  
  534. if ( ! $this->is_theme_active() ) { 
  535. add_filter( 'template', array( $this, 'get_template' ) ); 
  536. add_filter( 'stylesheet', array( $this, 'get_stylesheet' ) ); 
  537. add_filter( 'pre_option_current_theme', array( $this, 'current_theme' ) ); 
  538.  
  539. // @link: https://core.trac.wordpress.org/ticket/20027 
  540. add_filter( 'pre_option_stylesheet', array( $this, 'get_stylesheet' ) ); 
  541. add_filter( 'pre_option_template', array( $this, 'get_template' ) ); 
  542.  
  543. // Handle custom theme roots. 
  544. add_filter( 'pre_option_stylesheet_root', array( $this, 'get_stylesheet_root' ) ); 
  545. add_filter( 'pre_option_template_root', array( $this, 'get_template_root' ) ); 
  546.  
  547. /** 
  548. * Fires once the Customizer theme preview has started. 
  549. * 
  550. * @since 3.4.0 
  551. * 
  552. * @param WP_Customize_Manager $this WP_Customize_Manager instance. 
  553. */ 
  554. do_action( 'start_previewing_theme', $this ); 
  555.  
  556. /** 
  557. * Stop previewing the selected theme. 
  558. * 
  559. * Removes filters to change the current theme. 
  560. * 
  561. * @since 3.4.0 
  562. */ 
  563. public function stop_previewing_theme() { 
  564. if ( ! $this->is_preview() ) { 
  565. return; 
  566.  
  567. $this->previewing = false; 
  568.  
  569. if ( ! $this->is_theme_active() ) { 
  570. remove_filter( 'template', array( $this, 'get_template' ) ); 
  571. remove_filter( 'stylesheet', array( $this, 'get_stylesheet' ) ); 
  572. remove_filter( 'pre_option_current_theme', array( $this, 'current_theme' ) ); 
  573.  
  574. // @link: https://core.trac.wordpress.org/ticket/20027 
  575. remove_filter( 'pre_option_stylesheet', array( $this, 'get_stylesheet' ) ); 
  576. remove_filter( 'pre_option_template', array( $this, 'get_template' ) ); 
  577.  
  578. // Handle custom theme roots. 
  579. remove_filter( 'pre_option_stylesheet_root', array( $this, 'get_stylesheet_root' ) ); 
  580. remove_filter( 'pre_option_template_root', array( $this, 'get_template_root' ) ); 
  581.  
  582. /** 
  583. * Fires once the Customizer theme preview has stopped. 
  584. * 
  585. * @since 3.4.0 
  586. * 
  587. * @param WP_Customize_Manager $this WP_Customize_Manager instance. 
  588. */ 
  589. do_action( 'stop_previewing_theme', $this ); 
  590.  
  591. /** 
  592. * Get the changeset UUID. 
  593. * 
  594. * @since 4.7.0 
  595. * @access public 
  596. * 
  597. * @return string UUID. 
  598. */ 
  599. public function changeset_uuid() { 
  600. return $this->_changeset_uuid; 
  601.  
  602. /** 
  603. * Get the theme being customized. 
  604. * 
  605. * @since 3.4.0 
  606. * 
  607. * @return WP_Theme 
  608. */ 
  609. public function theme() { 
  610. if ( ! $this->theme ) { 
  611. $this->theme = wp_get_theme(); 
  612. return $this->theme; 
  613.  
  614. /** 
  615. * Get the registered settings. 
  616. * 
  617. * @since 3.4.0 
  618. * 
  619. * @return array 
  620. */ 
  621. public function settings() { 
  622. return $this->settings; 
  623.  
  624. /** 
  625. * Get the registered controls. 
  626. * 
  627. * @since 3.4.0 
  628. * 
  629. * @return array 
  630. */ 
  631. public function controls() { 
  632. return $this->controls; 
  633.  
  634. /** 
  635. * Get the registered containers. 
  636. * 
  637. * @since 4.0.0 
  638. * 
  639. * @return array 
  640. */ 
  641. public function containers() { 
  642. return $this->containers; 
  643.  
  644. /** 
  645. * Get the registered sections. 
  646. * 
  647. * @since 3.4.0 
  648. * 
  649. * @return array 
  650. */ 
  651. public function sections() { 
  652. return $this->sections; 
  653.  
  654. /** 
  655. * Get the registered panels. 
  656. * 
  657. * @since 4.0.0 
  658. * @access public 
  659. * 
  660. * @return array Panels. 
  661. */ 
  662. public function panels() { 
  663. return $this->panels; 
  664.  
  665. /** 
  666. * Checks if the current theme is active. 
  667. * 
  668. * @since 3.4.0 
  669. * 
  670. * @return bool 
  671. */ 
  672. public function is_theme_active() { 
  673. return $this->get_stylesheet() == $this->original_stylesheet; 
  674.  
  675. /** 
  676. * Register styles/scripts and initialize the preview of each setting 
  677. * 
  678. * @since 3.4.0 
  679. */ 
  680. public function wp_loaded() { 
  681.  
  682. /** 
  683. * Fires once WordPress has loaded, allowing scripts and styles to be initialized. 
  684. * 
  685. * @since 3.4.0 
  686. * 
  687. * @param WP_Customize_Manager $this WP_Customize_Manager instance. 
  688. */ 
  689. do_action( 'customize_register', $this ); 
  690.  
  691. /** 
  692. * Note that settings must be previewed here even outside the customizer preview 
  693. * and also in the customizer pane itself. This is to enable loading an existing 
  694. * changeset into the customizer. Previewing the settings only has to be prevented 
  695. * in the case of a customize_save action because then update_option() 
  696. * may short-circuit because it will detect that there are no changes to 
  697. * make. 
  698. */ 
  699. if ( ! $this->doing_ajax( 'customize_save' ) ) { 
  700. foreach ( $this->settings as $setting ) { 
  701. $setting->preview(); 
  702.  
  703. if ( $this->is_preview() && ! is_admin() ) { 
  704. $this->customize_preview_init(); 
  705.  
  706. /** 
  707. * Prevents Ajax requests from following redirects when previewing a theme 
  708. * by issuing a 200 response instead of a 30x. 
  709. * 
  710. * Instead, the JS will sniff out the location header. 
  711. * 
  712. * @since 3.4.0 
  713. * @deprecated 4.7.0 
  714. * 
  715. * @param int $status Status. 
  716. * @return int 
  717. */ 
  718. public function wp_redirect_status( $status ) { 
  719. _deprecated_function( __FUNCTION__, '4.7.0' ); 
  720.  
  721. if ( $this->is_preview() && ! is_admin() ) { 
  722. return 200; 
  723.  
  724. return $status; 
  725.  
  726. /** 
  727. * Find the changeset post ID for a given changeset UUID. 
  728. * 
  729. * @since 4.7.0 
  730. * @access public 
  731. * 
  732. * @param string $uuid Changeset UUID. 
  733. * @return int|null Returns post ID on success and null on failure. 
  734. */ 
  735. public function find_changeset_post_id( $uuid ) { 
  736. $cache_group = 'customize_changeset_post'; 
  737. $changeset_post_id = wp_cache_get( $uuid, $cache_group ); 
  738. if ( $changeset_post_id && 'customize_changeset' === get_post_type( $changeset_post_id ) ) { 
  739. return $changeset_post_id; 
  740.  
  741. $changeset_post_query = new WP_Query( array( 
  742. 'post_type' => 'customize_changeset',  
  743. 'post_status' => get_post_stati(),  
  744. 'name' => $uuid,  
  745. 'posts_per_page' => 1,  
  746. 'no_found_rows' => true,  
  747. 'cache_results' => true,  
  748. 'update_post_meta_cache' => false,  
  749. 'update_post_term_cache' => false,  
  750. 'lazy_load_term_meta' => false,  
  751. ) ); 
  752. if ( ! empty( $changeset_post_query->posts ) ) { 
  753. // Note: 'fields'=>'ids' is not being used in order to cache the post object as it will be needed. 
  754. $changeset_post_id = $changeset_post_query->posts[0]->ID; 
  755. wp_cache_set( $this->_changeset_uuid, $changeset_post_id, $cache_group ); 
  756. return $changeset_post_id; 
  757.  
  758. return null; 
  759.  
  760. /** 
  761. * Get the changeset post id for the loaded changeset. 
  762. * 
  763. * @since 4.7.0 
  764. * @access public 
  765. * 
  766. * @return int|null Post ID on success or null if there is no post yet saved. 
  767. */ 
  768. public function changeset_post_id() { 
  769. if ( ! isset( $this->_changeset_post_id ) ) { 
  770. $post_id = $this->find_changeset_post_id( $this->_changeset_uuid ); 
  771. if ( ! $post_id ) { 
  772. $post_id = false; 
  773. $this->_changeset_post_id = $post_id; 
  774. if ( false === $this->_changeset_post_id ) { 
  775. return null; 
  776. return $this->_changeset_post_id; 
  777.  
  778. /** 
  779. * Get the data stored in a changeset post. 
  780. * 
  781. * @since 4.7.0 
  782. * @access protected 
  783. * 
  784. * @param int $post_id Changeset post ID. 
  785. * @return array|WP_Error Changeset data or WP_Error on error. 
  786. */ 
  787. protected function get_changeset_post_data( $post_id ) { 
  788. if ( ! $post_id ) { 
  789. return new WP_Error( 'empty_post_id' ); 
  790. $changeset_post = get_post( $post_id ); 
  791. if ( ! $changeset_post ) { 
  792. return new WP_Error( 'missing_post' ); 
  793. if ( 'customize_changeset' !== $changeset_post->post_type ) { 
  794. return new WP_Error( 'wrong_post_type' ); 
  795. $changeset_data = json_decode( $changeset_post->post_content, true ); 
  796. if ( function_exists( 'json_last_error' ) && json_last_error() ) { 
  797. return new WP_Error( 'json_parse_error', '', json_last_error() ); 
  798. if ( ! is_array( $changeset_data ) ) { 
  799. return new WP_Error( 'expected_array' ); 
  800. return $changeset_data; 
  801.  
  802. /** 
  803. * Get changeset data. 
  804. * 
  805. * @since 4.7.0 
  806. * @access public 
  807. * 
  808. * @return array Changeset data. 
  809. */ 
  810. public function changeset_data() { 
  811. if ( isset( $this->_changeset_data ) ) { 
  812. return $this->_changeset_data; 
  813. $changeset_post_id = $this->changeset_post_id(); 
  814. if ( ! $changeset_post_id ) { 
  815. $this->_changeset_data = array(); 
  816. } else { 
  817. $data = $this->get_changeset_post_data( $changeset_post_id ); 
  818. if ( ! is_wp_error( $data ) ) { 
  819. $this->_changeset_data = $data; 
  820. } else { 
  821. $this->_changeset_data = array(); 
  822. return $this->_changeset_data; 
  823.  
  824. /** 
  825. * Starter content setting IDs. 
  826. * 
  827. * @since 4.7.0 
  828. * @access private 
  829. * @var array 
  830. */ 
  831. protected $pending_starter_content_settings_ids = array(); 
  832.  
  833. /** 
  834. * Import theme starter content into the customized state. 
  835. * 
  836. * @since 4.7.0 
  837. * @access public 
  838. * 
  839. * @param array $starter_content Starter content. Defaults to `get_theme_starter_content()`. 
  840. */ 
  841. function import_theme_starter_content( $starter_content = array() ) { 
  842. if ( empty( $starter_content ) ) { 
  843. $starter_content = get_theme_starter_content(); 
  844.  
  845. $changeset_data = array(); 
  846. if ( $this->changeset_post_id() ) { 
  847. $changeset_data = $this->get_changeset_post_data( $this->changeset_post_id() ); 
  848.  
  849. $sidebars_widgets = isset( $starter_content['widgets'] ) && ! empty( $this->widgets ) ? $starter_content['widgets'] : array(); 
  850. $attachments = isset( $starter_content['attachments'] ) && ! empty( $this->nav_menus ) ? $starter_content['attachments'] : array(); 
  851. $posts = isset( $starter_content['posts'] ) && ! empty( $this->nav_menus ) ? $starter_content['posts'] : array(); 
  852. $options = isset( $starter_content['options'] ) ? $starter_content['options'] : array(); 
  853. $nav_menus = isset( $starter_content['nav_menus'] ) && ! empty( $this->nav_menus ) ? $starter_content['nav_menus'] : array(); 
  854. $theme_mods = isset( $starter_content['theme_mods'] ) ? $starter_content['theme_mods'] : array(); 
  855.  
  856. // Widgets. 
  857. $max_widget_numbers = array(); 
  858. foreach ( $sidebars_widgets as $sidebar_id => $widgets ) { 
  859. $sidebar_widget_ids = array(); 
  860. foreach ( $widgets as $widget ) { 
  861. list( $id_base, $instance ) = $widget; 
  862.  
  863. if ( ! isset( $max_widget_numbers[ $id_base ] ) ) { 
  864.  
  865. // When $settings is an array-like object, get an intrinsic array for use with array_keys(). 
  866. $settings = get_option( "widget_{$id_base}", array() ); 
  867. if ( $settings instanceof ArrayObject || $settings instanceof ArrayIterator ) { 
  868. $settings = $settings->getArrayCopy(); 
  869.  
  870. // Find the max widget number for this type. 
  871. $widget_numbers = array_keys( $settings ); 
  872. if ( count( $widget_numbers ) > 0 ) { 
  873. $widget_numbers[] = 1; 
  874. $max_widget_numbers[ $id_base ] = call_user_func_array( 'max', $widget_numbers ); 
  875. } else { 
  876. $max_widget_numbers[ $id_base ] = 1; 
  877. $max_widget_numbers[ $id_base ] += 1; 
  878.  
  879. $widget_id = sprintf( '%s-%d', $id_base, $max_widget_numbers[ $id_base ] ); 
  880. $setting_id = sprintf( 'widget_%s[%d]', $id_base, $max_widget_numbers[ $id_base ] ); 
  881.  
  882. $setting_value = $this->widgets->sanitize_widget_js_instance( $instance ); 
  883. if ( empty( $changeset_data[ $setting_id ] ) || ! empty( $changeset_data[ $setting_id ]['starter_content'] ) ) { 
  884. $this->set_post_value( $setting_id, $setting_value ); 
  885. $this->pending_starter_content_settings_ids[] = $setting_id; 
  886. $sidebar_widget_ids[] = $widget_id; 
  887.  
  888. $setting_id = sprintf( 'sidebars_widgets[%s]', $sidebar_id ); 
  889. if ( empty( $changeset_data[ $setting_id ] ) || ! empty( $changeset_data[ $setting_id ]['starter_content'] ) ) { 
  890. $this->set_post_value( $setting_id, $sidebar_widget_ids ); 
  891. $this->pending_starter_content_settings_ids[] = $setting_id; 
  892.  
  893. $starter_content_auto_draft_post_ids = array(); 
  894. if ( ! empty( $changeset_data['nav_menus_created_posts']['value'] ) ) { 
  895. $starter_content_auto_draft_post_ids = array_merge( $starter_content_auto_draft_post_ids, $changeset_data['nav_menus_created_posts']['value'] ); 
  896.  
  897. // Make an index of all the posts needed and what their slugs are. 
  898. $needed_posts = array(); 
  899. $attachments = $this->prepare_starter_content_attachments( $attachments ); 
  900. foreach ( $attachments as $attachment ) { 
  901. $key = 'attachment:' . $attachment['post_name']; 
  902. $needed_posts[ $key ] = true; 
  903. foreach ( array_keys( $posts ) as $post_symbol ) { 
  904. if ( empty( $posts[ $post_symbol ]['post_name'] ) && empty( $posts[ $post_symbol ]['post_title'] ) ) { 
  905. unset( $posts[ $post_symbol ] ); 
  906. continue; 
  907. if ( empty( $posts[ $post_symbol ]['post_name'] ) ) { 
  908. $posts[ $post_symbol ]['post_name'] = sanitize_title( $posts[ $post_symbol ]['post_title'] ); 
  909. if ( empty( $posts[ $post_symbol ]['post_type'] ) ) { 
  910. $posts[ $post_symbol ]['post_type'] = 'post'; 
  911. $needed_posts[ $posts[ $post_symbol ]['post_type'] . ':' . $posts[ $post_symbol ]['post_name'] ] = true; 
  912. $all_post_slugs = array_merge( 
  913. wp_list_pluck( $attachments, 'post_name' ),  
  914. wp_list_pluck( $posts, 'post_name' ) 
  915. ); 
  916.  
  917. /** 
  918. * Obtain all post types referenced in starter content to use in query. 
  919. * This is needed because 'any' will not account for post types not yet registered. 
  920. */ 
  921. $post_types = array_filter( array_merge( array( 'attachment' ), wp_list_pluck( $posts, 'post_type' ) ) ); 
  922.  
  923. // Re-use auto-draft starter content posts referenced in the current customized state. 
  924. $existing_starter_content_posts = array(); 
  925. if ( ! empty( $starter_content_auto_draft_post_ids ) ) { 
  926. $existing_posts_query = new WP_Query( array( 
  927. 'post__in' => $starter_content_auto_draft_post_ids,  
  928. 'post_status' => 'auto-draft',  
  929. 'post_type' => $post_types,  
  930. 'posts_per_page' => -1,  
  931. ) ); 
  932. foreach ( $existing_posts_query->posts as $existing_post ) { 
  933. $post_name = $existing_post->post_name; 
  934. if ( empty( $post_name ) ) { 
  935. $post_name = get_post_meta( $existing_post->ID, '_customize_draft_post_name', true ); 
  936. $existing_starter_content_posts[ $existing_post->post_type . ':' . $post_name ] = $existing_post; 
  937.  
  938. // Re-use non-auto-draft posts. 
  939. if ( ! empty( $all_post_slugs ) ) { 
  940. $existing_posts_query = new WP_Query( array( 
  941. 'post_name__in' => $all_post_slugs,  
  942. 'post_status' => array_diff( get_post_stati(), array( 'auto-draft' ) ),  
  943. 'post_type' => 'any',  
  944. 'posts_per_page' => -1,  
  945. ) ); 
  946. foreach ( $existing_posts_query->posts as $existing_post ) { 
  947. $key = $existing_post->post_type . ':' . $existing_post->post_name; 
  948. if ( isset( $needed_posts[ $key ] ) && ! isset( $existing_starter_content_posts[ $key ] ) ) { 
  949. $existing_starter_content_posts[ $key ] = $existing_post; 
  950.  
  951. // Attachments are technically posts but handled differently. 
  952. if ( ! empty( $attachments ) ) { 
  953.  
  954. $attachment_ids = array(); 
  955.  
  956. foreach ( $attachments as $symbol => $attachment ) { 
  957. $file_array = array( 
  958. 'name' => $attachment['file_name'],  
  959. ); 
  960. $file_path = $attachment['file_path']; 
  961. $attachment_id = null; 
  962. $attached_file = null; 
  963. if ( isset( $existing_starter_content_posts[ 'attachment:' . $attachment['post_name'] ] ) ) { 
  964. $attachment_post = $existing_starter_content_posts[ 'attachment:' . $attachment['post_name'] ]; 
  965. $attachment_id = $attachment_post->ID; 
  966. $attached_file = get_attached_file( $attachment_id ); 
  967. if ( empty( $attached_file ) || ! file_exists( $attached_file ) ) { 
  968. $attachment_id = null; 
  969. $attached_file = null; 
  970. } elseif ( $this->get_stylesheet() !== get_post_meta( $attachment_post->ID, '_starter_content_theme', true ) ) { 
  971.  
  972. // Re-generate attachment metadata since it was previously generated for a different theme. 
  973. $metadata = wp_generate_attachment_metadata( $attachment_post->ID, $attached_file ); 
  974. wp_update_attachment_metadata( $attachment_id, $metadata ); 
  975. update_post_meta( $attachment_id, '_starter_content_theme', $this->get_stylesheet() ); 
  976.  
  977. // Insert the attachment auto-draft because it doesn't yet exist or the attached file is gone. 
  978. if ( ! $attachment_id ) { 
  979.  
  980. // Copy file to temp location so that original file won't get deleted from theme after sideloading. 
  981. $temp_file_name = wp_tempnam( basename( $file_path ) ); 
  982. if ( $temp_file_name && copy( $file_path, $temp_file_name ) ) { 
  983. $file_array['tmp_name'] = $temp_file_name; 
  984. if ( empty( $file_array['tmp_name'] ) ) { 
  985. continue; 
  986.  
  987. $attachment_post_data = array_merge( 
  988. wp_array_slice_assoc( $attachment, array( 'post_title', 'post_content', 'post_excerpt' ) ),  
  989. array( 
  990. 'post_status' => 'auto-draft', // So attachment will be garbage collected in a week if changeset is never published. 
  991. ); 
  992.  
  993. // In PHP < 5.6 filesize() returns 0 for the temp files unless we clear the file status cache. 
  994. // Technically, PHP < 5.6.0 || < 5.5.13 || < 5.4.29 but no need to be so targeted. 
  995. // See https://bugs.php.net/bug.php?id=65701 
  996. if ( version_compare( PHP_VERSION, '5.6', '<' ) ) { 
  997. clearstatcache(); 
  998.  
  999. $attachment_id = media_handle_sideload( $file_array, 0, null, $attachment_post_data ); 
  1000. if ( is_wp_error( $attachment_id ) ) { 
  1001. continue; 
  1002. update_post_meta( $attachment_id, '_starter_content_theme', $this->get_stylesheet() ); 
  1003. update_post_meta( $attachment_id, '_customize_draft_post_name', $attachment['post_name'] ); 
  1004.  
  1005. $attachment_ids[ $symbol ] = $attachment_id; 
  1006. $starter_content_auto_draft_post_ids = array_merge( $starter_content_auto_draft_post_ids, array_values( $attachment_ids ) ); 
  1007.  
  1008. // Posts & pages. 
  1009. if ( ! empty( $posts ) ) { 
  1010. foreach ( array_keys( $posts ) as $post_symbol ) { 
  1011. if ( empty( $posts[ $post_symbol ]['post_type'] ) || empty( $posts[ $post_symbol ]['post_name'] ) ) { 
  1012. continue; 
  1013. $post_type = $posts[ $post_symbol ]['post_type']; 
  1014. if ( ! empty( $posts[ $post_symbol ]['post_name'] ) ) { 
  1015. $post_name = $posts[ $post_symbol ]['post_name']; 
  1016. } elseif ( ! empty( $posts[ $post_symbol ]['post_title'] ) ) { 
  1017. $post_name = sanitize_title( $posts[ $post_symbol ]['post_title'] ); 
  1018. } else { 
  1019. continue; 
  1020.  
  1021. // Use existing auto-draft post if one already exists with the same type and name. 
  1022. if ( isset( $existing_starter_content_posts[ $post_type . ':' . $post_name ] ) ) { 
  1023. $posts[ $post_symbol ]['ID'] = $existing_starter_content_posts[ $post_type . ':' . $post_name ]->ID; 
  1024. continue; 
  1025.  
  1026. // Translate the featured image symbol. 
  1027. if ( ! empty( $posts[ $post_symbol ]['thumbnail'] ) 
  1028. && preg_match( '/^{{(?P<symbol>.+)}}$/', $posts[ $post_symbol ]['thumbnail'], $matches ) 
  1029. && isset( $attachment_ids[ $matches['symbol'] ] ) ) { 
  1030. $posts[ $post_symbol ]['meta_input']['_thumbnail_id'] = $attachment_ids[ $matches['symbol'] ]; 
  1031.  
  1032. if ( ! empty( $posts[ $post_symbol ]['template'] ) ) { 
  1033. $posts[ $post_symbol ]['meta_input']['_wp_page_template'] = $posts[ $post_symbol ]['template']; 
  1034.  
  1035. $r = $this->nav_menus->insert_auto_draft_post( $posts[ $post_symbol ] ); 
  1036. if ( $r instanceof WP_Post ) { 
  1037. $posts[ $post_symbol ]['ID'] = $r->ID; 
  1038.  
  1039. $starter_content_auto_draft_post_ids = array_merge( $starter_content_auto_draft_post_ids, wp_list_pluck( $posts, 'ID' ) ); 
  1040.  
  1041. // The nav_menus_created_posts setting is why nav_menus component is dependency for adding posts. 
  1042. if ( ! empty( $this->nav_menus ) && ! empty( $starter_content_auto_draft_post_ids ) ) { 
  1043. $setting_id = 'nav_menus_created_posts'; 
  1044. $this->set_post_value( $setting_id, array_unique( array_values( $starter_content_auto_draft_post_ids ) ) ); 
  1045. $this->pending_starter_content_settings_ids[] = $setting_id; 
  1046.  
  1047. // Nav menus. 
  1048. $placeholder_id = -1; 
  1049. $reused_nav_menu_setting_ids = array(); 
  1050. foreach ( $nav_menus as $nav_menu_location => $nav_menu ) { 
  1051.  
  1052. $nav_menu_term_id = null; 
  1053. $nav_menu_setting_id = null; 
  1054. $matches = array(); 
  1055.  
  1056. // Look for an existing placeholder menu with starter content to re-use. 
  1057. foreach ( $changeset_data as $setting_id => $setting_params ) { 
  1058. $can_reuse = ( 
  1059. ! empty( $setting_params['starter_content'] ) 
  1060. && 
  1061. ! in_array( $setting_id, $reused_nav_menu_setting_ids, true ) 
  1062. && 
  1063. preg_match( '#^nav_menu\[(?P<nav_menu_id>-?\d+)\]$#', $setting_id, $matches ) 
  1064. ); 
  1065. if ( $can_reuse ) { 
  1066. $nav_menu_term_id = intval( $matches['nav_menu_id'] ); 
  1067. $nav_menu_setting_id = $setting_id; 
  1068. $reused_nav_menu_setting_ids[] = $setting_id; 
  1069. break; 
  1070.  
  1071. if ( ! $nav_menu_term_id ) { 
  1072. while ( isset( $changeset_data[ sprintf( 'nav_menu[%d]', $placeholder_id ) ] ) ) { 
  1073. $placeholder_id--; 
  1074. $nav_menu_term_id = $placeholder_id; 
  1075. $nav_menu_setting_id = sprintf( 'nav_menu[%d]', $placeholder_id ); 
  1076.  
  1077. $this->set_post_value( $nav_menu_setting_id, array( 
  1078. 'name' => isset( $nav_menu['name'] ) ? $nav_menu['name'] : $nav_menu_location,  
  1079. ) ); 
  1080. $this->pending_starter_content_settings_ids[] = $nav_menu_setting_id; 
  1081.  
  1082. // @todo Add support for menu_item_parent. 
  1083. $position = 0; 
  1084. foreach ( $nav_menu['items'] as $nav_menu_item ) { 
  1085. $nav_menu_item_setting_id = sprintf( 'nav_menu_item[%d]', $placeholder_id-- ); 
  1086. if ( ! isset( $nav_menu_item['position'] ) ) { 
  1087. $nav_menu_item['position'] = $position++; 
  1088. $nav_menu_item['nav_menu_term_id'] = $nav_menu_term_id; 
  1089.  
  1090. if ( isset( $nav_menu_item['object_id'] ) ) { 
  1091. if ( 'post_type' === $nav_menu_item['type'] && preg_match( '/^{{(?P<symbol>.+)}}$/', $nav_menu_item['object_id'], $matches ) && isset( $posts[ $matches['symbol'] ] ) ) { 
  1092. $nav_menu_item['object_id'] = $posts[ $matches['symbol'] ]['ID']; 
  1093. if ( empty( $nav_menu_item['title'] ) ) { 
  1094. $original_object = get_post( $nav_menu_item['object_id'] ); 
  1095. $nav_menu_item['title'] = $original_object->post_title; 
  1096. } else { 
  1097. continue; 
  1098. } else { 
  1099. $nav_menu_item['object_id'] = 0; 
  1100.  
  1101. if ( empty( $changeset_data[ $nav_menu_item_setting_id ] ) || ! empty( $changeset_data[ $nav_menu_item_setting_id ]['starter_content'] ) ) { 
  1102. $this->set_post_value( $nav_menu_item_setting_id, $nav_menu_item ); 
  1103. $this->pending_starter_content_settings_ids[] = $nav_menu_item_setting_id; 
  1104.  
  1105. $setting_id = sprintf( 'nav_menu_locations[%s]', $nav_menu_location ); 
  1106. if ( empty( $changeset_data[ $setting_id ] ) || ! empty( $changeset_data[ $setting_id ]['starter_content'] ) ) { 
  1107. $this->set_post_value( $setting_id, $nav_menu_term_id ); 
  1108. $this->pending_starter_content_settings_ids[] = $setting_id; 
  1109.  
  1110. // Options. 
  1111. foreach ( $options as $name => $value ) { 
  1112. if ( preg_match( '/^{{(?P<symbol>.+)}}$/', $value, $matches ) ) { 
  1113. if ( isset( $posts[ $matches['symbol'] ] ) ) { 
  1114. $value = $posts[ $matches['symbol'] ]['ID']; 
  1115. } elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) { 
  1116. $value = $attachment_ids[ $matches['symbol'] ]; 
  1117. } else { 
  1118. continue; 
  1119.  
  1120. if ( empty( $changeset_data[ $name ] ) || ! empty( $changeset_data[ $name ]['starter_content'] ) ) { 
  1121. $this->set_post_value( $name, $value ); 
  1122. $this->pending_starter_content_settings_ids[] = $name; 
  1123.  
  1124. // Theme mods. 
  1125. foreach ( $theme_mods as $name => $value ) { 
  1126. if ( preg_match( '/^{{(?P<symbol>.+)}}$/', $value, $matches ) ) { 
  1127. if ( isset( $posts[ $matches['symbol'] ] ) ) { 
  1128. $value = $posts[ $matches['symbol'] ]['ID']; 
  1129. } elseif ( isset( $attachment_ids[ $matches['symbol'] ] ) ) { 
  1130. $value = $attachment_ids[ $matches['symbol'] ]; 
  1131. } else { 
  1132. continue; 
  1133.  
  1134. // Handle header image as special case since setting has a legacy format. 
  1135. if ( 'header_image' === $name ) { 
  1136. $name = 'header_image_data'; 
  1137. $metadata = wp_get_attachment_metadata( $value ); 
  1138. if ( empty( $metadata ) ) { 
  1139. continue; 
  1140. $value = array( 
  1141. 'attachment_id' => $value,  
  1142. 'url' => wp_get_attachment_url( $value ),  
  1143. 'height' => $metadata['height'],  
  1144. 'width' => $metadata['width'],  
  1145. ); 
  1146. } elseif ( 'background_image' === $name ) { 
  1147. $value = wp_get_attachment_url( $value ); 
  1148.  
  1149. if ( empty( $changeset_data[ $name ] ) || ! empty( $changeset_data[ $name ]['starter_content'] ) ) { 
  1150. $this->set_post_value( $name, $value ); 
  1151. $this->pending_starter_content_settings_ids[] = $name; 
  1152.  
  1153. if ( ! empty( $this->pending_starter_content_settings_ids ) ) { 
  1154. if ( did_action( 'customize_register' ) ) { 
  1155. $this->_save_starter_content_changeset(); 
  1156. } else { 
  1157. add_action( 'customize_register', array( $this, '_save_starter_content_changeset' ), 1000 ); 
  1158.  
  1159. /** 
  1160. * Prepare starter content attachments. 
  1161. * 
  1162. * Ensure that the attachments are valid and that they have slugs and file name/path. 
  1163. * 
  1164. * @since 4.7.0 
  1165. * @access private 
  1166. * 
  1167. * @param array $attachments Attachments. 
  1168. * @return array Prepared attachments. 
  1169. */ 
  1170. protected function prepare_starter_content_attachments( $attachments ) { 
  1171. $prepared_attachments = array(); 
  1172. if ( empty( $attachments ) ) { 
  1173. return $prepared_attachments; 
  1174.  
  1175. // Such is The WordPress Way. 
  1176. require_once( ABSPATH . 'wp-admin/includes/file.php' ); 
  1177. require_once( ABSPATH . 'wp-admin/includes/media.php' ); 
  1178. require_once( ABSPATH . 'wp-admin/includes/image.php' ); 
  1179.  
  1180. foreach ( $attachments as $symbol => $attachment ) { 
  1181.  
  1182. // A file is required and URLs to files are not currently allowed. 
  1183. if ( empty( $attachment['file'] ) || preg_match( '#^https?://$#', $attachment['file'] ) ) { 
  1184. continue; 
  1185.  
  1186. $file_path = null; 
  1187. if ( file_exists( $attachment['file'] ) ) { 
  1188. $file_path = $attachment['file']; // Could be absolute path to file in plugin. 
  1189. } elseif ( is_child_theme() && file_exists( get_stylesheet_directory() . '/' . $attachment['file'] ) ) { 
  1190. $file_path = get_stylesheet_directory() . '/' . $attachment['file']; 
  1191. } elseif ( file_exists( get_template_directory() . '/' . $attachment['file'] ) ) { 
  1192. $file_path = get_template_directory() . '/' . $attachment['file']; 
  1193. } else { 
  1194. continue; 
  1195. $file_name = basename( $attachment['file'] ); 
  1196.  
  1197. // Skip file types that are not recognized. 
  1198. $checked_filetype = wp_check_filetype( $file_name ); 
  1199. if ( empty( $checked_filetype['type'] ) ) { 
  1200. continue; 
  1201.  
  1202. // Ensure post_name is set since not automatically derived from post_title for new auto-draft posts. 
  1203. if ( empty( $attachment['post_name'] ) ) { 
  1204. if ( ! empty( $attachment['post_title'] ) ) { 
  1205. $attachment['post_name'] = sanitize_title( $attachment['post_title'] ); 
  1206. } else { 
  1207. $attachment['post_name'] = sanitize_title( preg_replace( '/\.\w+$/', '', $file_name ) ); 
  1208.  
  1209. $attachment['file_name'] = $file_name; 
  1210. $attachment['file_path'] = $file_path; 
  1211. $prepared_attachments[ $symbol ] = $attachment; 
  1212. return $prepared_attachments; 
  1213.  
  1214. /** 
  1215. * Save starter content changeset. 
  1216. * 
  1217. * @since 4.7.0 
  1218. * @access private 
  1219. */ 
  1220. public function _save_starter_content_changeset() { 
  1221.  
  1222. if ( empty( $this->pending_starter_content_settings_ids ) ) { 
  1223. return; 
  1224.  
  1225. $this->save_changeset_post( array( 
  1226. 'data' => array_fill_keys( $this->pending_starter_content_settings_ids, array( 'starter_content' => true ) ),  
  1227. 'starter_content' => true,  
  1228. ) ); 
  1229.  
  1230. $this->pending_starter_content_settings_ids = array(); 
  1231.  
  1232. /** 
  1233. * Get dirty pre-sanitized setting values in the current customized state. 
  1234. * 
  1235. * The returned array consists of a merge of three sources: 
  1236. * 1. If the theme is not currently active, then the base array is any stashed 
  1237. * theme mods that were modified previously but never published. 
  1238. * 2. The values from the current changeset, if it exists. 
  1239. * 3. If the user can customize, the values parsed from the incoming 
  1240. * `$_POST['customized']` JSON data. 
  1241. * 4. Any programmatically-set post values via `WP_Customize_Manager::set_post_value()`. 
  1242. * 
  1243. * The name "unsanitized_post_values" is a carry-over from when the customized 
  1244. * state was exclusively sourced from `$_POST['customized']`. Nevertheless,  
  1245. * the value returned will come from the current changeset post and from the 
  1246. * incoming post data. 
  1247. * 
  1248. * @since 4.1.1 
  1249. * @since 4.7.0 Added $args param and merging with changeset values and stashed theme mods. 
  1250. * 
  1251. * @param array $args { 
  1252. * Args. 
  1253. * 
  1254. * @type bool $exclude_changeset Whether the changeset values should also be excluded. Defaults to false. 
  1255. * @type bool $exclude_post_data Whether the post input values should also be excluded. Defaults to false when lacking the customize capability. 
  1256. * } 
  1257. * @return array 
  1258. */ 
  1259. public function unsanitized_post_values( $args = array() ) { 
  1260. $args = array_merge( 
  1261. array( 
  1262. 'exclude_changeset' => false,  
  1263. 'exclude_post_data' => ! current_user_can( 'customize' ),  
  1264. ),  
  1265. $args 
  1266. ); 
  1267.  
  1268. $values = array(); 
  1269.  
  1270. // Let default values be from the stashed theme mods if doing a theme switch and if no changeset is present. 
  1271. if ( ! $this->is_theme_active() ) { 
  1272. $stashed_theme_mods = get_option( 'customize_stashed_theme_mods' ); 
  1273. $stylesheet = $this->get_stylesheet(); 
  1274. if ( isset( $stashed_theme_mods[ $stylesheet ] ) ) { 
  1275. $values = array_merge( $values, wp_list_pluck( $stashed_theme_mods[ $stylesheet ], 'value' ) ); 
  1276.  
  1277. if ( ! $args['exclude_changeset'] ) { 
  1278. foreach ( $this->changeset_data() as $setting_id => $setting_params ) { 
  1279. if ( ! array_key_exists( 'value', $setting_params ) ) { 
  1280. continue; 
  1281. if ( isset( $setting_params['type'] ) && 'theme_mod' === $setting_params['type'] ) { 
  1282.  
  1283. // Ensure that theme mods values are only used if they were saved under the current theme. 
  1284. $namespace_pattern = '/^(?P<stylesheet>.+?)::(?P<setting_id>.+)$/'; 
  1285. if ( preg_match( $namespace_pattern, $setting_id, $matches ) && $this->get_stylesheet() === $matches['stylesheet'] ) { 
  1286. $values[ $matches['setting_id'] ] = $setting_params['value']; 
  1287. } else { 
  1288. $values[ $setting_id ] = $setting_params['value']; 
  1289.  
  1290. if ( ! $args['exclude_post_data'] ) { 
  1291. if ( ! isset( $this->_post_values ) ) { 
  1292. if ( isset( $_POST['customized'] ) ) { 
  1293. $post_values = json_decode( wp_unslash( $_POST['customized'] ), true ); 
  1294. } else { 
  1295. $post_values = array(); 
  1296. if ( is_array( $post_values ) ) { 
  1297. $this->_post_values = $post_values; 
  1298. } else { 
  1299. $this->_post_values = array(); 
  1300. $values = array_merge( $values, $this->_post_values ); 
  1301. return $values; 
  1302.  
  1303. /** 
  1304. * Returns the sanitized value for a given setting from the current customized state. 
  1305. * 
  1306. * The name "post_value" is a carry-over from when the customized state was exclusively 
  1307. * sourced from `$_POST['customized']`. Nevertheless, the value returned will come 
  1308. * from the current changeset post and from the incoming post data. 
  1309. * 
  1310. * @since 3.4.0 
  1311. * @since 4.1.1 Introduced the `$default` parameter. 
  1312. * @since 4.6.0 `$default` is now returned early when the setting post value is invalid. 
  1313. * @access public 
  1314. * 
  1315. * @see WP_REST_Server::dispatch() 
  1316. * @see WP_Rest_Request::sanitize_params() 
  1317. * @see WP_Rest_Request::has_valid_params() 
  1318. * 
  1319. * @param WP_Customize_Setting $setting A WP_Customize_Setting derived object. 
  1320. * @param mixed $default Value returned $setting has no post value (added in 4.2.0) 
  1321. * or the post value is invalid (added in 4.6.0). 
  1322. * @return string|mixed $post_value Sanitized value or the $default provided. 
  1323. */ 
  1324. public function post_value( $setting, $default = null ) { 
  1325. $post_values = $this->unsanitized_post_values(); 
  1326. if ( ! array_key_exists( $setting->id, $post_values ) ) { 
  1327. return $default; 
  1328. $value = $post_values[ $setting->id ]; 
  1329. $valid = $setting->validate( $value ); 
  1330. if ( is_wp_error( $valid ) ) { 
  1331. return $default; 
  1332. $value = $setting->sanitize( $value ); 
  1333. if ( is_null( $value ) || is_wp_error( $value ) ) { 
  1334. return $default; 
  1335. return $value; 
  1336.  
  1337. /** 
  1338. * Override a setting's value in the current customized state. 
  1339. * 
  1340. * The name "post_value" is a carry-over from when the customized state was 
  1341. * exclusively sourced from `$_POST['customized']`. 
  1342. * 
  1343. * @since 4.2.0 
  1344. * @access public 
  1345. * 
  1346. * @param string $setting_id ID for the WP_Customize_Setting instance. 
  1347. * @param mixed $value Post value. 
  1348. */ 
  1349. public function set_post_value( $setting_id, $value ) { 
  1350. $this->unsanitized_post_values(); // Populate _post_values from $_POST['customized']. 
  1351. $this->_post_values[ $setting_id ] = $value; 
  1352.  
  1353. /** 
  1354. * Announce when a specific setting's unsanitized post value has been set. 
  1355. * 
  1356. * Fires when the WP_Customize_Manager::set_post_value() method is called. 
  1357. * 
  1358. * The dynamic portion of the hook name, `$setting_id`, refers to the setting ID. 
  1359. * 
  1360. * @since 4.4.0 
  1361. * 
  1362. * @param mixed $value Unsanitized setting post value. 
  1363. * @param WP_Customize_Manager $this WP_Customize_Manager instance. 
  1364. */ 
  1365. do_action( "customize_post_value_set_{$setting_id}", $value, $this ); 
  1366.  
  1367. /** 
  1368. * Announce when any setting's unsanitized post value has been set. 
  1369. * 
  1370. * Fires when the WP_Customize_Manager::set_post_value() method is called. 
  1371. * 
  1372. * This is useful for `WP_Customize_Setting` instances to watch 
  1373. * in order to update a cached previewed value. 
  1374. * 
  1375. * @since 4.4.0 
  1376. * 
  1377. * @param string $setting_id Setting ID. 
  1378. * @param mixed $value Unsanitized setting post value. 
  1379. * @param WP_Customize_Manager $this WP_Customize_Manager instance. 
  1380. */ 
  1381. do_action( 'customize_post_value_set', $setting_id, $value, $this ); 
  1382.  
  1383. /** 
  1384. * Print JavaScript settings. 
  1385. * 
  1386. * @since 3.4.0 
  1387. */ 
  1388. public function customize_preview_init() { 
  1389.  
  1390. /** 
  1391. * Now that Customizer previews are loaded into iframes via GET requests 
  1392. * and natural URLs with transaction UUIDs added, we need to ensure that 
  1393. * the responses are never cached by proxies. In practice, this will not 
  1394. * be needed if the user is logged-in anyway. But if anonymous access is 
  1395. * allowed then the auth cookies would not be sent and WordPress would 
  1396. * not send no-cache headers by default. 
  1397. */ 
  1398. if ( ! headers_sent() ) { 
  1399. nocache_headers(); 
  1400. header( 'X-Robots: noindex, nofollow, noarchive' ); 
  1401. add_action( 'wp_head', 'wp_no_robots' ); 
  1402. add_filter( 'wp_headers', array( $this, 'filter_iframe_security_headers' ) ); 
  1403.  
  1404. /** 
  1405. * If preview is being served inside the customizer preview iframe, and 
  1406. * if the user doesn't have customize capability, then it is assumed 
  1407. * that the user's session has expired and they need to re-authenticate. 
  1408. */ 
  1409. if ( $this->messenger_channel && ! current_user_can( 'customize' ) ) { 
  1410. $this->wp_die( -1, __( 'Unauthorized. You may remove the customize_messenger_channel param to preview as frontend.' ) ); 
  1411. return; 
  1412.  
  1413. $this->prepare_controls(); 
  1414.  
  1415. add_filter( 'wp_redirect', array( $this, 'add_state_query_params' ) ); 
  1416.  
  1417. wp_enqueue_script( 'customize-preview' ); 
  1418. wp_enqueue_style( 'customize-preview' ); 
  1419. add_action( 'wp_head', array( $this, 'customize_preview_loading_style' ) ); 
  1420. add_action( 'wp_head', array( $this, 'remove_frameless_preview_messenger_channel' ) ); 
  1421. add_action( 'wp_footer', array( $this, 'customize_preview_settings' ), 20 ); 
  1422. add_filter( 'get_edit_post_link', '__return_empty_string' ); 
  1423.  
  1424. /** 
  1425. * Fires once the Customizer preview has initialized and JavaScript 
  1426. * settings have been printed. 
  1427. * 
  1428. * @since 3.4.0 
  1429. * 
  1430. * @param WP_Customize_Manager $this WP_Customize_Manager instance. 
  1431. */ 
  1432. do_action( 'customize_preview_init', $this ); 
  1433.  
  1434. /** 
  1435. * Filter the X-Frame-Options and Content-Security-Policy headers to ensure frontend can load in customizer. 
  1436. * 
  1437. * @since 4.7.0 
  1438. * @access public 
  1439. * 
  1440. * @param array $headers Headers. 
  1441. * @return array Headers. 
  1442. */ 
  1443. public function filter_iframe_security_headers( $headers ) { 
  1444. $customize_url = admin_url( 'customize.php' ); 
  1445. $headers['X-Frame-Options'] = 'ALLOW-FROM ' . $customize_url; 
  1446. $headers['Content-Security-Policy'] = 'frame-ancestors ' . preg_replace( '#^(\w+://[^/]+).+?$#', '$1', $customize_url ); 
  1447. return $headers; 
  1448.  
  1449. /** 
  1450. * Add customize state query params to a given URL if preview is allowed. 
  1451. * 
  1452. * @since 4.7.0 
  1453. * @access public 
  1454. * @see wp_redirect() 
  1455. * @see WP_Customize_Manager::get_allowed_url() 
  1456. * 
  1457. * @param string $url URL. 
  1458. * @return string URL. 
  1459. */ 
  1460. public function add_state_query_params( $url ) { 
  1461. $parsed_original_url = wp_parse_url( $url ); 
  1462. $is_allowed = false; 
  1463. foreach ( $this->get_allowed_urls() as $allowed_url ) { 
  1464. $parsed_allowed_url = wp_parse_url( $allowed_url ); 
  1465. $is_allowed = ( 
  1466. $parsed_allowed_url['scheme'] === $parsed_original_url['scheme'] 
  1467. && 
  1468. $parsed_allowed_url['host'] === $parsed_original_url['host'] 
  1469. && 
  1470. 0 === strpos( $parsed_original_url['path'], $parsed_allowed_url['path'] ) 
  1471. ); 
  1472. if ( $is_allowed ) { 
  1473. break; 
  1474.  
  1475. if ( $is_allowed ) { 
  1476. $query_params = array( 
  1477. 'customize_changeset_uuid' => $this->changeset_uuid(),  
  1478. ); 
  1479. if ( ! $this->is_theme_active() ) { 
  1480. $query_params['customize_theme'] = $this->get_stylesheet(); 
  1481. if ( $this->messenger_channel ) { 
  1482. $query_params['customize_messenger_channel'] = $this->messenger_channel; 
  1483. $url = add_query_arg( $query_params, $url ); 
  1484.  
  1485. return $url; 
  1486.  
  1487. /** 
  1488. * Prevent sending a 404 status when returning the response for the customize 
  1489. * preview, since it causes the jQuery Ajax to fail. Send 200 instead. 
  1490. * 
  1491. * @since 4.0.0 
  1492. * @deprecated 4.7.0 
  1493. * @access public 
  1494. */ 
  1495. public function customize_preview_override_404_status() { 
  1496. _deprecated_function( __METHOD__, '4.7.0' ); 
  1497.  
  1498. /** 
  1499. * Print base element for preview frame. 
  1500. * 
  1501. * @since 3.4.0 
  1502. * @deprecated 4.7.0 
  1503. */ 
  1504. public function customize_preview_base() { 
  1505. _deprecated_function( __METHOD__, '4.7.0' ); 
  1506.  
  1507. /** 
  1508. * Print a workaround to handle HTML5 tags in IE < 9. 
  1509. * 
  1510. * @since 3.4.0 
  1511. * @deprecated 4.7.0 Customizer no longer supports IE8, so all supported browsers recognize HTML5. 
  1512. */ 
  1513. public function customize_preview_html5() { 
  1514. _deprecated_function( __FUNCTION__, '4.7.0' ); 
  1515.  
  1516. /** 
  1517. * Print CSS for loading indicators for the Customizer preview. 
  1518. * 
  1519. * @since 4.2.0 
  1520. * @access public 
  1521. */ 
  1522. public function customize_preview_loading_style() { 
  1523. ?><style> 
  1524. body.wp-customizer-unloading { 
  1525. opacity: 0.25; 
  1526. cursor: progress !important; 
  1527. -webkit-transition: opacity 0.5s; 
  1528. transition: opacity 0.5s; 
  1529. body.wp-customizer-unloading * { 
  1530. pointer-events: none !important; 
  1531. form.customize-unpreviewable,  
  1532. form.customize-unpreviewable input,  
  1533. form.customize-unpreviewable select,  
  1534. form.customize-unpreviewable button,  
  1535. a.customize-unpreviewable,  
  1536. area.customize-unpreviewable { 
  1537. cursor: not-allowed !important; 
  1538. </style><?php 
  1539.  
  1540. /** 
  1541. * Remove customize_messenger_channel query parameter from the preview window when it is not in an iframe. 
  1542. * 
  1543. * This ensures that the admin bar will be shown. It also ensures that link navigation will 
  1544. * work as expected since the parent frame is not being sent the URL to navigate to. 
  1545. * 
  1546. * @since 4.7.0 
  1547. * @access public 
  1548. */ 
  1549. public function remove_frameless_preview_messenger_channel() { 
  1550. if ( ! $this->messenger_channel ) { 
  1551. return; 
  1552. ?> 
  1553. <script> 
  1554. ( function() { 
  1555. var urlParser, oldQueryParams, newQueryParams, i; 
  1556. if ( parent !== window ) { 
  1557. return; 
  1558. urlParser = document.createElement( 'a' ); 
  1559. urlParser.href = location.href; 
  1560. oldQueryParams = urlParser.search.substr( 1 ).split( /&/ ); 
  1561. newQueryParams = []; 
  1562. for ( i = 0; i < oldQueryParams.length; i += 1 ) { 
  1563. if ( ! /^customize_messenger_channel=/.test( oldQueryParams[ i ] ) ) { 
  1564. newQueryParams.push( oldQueryParams[ i ] ); 
  1565. urlParser.search = newQueryParams.join( '&' ); 
  1566. if ( urlParser.search !== location.search ) { 
  1567. location.replace( urlParser.href ); 
  1568. } )(); 
  1569. </script> 
  1570. <?php 
  1571.  
  1572. /** 
  1573. * Print JavaScript settings for preview frame. 
  1574. * 
  1575. * @since 3.4.0 
  1576. */ 
  1577. public function customize_preview_settings() { 
  1578. $post_values = $this->unsanitized_post_values( array( 'exclude_changeset' => true ) ); 
  1579. $setting_validities = $this->validate_setting_values( $post_values ); 
  1580. $exported_setting_validities = array_map( array( $this, 'prepare_setting_validity_for_js' ), $setting_validities ); 
  1581.  
  1582. // Note that the REQUEST_URI is not passed into home_url() since this breaks subdirectory installs. 
  1583. $self_url = empty( $_SERVER['REQUEST_URI'] ) ? home_url( '/' ) : esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ); 
  1584. $state_query_params = array( 
  1585. 'customize_theme',  
  1586. 'customize_changeset_uuid',  
  1587. 'customize_messenger_channel',  
  1588. ); 
  1589. $self_url = remove_query_arg( $state_query_params, $self_url ); 
  1590.  
  1591. $allowed_urls = $this->get_allowed_urls(); 
  1592. $allowed_hosts = array(); 
  1593. foreach ( $allowed_urls as $allowed_url ) { 
  1594. $parsed = wp_parse_url( $allowed_url ); 
  1595. if ( empty( $parsed['host'] ) ) { 
  1596. continue; 
  1597. $host = $parsed['host']; 
  1598. if ( ! empty( $parsed['port'] ) ) { 
  1599. $host .= ':' . $parsed['port']; 
  1600. $allowed_hosts[] = $host; 
  1601.  
  1602. $switched_locale = switch_to_locale( get_user_locale() ); 
  1603. $l10n = array( 
  1604. 'shiftClickToEdit' => __( 'Shift-click to edit this element.' ),  
  1605. 'linkUnpreviewable' => __( 'This link is not live-previewable.' ),  
  1606. 'formUnpreviewable' => __( 'This form is not live-previewable.' ),  
  1607. ); 
  1608. if ( $switched_locale ) { 
  1609. restore_previous_locale(); 
  1610.  
  1611. $settings = array( 
  1612. 'changeset' => array( 
  1613. 'uuid' => $this->_changeset_uuid,  
  1614. ),  
  1615. 'timeouts' => array( 
  1616. 'selectiveRefresh' => 250,  
  1617. 'keepAliveSend' => 1000,  
  1618. ),  
  1619. 'theme' => array( 
  1620. 'stylesheet' => $this->get_stylesheet(),  
  1621. 'active' => $this->is_theme_active(),  
  1622. ),  
  1623. 'url' => array( 
  1624. 'self' => $self_url,  
  1625. 'allowed' => array_map( 'esc_url_raw', $this->get_allowed_urls() ),  
  1626. 'allowedHosts' => array_unique( $allowed_hosts ),  
  1627. 'isCrossDomain' => $this->is_cross_domain(),  
  1628. ),  
  1629. 'channel' => $this->messenger_channel,  
  1630. 'activePanels' => array(),  
  1631. 'activeSections' => array(),  
  1632. 'activeControls' => array(),  
  1633. 'settingValidities' => $exported_setting_validities,  
  1634. 'nonce' => current_user_can( 'customize' ) ? $this->get_nonces() : array(),  
  1635. 'l10n' => $l10n,  
  1636. '_dirty' => array_keys( $post_values ),  
  1637. ); 
  1638.  
  1639. foreach ( $this->panels as $panel_id => $panel ) { 
  1640. if ( $panel->check_capabilities() ) { 
  1641. $settings['activePanels'][ $panel_id ] = $panel->active(); 
  1642. foreach ( $panel->sections as $section_id => $section ) { 
  1643. if ( $section->check_capabilities() ) { 
  1644. $settings['activeSections'][ $section_id ] = $section->active(); 
  1645. foreach ( $this->sections as $id => $section ) { 
  1646. if ( $section->check_capabilities() ) { 
  1647. $settings['activeSections'][ $id ] = $section->active(); 
  1648. foreach ( $this->controls as $id => $control ) { 
  1649. if ( $control->check_capabilities() ) { 
  1650. $settings['activeControls'][ $id ] = $control->active(); 
  1651.  
  1652. ?> 
  1653. <script type="text/javascript"> 
  1654. var _wpCustomizeSettings = <?php echo wp_json_encode( $settings ); ?>; 
  1655. _wpCustomizeSettings.values = {}; 
  1656. (function( v ) { 
  1657. <?php 
  1658. /** 
  1659. * Serialize settings separately from the initial _wpCustomizeSettings 
  1660. * serialization in order to avoid a peak memory usage spike. 
  1661. * @todo We may not even need to export the values at all since the pane syncs them anyway. 
  1662. */ 
  1663. foreach ( $this->settings as $id => $setting ) { 
  1664. if ( $setting->check_capabilities() ) { 
  1665. printf( 
  1666. "v[%s] = %s;\n",  
  1667. wp_json_encode( $id ),  
  1668. wp_json_encode( $setting->js_value() ) 
  1669. ); 
  1670. ?> 
  1671. })( _wpCustomizeSettings.values ); 
  1672. </script> 
  1673. <?php 
  1674.  
  1675. /** 
  1676. * Prints a signature so we can ensure the Customizer was properly executed. 
  1677. * 
  1678. * @since 3.4.0 
  1679. * @deprecated 4.7.0 
  1680. */ 
  1681. public function customize_preview_signature() { 
  1682. _deprecated_function( __METHOD__, '4.7.0' ); 
  1683.  
  1684. /** 
  1685. * Removes the signature in case we experience a case where the Customizer was not properly executed. 
  1686. * 
  1687. * @since 3.4.0 
  1688. * @deprecated 4.7.0 
  1689. * 
  1690. * @param mixed $return Value passed through for {@see 'wp_die_handler'} filter. 
  1691. * @return mixed Value passed through for {@see 'wp_die_handler'} filter. 
  1692. */ 
  1693. public function remove_preview_signature( $return = null ) { 
  1694. _deprecated_function( __METHOD__, '4.7.0' ); 
  1695.  
  1696. return $return; 
  1697.  
  1698. /** 
  1699. * Is it a theme preview? 
  1700. * 
  1701. * @since 3.4.0 
  1702. * 
  1703. * @return bool True if it's a preview, false if not. 
  1704. */ 
  1705. public function is_preview() { 
  1706. return (bool) $this->previewing; 
  1707.  
  1708. /** 
  1709. * Retrieve the template name of the previewed theme. 
  1710. * 
  1711. * @since 3.4.0 
  1712. * 
  1713. * @return string Template name. 
  1714. */ 
  1715. public function get_template() { 
  1716. return $this->theme()->get_template(); 
  1717.  
  1718. /** 
  1719. * Retrieve the stylesheet name of the previewed theme. 
  1720. * 
  1721. * @since 3.4.0 
  1722. * 
  1723. * @return string Stylesheet name. 
  1724. */ 
  1725. public function get_stylesheet() { 
  1726. return $this->theme()->get_stylesheet(); 
  1727.  
  1728. /** 
  1729. * Retrieve the template root of the previewed theme. 
  1730. * 
  1731. * @since 3.4.0 
  1732. * 
  1733. * @return string Theme root. 
  1734. */ 
  1735. public function get_template_root() { 
  1736. return get_raw_theme_root( $this->get_template(), true ); 
  1737.  
  1738. /** 
  1739. * Retrieve the stylesheet root of the previewed theme. 
  1740. * 
  1741. * @since 3.4.0 
  1742. * 
  1743. * @return string Theme root. 
  1744. */ 
  1745. public function get_stylesheet_root() { 
  1746. return get_raw_theme_root( $this->get_stylesheet(), true ); 
  1747.  
  1748. /** 
  1749. * Filters the current theme and return the name of the previewed theme. 
  1750. * 
  1751. * @since 3.4.0 
  1752. * 
  1753. * @param $current_theme {@internal Parameter is not used} 
  1754. * @return string Theme name. 
  1755. */ 
  1756. public function current_theme( $current_theme ) { 
  1757. return $this->theme()->display('Name'); 
  1758.  
  1759. /** 
  1760. * Validates setting values. 
  1761. * 
  1762. * Validation is skipped for unregistered settings or for values that are 
  1763. * already null since they will be skipped anyway. Sanitization is applied 
  1764. * to values that pass validation, and values that become null or `WP_Error` 
  1765. * after sanitizing are marked invalid. 
  1766. * 
  1767. * @since 4.6.0 
  1768. * @access public 
  1769. * 
  1770. * @see WP_REST_Request::has_valid_params() 
  1771. * @see WP_Customize_Setting::validate() 
  1772. * 
  1773. * @param array $setting_values Mapping of setting IDs to values to validate and sanitize. 
  1774. * @param array $options { 
  1775. * Options. 
  1776. * 
  1777. * @type bool $validate_existence Whether a setting's existence will be checked. 
  1778. * @type bool $validate_capability Whether the setting capability will be checked. 
  1779. * } 
  1780. * @return array Mapping of setting IDs to return value of validate method calls, either `true` or `WP_Error`. 
  1781. */ 
  1782. public function validate_setting_values( $setting_values, $options = array() ) { 
  1783. $options = wp_parse_args( $options, array( 
  1784. 'validate_capability' => false,  
  1785. 'validate_existence' => false,  
  1786. ) ); 
  1787.  
  1788. $validities = array(); 
  1789. foreach ( $setting_values as $setting_id => $unsanitized_value ) { 
  1790. $setting = $this->get_setting( $setting_id ); 
  1791. if ( ! $setting ) { 
  1792. if ( $options['validate_existence'] ) { 
  1793. $validities[ $setting_id ] = new WP_Error( 'unrecognized', __( 'Setting does not exist or is unrecognized.' ) ); 
  1794. continue; 
  1795. if ( $options['validate_capability'] && ! current_user_can( $setting->capability ) ) { 
  1796. $validity = new WP_Error( 'unauthorized', __( 'Unauthorized to modify setting due to capability.' ) ); 
  1797. } else { 
  1798. if ( is_null( $unsanitized_value ) ) { 
  1799. continue; 
  1800. $validity = $setting->validate( $unsanitized_value ); 
  1801. if ( ! is_wp_error( $validity ) ) { 
  1802. /** This filter is documented in wp-includes/class-wp-customize-setting.php */ 
  1803. $late_validity = apply_filters( "customize_validate_{$setting->id}", new WP_Error(), $unsanitized_value, $setting ); 
  1804. if ( ! empty( $late_validity->errors ) ) { 
  1805. $validity = $late_validity; 
  1806. if ( ! is_wp_error( $validity ) ) { 
  1807. $value = $setting->sanitize( $unsanitized_value ); 
  1808. if ( is_null( $value ) ) { 
  1809. $validity = false; 
  1810. } elseif ( is_wp_error( $value ) ) { 
  1811. $validity = $value; 
  1812. if ( false === $validity ) { 
  1813. $validity = new WP_Error( 'invalid_value', __( 'Invalid value.' ) ); 
  1814. $validities[ $setting_id ] = $validity; 
  1815. return $validities; 
  1816.  
  1817. /** 
  1818. * Prepares setting validity for exporting to the client (JS). 
  1819. * 
  1820. * Converts `WP_Error` instance into array suitable for passing into the 
  1821. * `wp.customize.Notification` JS model. 
  1822. * 
  1823. * @since 4.6.0 
  1824. * @access public 
  1825. * 
  1826. * @param true|WP_Error $validity Setting validity. 
  1827. * @return true|array If `$validity` was a WP_Error, the error codes will be array-mapped 
  1828. * to their respective `message` and `data` to pass into the 
  1829. * `wp.customize.Notification` JS model. 
  1830. */ 
  1831. public function prepare_setting_validity_for_js( $validity ) { 
  1832. if ( is_wp_error( $validity ) ) { 
  1833. $notification = array(); 
  1834. foreach ( $validity->errors as $error_code => $error_messages ) { 
  1835. $notification[ $error_code ] = array( 
  1836. 'message' => join( ' ', $error_messages ),  
  1837. 'data' => $validity->get_error_data( $error_code ),  
  1838. ); 
  1839. return $notification; 
  1840. } else { 
  1841. return true; 
  1842.  
  1843. /** 
  1844. * Handle customize_save WP Ajax request to save/update a changeset. 
  1845. * 
  1846. * @since 3.4.0 
  1847. * @since 4.7.0 The semantics of this method have changed to update a changeset, optionally to also change the status and other attributes. 
  1848. */ 
  1849. public function save() { 
  1850. if ( ! is_user_logged_in() ) { 
  1851. wp_send_json_error( 'unauthenticated' ); 
  1852.  
  1853. if ( ! $this->is_preview() ) { 
  1854. wp_send_json_error( 'not_preview' ); 
  1855.  
  1856. $action = 'save-customize_' . $this->get_stylesheet(); 
  1857. if ( ! check_ajax_referer( $action, 'nonce', false ) ) { 
  1858. wp_send_json_error( 'invalid_nonce' ); 
  1859.  
  1860. $changeset_post_id = $this->changeset_post_id(); 
  1861. if ( empty( $changeset_post_id ) ) { 
  1862. if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->create_posts ) ) { 
  1863. wp_send_json_error( 'cannot_create_changeset_post' ); 
  1864. } else { 
  1865. if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->edit_post, $changeset_post_id ) ) { 
  1866. wp_send_json_error( 'cannot_edit_changeset_post' ); 
  1867.  
  1868. if ( ! empty( $_POST['customize_changeset_data'] ) ) { 
  1869. $input_changeset_data = json_decode( wp_unslash( $_POST['customize_changeset_data'] ), true ); 
  1870. if ( ! is_array( $input_changeset_data ) ) { 
  1871. wp_send_json_error( 'invalid_customize_changeset_data' ); 
  1872. } else { 
  1873. $input_changeset_data = array(); 
  1874.  
  1875. // Validate title. 
  1876. $changeset_title = null; 
  1877. if ( isset( $_POST['customize_changeset_title'] ) ) { 
  1878. $changeset_title = sanitize_text_field( wp_unslash( $_POST['customize_changeset_title'] ) ); 
  1879.  
  1880. // Validate changeset status param. 
  1881. $is_publish = null; 
  1882. $changeset_status = null; 
  1883. if ( isset( $_POST['customize_changeset_status'] ) ) { 
  1884. $changeset_status = wp_unslash( $_POST['customize_changeset_status'] ); 
  1885. if ( ! get_post_status_object( $changeset_status ) || ! in_array( $changeset_status, array( 'draft', 'pending', 'publish', 'future' ), true ) ) { 
  1886. wp_send_json_error( 'bad_customize_changeset_status', 400 ); 
  1887. $is_publish = ( 'publish' === $changeset_status || 'future' === $changeset_status ); 
  1888. if ( $is_publish && ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->publish_posts ) ) { 
  1889. wp_send_json_error( 'changeset_publish_unauthorized', 403 ); 
  1890.  
  1891. /** 
  1892. * Validate changeset date param. Date is assumed to be in local time for 
  1893. * the WP if in MySQL format (YYYY-MM-DD HH:MM:SS). Otherwise, the date 
  1894. * is parsed with strtotime() so that ISO date format may be supplied 
  1895. * or a string like "+10 minutes". 
  1896. */ 
  1897. $changeset_date_gmt = null; 
  1898. if ( isset( $_POST['customize_changeset_date'] ) ) { 
  1899. $changeset_date = wp_unslash( $_POST['customize_changeset_date'] ); 
  1900. if ( preg_match( '/^\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d$/', $changeset_date ) ) { 
  1901. $mm = substr( $changeset_date, 5, 2 ); 
  1902. $jj = substr( $changeset_date, 8, 2 ); 
  1903. $aa = substr( $changeset_date, 0, 4 ); 
  1904. $valid_date = wp_checkdate( $mm, $jj, $aa, $changeset_date ); 
  1905. if ( ! $valid_date ) { 
  1906. wp_send_json_error( 'bad_customize_changeset_date', 400 ); 
  1907. $changeset_date_gmt = get_gmt_from_date( $changeset_date ); 
  1908. } else { 
  1909. $timestamp = strtotime( $changeset_date ); 
  1910. if ( ! $timestamp ) { 
  1911. wp_send_json_error( 'bad_customize_changeset_date', 400 ); 
  1912. $changeset_date_gmt = gmdate( 'Y-m-d H:i:s', $timestamp ); 
  1913.  
  1914. $r = $this->save_changeset_post( array( 
  1915. 'status' => $changeset_status,  
  1916. 'title' => $changeset_title,  
  1917. 'date_gmt' => $changeset_date_gmt,  
  1918. 'data' => $input_changeset_data,  
  1919. ) ); 
  1920. if ( is_wp_error( $r ) ) { 
  1921. $response = array( 
  1922. 'message' => $r->get_error_message(),  
  1923. 'code' => $r->get_error_code(),  
  1924. ); 
  1925. if ( is_array( $r->get_error_data() ) ) { 
  1926. $response = array_merge( $response, $r->get_error_data() ); 
  1927. } else { 
  1928. $response['data'] = $r->get_error_data(); 
  1929. } else { 
  1930. $response = $r; 
  1931.  
  1932. // Note that if the changeset status was publish, then it will get set to trash if revisions are not supported. 
  1933. $response['changeset_status'] = get_post_status( $this->changeset_post_id() ); 
  1934. if ( $is_publish && 'trash' === $response['changeset_status'] ) { 
  1935. $response['changeset_status'] = 'publish'; 
  1936.  
  1937. if ( 'publish' === $response['changeset_status'] ) { 
  1938. $response['next_changeset_uuid'] = wp_generate_uuid4(); 
  1939.  
  1940. if ( isset( $response['setting_validities'] ) ) { 
  1941. $response['setting_validities'] = array_map( array( $this, 'prepare_setting_validity_for_js' ), $response['setting_validities'] ); 
  1942.  
  1943. /** 
  1944. * Filters response data for a successful customize_save Ajax request. 
  1945. * 
  1946. * This filter does not apply if there was a nonce or authentication failure. 
  1947. * 
  1948. * @since 4.2.0 
  1949. * 
  1950. * @param array $response Additional information passed back to the 'saved' 
  1951. * event on `wp.customize`. 
  1952. * @param WP_Customize_Manager $this WP_Customize_Manager instance. 
  1953. */ 
  1954. $response = apply_filters( 'customize_save_response', $response, $this ); 
  1955.  
  1956. if ( is_wp_error( $r ) ) { 
  1957. wp_send_json_error( $response ); 
  1958. } else { 
  1959. wp_send_json_success( $response ); 
  1960.  
  1961. /** 
  1962. * Save the post for the loaded changeset. 
  1963. * 
  1964. * @since 4.7.0 
  1965. * @access public 
  1966. * 
  1967. * @param array $args { 
  1968. * Args for changeset post. 
  1969. * 
  1970. * @type array $data Optional additional changeset data. Values will be merged on top of any existing post values. 
  1971. * @type string $status Post status. Optional. If supplied, the save will be transactional and a post revision will be allowed. 
  1972. * @type string $title Post title. Optional. 
  1973. * @type string $date_gmt Date in GMT. Optional. 
  1974. * @type int $user_id ID for user who is saving the changeset. Optional, defaults to the current user ID. 
  1975. * @type bool $starter_content Whether the data is starter content. If false (default), then $starter_content will be cleared for any $data being saved. 
  1976. * } 
  1977. * 
  1978. * @return array|WP_Error Returns array on success and WP_Error with array data on error. 
  1979. */ 
  1980. function save_changeset_post( $args = array() ) { 
  1981.  
  1982. $args = array_merge( 
  1983. array( 
  1984. 'status' => null,  
  1985. 'title' => null,  
  1986. 'data' => array(),  
  1987. 'date_gmt' => null,  
  1988. 'user_id' => get_current_user_id(),  
  1989. 'starter_content' => false,  
  1990. ),  
  1991. $args 
  1992. ); 
  1993.  
  1994. $changeset_post_id = $this->changeset_post_id(); 
  1995. $existing_changeset_data = array(); 
  1996. if ( $changeset_post_id ) { 
  1997. $existing_status = get_post_status( $changeset_post_id ); 
  1998. if ( 'publish' === $existing_status || 'trash' === $existing_status ) { 
  1999. return new WP_Error( 'changeset_already_published' ); 
  2000.  
  2001. $existing_changeset_data = $this->get_changeset_post_data( $changeset_post_id ); 
  2002.  
  2003. // Fail if attempting to publish but publish hook is missing. 
  2004. if ( 'publish' === $args['status'] && false === has_action( 'transition_post_status', '_wp_customize_publish_changeset' ) ) { 
  2005. return new WP_Error( 'missing_publish_callback' ); 
  2006.  
  2007. // Validate date. 
  2008. $now = gmdate( 'Y-m-d H:i:59' ); 
  2009. if ( $args['date_gmt'] ) { 
  2010. $is_future_dated = ( mysql2date( 'U', $args['date_gmt'], false ) > mysql2date( 'U', $now, false ) ); 
  2011. if ( ! $is_future_dated ) { 
  2012. return new WP_Error( 'not_future_date' ); // Only future dates are allowed. 
  2013.  
  2014. if ( ! $this->is_theme_active() && ( 'future' === $args['status'] || $is_future_dated ) ) { 
  2015. return new WP_Error( 'cannot_schedule_theme_switches' ); // This should be allowed in the future, when theme is a regular setting. 
  2016. $will_remain_auto_draft = ( ! $args['status'] && ( ! $changeset_post_id || 'auto-draft' === get_post_status( $changeset_post_id ) ) ); 
  2017. if ( $will_remain_auto_draft ) { 
  2018. return new WP_Error( 'cannot_supply_date_for_auto_draft_changeset' ); 
  2019. } elseif ( $changeset_post_id && 'future' === $args['status'] ) { 
  2020.  
  2021. // Fail if the new status is future but the existing post's date is not in the future. 
  2022. $changeset_post = get_post( $changeset_post_id ); 
  2023. if ( mysql2date( 'U', $changeset_post->post_date_gmt, false ) <= mysql2date( 'U', $now, false ) ) { 
  2024. return new WP_Error( 'not_future_date' ); 
  2025.  
  2026. // The request was made via wp.customize.previewer.save(). 
  2027. $update_transactionally = (bool) $args['status']; 
  2028. $allow_revision = (bool) $args['status']; 
  2029.  
  2030. // Amend post values with any supplied data. 
  2031. foreach ( $args['data'] as $setting_id => $setting_params ) { 
  2032. if ( array_key_exists( 'value', $setting_params ) ) { 
  2033. $this->set_post_value( $setting_id, $setting_params['value'] ); // Add to post values so that they can be validated and sanitized. 
  2034.  
  2035. // Note that in addition to post data, this will include any stashed theme mods. 
  2036. $post_values = $this->unsanitized_post_values( array( 
  2037. 'exclude_changeset' => true,  
  2038. 'exclude_post_data' => false,  
  2039. ) ); 
  2040. $this->add_dynamic_settings( array_keys( $post_values ) ); // Ensure settings get created even if they lack an input value. 
  2041.  
  2042. /** 
  2043. * Get list of IDs for settings that have values different from what is currently 
  2044. * saved in the changeset. By skipping any values that are already the same, the 
  2045. * subset of changed settings can be passed into validate_setting_values to prevent 
  2046. * an underprivileged modifying a single setting for which they have the capability 
  2047. * from being blocked from saving. This also prevents a user from touching of the 
  2048. * previous saved settings and overriding the associated user_id if they made no change. 
  2049. */ 
  2050. $changed_setting_ids = array(); 
  2051. foreach ( $post_values as $setting_id => $setting_value ) { 
  2052. $setting = $this->get_setting( $setting_id ); 
  2053.  
  2054. if ( $setting && 'theme_mod' === $setting->type ) { 
  2055. $prefixed_setting_id = $this->get_stylesheet() . '::' . $setting->id; 
  2056. } else { 
  2057. $prefixed_setting_id = $setting_id; 
  2058.  
  2059. $is_value_changed = ( 
  2060. ! isset( $existing_changeset_data[ $prefixed_setting_id ] ) 
  2061. || 
  2062. ! array_key_exists( 'value', $existing_changeset_data[ $prefixed_setting_id ] ) 
  2063. || 
  2064. $existing_changeset_data[ $prefixed_setting_id ]['value'] !== $setting_value 
  2065. ); 
  2066. if ( $is_value_changed ) { 
  2067. $changed_setting_ids[] = $setting_id; 
  2068.  
  2069. /** 
  2070. * Fires before save validation happens. 
  2071. * 
  2072. * Plugins can add just-in-time {@see 'customize_validate_{$this->ID}'} filters 
  2073. * at this point to catch any settings registered after `customize_register`. 
  2074. * The dynamic portion of the hook name, `$this->ID` refers to the setting ID. 
  2075. * 
  2076. * @since 4.6.0 
  2077. * 
  2078. * @param WP_Customize_Manager $this WP_Customize_Manager instance. 
  2079. */ 
  2080. do_action( 'customize_save_validation_before', $this ); 
  2081.  
  2082. // Validate settings. 
  2083. $validated_values = array_merge( 
  2084. array_fill_keys( array_keys( $args['data'] ), null ), // Make sure existence/capability checks are done on value-less setting updates. 
  2085. $post_values 
  2086. ); 
  2087. $setting_validities = $this->validate_setting_values( $validated_values, array( 
  2088. 'validate_capability' => true,  
  2089. 'validate_existence' => true,  
  2090. ) ); 
  2091. $invalid_setting_count = count( array_filter( $setting_validities, 'is_wp_error' ) ); 
  2092.  
  2093. /** 
  2094. * Short-circuit if there are invalid settings the update is transactional. 
  2095. * A changeset update is transactional when a status is supplied in the request. 
  2096. */ 
  2097. if ( $update_transactionally && $invalid_setting_count > 0 ) { 
  2098. $response = array( 
  2099. 'setting_validities' => $setting_validities,  
  2100. 'message' => sprintf( _n( 'There is %s invalid setting.', 'There are %s invalid settings.', $invalid_setting_count ), number_format_i18n( $invalid_setting_count ) ),  
  2101. ); 
  2102. return new WP_Error( 'transaction_fail', '', $response ); 
  2103.  
  2104. // Obtain/merge data for changeset. 
  2105. $original_changeset_data = $this->get_changeset_post_data( $changeset_post_id ); 
  2106. $data = $original_changeset_data; 
  2107. if ( is_wp_error( $data ) ) { 
  2108. $data = array(); 
  2109.  
  2110. // Ensure that all post values are included in the changeset data. 
  2111. foreach ( $post_values as $setting_id => $post_value ) { 
  2112. if ( ! isset( $args['data'][ $setting_id ] ) ) { 
  2113. $args['data'][ $setting_id ] = array(); 
  2114. if ( ! isset( $args['data'][ $setting_id ]['value'] ) ) { 
  2115. $args['data'][ $setting_id ]['value'] = $post_value; 
  2116.  
  2117. foreach ( $args['data'] as $setting_id => $setting_params ) { 
  2118. $setting = $this->get_setting( $setting_id ); 
  2119. if ( ! $setting || ! $setting->check_capabilities() ) { 
  2120. continue; 
  2121.  
  2122. // Skip updating changeset for invalid setting values. 
  2123. if ( isset( $setting_validities[ $setting_id ] ) && is_wp_error( $setting_validities[ $setting_id ] ) ) { 
  2124. continue; 
  2125.  
  2126. $changeset_setting_id = $setting_id; 
  2127. if ( 'theme_mod' === $setting->type ) { 
  2128. $changeset_setting_id = sprintf( '%s::%s', $this->get_stylesheet(), $setting_id ); 
  2129.  
  2130. if ( null === $setting_params ) { 
  2131. // Remove setting from changeset entirely. 
  2132. unset( $data[ $changeset_setting_id ] ); 
  2133. } else { 
  2134.  
  2135. if ( ! isset( $data[ $changeset_setting_id ] ) ) { 
  2136. $data[ $changeset_setting_id ] = array(); 
  2137.  
  2138. // Merge any additional setting params that have been supplied with the existing params. 
  2139. $merged_setting_params = array_merge( $data[ $changeset_setting_id ], $setting_params ); 
  2140.  
  2141. // Skip updating setting params if unchanged (ensuring the user_id is not overwritten). 
  2142. if ( $data[ $changeset_setting_id ] === $merged_setting_params ) { 
  2143. continue; 
  2144.  
  2145. $data[ $changeset_setting_id ] = array_merge( 
  2146. $merged_setting_params,  
  2147. array( 
  2148. 'type' => $setting->type,  
  2149. 'user_id' => $args['user_id'],  
  2150. ); 
  2151.  
  2152. // Clear starter_content flag in data if changeset is not explicitly being updated for starter content. 
  2153. if ( empty( $args['starter_content'] ) ) { 
  2154. unset( $data[ $changeset_setting_id ]['starter_content'] ); 
  2155.  
  2156. $filter_context = array( 
  2157. 'uuid' => $this->changeset_uuid(),  
  2158. 'title' => $args['title'],  
  2159. 'status' => $args['status'],  
  2160. 'date_gmt' => $args['date_gmt'],  
  2161. 'post_id' => $changeset_post_id,  
  2162. 'previous_data' => is_wp_error( $original_changeset_data ) ? array() : $original_changeset_data,  
  2163. 'manager' => $this,  
  2164. ); 
  2165.  
  2166. /** 
  2167. * Filters the settings' data that will be persisted into the changeset. 
  2168. * 
  2169. * Plugins may amend additional data (such as additional meta for settings) into the changeset with this filter. 
  2170. * 
  2171. * @since 4.7.0 
  2172. * 
  2173. * @param array $data Updated changeset data, mapping setting IDs to arrays containing a $value item and optionally other metadata. 
  2174. * @param array $context { 
  2175. * Filter context. 
  2176. * 
  2177. * @type string $uuid Changeset UUID. 
  2178. * @type string $title Requested title for the changeset post. 
  2179. * @type string $status Requested status for the changeset post. 
  2180. * @type string $date_gmt Requested date for the changeset post in MySQL format and GMT timezone. 
  2181. * @type int|false $post_id Post ID for the changeset, or false if it doesn't exist yet. 
  2182. * @type array $previous_data Previous data contained in the changeset. 
  2183. * @type WP_Customize_Manager $manager Manager instance. 
  2184. * } 
  2185. */ 
  2186. $data = apply_filters( 'customize_changeset_save_data', $data, $filter_context ); 
  2187.  
  2188. // Switch theme if publishing changes now. 
  2189. if ( 'publish' === $args['status'] && ! $this->is_theme_active() ) { 
  2190. // Temporarily stop previewing the theme to allow switch_themes() to operate properly. 
  2191. $this->stop_previewing_theme(); 
  2192. switch_theme( $this->get_stylesheet() ); 
  2193. update_option( 'theme_switched_via_customizer', true ); 
  2194. $this->start_previewing_theme(); 
  2195.  
  2196. // Gather the data for wp_insert_post()/wp_update_post(). 
  2197. $json_options = 0; 
  2198. if ( defined( 'JSON_UNESCAPED_SLASHES' ) ) { 
  2199. $json_options |= JSON_UNESCAPED_SLASHES; // Introduced in PHP 5.4. This is only to improve readability as slashes needn't be escaped in storage. 
  2200. $json_options |= JSON_PRETTY_PRINT; // Also introduced in PHP 5.4, but WP defines constant for back compat. See WP Trac #30139. 
  2201. $post_array = array( 
  2202. 'post_content' => wp_json_encode( $data, $json_options ),  
  2203. ); 
  2204. if ( $args['title'] ) { 
  2205. $post_array['post_title'] = $args['title']; 
  2206. if ( $changeset_post_id ) { 
  2207. $post_array['ID'] = $changeset_post_id; 
  2208. } else { 
  2209. $post_array['post_type'] = 'customize_changeset'; 
  2210. $post_array['post_name'] = $this->changeset_uuid(); 
  2211. $post_array['post_status'] = 'auto-draft'; 
  2212. if ( $args['status'] ) { 
  2213. $post_array['post_status'] = $args['status']; 
  2214.  
  2215. // Reset post date to now if we are publishing, otherwise pass post_date_gmt and translate for post_date. 
  2216. if ( 'publish' === $args['status'] ) { 
  2217. $post_array['post_date_gmt'] = '0000-00-00 00:00:00'; 
  2218. $post_array['post_date'] = '0000-00-00 00:00:00'; 
  2219. } elseif ( $args['date_gmt'] ) { 
  2220. $post_array['post_date_gmt'] = $args['date_gmt']; 
  2221. $post_array['post_date'] = get_date_from_gmt( $args['date_gmt'] ); 
  2222. } elseif ( $changeset_post_id && 'auto-draft' === get_post_status( $changeset_post_id ) ) { 
  2223. /** 
  2224. * Keep bumping the date for the auto-draft whenever it is modified; 
  2225. * this extends its life, preserving it from garbage-collection via 
  2226. * wp_delete_auto_drafts(). 
  2227. */ 
  2228. $post_array['post_date'] = current_time( 'mysql' ); 
  2229. $post_array['post_date_gmt'] = ''; 
  2230.  
  2231. $this->store_changeset_revision = $allow_revision; 
  2232. add_filter( 'wp_save_post_revision_post_has_changed', array( $this, '_filter_revision_post_has_changed' ), 5, 3 ); 
  2233.  
  2234. // Update the changeset post. The publish_customize_changeset action will cause the settings in the changeset to be saved via WP_Customize_Setting::save(). 
  2235. $has_kses = ( false !== has_filter( 'content_save_pre', 'wp_filter_post_kses' ) ); 
  2236. if ( $has_kses ) { 
  2237. kses_remove_filters(); // Prevent KSES from corrupting JSON in post_content. 
  2238.  
  2239. // Note that updating a post with publish status will trigger WP_Customize_Manager::publish_changeset_values(). 
  2240. if ( $changeset_post_id ) { 
  2241. $post_array['edit_date'] = true; // Prevent date clearing. 
  2242. $r = wp_update_post( wp_slash( $post_array ), true ); 
  2243. } else { 
  2244. $r = wp_insert_post( wp_slash( $post_array ), true ); 
  2245. if ( ! is_wp_error( $r ) ) { 
  2246. $this->_changeset_post_id = $r; // Update cached post ID for the loaded changeset. 
  2247. if ( $has_kses ) { 
  2248. kses_init_filters(); 
  2249. $this->_changeset_data = null; // Reset so WP_Customize_Manager::changeset_data() will re-populate with updated contents. 
  2250.  
  2251. remove_filter( 'wp_save_post_revision_post_has_changed', array( $this, '_filter_revision_post_has_changed' ) ); 
  2252.  
  2253. $response = array( 
  2254. 'setting_validities' => $setting_validities,  
  2255. ); 
  2256.  
  2257. if ( is_wp_error( $r ) ) { 
  2258. $response['changeset_post_save_failure'] = $r->get_error_code(); 
  2259. return new WP_Error( 'changeset_post_save_failure', '', $response ); 
  2260.  
  2261. return $response; 
  2262.  
  2263. /** 
  2264. * Whether a changeset revision should be made. 
  2265. * 
  2266. * @since 4.7.0 
  2267. * @access private 
  2268. * @var bool 
  2269. */ 
  2270. protected $store_changeset_revision; 
  2271.  
  2272. /** 
  2273. * Filters whether a changeset has changed to create a new revision. 
  2274. * 
  2275. * Note that this will not be called while a changeset post remains in auto-draft status. 
  2276. * 
  2277. * @since 4.7.0 
  2278. * @access private 
  2279. * 
  2280. * @param bool $post_has_changed Whether the post has changed. 
  2281. * @param WP_Post $last_revision The last revision post object. 
  2282. * @param WP_Post $post The post object. 
  2283. * 
  2284. * @return bool Whether a revision should be made. 
  2285. */ 
  2286. public function _filter_revision_post_has_changed( $post_has_changed, $last_revision, $post ) { 
  2287. unset( $last_revision ); 
  2288. if ( 'customize_changeset' === $post->post_type ) { 
  2289. $post_has_changed = $this->store_changeset_revision; 
  2290. return $post_has_changed; 
  2291.  
  2292. /** 
  2293. * Publish changeset values. 
  2294. * 
  2295. * This will the values contained in a changeset, even changesets that do not 
  2296. * correspond to current manager instance. This is called by 
  2297. * `_wp_customize_publish_changeset()` when a customize_changeset post is 
  2298. * transitioned to the `publish` status. As such, this method should not be 
  2299. * called directly and instead `wp_publish_post()` should be used. 
  2300. * 
  2301. * Please note that if the settings in the changeset are for a non-activated 
  2302. * theme, the theme must first be switched to (via `switch_theme()`) before 
  2303. * invoking this method. 
  2304. * 
  2305. * @since 4.7.0 
  2306. * @access private 
  2307. * @see _wp_customize_publish_changeset() 
  2308. * 
  2309. * @param int $changeset_post_id ID for customize_changeset post. Defaults to the changeset for the current manager instance. 
  2310. * @return true|WP_Error True or error info. 
  2311. */ 
  2312. public function _publish_changeset_values( $changeset_post_id ) { 
  2313. $publishing_changeset_data = $this->get_changeset_post_data( $changeset_post_id ); 
  2314. if ( is_wp_error( $publishing_changeset_data ) ) { 
  2315. return $publishing_changeset_data; 
  2316.  
  2317. $changeset_post = get_post( $changeset_post_id ); 
  2318.  
  2319. /** 
  2320. * Temporarily override the changeset context so that it will be read 
  2321. * in calls to unsanitized_post_values() and so that it will be available 
  2322. * on the $wp_customize object passed to hooks during the save logic. 
  2323. */ 
  2324. $previous_changeset_post_id = $this->_changeset_post_id; 
  2325. $this->_changeset_post_id = $changeset_post_id; 
  2326. $previous_changeset_uuid = $this->_changeset_uuid; 
  2327. $this->_changeset_uuid = $changeset_post->post_name; 
  2328. $previous_changeset_data = $this->_changeset_data; 
  2329. $this->_changeset_data = $publishing_changeset_data; 
  2330.  
  2331. // Parse changeset data to identify theme mod settings and user IDs associated with settings to be saved. 
  2332. $setting_user_ids = array(); 
  2333. $theme_mod_settings = array(); 
  2334. $namespace_pattern = '/^(?P<stylesheet>.+?)::(?P<setting_id>.+)$/'; 
  2335. $matches = array(); 
  2336. foreach ( $this->_changeset_data as $raw_setting_id => $setting_params ) { 
  2337. $actual_setting_id = null; 
  2338. $is_theme_mod_setting = ( 
  2339. isset( $setting_params['value'] ) 
  2340. && 
  2341. isset( $setting_params['type'] ) 
  2342. && 
  2343. 'theme_mod' === $setting_params['type'] 
  2344. && 
  2345. preg_match( $namespace_pattern, $raw_setting_id, $matches ) 
  2346. ); 
  2347. if ( $is_theme_mod_setting ) { 
  2348. if ( ! isset( $theme_mod_settings[ $matches['stylesheet'] ] ) ) { 
  2349. $theme_mod_settings[ $matches['stylesheet'] ] = array(); 
  2350. $theme_mod_settings[ $matches['stylesheet'] ][ $matches['setting_id'] ] = $setting_params; 
  2351.  
  2352. if ( $this->get_stylesheet() === $matches['stylesheet'] ) { 
  2353. $actual_setting_id = $matches['setting_id']; 
  2354. } else { 
  2355. $actual_setting_id = $raw_setting_id; 
  2356.  
  2357. // Keep track of the user IDs for settings actually for this theme. 
  2358. if ( $actual_setting_id && isset( $setting_params['user_id'] ) ) { 
  2359. $setting_user_ids[ $actual_setting_id ] = $setting_params['user_id']; 
  2360.  
  2361. $changeset_setting_values = $this->unsanitized_post_values( array( 
  2362. 'exclude_post_data' => true,  
  2363. 'exclude_changeset' => false,  
  2364. ) ); 
  2365. $changeset_setting_ids = array_keys( $changeset_setting_values ); 
  2366. $this->add_dynamic_settings( $changeset_setting_ids ); 
  2367.  
  2368. /** 
  2369. * Fires once the theme has switched in the Customizer, but before settings 
  2370. * have been saved. 
  2371. * 
  2372. * @since 3.4.0 
  2373. * 
  2374. * @param WP_Customize_Manager $manager WP_Customize_Manager instance. 
  2375. */ 
  2376. do_action( 'customize_save', $this ); 
  2377.  
  2378. /** 
  2379. * Ensure that all settings will allow themselves to be saved. Note that 
  2380. * this is safe because the setting would have checked the capability 
  2381. * when the setting value was written into the changeset. So this is why 
  2382. * an additional capability check is not required here. 
  2383. */ 
  2384. $original_setting_capabilities = array(); 
  2385. foreach ( $changeset_setting_ids as $setting_id ) { 
  2386. $setting = $this->get_setting( $setting_id ); 
  2387. if ( $setting && ! isset( $setting_user_ids[ $setting_id ] ) ) { 
  2388. $original_setting_capabilities[ $setting->id ] = $setting->capability; 
  2389. $setting->capability = 'exist'; 
  2390.  
  2391. $original_user_id = get_current_user_id(); 
  2392. foreach ( $changeset_setting_ids as $setting_id ) { 
  2393. $setting = $this->get_setting( $setting_id ); 
  2394. if ( $setting ) { 
  2395. /** 
  2396. * Set the current user to match the user who saved the value into 
  2397. * the changeset so that any filters that apply during the save 
  2398. * process will respect the original user's capabilities. This 
  2399. * will ensure, for example, that KSES won't strip unsafe HTML 
  2400. * when a scheduled changeset publishes via WP Cron. 
  2401. */ 
  2402. if ( isset( $setting_user_ids[ $setting_id ] ) ) { 
  2403. wp_set_current_user( $setting_user_ids[ $setting_id ] ); 
  2404. } else { 
  2405. wp_set_current_user( $original_user_id ); 
  2406.  
  2407. $setting->save(); 
  2408. wp_set_current_user( $original_user_id ); 
  2409.  
  2410. // Update the stashed theme mod settings, removing the active theme's stashed settings, if activated. 
  2411. if ( did_action( 'switch_theme' ) ) { 
  2412. $other_theme_mod_settings = $theme_mod_settings; 
  2413. unset( $other_theme_mod_settings[ $this->get_stylesheet() ] ); 
  2414. $this->update_stashed_theme_mod_settings( $other_theme_mod_settings ); 
  2415.  
  2416. /** 
  2417. * Fires after Customize settings have been saved. 
  2418. * 
  2419. * @since 3.6.0 
  2420. * 
  2421. * @param WP_Customize_Manager $manager WP_Customize_Manager instance. 
  2422. */ 
  2423. do_action( 'customize_save_after', $this ); 
  2424.  
  2425. // Restore original capabilities. 
  2426. foreach ( $original_setting_capabilities as $setting_id => $capability ) { 
  2427. $setting = $this->get_setting( $setting_id ); 
  2428. if ( $setting ) { 
  2429. $setting->capability = $capability; 
  2430.  
  2431. // Restore original changeset data. 
  2432. $this->_changeset_data = $previous_changeset_data; 
  2433. $this->_changeset_post_id = $previous_changeset_post_id; 
  2434. $this->_changeset_uuid = $previous_changeset_uuid; 
  2435.  
  2436. return true; 
  2437.  
  2438. /** 
  2439. * Update stashed theme mod settings. 
  2440. * 
  2441. * @since 4.7.0 
  2442. * @access private 
  2443. * 
  2444. * @param array $inactive_theme_mod_settings Mapping of stylesheet to arrays of theme mod settings. 
  2445. * @return array|false Returns array of updated stashed theme mods or false if the update failed or there were no changes. 
  2446. */ 
  2447. protected function update_stashed_theme_mod_settings( $inactive_theme_mod_settings ) { 
  2448. $stashed_theme_mod_settings = get_option( 'customize_stashed_theme_mods' ); 
  2449. if ( empty( $stashed_theme_mod_settings ) ) { 
  2450. $stashed_theme_mod_settings = array(); 
  2451.  
  2452. // Delete any stashed theme mods for the active theme since since they would have been loaded and saved upon activation. 
  2453. unset( $stashed_theme_mod_settings[ $this->get_stylesheet() ] ); 
  2454.  
  2455. // Merge inactive theme mods with the stashed theme mod settings. 
  2456. foreach ( $inactive_theme_mod_settings as $stylesheet => $theme_mod_settings ) { 
  2457. if ( ! isset( $stashed_theme_mod_settings[ $stylesheet ] ) ) { 
  2458. $stashed_theme_mod_settings[ $stylesheet ] = array(); 
  2459.  
  2460. $stashed_theme_mod_settings[ $stylesheet ] = array_merge( 
  2461. $stashed_theme_mod_settings[ $stylesheet ],  
  2462. $theme_mod_settings 
  2463. ); 
  2464.  
  2465. $autoload = false; 
  2466. $result = update_option( 'customize_stashed_theme_mods', $stashed_theme_mod_settings, $autoload ); 
  2467. if ( ! $result ) { 
  2468. return false; 
  2469. return $stashed_theme_mod_settings; 
  2470.  
  2471. /** 
  2472. * Refresh nonces for the current preview. 
  2473. * 
  2474. * @since 4.2.0 
  2475. */ 
  2476. public function refresh_nonces() { 
  2477. if ( ! $this->is_preview() ) { 
  2478. wp_send_json_error( 'not_preview' ); 
  2479.  
  2480. wp_send_json_success( $this->get_nonces() ); 
  2481.  
  2482. /** 
  2483. * Add a customize setting. 
  2484. * 
  2485. * @since 3.4.0 
  2486. * @since 4.5.0 Return added WP_Customize_Setting instance. 
  2487. * @access public 
  2488. * 
  2489. * @param WP_Customize_Setting|string $id Customize Setting object, or ID. 
  2490. * @param array $args Setting arguments; passed to WP_Customize_Setting 
  2491. * constructor. 
  2492. * @return WP_Customize_Setting The instance of the setting that was added. 
  2493. */ 
  2494. public function add_setting( $id, $args = array() ) { 
  2495. if ( $id instanceof WP_Customize_Setting ) { 
  2496. $setting = $id; 
  2497. } else { 
  2498. $class = 'WP_Customize_Setting'; 
  2499.  
  2500. /** This filter is documented in wp-includes/class-wp-customize-manager.php */ 
  2501. $args = apply_filters( 'customize_dynamic_setting_args', $args, $id ); 
  2502.  
  2503. /** This filter is documented in wp-includes/class-wp-customize-manager.php */ 
  2504. $class = apply_filters( 'customize_dynamic_setting_class', $class, $id, $args ); 
  2505.  
  2506. $setting = new $class( $this, $id, $args ); 
  2507.  
  2508. $this->settings[ $setting->id ] = $setting; 
  2509. return $setting; 
  2510.  
  2511. /** 
  2512. * Register any dynamically-created settings, such as those from $_POST['customized'] 
  2513. * that have no corresponding setting created. 
  2514. * 
  2515. * This is a mechanism to "wake up" settings that have been dynamically created 
  2516. * on the front end and have been sent to WordPress in `$_POST['customized']`. When WP 
  2517. * loads, the dynamically-created settings then will get created and previewed 
  2518. * even though they are not directly created statically with code. 
  2519. * 
  2520. * @since 4.2.0 
  2521. * @access public 
  2522. * 
  2523. * @param array $setting_ids The setting IDs to add. 
  2524. * @return array The WP_Customize_Setting objects added. 
  2525. */ 
  2526. public function add_dynamic_settings( $setting_ids ) { 
  2527. $new_settings = array(); 
  2528. foreach ( $setting_ids as $setting_id ) { 
  2529. // Skip settings already created 
  2530. if ( $this->get_setting( $setting_id ) ) { 
  2531. continue; 
  2532.  
  2533. $setting_args = false; 
  2534. $setting_class = 'WP_Customize_Setting'; 
  2535.  
  2536. /** 
  2537. * Filters a dynamic setting's constructor args. 
  2538. * 
  2539. * For a dynamic setting to be registered, this filter must be employed 
  2540. * to override the default false value with an array of args to pass to 
  2541. * the WP_Customize_Setting constructor. 
  2542. * 
  2543. * @since 4.2.0 
  2544. * 
  2545. * @param false|array $setting_args The arguments to the WP_Customize_Setting constructor. 
  2546. * @param string $setting_id ID for dynamic setting, usually coming from `$_POST['customized']`. 
  2547. */ 
  2548. $setting_args = apply_filters( 'customize_dynamic_setting_args', $setting_args, $setting_id ); 
  2549. if ( false === $setting_args ) { 
  2550. continue; 
  2551.  
  2552. /** 
  2553. * Allow non-statically created settings to be constructed with custom WP_Customize_Setting subclass. 
  2554. * 
  2555. * @since 4.2.0 
  2556. * 
  2557. * @param string $setting_class WP_Customize_Setting or a subclass. 
  2558. * @param string $setting_id ID for dynamic setting, usually coming from `$_POST['customized']`. 
  2559. * @param array $setting_args WP_Customize_Setting or a subclass. 
  2560. */ 
  2561. $setting_class = apply_filters( 'customize_dynamic_setting_class', $setting_class, $setting_id, $setting_args ); 
  2562.  
  2563. $setting = new $setting_class( $this, $setting_id, $setting_args ); 
  2564.  
  2565. $this->add_setting( $setting ); 
  2566. $new_settings[] = $setting; 
  2567. return $new_settings; 
  2568.  
  2569. /** 
  2570. * Retrieve a customize setting. 
  2571. * 
  2572. * @since 3.4.0 
  2573. * 
  2574. * @param string $id Customize Setting ID. 
  2575. * @return WP_Customize_Setting|void The setting, if set. 
  2576. */ 
  2577. public function get_setting( $id ) { 
  2578. if ( isset( $this->settings[ $id ] ) ) { 
  2579. return $this->settings[ $id ]; 
  2580.  
  2581. /** 
  2582. * Remove a customize setting. 
  2583. * 
  2584. * @since 3.4.0 
  2585. * 
  2586. * @param string $id Customize Setting ID. 
  2587. */ 
  2588. public function remove_setting( $id ) { 
  2589. unset( $this->settings[ $id ] ); 
  2590.  
  2591. /** 
  2592. * Add a customize panel. 
  2593. * 
  2594. * @since 4.0.0 
  2595. * @since 4.5.0 Return added WP_Customize_Panel instance. 
  2596. * @access public 
  2597. * 
  2598. * @param WP_Customize_Panel|string $id Customize Panel object, or Panel ID. 
  2599. * @param array $args Optional. Panel arguments. Default empty array. 
  2600. * 
  2601. * @return WP_Customize_Panel The instance of the panel that was added. 
  2602. */ 
  2603. public function add_panel( $id, $args = array() ) { 
  2604. if ( $id instanceof WP_Customize_Panel ) { 
  2605. $panel = $id; 
  2606. } else { 
  2607. $panel = new WP_Customize_Panel( $this, $id, $args ); 
  2608.  
  2609. $this->panels[ $panel->id ] = $panel; 
  2610. return $panel; 
  2611.  
  2612. /** 
  2613. * Retrieve a customize panel. 
  2614. * 
  2615. * @since 4.0.0 
  2616. * @access public 
  2617. * 
  2618. * @param string $id Panel ID to get. 
  2619. * @return WP_Customize_Panel|void Requested panel instance, if set. 
  2620. */ 
  2621. public function get_panel( $id ) { 
  2622. if ( isset( $this->panels[ $id ] ) ) { 
  2623. return $this->panels[ $id ]; 
  2624.  
  2625. /** 
  2626. * Remove a customize panel. 
  2627. * 
  2628. * @since 4.0.0 
  2629. * @access public 
  2630. * 
  2631. * @param string $id Panel ID to remove. 
  2632. */ 
  2633. public function remove_panel( $id ) { 
  2634. // Removing core components this way is _doing_it_wrong(). 
  2635. if ( in_array( $id, $this->components, true ) ) { 
  2636. /** translators: 1: panel id, 2: link to 'customize_loaded_components' filter reference */ 
  2637. $message = sprintf( __( 'Removing %1$s manually will cause PHP warnings. Use the %2$s filter instead.' ),  
  2638. $id,  
  2639. '<a href="' . esc_url( 'https://developer.wordpress.org/reference/hooks/customize_loaded_components/' ) . '"><code>customize_loaded_components</code></a>' 
  2640. ); 
  2641.  
  2642. _doing_it_wrong( __METHOD__, $message, '4.5.0' ); 
  2643. unset( $this->panels[ $id ] ); 
  2644.  
  2645. /** 
  2646. * Register a customize panel type. 
  2647. * 
  2648. * Registered types are eligible to be rendered via JS and created dynamically. 
  2649. * 
  2650. * @since 4.3.0 
  2651. * @access public 
  2652. * 
  2653. * @see WP_Customize_Panel 
  2654. * 
  2655. * @param string $panel Name of a custom panel which is a subclass of WP_Customize_Panel. 
  2656. */ 
  2657. public function register_panel_type( $panel ) { 
  2658. $this->registered_panel_types[] = $panel; 
  2659.  
  2660. /** 
  2661. * Render JS templates for all registered panel types. 
  2662. * 
  2663. * @since 4.3.0 
  2664. * @access public 
  2665. */ 
  2666. public function render_panel_templates() { 
  2667. foreach ( $this->registered_panel_types as $panel_type ) { 
  2668. $panel = new $panel_type( $this, 'temp', array() ); 
  2669. $panel->print_template(); 
  2670.  
  2671. /** 
  2672. * Add a customize section. 
  2673. * 
  2674. * @since 3.4.0 
  2675. * @since 4.5.0 Return added WP_Customize_Section instance. 
  2676. * @access public 
  2677. * 
  2678. * @param WP_Customize_Section|string $id Customize Section object, or Section ID. 
  2679. * @param array $args Section arguments. 
  2680. * 
  2681. * @return WP_Customize_Section The instance of the section that was added. 
  2682. */ 
  2683. public function add_section( $id, $args = array() ) { 
  2684. if ( $id instanceof WP_Customize_Section ) { 
  2685. $section = $id; 
  2686. } else { 
  2687. $section = new WP_Customize_Section( $this, $id, $args ); 
  2688.  
  2689. $this->sections[ $section->id ] = $section; 
  2690. return $section; 
  2691.  
  2692. /** 
  2693. * Retrieve a customize section. 
  2694. * 
  2695. * @since 3.4.0 
  2696. * 
  2697. * @param string $id Section ID. 
  2698. * @return WP_Customize_Section|void The section, if set. 
  2699. */ 
  2700. public function get_section( $id ) { 
  2701. if ( isset( $this->sections[ $id ] ) ) 
  2702. return $this->sections[ $id ]; 
  2703.  
  2704. /** 
  2705. * Remove a customize section. 
  2706. * 
  2707. * @since 3.4.0 
  2708. * 
  2709. * @param string $id Section ID. 
  2710. */ 
  2711. public function remove_section( $id ) { 
  2712. unset( $this->sections[ $id ] ); 
  2713.  
  2714. /** 
  2715. * Register a customize section type. 
  2716. * 
  2717. * Registered types are eligible to be rendered via JS and created dynamically. 
  2718. * 
  2719. * @since 4.3.0 
  2720. * @access public 
  2721. * 
  2722. * @see WP_Customize_Section 
  2723. * 
  2724. * @param string $section Name of a custom section which is a subclass of WP_Customize_Section. 
  2725. */ 
  2726. public function register_section_type( $section ) { 
  2727. $this->registered_section_types[] = $section; 
  2728.  
  2729. /** 
  2730. * Render JS templates for all registered section types. 
  2731. * 
  2732. * @since 4.3.0 
  2733. * @access public 
  2734. */ 
  2735. public function render_section_templates() { 
  2736. foreach ( $this->registered_section_types as $section_type ) { 
  2737. $section = new $section_type( $this, 'temp', array() ); 
  2738. $section->print_template(); 
  2739.  
  2740. /** 
  2741. * Add a customize control. 
  2742. * 
  2743. * @since 3.4.0 
  2744. * @since 4.5.0 Return added WP_Customize_Control instance. 
  2745. * @access public 
  2746. * 
  2747. * @param WP_Customize_Control|string $id Customize Control object, or ID. 
  2748. * @param array $args Control arguments; passed to WP_Customize_Control 
  2749. * constructor. 
  2750. * @return WP_Customize_Control The instance of the control that was added. 
  2751. */ 
  2752. public function add_control( $id, $args = array() ) { 
  2753. if ( $id instanceof WP_Customize_Control ) { 
  2754. $control = $id; 
  2755. } else { 
  2756. $control = new WP_Customize_Control( $this, $id, $args ); 
  2757.  
  2758. $this->controls[ $control->id ] = $control; 
  2759. return $control; 
  2760.  
  2761. /** 
  2762. * Retrieve a customize control. 
  2763. * 
  2764. * @since 3.4.0 
  2765. * 
  2766. * @param string $id ID of the control. 
  2767. * @return WP_Customize_Control|void The control object, if set. 
  2768. */ 
  2769. public function get_control( $id ) { 
  2770. if ( isset( $this->controls[ $id ] ) ) 
  2771. return $this->controls[ $id ]; 
  2772.  
  2773. /** 
  2774. * Remove a customize control. 
  2775. * 
  2776. * @since 3.4.0 
  2777. * 
  2778. * @param string $id ID of the control. 
  2779. */ 
  2780. public function remove_control( $id ) { 
  2781. unset( $this->controls[ $id ] ); 
  2782.  
  2783. /** 
  2784. * Register a customize control type. 
  2785. * 
  2786. * Registered types are eligible to be rendered via JS and created dynamically. 
  2787. * 
  2788. * @since 4.1.0 
  2789. * @access public 
  2790. * 
  2791. * @param string $control Name of a custom control which is a subclass of 
  2792. * WP_Customize_Control. 
  2793. */ 
  2794. public function register_control_type( $control ) { 
  2795. $this->registered_control_types[] = $control; 
  2796.  
  2797. /** 
  2798. * Render JS templates for all registered control types. 
  2799. * 
  2800. * @since 4.1.0 
  2801. * @access public 
  2802. */ 
  2803. public function render_control_templates() { 
  2804. foreach ( $this->registered_control_types as $control_type ) { 
  2805. $control = new $control_type( $this, 'temp', array( 
  2806. 'settings' => array(),  
  2807. ) ); 
  2808. $control->print_template(); 
  2809. ?> 
  2810. <script type="text/html" id="tmpl-customize-control-notifications"> 
  2811. <ul> 
  2812. <# _.each( data.notifications, function( notification ) { #> 
  2813. <li class="notice notice-{{ notification.type || 'info' }} {{ data.altNotice ? 'notice-alt' : '' }}" data-code="{{ notification.code }}" data-type="{{ notification.type }}">{{{ notification.message || notification.code }}}</li> 
  2814. <# } ); #> 
  2815. </ul> 
  2816. </script> 
  2817. <?php 
  2818.  
  2819. /** 
  2820. * Helper function to compare two objects by priority, ensuring sort stability via instance_number. 
  2821. * 
  2822. * @since 3.4.0 
  2823. * @deprecated 4.7.0 Use wp_list_sort() 
  2824. * 
  2825. * @param WP_Customize_Panel|WP_Customize_Section|WP_Customize_Control $a Object A. 
  2826. * @param WP_Customize_Panel|WP_Customize_Section|WP_Customize_Control $b Object B. 
  2827. * @return int 
  2828. */ 
  2829. protected function _cmp_priority( $a, $b ) { 
  2830. _deprecated_function( __METHOD__, '4.7.0', 'wp_list_sort' ); 
  2831.  
  2832. if ( $a->priority === $b->priority ) { 
  2833. return $a->instance_number - $b->instance_number; 
  2834. } else { 
  2835. return $a->priority - $b->priority; 
  2836.  
  2837. /** 
  2838. * Prepare panels, sections, and controls. 
  2839. * 
  2840. * For each, check if required related components exist,  
  2841. * whether the user has the necessary capabilities,  
  2842. * and sort by priority. 
  2843. * 
  2844. * @since 3.4.0 
  2845. */ 
  2846. public function prepare_controls() { 
  2847.  
  2848. $controls = array(); 
  2849. $this->controls = wp_list_sort( $this->controls, array( 
  2850. 'priority' => 'ASC',  
  2851. 'instance_number' => 'ASC',  
  2852. ), 'ASC', true ); 
  2853.  
  2854. foreach ( $this->controls as $id => $control ) { 
  2855. if ( ! isset( $this->sections[ $control->section ] ) || ! $control->check_capabilities() ) { 
  2856. continue; 
  2857.  
  2858. $this->sections[ $control->section ]->controls[] = $control; 
  2859. $controls[ $id ] = $control; 
  2860. $this->controls = $controls; 
  2861.  
  2862. // Prepare sections. 
  2863. $this->sections = wp_list_sort( $this->sections, array( 
  2864. 'priority' => 'ASC',  
  2865. 'instance_number' => 'ASC',  
  2866. ), 'ASC', true ); 
  2867. $sections = array(); 
  2868.  
  2869. foreach ( $this->sections as $section ) { 
  2870. if ( ! $section->check_capabilities() ) { 
  2871. continue; 
  2872.  
  2873.  
  2874. $section->controls = wp_list_sort( $section->controls, array( 
  2875. 'priority' => 'ASC',  
  2876. 'instance_number' => 'ASC',  
  2877. ) ); 
  2878.  
  2879. if ( ! $section->panel ) { 
  2880. // Top-level section. 
  2881. $sections[ $section->id ] = $section; 
  2882. } else { 
  2883. // This section belongs to a panel. 
  2884. if ( isset( $this->panels [ $section->panel ] ) ) { 
  2885. $this->panels[ $section->panel ]->sections[ $section->id ] = $section; 
  2886. $this->sections = $sections; 
  2887.  
  2888. // Prepare panels. 
  2889. $this->panels = wp_list_sort( $this->panels, array( 
  2890. 'priority' => 'ASC',  
  2891. 'instance_number' => 'ASC',  
  2892. ), 'ASC', true ); 
  2893. $panels = array(); 
  2894.  
  2895. foreach ( $this->panels as $panel ) { 
  2896. if ( ! $panel->check_capabilities() ) { 
  2897. continue; 
  2898.  
  2899. $panel->sections = wp_list_sort( $panel->sections, array( 
  2900. 'priority' => 'ASC',  
  2901. 'instance_number' => 'ASC',  
  2902. ), 'ASC', true ); 
  2903. $panels[ $panel->id ] = $panel; 
  2904. $this->panels = $panels; 
  2905.  
  2906. // Sort panels and top-level sections together. 
  2907. $this->containers = array_merge( $this->panels, $this->sections ); 
  2908. $this->containers = wp_list_sort( $this->containers, array( 
  2909. 'priority' => 'ASC',  
  2910. 'instance_number' => 'ASC',  
  2911. ), 'ASC', true ); 
  2912.  
  2913. /** 
  2914. * Enqueue scripts for customize controls. 
  2915. * 
  2916. * @since 3.4.0 
  2917. */ 
  2918. public function enqueue_control_scripts() { 
  2919. foreach ( $this->controls as $control ) { 
  2920. $control->enqueue(); 
  2921.  
  2922. /** 
  2923. * Determine whether the user agent is iOS. 
  2924. * 
  2925. * @since 4.4.0 
  2926. * @access public 
  2927. * 
  2928. * @return bool Whether the user agent is iOS. 
  2929. */ 
  2930. public function is_ios() { 
  2931. return wp_is_mobile() && preg_match( '/iPad|iPod|iPhone/', $_SERVER['HTTP_USER_AGENT'] ); 
  2932.  
  2933. /** 
  2934. * Get the template string for the Customizer pane document title. 
  2935. * 
  2936. * @since 4.4.0 
  2937. * @access public 
  2938. * 
  2939. * @return string The template string for the document title. 
  2940. */ 
  2941. public function get_document_title_template() { 
  2942. if ( $this->is_theme_active() ) { 
  2943. /** translators: %s: document title from the preview */ 
  2944. $document_title_tmpl = __( 'Customize: %s' ); 
  2945. } else { 
  2946. /** translators: %s: document title from the preview */ 
  2947. $document_title_tmpl = __( 'Live Preview: %s' ); 
  2948. $document_title_tmpl = html_entity_decode( $document_title_tmpl, ENT_QUOTES, 'UTF-8' ); // Because exported to JS and assigned to document.title. 
  2949. return $document_title_tmpl; 
  2950.  
  2951. /** 
  2952. * Set the initial URL to be previewed. 
  2953. * 
  2954. * URL is validated. 
  2955. * 
  2956. * @since 4.4.0 
  2957. * @access public 
  2958. * 
  2959. * @param string $preview_url URL to be previewed. 
  2960. */ 
  2961. public function set_preview_url( $preview_url ) { 
  2962. $preview_url = esc_url_raw( $preview_url ); 
  2963. $this->preview_url = wp_validate_redirect( $preview_url, home_url( '/' ) ); 
  2964.  
  2965. /** 
  2966. * Get the initial URL to be previewed. 
  2967. * 
  2968. * @since 4.4.0 
  2969. * @access public 
  2970. * 
  2971. * @return string URL being previewed. 
  2972. */ 
  2973. public function get_preview_url() { 
  2974. if ( empty( $this->preview_url ) ) { 
  2975. $preview_url = home_url( '/' ); 
  2976. } else { 
  2977. $preview_url = $this->preview_url; 
  2978. return $preview_url; 
  2979.  
  2980. /** 
  2981. * Determines whether the admin and the frontend are on different domains. 
  2982. * 
  2983. * @since 4.7.0 
  2984. * @access public 
  2985. * 
  2986. * @return bool Whether cross-domain. 
  2987. */ 
  2988. public function is_cross_domain() { 
  2989. $admin_origin = wp_parse_url( admin_url() ); 
  2990. $home_origin = wp_parse_url( home_url() ); 
  2991. $cross_domain = ( strtolower( $admin_origin['host'] ) !== strtolower( $home_origin['host'] ) ); 
  2992. return $cross_domain; 
  2993.  
  2994. /** 
  2995. * Get URLs allowed to be previewed. 
  2996. * 
  2997. * If the front end and the admin are served from the same domain, load the 
  2998. * preview over ssl if the Customizer is being loaded over ssl. This avoids 
  2999. * insecure content warnings. This is not attempted if the admin and front end 
  3000. * are on different domains to avoid the case where the front end doesn't have 
  3001. * ssl certs. Domain mapping plugins can allow other urls in these conditions 
  3002. * using the customize_allowed_urls filter. 
  3003. * 
  3004. * @since 4.7.0 
  3005. * @access public 
  3006. * 
  3007. * @returns array Allowed URLs. 
  3008. */ 
  3009. public function get_allowed_urls() { 
  3010. $allowed_urls = array( home_url( '/' ) ); 
  3011.  
  3012. if ( is_ssl() && ! $this->is_cross_domain() ) { 
  3013. $allowed_urls[] = home_url( '/', 'https' ); 
  3014.  
  3015. /** 
  3016. * Filters the list of URLs allowed to be clicked and followed in the Customizer preview. 
  3017. * 
  3018. * @since 3.4.0 
  3019. * 
  3020. * @param array $allowed_urls An array of allowed URLs. 
  3021. */ 
  3022. $allowed_urls = array_unique( apply_filters( 'customize_allowed_urls', $allowed_urls ) ); 
  3023.  
  3024. return $allowed_urls; 
  3025.  
  3026. /** 
  3027. * Get messenger channel. 
  3028. * 
  3029. * @since 4.7.0 
  3030. * @access public 
  3031. * 
  3032. * @return string Messenger channel. 
  3033. */ 
  3034. public function get_messenger_channel() { 
  3035. return $this->messenger_channel; 
  3036.  
  3037. /** 
  3038. * Set URL to link the user to when closing the Customizer. 
  3039. * 
  3040. * URL is validated. 
  3041. * 
  3042. * @since 4.4.0 
  3043. * @access public 
  3044. * 
  3045. * @param string $return_url URL for return link. 
  3046. */ 
  3047. public function set_return_url( $return_url ) { 
  3048. $return_url = esc_url_raw( $return_url ); 
  3049. $return_url = remove_query_arg( wp_removable_query_args(), $return_url ); 
  3050. $return_url = wp_validate_redirect( $return_url ); 
  3051. $this->return_url = $return_url; 
  3052.  
  3053. /** 
  3054. * Get URL to link the user to when closing the Customizer. 
  3055. * 
  3056. * @since 4.4.0 
  3057. * @access public 
  3058. * 
  3059. * @return string URL for link to close Customizer. 
  3060. */ 
  3061. public function get_return_url() { 
  3062. $referer = wp_get_referer(); 
  3063. $excluded_referer_basenames = array( 'customize.php', 'wp-login.php' ); 
  3064.  
  3065. if ( $this->return_url ) { 
  3066. $return_url = $this->return_url; 
  3067. } else if ( $referer && ! in_array( basename( parse_url( $referer, PHP_URL_PATH ) ), $excluded_referer_basenames, true ) ) { 
  3068. $return_url = $referer; 
  3069. } else if ( $this->preview_url ) { 
  3070. $return_url = $this->preview_url; 
  3071. } else { 
  3072. $return_url = home_url( '/' ); 
  3073. return $return_url; 
  3074.  
  3075. /** 
  3076. * Set the autofocused constructs. 
  3077. * 
  3078. * @since 4.4.0 
  3079. * @access public 
  3080. * 
  3081. * @param array $autofocus { 
  3082. * Mapping of 'panel', 'section', 'control' to the ID which should be autofocused. 
  3083. * 
  3084. * @type string [$control] ID for control to be autofocused. 
  3085. * @type string [$section] ID for section to be autofocused. 
  3086. * @type string [$panel] ID for panel to be autofocused. 
  3087. * } 
  3088. */ 
  3089. public function set_autofocus( $autofocus ) { 
  3090. $this->autofocus = array_filter( wp_array_slice_assoc( $autofocus, array( 'panel', 'section', 'control' ) ), 'is_string' ); 
  3091.  
  3092. /** 
  3093. * Get the autofocused constructs. 
  3094. * 
  3095. * @since 4.4.0 
  3096. * @access public 
  3097. * 
  3098. * @return array { 
  3099. * Mapping of 'panel', 'section', 'control' to the ID which should be autofocused. 
  3100. * 
  3101. * @type string [$control] ID for control to be autofocused. 
  3102. * @type string [$section] ID for section to be autofocused. 
  3103. * @type string [$panel] ID for panel to be autofocused. 
  3104. * } 
  3105. */ 
  3106. public function get_autofocus() { 
  3107. return $this->autofocus; 
  3108.  
  3109. /** 
  3110. * Get nonces for the Customizer. 
  3111. * 
  3112. * @since 4.5.0 
  3113. * @return array Nonces. 
  3114. */ 
  3115. public function get_nonces() { 
  3116. $nonces = array( 
  3117. 'save' => wp_create_nonce( 'save-customize_' . $this->get_stylesheet() ),  
  3118. 'preview' => wp_create_nonce( 'preview-customize_' . $this->get_stylesheet() ),  
  3119. ); 
  3120.  
  3121. /** 
  3122. * Filters nonces for Customizer. 
  3123. * 
  3124. * @since 4.2.0 
  3125. * 
  3126. * @param array $nonces Array of refreshed nonces for save and 
  3127. * preview actions. 
  3128. * @param WP_Customize_Manager $this WP_Customize_Manager instance. 
  3129. */ 
  3130. $nonces = apply_filters( 'customize_refresh_nonces', $nonces, $this ); 
  3131.  
  3132. return $nonces; 
  3133.  
  3134. /** 
  3135. * Print JavaScript settings for parent window. 
  3136. * 
  3137. * @since 4.4.0 
  3138. */ 
  3139. public function customize_pane_settings() { 
  3140.  
  3141. $login_url = add_query_arg( array( 
  3142. 'interim-login' => 1,  
  3143. 'customize-login' => 1,  
  3144. ), wp_login_url() ); 
  3145.  
  3146. // Ensure dirty flags are set for modified settings. 
  3147. foreach ( array_keys( $this->unsanitized_post_values() ) as $setting_id ) { 
  3148. $setting = $this->get_setting( $setting_id ); 
  3149. if ( $setting ) { 
  3150. $setting->dirty = true; 
  3151.  
  3152. // Prepare Customizer settings to pass to JavaScript. 
  3153. $settings = array( 
  3154. 'changeset' => array( 
  3155. 'uuid' => $this->changeset_uuid(),  
  3156. 'status' => $this->changeset_post_id() ? get_post_status( $this->changeset_post_id() ) : '',  
  3157. ),  
  3158. 'timeouts' => array( 
  3159. 'windowRefresh' => 250,  
  3160. 'changesetAutoSave' => AUTOSAVE_INTERVAL * 1000,  
  3161. 'keepAliveCheck' => 2500,  
  3162. 'reflowPaneContents' => 100,  
  3163. 'previewFrameSensitivity' => 2000,  
  3164. ),  
  3165. 'theme' => array( 
  3166. 'stylesheet' => $this->get_stylesheet(),  
  3167. 'active' => $this->is_theme_active(),  
  3168. ),  
  3169. 'url' => array( 
  3170. 'preview' => esc_url_raw( $this->get_preview_url() ),  
  3171. 'parent' => esc_url_raw( admin_url() ),  
  3172. 'activated' => esc_url_raw( home_url( '/' ) ),  
  3173. 'ajax' => esc_url_raw( admin_url( 'admin-ajax.php', 'relative' ) ),  
  3174. 'allowed' => array_map( 'esc_url_raw', $this->get_allowed_urls() ),  
  3175. 'isCrossDomain' => $this->is_cross_domain(),  
  3176. 'home' => esc_url_raw( home_url( '/' ) ),  
  3177. 'login' => esc_url_raw( $login_url ),  
  3178. ),  
  3179. 'browser' => array( 
  3180. 'mobile' => wp_is_mobile(),  
  3181. 'ios' => $this->is_ios(),  
  3182. ),  
  3183. 'panels' => array(),  
  3184. 'sections' => array(),  
  3185. 'nonce' => $this->get_nonces(),  
  3186. 'autofocus' => $this->get_autofocus(),  
  3187. 'documentTitleTmpl' => $this->get_document_title_template(),  
  3188. 'previewableDevices' => $this->get_previewable_devices(),  
  3189. ); 
  3190.  
  3191. // Prepare Customize Section objects to pass to JavaScript. 
  3192. foreach ( $this->sections() as $id => $section ) { 
  3193. if ( $section->check_capabilities() ) { 
  3194. $settings['sections'][ $id ] = $section->json(); 
  3195.  
  3196. // Prepare Customize Panel objects to pass to JavaScript. 
  3197. foreach ( $this->panels() as $panel_id => $panel ) { 
  3198. if ( $panel->check_capabilities() ) { 
  3199. $settings['panels'][ $panel_id ] = $panel->json(); 
  3200. foreach ( $panel->sections as $section_id => $section ) { 
  3201. if ( $section->check_capabilities() ) { 
  3202. $settings['sections'][ $section_id ] = $section->json(); 
  3203.  
  3204. ?> 
  3205. <script type="text/javascript"> 
  3206. var _wpCustomizeSettings = <?php echo wp_json_encode( $settings ); ?>; 
  3207. _wpCustomizeSettings.controls = {}; 
  3208. _wpCustomizeSettings.settings = {}; 
  3209. <?php 
  3210.  
  3211. // Serialize settings one by one to improve memory usage. 
  3212. echo "(function ( s ) {\n"; 
  3213. foreach ( $this->settings() as $setting ) { 
  3214. if ( $setting->check_capabilities() ) { 
  3215. printf( 
  3216. "s[%s] = %s;\n",  
  3217. wp_json_encode( $setting->id ),  
  3218. wp_json_encode( $setting->json() ) 
  3219. ); 
  3220. echo "})( _wpCustomizeSettings.settings );\n"; 
  3221.  
  3222. // Serialize controls one by one to improve memory usage. 
  3223. echo "(function ( c ) {\n"; 
  3224. foreach ( $this->controls() as $control ) { 
  3225. if ( $control->check_capabilities() ) { 
  3226. printf( 
  3227. "c[%s] = %s;\n",  
  3228. wp_json_encode( $control->id ),  
  3229. wp_json_encode( $control->json() ) 
  3230. ); 
  3231. echo "})( _wpCustomizeSettings.controls );\n"; 
  3232. ?> 
  3233. </script> 
  3234. <?php 
  3235.  
  3236. /** 
  3237. * Returns a list of devices to allow previewing. 
  3238. * 
  3239. * @access public 
  3240. * @since 4.5.0 
  3241. * 
  3242. * @return array List of devices with labels and default setting. 
  3243. */ 
  3244. public function get_previewable_devices() { 
  3245. $devices = array( 
  3246. 'desktop' => array( 
  3247. 'label' => __( 'Enter desktop preview mode' ),  
  3248. 'default' => true,  
  3249. ),  
  3250. 'tablet' => array( 
  3251. 'label' => __( 'Enter tablet preview mode' ),  
  3252. ),  
  3253. 'mobile' => array( 
  3254. 'label' => __( 'Enter mobile preview mode' ),  
  3255. ),  
  3256. ); 
  3257.  
  3258. /** 
  3259. * Filters the available devices to allow previewing in the Customizer. 
  3260. * 
  3261. * @since 4.5.0 
  3262. * 
  3263. * @see WP_Customize_Manager::get_previewable_devices() 
  3264. * 
  3265. * @param array $devices List of devices with labels and default setting. 
  3266. */ 
  3267. $devices = apply_filters( 'customize_previewable_devices', $devices ); 
  3268.  
  3269. return $devices; 
  3270.  
  3271. /** 
  3272. * Register some default controls. 
  3273. * 
  3274. * @since 3.4.0 
  3275. */ 
  3276. public function register_controls() { 
  3277.  
  3278. /** Panel, Section, and Control Types */ 
  3279. $this->register_panel_type( 'WP_Customize_Panel' ); 
  3280. $this->register_section_type( 'WP_Customize_Section' ); 
  3281. $this->register_section_type( 'WP_Customize_Sidebar_Section' ); 
  3282. $this->register_control_type( 'WP_Customize_Color_Control' ); 
  3283. $this->register_control_type( 'WP_Customize_Media_Control' ); 
  3284. $this->register_control_type( 'WP_Customize_Upload_Control' ); 
  3285. $this->register_control_type( 'WP_Customize_Image_Control' ); 
  3286. $this->register_control_type( 'WP_Customize_Background_Image_Control' ); 
  3287. $this->register_control_type( 'WP_Customize_Background_Position_Control' ); 
  3288. $this->register_control_type( 'WP_Customize_Cropped_Image_Control' ); 
  3289. $this->register_control_type( 'WP_Customize_Site_Icon_Control' ); 
  3290. $this->register_control_type( 'WP_Customize_Theme_Control' ); 
  3291.  
  3292. /** Themes */ 
  3293.  
  3294. $this->add_section( new WP_Customize_Themes_Section( $this, 'themes', array( 
  3295. 'title' => $this->theme()->display( 'Name' ),  
  3296. 'capability' => 'switch_themes',  
  3297. 'priority' => 0,  
  3298. ) ) ); 
  3299.  
  3300. // Themes Setting (unused - the theme is considerably more fundamental to the Customizer experience). 
  3301. $this->add_setting( new WP_Customize_Filter_Setting( $this, 'active_theme', array( 
  3302. 'capability' => 'switch_themes',  
  3303. ) ) ); 
  3304.  
  3305. require_once( ABSPATH . 'wp-admin/includes/theme.php' ); 
  3306.  
  3307. // Theme Controls. 
  3308.  
  3309. // Add a control for the active/original theme. 
  3310. if ( ! $this->is_theme_active() ) { 
  3311. $themes = wp_prepare_themes_for_js( array( wp_get_theme( $this->original_stylesheet ) ) ); 
  3312. $active_theme = current( $themes ); 
  3313. $active_theme['isActiveTheme'] = true; 
  3314. $this->add_control( new WP_Customize_Theme_Control( $this, $active_theme['id'], array( 
  3315. 'theme' => $active_theme,  
  3316. 'section' => 'themes',  
  3317. 'settings' => 'active_theme',  
  3318. ) ) ); 
  3319.  
  3320. $themes = wp_prepare_themes_for_js(); 
  3321. foreach ( $themes as $theme ) { 
  3322. if ( $theme['active'] || $theme['id'] === $this->original_stylesheet ) { 
  3323. continue; 
  3324.  
  3325. $theme_id = 'theme_' . $theme['id']; 
  3326. $theme['isActiveTheme'] = false; 
  3327. $this->add_control( new WP_Customize_Theme_Control( $this, $theme_id, array( 
  3328. 'theme' => $theme,  
  3329. 'section' => 'themes',  
  3330. 'settings' => 'active_theme',  
  3331. ) ) ); 
  3332.  
  3333. /** Site Identity */ 
  3334.  
  3335. $this->add_section( 'title_tagline', array( 
  3336. 'title' => __( 'Site Identity' ),  
  3337. 'priority' => 20,  
  3338. ) ); 
  3339.  
  3340. $this->add_setting( 'blogname', array( 
  3341. 'default' => get_option( 'blogname' ),  
  3342. 'type' => 'option',  
  3343. 'capability' => 'manage_options',  
  3344. ) ); 
  3345.  
  3346. $this->add_control( 'blogname', array( 
  3347. 'label' => __( 'Site Title' ),  
  3348. 'section' => 'title_tagline',  
  3349. ) ); 
  3350.  
  3351. $this->add_setting( 'blogdescription', array( 
  3352. 'default' => get_option( 'blogdescription' ),  
  3353. 'type' => 'option',  
  3354. 'capability' => 'manage_options',  
  3355. ) ); 
  3356.  
  3357. $this->add_control( 'blogdescription', array( 
  3358. 'label' => __( 'Tagline' ),  
  3359. 'section' => 'title_tagline',  
  3360. ) ); 
  3361.  
  3362. // Add a setting to hide header text if the theme doesn't support custom headers. 
  3363. if ( ! current_theme_supports( 'custom-header', 'header-text' ) ) { 
  3364. $this->add_setting( 'header_text', array( 
  3365. 'theme_supports' => array( 'custom-logo', 'header-text' ),  
  3366. 'default' => 1,  
  3367. 'sanitize_callback' => 'absint',  
  3368. ) ); 
  3369.  
  3370. $this->add_control( 'header_text', array( 
  3371. 'label' => __( 'Display Site Title and Tagline' ),  
  3372. 'section' => 'title_tagline',  
  3373. 'settings' => 'header_text',  
  3374. 'type' => 'checkbox',  
  3375. ) ); 
  3376.  
  3377. $this->add_setting( 'site_icon', array( 
  3378. 'type' => 'option',  
  3379. 'capability' => 'manage_options',  
  3380. 'transport' => 'postMessage', // Previewed with JS in the Customizer controls window. 
  3381. ) ); 
  3382.  
  3383. $this->add_control( new WP_Customize_Site_Icon_Control( $this, 'site_icon', array( 
  3384. 'label' => __( 'Site Icon' ),  
  3385. 'description' => sprintf( 
  3386. /** translators: %s: site icon size in pixels */ 
  3387. __( 'The Site Icon is used as a browser and app icon for your site. Icons must be square, and at least %s pixels wide and tall.' ),  
  3388. '<strong>512</strong>' 
  3389. ),  
  3390. 'section' => 'title_tagline',  
  3391. 'priority' => 60,  
  3392. 'height' => 512,  
  3393. 'width' => 512,  
  3394. ) ) ); 
  3395.  
  3396. $this->add_setting( 'custom_logo', array( 
  3397. 'theme_supports' => array( 'custom-logo' ),  
  3398. 'transport' => 'postMessage',  
  3399. ) ); 
  3400.  
  3401. $custom_logo_args = get_theme_support( 'custom-logo' ); 
  3402. $this->add_control( new WP_Customize_Cropped_Image_Control( $this, 'custom_logo', array( 
  3403. 'label' => __( 'Logo' ),  
  3404. 'section' => 'title_tagline',  
  3405. 'priority' => 8,  
  3406. 'height' => $custom_logo_args[0]['height'],  
  3407. 'width' => $custom_logo_args[0]['width'],  
  3408. 'flex_height' => $custom_logo_args[0]['flex-height'],  
  3409. 'flex_width' => $custom_logo_args[0]['flex-width'],  
  3410. 'button_labels' => array( 
  3411. 'select' => __( 'Select logo' ),  
  3412. 'change' => __( 'Change logo' ),  
  3413. 'remove' => __( 'Remove' ),  
  3414. 'default' => __( 'Default' ),  
  3415. 'placeholder' => __( 'No logo selected' ),  
  3416. 'frame_title' => __( 'Select logo' ),  
  3417. 'frame_button' => __( 'Choose logo' ),  
  3418. ),  
  3419. ) ) ); 
  3420.  
  3421. $this->selective_refresh->add_partial( 'custom_logo', array( 
  3422. 'settings' => array( 'custom_logo' ),  
  3423. 'selector' => '.custom-logo-link',  
  3424. 'render_callback' => array( $this, '_render_custom_logo_partial' ),  
  3425. 'container_inclusive' => true,  
  3426. ) ); 
  3427.  
  3428. /** Colors */ 
  3429.  
  3430. $this->add_section( 'colors', array( 
  3431. 'title' => __( 'Colors' ),  
  3432. 'priority' => 40,  
  3433. ) ); 
  3434.  
  3435. $this->add_setting( 'header_textcolor', array( 
  3436. 'theme_supports' => array( 'custom-header', 'header-text' ),  
  3437. 'default' => get_theme_support( 'custom-header', 'default-text-color' ),  
  3438.  
  3439. 'sanitize_callback' => array( $this, '_sanitize_header_textcolor' ),  
  3440. 'sanitize_js_callback' => 'maybe_hash_hex_color',  
  3441. ) ); 
  3442.  
  3443. // Input type: checkbox 
  3444. // With custom value 
  3445. $this->add_control( 'display_header_text', array( 
  3446. 'settings' => 'header_textcolor',  
  3447. 'label' => __( 'Display Site Title and Tagline' ),  
  3448. 'section' => 'title_tagline',  
  3449. 'type' => 'checkbox',  
  3450. 'priority' => 40,  
  3451. ) ); 
  3452.  
  3453. $this->add_control( new WP_Customize_Color_Control( $this, 'header_textcolor', array( 
  3454. 'label' => __( 'Header Text Color' ),  
  3455. 'section' => 'colors',  
  3456. ) ) ); 
  3457.  
  3458. // Input type: Color 
  3459. // With sanitize_callback 
  3460. $this->add_setting( 'background_color', array( 
  3461. 'default' => get_theme_support( 'custom-background', 'default-color' ),  
  3462. 'theme_supports' => 'custom-background',  
  3463.  
  3464. 'sanitize_callback' => 'sanitize_hex_color_no_hash',  
  3465. 'sanitize_js_callback' => 'maybe_hash_hex_color',  
  3466. ) ); 
  3467.  
  3468. $this->add_control( new WP_Customize_Color_Control( $this, 'background_color', array( 
  3469. 'label' => __( 'Background Color' ),  
  3470. 'section' => 'colors',  
  3471. ) ) ); 
  3472.  
  3473. /** Custom Header */ 
  3474.  
  3475. if ( current_theme_supports( 'custom-header', 'video' ) ) { 
  3476. $title = __( 'Header Media' ); 
  3477. $description = '<p>' . __( 'If you add a video, the image will be used as a fallback while the video loads.' ) . '</p>'; 
  3478.  
  3479. // @todo Customizer sections should support having notifications just like controls do. See <https://core.trac.wordpress.org/ticket/38794>. 
  3480. $description .= '<div class="customize-control-notifications-container header-video-not-currently-previewable" style="display: none"><ul>'; 
  3481. $description .= '<li class="notice notice-info">' . __( 'This theme doesn\'t support video headers on this page. Navigate to the front page or another page that supports video headers.' ) . '</li>'; 
  3482. $description .= '</ul></div>'; 
  3483. $width = absint( get_theme_support( 'custom-header', 'width' ) ); 
  3484. $height = absint( get_theme_support( 'custom-header', 'height' ) ); 
  3485. if ( $width && $height ) { 
  3486. $control_description = sprintf( 
  3487. /** translators: 1: .mp4, 2: header size in pixels */ 
  3488. __( 'Upload your video in %1$s format and minimize its file size for best results. Your theme recommends dimensions of %2$s pixels.' ),  
  3489. '<code>.mp4</code>',  
  3490. sprintf( '<strong>%s × %s</strong>', $width, $height ) 
  3491. ); 
  3492. } elseif ( $width ) { 
  3493. $control_description = sprintf( 
  3494. /** translators: 1: .mp4, 2: header width in pixels */ 
  3495. __( 'Upload your video in %1$s format and minimize its file size for best results. Your theme recommends a width of %2$s pixels.' ),  
  3496. '<code>.mp4</code>',  
  3497. sprintf( '<strong>%s</strong>', $width ) 
  3498. ); 
  3499. } else { 
  3500. $control_description = sprintf( 
  3501. /** translators: 1: .mp4, 2: header height in pixels */ 
  3502. __( 'Upload your video in %1$s format and minimize its file size for best results. Your theme recommends a height of %2$s pixels.' ),  
  3503. '<code>.mp4</code>',  
  3504. sprintf( '<strong>%s</strong>', $height ) 
  3505. ); 
  3506. } else { 
  3507. $title = __( 'Header Image' ); 
  3508. $description = ''; 
  3509. $control_description = ''; 
  3510.  
  3511. $this->add_section( 'header_image', array( 
  3512. 'title' => $title,  
  3513. 'description' => $description,  
  3514. 'theme_supports' => 'custom-header',  
  3515. 'priority' => 60,  
  3516. ) ); 
  3517.  
  3518. $this->add_setting( 'header_video', array( 
  3519. 'theme_supports' => array( 'custom-header', 'video' ),  
  3520. 'transport' => 'postMessage',  
  3521. 'sanitize_callback' => 'absint',  
  3522. 'validate_callback' => array( $this, '_validate_header_video' ),  
  3523. ) ); 
  3524.  
  3525. $this->add_setting( 'external_header_video', array( 
  3526. 'theme_supports' => array( 'custom-header', 'video' ),  
  3527. 'transport' => 'postMessage',  
  3528. 'sanitize_callback' => array( $this, '_sanitize_external_header_video' ),  
  3529. 'validate_callback' => array( $this, '_validate_external_header_video' ),  
  3530. ) ); 
  3531.  
  3532. $this->add_setting( new WP_Customize_Filter_Setting( $this, 'header_image', array( 
  3533. 'default' => sprintf( get_theme_support( 'custom-header', 'default-image' ), get_template_directory_uri(), get_stylesheet_directory_uri() ),  
  3534. 'theme_supports' => 'custom-header',  
  3535. ) ) ); 
  3536.  
  3537. $this->add_setting( new WP_Customize_Header_Image_Setting( $this, 'header_image_data', array( 
  3538. 'theme_supports' => 'custom-header',  
  3539. ) ) ); 
  3540.  
  3541. /** 
  3542. * Switch image settings to postMessage when video support is enabled since 
  3543. * it entails that the_custom_header_markup() will be used, and thus selective 
  3544. * refresh can be utilized. 
  3545. */ 
  3546. if ( current_theme_supports( 'custom-header', 'video' ) ) { 
  3547. $this->get_setting( 'header_image' )->transport = 'postMessage'; 
  3548. $this->get_setting( 'header_image_data' )->transport = 'postMessage'; 
  3549.  
  3550. $this->add_control( new WP_Customize_Media_Control( $this, 'header_video', array( 
  3551. 'theme_supports' => array( 'custom-header', 'video' ),  
  3552. 'label' => __( 'Header Video' ),  
  3553. 'description' => $control_description,  
  3554. 'section' => 'header_image',  
  3555. 'mime_type' => 'video',  
  3556. // @todo These button_labels can be removed once WP_Customize_Media_Control provides mime_type-specific labels automatically. See <https://core.trac.wordpress.org/ticket/38796>. 
  3557. 'button_labels' => array( 
  3558. 'select' => __( 'Select Video' ),  
  3559. 'change' => __( 'Change Video' ),  
  3560. 'placeholder' => __( 'No video selected' ),  
  3561. 'frame_title' => __( 'Select Video' ),  
  3562. 'frame_button' => __( 'Choose Video' ),  
  3563. ),  
  3564. 'active_callback' => 'is_header_video_active',  
  3565. ) ) ); 
  3566.  
  3567. $this->add_control( 'external_header_video', array( 
  3568. 'theme_supports' => array( 'custom-header', 'video' ),  
  3569. 'type' => 'url',  
  3570. 'description' => __( 'Or, enter a YouTube URL:' ),  
  3571. 'section' => 'header_image',  
  3572. 'active_callback' => 'is_header_video_active',  
  3573. ) ); 
  3574.  
  3575. $this->add_control( new WP_Customize_Header_Image_Control( $this ) ); 
  3576.  
  3577. $this->selective_refresh->add_partial( 'custom_header', array( 
  3578. 'selector' => '#wp-custom-header',  
  3579. 'render_callback' => 'the_custom_header_markup',  
  3580. 'settings' => array( 'header_video', 'external_header_video', 'header_image' ), // The image is used as a video fallback here. 
  3581. 'container_inclusive' => true,  
  3582. ) ); 
  3583.  
  3584. /** Custom Background */ 
  3585.  
  3586. $this->add_section( 'background_image', array( 
  3587. 'title' => __( 'Background Image' ),  
  3588. 'theme_supports' => 'custom-background',  
  3589. 'priority' => 80,  
  3590. ) ); 
  3591.  
  3592. $this->add_setting( 'background_image', array( 
  3593. 'default' => get_theme_support( 'custom-background', 'default-image' ),  
  3594. 'theme_supports' => 'custom-background',  
  3595. 'sanitize_callback' => array( $this, '_sanitize_background_setting' ),  
  3596. ) ); 
  3597.  
  3598. $this->add_setting( new WP_Customize_Background_Image_Setting( $this, 'background_image_thumb', array( 
  3599. 'theme_supports' => 'custom-background',  
  3600. 'sanitize_callback' => array( $this, '_sanitize_background_setting' ),  
  3601. ) ) ); 
  3602.  
  3603. $this->add_control( new WP_Customize_Background_Image_Control( $this ) ); 
  3604.  
  3605. $this->add_setting( 'background_preset', array( 
  3606. 'default' => get_theme_support( 'custom-background', 'default-preset' ),  
  3607. 'theme_supports' => 'custom-background',  
  3608. 'sanitize_callback' => array( $this, '_sanitize_background_setting' ),  
  3609. ) ); 
  3610.  
  3611. $this->add_control( 'background_preset', array( 
  3612. 'label' => _x( 'Preset', 'Background Preset' ),  
  3613. 'section' => 'background_image',  
  3614. 'type' => 'select',  
  3615. 'choices' => array( 
  3616. 'default' => _x( 'Default', 'Default Preset' ),  
  3617. 'fill' => __( 'Fill Screen' ),  
  3618. 'fit' => __( 'Fit to Screen' ),  
  3619. 'repeat' => _x( 'Repeat', 'Repeat Image' ),  
  3620. 'custom' => _x( 'Custom', 'Custom Preset' ),  
  3621. ),  
  3622. ) ); 
  3623.  
  3624. $this->add_setting( 'background_position_x', array( 
  3625. 'default' => get_theme_support( 'custom-background', 'default-position-x' ),  
  3626. 'theme_supports' => 'custom-background',  
  3627. 'sanitize_callback' => array( $this, '_sanitize_background_setting' ),  
  3628. ) ); 
  3629.  
  3630. $this->add_setting( 'background_position_y', array( 
  3631. 'default' => get_theme_support( 'custom-background', 'default-position-y' ),  
  3632. 'theme_supports' => 'custom-background',  
  3633. 'sanitize_callback' => array( $this, '_sanitize_background_setting' ),  
  3634. ) ); 
  3635.  
  3636. $this->add_control( new WP_Customize_Background_Position_Control( $this, 'background_position', array( 
  3637. 'label' => __( 'Image Position' ),  
  3638. 'section' => 'background_image',  
  3639. 'settings' => array( 
  3640. 'x' => 'background_position_x',  
  3641. 'y' => 'background_position_y',  
  3642. ),  
  3643. ) ) ); 
  3644.  
  3645. $this->add_setting( 'background_size', array( 
  3646. 'default' => get_theme_support( 'custom-background', 'default-size' ),  
  3647. 'theme_supports' => 'custom-background',  
  3648. 'sanitize_callback' => array( $this, '_sanitize_background_setting' ),  
  3649. ) ); 
  3650.  
  3651. $this->add_control( 'background_size', array( 
  3652. 'label' => __( 'Image Size' ),  
  3653. 'section' => 'background_image',  
  3654. 'type' => 'select',  
  3655. 'choices' => array( 
  3656. 'auto' => __( 'Original' ),  
  3657. 'contain' => __( 'Fit to Screen' ),  
  3658. 'cover' => __( 'Fill Screen' ),  
  3659. ),  
  3660. ) ); 
  3661.  
  3662. $this->add_setting( 'background_repeat', array( 
  3663. 'default' => get_theme_support( 'custom-background', 'default-repeat' ),  
  3664. 'sanitize_callback' => array( $this, '_sanitize_background_setting' ),  
  3665. 'theme_supports' => 'custom-background',  
  3666. ) ); 
  3667.  
  3668. $this->add_control( 'background_repeat', array( 
  3669. 'label' => __( 'Repeat Background Image' ),  
  3670. 'section' => 'background_image',  
  3671. 'type' => 'checkbox',  
  3672. ) ); 
  3673.  
  3674. $this->add_setting( 'background_attachment', array( 
  3675. 'default' => get_theme_support( 'custom-background', 'default-attachment' ),  
  3676. 'sanitize_callback' => array( $this, '_sanitize_background_setting' ),  
  3677. 'theme_supports' => 'custom-background',  
  3678. ) ); 
  3679.  
  3680. $this->add_control( 'background_attachment', array( 
  3681. 'label' => __( 'Scroll with Page' ),  
  3682. 'section' => 'background_image',  
  3683. 'type' => 'checkbox',  
  3684. ) ); 
  3685.  
  3686.  
  3687. // If the theme is using the default background callback, we can update 
  3688. // the background CSS using postMessage. 
  3689. if ( get_theme_support( 'custom-background', 'wp-head-callback' ) === '_custom_background_cb' ) { 
  3690. foreach ( array( 'color', 'image', 'preset', 'position_x', 'position_y', 'size', 'repeat', 'attachment' ) as $prop ) { 
  3691. $this->get_setting( 'background_' . $prop )->transport = 'postMessage'; 
  3692.  
  3693. /** 
  3694. * Static Front Page 
  3695. * See also https://core.trac.wordpress.org/ticket/19627 which introduces the the static-front-page theme_support. 
  3696. * The following replicates behavior from options-reading.php. 
  3697. */ 
  3698.  
  3699. $this->add_section( 'static_front_page', array( 
  3700. 'title' => __( 'Static Front Page' ),  
  3701. 'priority' => 120,  
  3702. 'description' => __( 'Your theme supports a static front page.' ),  
  3703. 'active_callback' => array( $this, 'has_published_pages' ),  
  3704. ) ); 
  3705.  
  3706. $this->add_setting( 'show_on_front', array( 
  3707. 'default' => get_option( 'show_on_front' ),  
  3708. 'capability' => 'manage_options',  
  3709. 'type' => 'option',  
  3710. ) ); 
  3711.  
  3712. $this->add_control( 'show_on_front', array( 
  3713. 'label' => __( 'Front page displays' ),  
  3714. 'section' => 'static_front_page',  
  3715. 'type' => 'radio',  
  3716. 'choices' => array( 
  3717. 'posts' => __( 'Your latest posts' ),  
  3718. 'page' => __( 'A static page' ),  
  3719. ),  
  3720. ) ); 
  3721.  
  3722. $this->add_setting( 'page_on_front', array( 
  3723. 'type' => 'option',  
  3724. 'capability' => 'manage_options',  
  3725. ) ); 
  3726.  
  3727. $this->add_control( 'page_on_front', array( 
  3728. 'label' => __( 'Front page' ),  
  3729. 'section' => 'static_front_page',  
  3730. 'type' => 'dropdown-pages',  
  3731. 'allow_addition' => true,  
  3732. ) ); 
  3733.  
  3734. $this->add_setting( 'page_for_posts', array( 
  3735. 'type' => 'option',  
  3736. 'capability' => 'manage_options',  
  3737. ) ); 
  3738.  
  3739. $this->add_control( 'page_for_posts', array( 
  3740. 'label' => __( 'Posts page' ),  
  3741. 'section' => 'static_front_page',  
  3742. 'type' => 'dropdown-pages',  
  3743. 'allow_addition' => true,  
  3744. ) ); 
  3745.  
  3746. /** Custom CSS */ 
  3747. $this->add_section( 'custom_css', array( 
  3748. 'title' => __( 'Additional CSS' ),  
  3749. 'priority' => 200,  
  3750. 'description_hidden' => true,  
  3751. 'description' => sprintf( '%s<br /><a href="%s" class="external-link" target="_blank">%s<span class="screen-reader-text">%s</span></a>',  
  3752. __( 'CSS allows you to customize the appearance and layout of your site with code. Separate CSS is saved for each of your themes. In the editing area the Tab key enters a tab character. To move below this area by pressing Tab, press the Esc key followed by the Tab key.' ),  
  3753. esc_url( __( 'https://codex.wordpress.org/CSS' ) ),  
  3754. __( 'Learn more about CSS' ),  
  3755. __( '(link opens in a new window)' ) 
  3756. ),  
  3757. ) ); 
  3758.  
  3759. $custom_css_setting = new WP_Customize_Custom_CSS_Setting( $this, sprintf( 'custom_css[%s]', get_stylesheet() ), array( 
  3760. 'capability' => 'edit_css',  
  3761. 'default' => sprintf( "/*\n%s\n*/", __( "You can add your own CSS here.\n\nClick the help icon above to learn more." ) ),  
  3762. ) ); 
  3763. $this->add_setting( $custom_css_setting ); 
  3764.  
  3765. $this->add_control( 'custom_css', array( 
  3766. 'type' => 'textarea',  
  3767. 'section' => 'custom_css',  
  3768. 'settings' => array( 'default' => $custom_css_setting->id ),  
  3769. 'input_attrs' => array( 
  3770. 'class' => 'code', // Ensures contents displayed as LTR instead of RTL. 
  3771. ),  
  3772. ) ); 
  3773.  
  3774. /** 
  3775. * Return whether there are published pages. 
  3776. * 
  3777. * Used as active callback for static front page section and controls. 
  3778. * 
  3779. * @access private 
  3780. * @since 4.7.0 
  3781. * 
  3782. * @returns bool Whether there are published (or to be published) pages. 
  3783. */ 
  3784. public function has_published_pages() { 
  3785.  
  3786. $setting = $this->get_setting( 'nav_menus_created_posts' ); 
  3787. if ( $setting ) { 
  3788. foreach ( $setting->value() as $post_id ) { 
  3789. if ( 'page' === get_post_type( $post_id ) ) { 
  3790. return true; 
  3791. return 0 !== count( get_pages() ); 
  3792.  
  3793. /** 
  3794. * Add settings from the POST data that were not added with code, e.g. dynamically-created settings for Widgets 
  3795. * 
  3796. * @since 4.2.0 
  3797. * @access public 
  3798. * 
  3799. * @see add_dynamic_settings() 
  3800. */ 
  3801. public function register_dynamic_settings() { 
  3802. $setting_ids = array_keys( $this->unsanitized_post_values() ); 
  3803. $this->add_dynamic_settings( $setting_ids ); 
  3804.  
  3805. /** 
  3806. * Callback for validating the header_textcolor value. 
  3807. * 
  3808. * Accepts 'blank', and otherwise uses sanitize_hex_color_no_hash(). 
  3809. * Returns default text color if hex color is empty. 
  3810. * 
  3811. * @since 3.4.0 
  3812. * 
  3813. * @param string $color 
  3814. * @return mixed 
  3815. */ 
  3816. public function _sanitize_header_textcolor( $color ) { 
  3817. if ( 'blank' === $color ) 
  3818. return 'blank'; 
  3819.  
  3820. $color = sanitize_hex_color_no_hash( $color ); 
  3821. if ( empty( $color ) ) 
  3822. $color = get_theme_support( 'custom-header', 'default-text-color' ); 
  3823.  
  3824. return $color; 
  3825.  
  3826. /** 
  3827. * Callback for validating a background setting value. 
  3828. * 
  3829. * @since 4.7.0 
  3830. * @access private 
  3831. * 
  3832. * @param string $value Repeat value. 
  3833. * @param WP_Customize_Setting $setting Setting. 
  3834. * @return string|WP_Error Background value or validation error. 
  3835. */ 
  3836. public function _sanitize_background_setting( $value, $setting ) { 
  3837. if ( 'background_repeat' === $setting->id ) { 
  3838. if ( ! in_array( $value, array( 'repeat-x', 'repeat-y', 'repeat', 'no-repeat' ) ) ) { 
  3839. return new WP_Error( 'invalid_value', __( 'Invalid value for background repeat.' ) ); 
  3840. } elseif ( 'background_attachment' === $setting->id ) { 
  3841. if ( ! in_array( $value, array( 'fixed', 'scroll' ) ) ) { 
  3842. return new WP_Error( 'invalid_value', __( 'Invalid value for background attachment.' ) ); 
  3843. } elseif ( 'background_position_x' === $setting->id ) { 
  3844. if ( ! in_array( $value, array( 'left', 'center', 'right' ), true ) ) { 
  3845. return new WP_Error( 'invalid_value', __( 'Invalid value for background position X.' ) ); 
  3846. } elseif ( 'background_position_y' === $setting->id ) { 
  3847. if ( ! in_array( $value, array( 'top', 'center', 'bottom' ), true ) ) { 
  3848. return new WP_Error( 'invalid_value', __( 'Invalid value for background position Y.' ) ); 
  3849. } elseif ( 'background_size' === $setting->id ) { 
  3850. if ( ! in_array( $value, array( 'auto', 'contain', 'cover' ), true ) ) { 
  3851. return new WP_Error( 'invalid_value', __( 'Invalid value for background size.' ) ); 
  3852. } elseif ( 'background_preset' === $setting->id ) { 
  3853. if ( ! in_array( $value, array( 'default', 'fill', 'fit', 'repeat', 'custom' ), true ) ) { 
  3854. return new WP_Error( 'invalid_value', __( 'Invalid value for background size.' ) ); 
  3855. } elseif ( 'background_image' === $setting->id || 'background_image_thumb' === $setting->id ) { 
  3856. $value = empty( $value ) ? '' : esc_url_raw( $value ); 
  3857. } else { 
  3858. return new WP_Error( 'unrecognized_setting', __( 'Unrecognized background setting.' ) ); 
  3859. return $value; 
  3860.  
  3861. /** 
  3862. * Export header video settings to facilitate selective refresh. 
  3863. * 
  3864. * @since 4.7.0 
  3865. * 
  3866. * @param array $response Response. 
  3867. * @param WP_Customize_Selective_Refresh $selective_refresh Selective refresh component. 
  3868. * @param array $partials Array of partials. 
  3869. * @return array 
  3870. */ 
  3871. public function export_header_video_settings( $response, $selective_refresh, $partials ) { 
  3872. if ( isset( $partials['custom_header'] ) ) { 
  3873. $response['custom_header_settings'] = get_header_video_settings(); 
  3874.  
  3875. return $response; 
  3876.  
  3877. /** 
  3878. * Callback for validating the header_video value. 
  3879. * 
  3880. * Ensures that the selected video is less than 8MB and provides an error message. 
  3881. * 
  3882. * @since 4.7.0 
  3883. * 
  3884. * @param WP_Error $validity 
  3885. * @param mixed $value 
  3886. * @return mixed 
  3887. */ 
  3888. public function _validate_header_video( $validity, $value ) { 
  3889. $video = get_attached_file( absint( $value ) ); 
  3890. if ( $video ) { 
  3891. $size = filesize( $video ); 
  3892. if ( 8 < $size / pow( 1024, 2 ) ) { // Check whether the size is larger than 8MB. 
  3893. $validity->add( 'size_too_large',  
  3894. __( 'This video file is too large to use as a header video. Try a shorter video or optimize the compression settings and re-upload a file that is less than 8MB. Or, upload your video to YouTube and link it with the option below.' ) 
  3895. ); 
  3896. if ( '.mp4' !== substr( $video, -4 ) && '.mov' !== substr( $video, -4 ) ) { // Check for .mp4 or .mov format, which (assuming h.264 encoding) are the only cross-browser-supported formats. 
  3897. $validity->add( 'invalid_file_type', sprintf( 
  3898. /** translators: 1: .mp4, 2: .mov */ 
  3899. __( 'Only %1$s or %2$s files may be used for header video. Please convert your video file and try again, or, upload your video to YouTube and link it with the option below.' ),  
  3900. '<code>.mp4</code>',  
  3901. '<code>.mov</code>' 
  3902. ) ); 
  3903. return $validity; 
  3904.  
  3905. /** 
  3906. * Callback for validating the external_header_video value. 
  3907. * 
  3908. * Ensures that the provided URL is supported. 
  3909. * 
  3910. * @since 4.7.0 
  3911. * 
  3912. * @param WP_Error $validity 
  3913. * @param mixed $value 
  3914. * @return mixed 
  3915. */ 
  3916. public function _validate_external_header_video( $validity, $value ) { 
  3917. $video = esc_url_raw( $value ); 
  3918. if ( $video ) { 
  3919. if ( ! preg_match( '#^https?://(?:www\.)?(?:youtube\.com/watch|youtu\.be/)#', $video ) ) { 
  3920. $validity->add( 'invalid_url', __( 'Please enter a valid YouTube URL.' ) ); 
  3921. return $validity; 
  3922.  
  3923. /** 
  3924. * Callback for sanitizing the external_header_video value. 
  3925. * 
  3926. * @since 4.7.1 
  3927. * 
  3928. * @param string $value URL. 
  3929. * @return string Sanitized URL. 
  3930. */ 
  3931. public function _sanitize_external_header_video( $value ) { 
  3932. return esc_url_raw( trim( $value ) ); 
  3933.  
  3934. /** 
  3935. * Callback for rendering the custom logo, used in the custom_logo partial. 
  3936. * 
  3937. * This method exists because the partial object and context data are passed 
  3938. * into a partial's render_callback so we cannot use get_custom_logo() as 
  3939. * the render_callback directly since it expects a blog ID as the first 
  3940. * argument. When WP no longer supports PHP 5.3, this method can be removed 
  3941. * in favor of an anonymous function. 
  3942. * 
  3943. * @see WP_Customize_Manager::register_controls() 
  3944. * 
  3945. * @since 4.5.0 
  3946. * @access private 
  3947. * 
  3948. * @return string Custom logo. 
  3949. */ 
  3950. public function _render_custom_logo_partial() { 
  3951. return get_custom_logo(); 
.