1<?php
2/**
3 * Theme Customize Screen.
4 *
5 * @package WordPress
6 * @subpackage Customize
7 * @since 3.4.0
8 */
9
10define( 'IFRAME_REQUEST', true );
11
12/** Load WordPress Administration Bootstrap */
13require_once __DIR__ . '/admin.php';
14
15if ( ! current_user_can( 'customize' ) ) {
16	wp_die(
17		'<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
18		'<p>' . __( 'Sorry, you are not allowed to customize this site.' ) . '</p>',
19		403
20	);
21}
22
23/**
24 * @global WP_Scripts           $wp_scripts
25 * @global WP_Customize_Manager $wp_customize
26 */
27global $wp_scripts, $wp_customize;
28
29if ( $wp_customize->changeset_post_id() ) {
30	$changeset_post = get_post( $wp_customize->changeset_post_id() );
31
32	if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->edit_post, $changeset_post->ID ) ) {
33		wp_die(
34			'<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
35			'<p>' . __( 'Sorry, you are not allowed to edit this changeset.' ) . '</p>',
36			403
37		);
38	}
39
40	$missed_schedule = (
41		'future' === $changeset_post->post_status &&
42		get_post_time( 'G', true, $changeset_post ) < time()
43	);
44	if ( $missed_schedule ) {
45		/*
46		 * Note that an Ajax request spawns here instead of just calling `wp_publish_post( $changeset_post->ID )`.
47		 *
48		 * Because WP_Customize_Manager is not instantiated for customize.php with the `settings_previewed=false`
49		 * argument, settings cannot be reliably saved. Some logic short-circuits if the current value is the
50		 * same as the value being saved. This is particularly true for options via `update_option()`.
51		 *
52		 * By opening an Ajax request, this is avoided and the changeset is published. See #39221.
53		 */
54		$nonces       = $wp_customize->get_nonces();
55		$request_args = array(
56			'nonce'                      => $nonces['save'],
57			'customize_changeset_uuid'   => $wp_customize->changeset_uuid(),
58			'wp_customize'               => 'on',
59			'customize_changeset_status' => 'publish',
60		);
61		ob_start();
62		?>
63		<?php wp_print_scripts( array( 'wp-util' ) ); ?>
64		<script>
65			wp.ajax.post( 'customize_save', <?php echo wp_json_encode( $request_args ); ?> );
66		</script>
67		<?php
68		$script = ob_get_clean();
69
70		wp_die(
71			'<h1>' . __( 'Your scheduled changes just published' ) . '</h1>' .
72			'<p><a href="' . esc_url( remove_query_arg( 'changeset_uuid' ) ) . '">' . __( 'Customize New Changes' ) . '</a></p>' . $script,
73			200
74		);
75	}
76
77	if ( in_array( get_post_status( $changeset_post->ID ), array( 'publish', 'trash' ), true ) ) {
78		wp_die(
79			'<h1>' . __( 'Something went wrong.' ) . '</h1>' .
80			'<p>' . __( 'This changeset cannot be further modified.' ) . '</p>' .
81			'<p><a href="' . esc_url( remove_query_arg( 'changeset_uuid' ) ) . '">' . __( 'Customize New Changes' ) . '</a></p>',
82			403
83		);
84	}
85}
86
87
88wp_reset_vars( array( 'url', 'return', 'autofocus' ) );
89if ( ! empty( $url ) ) {
90	$wp_customize->set_preview_url( wp_unslash( $url ) );
91}
92if ( ! empty( $return ) ) {
93	$wp_customize->set_return_url( wp_unslash( $return ) );
94}
95if ( ! empty( $autofocus ) && is_array( $autofocus ) ) {
96	$wp_customize->set_autofocus( wp_unslash( $autofocus ) );
97}
98
99$registered             = $wp_scripts->registered;
100$wp_scripts             = new WP_Scripts;
101$wp_scripts->registered = $registered;
102
103add_action( 'customize_controls_print_scripts', 'print_head_scripts', 20 );
104add_action( 'customize_controls_print_footer_scripts', '_wp_footer_scripts' );
105add_action( 'customize_controls_print_styles', 'print_admin_styles', 20 );
106
107/**
108 * Fires when Customizer controls are initialized, before scripts are enqueued.
109 *
110 * @since 3.4.0
111 */
112do_action( 'customize_controls_init' );
113
114wp_enqueue_script( 'heartbeat' );
115wp_enqueue_script( 'customize-controls' );
116wp_enqueue_style( 'customize-controls' );
117
118/**
119 * Enqueue Customizer control scripts.
120 *
121 * @since 3.4.0
122 */
123do_action( 'customize_controls_enqueue_scripts' );
124
125// Let's roll.
126header( 'Content-Type: ' . get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ) );
127
128wp_user_settings();
129_wp_admin_html_begin();
130
131$body_class = 'wp-core-ui wp-customizer js';
132
133if ( wp_is_mobile() ) :
134	$body_class .= ' mobile';
135	add_filter( 'admin_viewport_meta', '_customizer_mobile_viewport_meta' );
136endif;
137
138if ( $wp_customize->is_ios() ) {
139	$body_class .= ' ios';
140}
141
142if ( is_rtl() ) {
143	$body_class .= ' rtl';
144}
145$body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_user_locale() ) ) );
146
147if ( wp_use_widgets_block_editor() ) {
148	$body_class .= ' wp-embed-responsive';
149}
150
151$admin_title = sprintf( $wp_customize->get_document_title_template(), __( 'Loading&hellip;' ) );
152
153?>
154<title><?php echo esc_html( $admin_title ); ?></title>
155
156<script type="text/javascript">
157var ajaxurl = <?php echo wp_json_encode( admin_url( 'admin-ajax.php', 'relative' ) ); ?>,
158	pagenow = 'customize';
159</script>
160
161<?php
162/**
163 * Fires when Customizer control styles are printed.
164 *
165 * @since 3.4.0
166 */
167do_action( 'customize_controls_print_styles' );
168
169/**
170 * Fires when Customizer control scripts are printed.
171 *
172 * @since 3.4.0
173 */
174do_action( 'customize_controls_print_scripts' );
175
176/**
177 * Fires in head section of Customizer controls.
178 *
179 * @since 5.5.0
180 */
181do_action( 'customize_controls_head' );
182?>
183</head>
184<body class="<?php echo esc_attr( $body_class ); ?>">
185<div class="wp-full-overlay expanded">
186	<form id="customize-controls" class="wrap wp-full-overlay-sidebar">
187		<div id="customize-header-actions" class="wp-full-overlay-header">
188			<?php
189			$compatible_wp  = is_wp_version_compatible( $wp_customize->theme()->get( 'RequiresWP' ) );
190			$compatible_php = is_php_version_compatible( $wp_customize->theme()->get( 'RequiresPHP' ) );
191			$fse_safe       = true;
192
193			// Check if the theme requires the Gutenberg plugin to work correctly.
194			$theme_tags = $wp_customize->theme()->get( 'Tags' );
195
196			if ( ! empty( $theme_tags ) && in_array( 'full-site-editing', $theme_tags, true ) && ! function_exists( 'gutenberg_is_fse_theme' ) ) {
197				$fse_safe = false;
198			}
199			?>
200			<?php if ( $compatible_wp && $compatible_php && $fse_safe ) : ?>
201				<?php $save_text = $wp_customize->is_theme_active() ? __( 'Publish' ) : __( 'Activate &amp; Publish' ); ?>
202				<div id="customize-save-button-wrapper" class="customize-save-button-wrapper" >
203					<?php submit_button( $save_text, 'primary save', 'save', false ); ?>
204					<button id="publish-settings" class="publish-settings button-primary button dashicons dashicons-admin-generic" aria-label="<?php esc_attr_e( 'Publish Settings' ); ?>" aria-expanded="false" disabled></button>
205				</div>
206			<?php else : ?>
207				<?php $save_text = _x( 'Cannot Activate', 'theme' ); ?>
208				<div id="customize-save-button-wrapper" class="customize-save-button-wrapper disabled" >
209					<button class="button button-primary disabled" aria-label="<?php esc_attr_e( 'Publish Settings' ); ?>" aria-expanded="false" disabled><?php echo $save_text; ?></button>
210				</div>
211			<?php endif; ?>
212			<span class="spinner"></span>
213			<button type="button" class="customize-controls-preview-toggle">
214				<span class="controls"><?php _e( 'Customize' ); ?></span>
215				<span class="preview"><?php _e( 'Preview' ); ?></span>
216			</button>
217			<a class="customize-controls-close" href="<?php echo esc_url( $wp_customize->get_return_url() ); ?>">
218				<span class="screen-reader-text"><?php _e( 'Close the Customizer and go back to the previous page' ); ?></span>
219			</a>
220		</div>
221
222		<div id="customize-sidebar-outer-content">
223			<div id="customize-outer-theme-controls">
224				<ul class="customize-outer-pane-parent"><?php // Outer panel and sections are not implemented, but its here as a placeholder to avoid any side-effect in api.Section. ?></ul>
225			</div>
226		</div>
227
228		<div id="widgets-right" class="wp-clearfix"><!-- For Widget Customizer, many widgets try to look for instances under div#widgets-right, so we have to add that ID to a container div in the Customizer for compat -->
229			<div id="customize-notifications-area" class="customize-control-notifications-container">
230				<ul></ul>
231			</div>
232			<div class="wp-full-overlay-sidebar-content" tabindex="-1">
233				<div id="customize-info" class="accordion-section customize-info">
234					<div class="accordion-section-title">
235						<span class="preview-notice">
236						<?php
237							/* translators: %s: The site/panel title in the Customizer. */
238							printf( __( 'You are customizing %s' ), '<strong class="panel-title site-title">' . get_bloginfo( 'name', 'display' ) . '</strong>' );
239						?>
240						</span>
241						<button type="button" class="customize-help-toggle dashicons dashicons-editor-help" aria-expanded="false"><span class="screen-reader-text"><?php _e( 'Help' ); ?></span></button>
242					</div>
243					<div class="customize-panel-description">
244					<?php
245						_e( 'The Customizer allows you to preview changes to your site before publishing them. You can navigate to different pages on your site within the preview. Edit shortcuts are shown for some editable elements.' );
246					?>
247					</div>
248				</div>
249
250				<div id="customize-theme-controls">
251					<ul class="customize-pane-parent"><?php // Panels and sections are managed here via JavaScript ?></ul>
252				</div>
253			</div>
254		</div>
255
256		<div id="customize-footer-actions" class="wp-full-overlay-footer">
257			<button type="button" class="collapse-sidebar button" aria-expanded="true" aria-label="<?php echo esc_attr_x( 'Hide Controls', 'label for hide controls button without length constraints' ); ?>">
258				<span class="collapse-sidebar-arrow"></span>
259				<span class="collapse-sidebar-label"><?php _ex( 'Hide Controls', 'short (~12 characters) label for hide controls button' ); ?></span>
260			</button>
261			<?php $previewable_devices = $wp_customize->get_previewable_devices(); ?>
262			<?php if ( ! empty( $previewable_devices ) ) : ?>
263			<div class="devices-wrapper">
264				<div class="devices">
265					<?php foreach ( (array) $previewable_devices as $device => $settings ) : ?>
266						<?php
267						if ( empty( $settings['label'] ) ) {
268							continue;
269						}
270						$active = ! empty( $settings['default'] );
271						$class  = 'preview-' . $device;
272						if ( $active ) {
273							$class .= ' active';
274						}
275						?>
276						<button type="button" class="<?php echo esc_attr( $class ); ?>" aria-pressed="<?php echo esc_attr( $active ); ?>" data-device="<?php echo esc_attr( $device ); ?>">
277							<span class="screen-reader-text"><?php echo esc_html( $settings['label'] ); ?></span>
278						</button>
279					<?php endforeach; ?>
280				</div>
281			</div>
282			<?php endif; ?>
283		</div>
284	</form>
285	<div id="customize-preview" class="wp-full-overlay-main"></div>
286	<?php
287
288	/**
289	 * Prints templates, control scripts, and settings in the footer.
290	 *
291	 * @since 3.4.0
292	 */
293	do_action( 'customize_controls_print_footer_scripts' );
294	?>
295</div>
296</body>
297</html>
298