From ae2657dd32a273a5746354629252bb00c5df689f Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Mon, 22 Feb 2016 05:31:27 +0000 Subject: [PATCH] Customize: Prevent PHP notice and JS error caused by widgets and nav menus components if user only has `customize` capability. Short-circuits components from initializing their hooks needlessly if current user lacks required capability. Fixes #35895. Built from https://develop.svn.wordpress.org/trunk@36611 git-svn-id: http://core.svn.wordpress.org/trunk@36578 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/class-wp-customize-nav-menus.php | 5 +++++ wp-includes/class-wp-customize-widgets.php | 5 +++++ wp-includes/version.php | 2 +- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/wp-includes/class-wp-customize-nav-menus.php b/wp-includes/class-wp-customize-nav-menus.php index 24384322a0..b4bd0fd0f4 100644 --- a/wp-includes/class-wp-customize-nav-menus.php +++ b/wp-includes/class-wp-customize-nav-menus.php @@ -48,6 +48,11 @@ final class WP_Customize_Nav_Menus { $this->previewed_menus = array(); $this->manager = $manager; + // Skip useless hooks when the user can't manage nav menus anyway. + if ( ! current_user_can( 'edit_theme_options' ) ) { + return; + } + add_filter( 'customize_refresh_nonces', array( $this, 'filter_nonces' ) ); add_action( 'wp_ajax_load-available-menu-items-customizer', array( $this, 'ajax_load_available_items' ) ); add_action( 'wp_ajax_search-available-menu-items-customizer', array( $this, 'ajax_search_available_items' ) ); diff --git a/wp-includes/class-wp-customize-widgets.php b/wp-includes/class-wp-customize-widgets.php index 28eaf1283a..ca171b2e57 100644 --- a/wp-includes/class-wp-customize-widgets.php +++ b/wp-includes/class-wp-customize-widgets.php @@ -84,6 +84,11 @@ final class WP_Customize_Widgets { public function __construct( $manager ) { $this->manager = $manager; + // Skip useless hooks when the user can't manage widgets anyway. + if ( ! current_user_can( 'edit_theme_options' ) ) { + return; + } + add_filter( 'customize_dynamic_setting_args', array( $this, 'filter_customize_dynamic_setting_args' ), 10, 2 ); add_action( 'after_setup_theme', array( $this, 'register_settings' ) ); add_action( 'wp_loaded', array( $this, 'override_sidebars_widgets_for_theme_switch' ) ); diff --git a/wp-includes/version.php b/wp-includes/version.php index e2e8f86e21..df5d0ff00b 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.5-alpha-36610'; +$wp_version = '4.5-alpha-36611'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.