Customize: Prevent links to customize.php from being generated which have query vars from wp_removable_query_args() present.

Props dlh. See #23367, #32692. Fixes #31850. git-svn-id: https://develop.svn.wordpress.org/trunk@40313 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 22:30:04 +00:00 · 2017-03-22 23:03:28 +00:00
parent 9528740aa3
commit cafa85c014
4 changed files with 4 additions and 4 deletions
--- a/src/wp-admin/includes/theme.php
+++ b/src/wp-admin/includes/theme.php
@@ -578,7 +578,7 @@ function wp_prepare_themes_for_js( $themes = null ) {
 		if ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) {
 			$customize_action = esc_url( add_query_arg(
 				array(
-					'return' => urlencode( esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ),
+					'return' => urlencode( esc_url_raw( remove_query_arg( wp_removable_query_args(), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) ),
 				),
 				wp_customize_url( $slug )
 			) );