Customize: Prevent links to customize.php from being generated which have query vars from wp_removable_query_args() present.

Props dlh. See #23367, #32692. Fixes #31850. git-svn-id: https://develop.svn.wordpress.org/trunk@40313 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 14:20:15 +00:00 · 2017-03-22 23:03:28 +00:00
parent 9528740aa3
commit cafa85c014
4 changed files with 4 additions and 4 deletions
--- a/src/wp-admin/widgets.php
+++ b/src/wp-admin/widgets.php
@@ -357,7 +357,7 @@ if ( current_user_can( 'customize' ) ) {
 		esc_url( add_query_arg(
 			array(
 				array( 'autofocus' => array( 'panel' => 'widgets' ) ),
-				'return' => urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) )
+				'return' => urlencode( remove_query_arg( wp_removable_query_args(), wp_unslash( $_SERVER['REQUEST_URI'] ) ) )
 			),
 			admin_url( 'customize.php' )
 		) ),