From 2fa620e4c347817a2d695b01f2a38b5acdc1a1ca Mon Sep 17 00:00:00 2001
From: Weston Ruter <westonruter@git.wordpress.org>
Date: Mon, 11 Jan 2016 18:50:30 +0000
Subject: [PATCH] Customizer: Prevent erroneously directing user to login
 screen when closing.

Fixes issue where user gets stuck at login screen after trying to close the app if previously they had to first login to access the Customizer. Prevents `WP_Customize_Manager::get_return_url()` from using `wp-login.php` as a referer.

Props chandrapatel.
See #32637.
Fixes #35355.


git-svn-id: https://develop.svn.wordpress.org/trunk@36261 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/class-wp-customize-manager.php | 4 +++-
 tests/phpunit/tests/customize/manager.php      | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/wp-includes/class-wp-customize-manager.php b/src/wp-includes/class-wp-customize-manager.php
index 66fb7ff24f..4f4fcf1b64 100644
--- a/src/wp-includes/class-wp-customize-manager.php
+++ b/src/wp-includes/class-wp-customize-manager.php
@@ -1579,9 +1579,11 @@ final class WP_Customize_Manager {
 	 */
 	public function get_return_url() {
 		$referer = wp_get_referer();
+		$excluded_referer_basenames = array( 'customize.php', 'wp-login.php' );
+
 		if ( $this->return_url ) {
 			$return_url = $this->return_url;
-		} else if ( $referer && 'customize.php' !== basename( parse_url( $referer, PHP_URL_PATH ) ) ) {
+		} else if ( $referer && ! in_array( basename( parse_url( $referer, PHP_URL_PATH ) ), $excluded_referer_basenames, true ) ) {
 			$return_url = $referer;
 		} else if ( $this->preview_url ) {
 			$return_url = $this->preview_url;
diff --git a/tests/phpunit/tests/customize/manager.php b/tests/phpunit/tests/customize/manager.php
index 929df0a30c..e787cfa02b 100644
--- a/tests/phpunit/tests/customize/manager.php
+++ b/tests/phpunit/tests/customize/manager.php
@@ -322,6 +322,10 @@ class Tests_WP_Customize_Manager extends WP_UnitTestCase {
 		$_SERVER['HTTP_REFERER'] = wp_slash( admin_url( 'customize.php' ) );
 		$this->assertEquals( $preview_url, $this->manager->get_return_url() );
 
+		// See #35355.
+		$_SERVER['HTTP_REFERER'] = wp_slash( admin_url( 'wp-login.php' ) );
+		$this->assertEquals( $preview_url, $this->manager->get_return_url() );
+
 		$url = home_url( '/referred/' );
 		$_SERVER['HTTP_REFERER'] = wp_slash( $url );
 		$this->assertEquals( $url, $this->manager->get_return_url() );