From b4d09617185dfa9e1f678ad5e026d76a2fdcd767 Mon Sep 17 00:00:00 2001
From: Scott Taylor <wonderboymusic@git.wordpress.org>
Date: Sat, 1 Nov 2014 22:16:19 +0000
Subject: [PATCH] In `customize.php`, check that `$autofocus` is an `array`
 after running `wp_unslash()` instead of before. This is admittedly to skip a
 traversable hint in Scrutinizer.

See #30224.


git-svn-id: https://develop.svn.wordpress.org/trunk@30164 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/customize.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/wp-admin/customize.php b/src/wp-admin/customize.php
index 50ee0ad111..1f85ec6c75 100644
--- a/src/wp-admin/customize.php
+++ b/src/wp-admin/customize.php
@@ -282,11 +282,13 @@ do_action( 'customize_controls_print_scripts' );
 	}
 
 	// Pass to frontend the Customizer construct being deeplinked
-	if ( isset( $_GET['autofocus'] ) && is_array( $_GET['autofocus'] ) ) {
+	if ( isset( $_GET['autofocus'] ) ) {
 		$autofocus = wp_unslash( $_GET['autofocus'] );
-		foreach ( $autofocus as $type => $id ) {
-			if ( isset( $settings[ $type . 's' ][ $id ] ) ) {
-				$settings['autofocus'][ $type ] = $id;
+		if ( is_array( $autofocus ) ) {
+			foreach ( $autofocus as $type => $id ) {
+				if ( isset( $settings[ $type . 's' ][ $id ] ) ) {
+					$settings['autofocus'][ $type ] = $id;
+				}
 			}
 		}
 	}