1<?php
  2/**
  3 * Theme Customize Screen.
  4 *
  5 * @package WordPress
  6 * @subpackage Customize
  7 * @since 3.4.0
  8 */
  9
 10define( 'IFRAME_REQUEST', true );
 11
 12/** Load WordPress Administration Bootstrap */
 13require_once __DIR__ . '/admin.php';
 14
 15if ( ! current_user_can( 'customize' ) ) {
 16	wp_die(
 17		'<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
 18		'<p>' . __( 'Sorry, you are not allowed to customize this site.' ) . '</p>',
 19		403
 20	);
 21}
 22
 23/**
 24 * @global WP_Scripts           $wp_scripts
 25 * @global WP_Customize_Manager $wp_customize
 26 */
 27global $wp_scripts, $wp_customize;
 28
 29if ( $wp_customize->changeset_post_id() ) {
 30	$changeset_post = get_post( $wp_customize->changeset_post_id() );
 31
 32	if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->edit_post, $changeset_post->ID ) ) {
 33		wp_die(
 34			'<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
 35			'<p>' . __( 'Sorry, you are not allowed to edit this changeset.' ) . '</p>',
 36			403
 37		);
 38	}
 39
 40	$missed_schedule = (
 41		'future' === $changeset_post->post_status &&
 42		get_post_time( 'G', true, $changeset_post ) < time()
 43	);
 44	if ( $missed_schedule ) {
 45		/*
 46		 * Note that an Ajax request spawns here instead of just calling `wp_publish_post( $changeset_post->ID )`.
 47		 *
 48		 * Because WP_Customize_Manager is not instantiated for customize.php with the `settings_previewed=false`
 49		 * argument, settings cannot be reliably saved. Some logic short-circuits if the current value is the
 50		 * same as the value being saved. This is particularly true for options via `update_option()`.
 51		 *
 52		 * By opening an Ajax request, this is avoided and the changeset is published. See #39221.
 53		 */
 54		$nonces       = $wp_customize->get_nonces();
 55		$request_args = array(
 56			'nonce'                      => $nonces['save'],
 57			'customize_changeset_uuid'   => $wp_customize->changeset_uuid(),
 58			'wp_customize'               => 'on',
 59			'customize_changeset_status' => 'publish',
 60		);
 61		ob_start();
 62		?>
 63		<?php wp_print_scripts( array( 'wp-util' ) ); ?>
 64		<script>
 65			wp.ajax.post( 'customize_save', <?php echo wp_json_encode( $request_args, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ); ?> );
 66		</script>
 67		<?php
 68		$script = ob_get_clean();
 69
 70		wp_die(
 71			'<h1>' . __( 'Your scheduled changes just published' ) . '</h1>' .
 72			'<p><a href="' . esc_url( remove_query_arg( 'changeset_uuid' ) ) . '">' . __( 'Customize New Changes' ) . '</a></p>' . $script,
 73			200
 74		);
 75	}
 76
 77	if ( in_array( get_post_status( $changeset_post->ID ), array( 'publish', 'trash' ), true ) ) {
 78		wp_die(
 79			'<h1>' . __( 'An error occurred while saving your changeset.' ) . '</h1>' .
 80			'<p>' . __( 'Please try again or start a new changeset. This changeset cannot be further modified.' ) . '</p>' .
 81			'<p><a href="' . esc_url( remove_query_arg( 'changeset_uuid' ) ) . '">' . __( 'Customize New Changes' ) . '</a></p>',
 82			403
 83		);
 84	}
 85}
 86
 87$url       = ! empty( $_REQUEST['url'] ) ? esc_url_raw( wp_unslash( $_REQUEST['url'] ) ) : '';
 88$return    = ! empty( $_REQUEST['return'] ) ? esc_url_raw( wp_unslash( $_REQUEST['return'] ) ) : '';
 89$autofocus = ! empty( $_REQUEST['autofocus'] ) && is_array( $_REQUEST['autofocus'] )
 90	? array_map( 'sanitize_text_field', wp_unslash( $_REQUEST['autofocus'] ) )
 91	: array();
 92
 93if ( ! empty( $url ) ) {
 94	$wp_customize->set_preview_url( $url );
 95}
 96if ( ! empty( $return ) ) {
 97	$wp_customize->set_return_url( $return );
 98}
 99if ( ! empty( $autofocus ) ) {
100	$wp_customize->set_autofocus( $autofocus );
101}
102
103// Let's roll.
104header( 'Content-Type: ' . get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ) );
105
106wp_user_settings();
107_wp_admin_html_begin();
108
109$registered             = $wp_scripts->registered;
110$wp_scripts             = new WP_Scripts();
111$wp_scripts->registered = $registered;
112
113add_action( 'customize_controls_print_scripts', 'print_head_scripts', 20 );
114add_action( 'customize_controls_print_footer_scripts', '_wp_footer_scripts' );
115add_action( 'customize_controls_print_styles', 'print_admin_styles', 20 );
116
117/**
118 * Fires when Customizer controls are initialized, before scripts are enqueued.
119 *
120 * @since 3.4.0
121 */
122do_action( 'customize_controls_init' );
123
124wp_enqueue_script( 'heartbeat' );
125wp_enqueue_script( 'customize-controls' );
126wp_enqueue_style( 'customize-controls' );
127
128/**
129 * Fires when enqueuing Customizer control scripts.
130 *
131 * @since 3.4.0
132 */
133do_action( 'customize_controls_enqueue_scripts' );
134
135$body_class = 'wp-core-ui wp-customizer js';
136
137if ( wp_is_mobile() ) :
138	$body_class .= ' mobile';
139	add_filter( 'admin_viewport_meta', '_customizer_mobile_viewport_meta' );
140endif;
141
142if ( $wp_customize->is_ios() ) {
143	$body_class .= ' ios';
144}
145
146if ( is_rtl() ) {
147	$body_class .= ' rtl';
148}
149$body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_user_locale() ) ) );
150
151if ( wp_use_widgets_block_editor() ) {
152	$body_class .= ' wp-embed-responsive';
153}
154
155$admin_title = sprintf( $wp_customize->get_document_title_template(), __( 'Loading&hellip;' ) );
156
157?>
158<title><?php echo esc_html( $admin_title ); ?></title>
159
160<script type="text/javascript">
161var ajaxurl = <?php echo wp_json_encode( admin_url( 'admin-ajax.php', 'relative' ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ); ?>,
162	pagenow = 'customize';
163</script>
164
165<?php
166/**
167 * Fires when Customizer control styles are printed.
168 *
169 * @since 3.4.0
170 */
171do_action( 'customize_controls_print_styles' );
172
173/**
174 * Fires when Customizer control scripts are printed.
175 *
176 * @since 3.4.0
177 */
178do_action( 'customize_controls_print_scripts' );
179
180/**
181 * Fires in head section of Customizer controls.
182 *
183 * @since 5.5.0
184 */
185do_action( 'customize_controls_head' );
186?>
187</head>
188<body class="<?php echo esc_attr( $body_class ); ?>">
189<div class="wp-full-overlay expanded">
190	<form id="customize-controls" class="wrap wp-full-overlay-sidebar">
191		<div id="customize-header-actions" class="wp-full-overlay-header">
192			<?php
193			$compatible_wp  = is_wp_version_compatible( $wp_customize->theme()->get( 'RequiresWP' ) );
194			$compatible_php = is_php_version_compatible( $wp_customize->theme()->get( 'RequiresPHP' ) );
195			?>
196			<?php if ( $compatible_wp && $compatible_php ) : ?>
197				<?php $save_text = $wp_customize->is_theme_active() ? __( 'Publish' ) : __( 'Activate &amp; Publish' ); ?>
198				<div id="customize-save-button-wrapper" class="customize-save-button-wrapper" >
199					<?php submit_button( $save_text, 'primary save', 'save', false ); ?>
200					<button id="publish-settings" class="publish-settings button-primary button dashicons dashicons-admin-generic" aria-label="<?php esc_attr_e( 'Publish Settings' ); ?>" aria-expanded="false" disabled></button>
201				</div>
202			<?php else : ?>
203				<?php $save_text = _x( 'Cannot Activate', 'theme' ); ?>
204				<div id="customize-save-button-wrapper" class="customize-save-button-wrapper disabled" >
205					<button class="button button-primary disabled" aria-label="<?php esc_attr_e( 'Publish Settings' ); ?>" aria-expanded="false" disabled><?php echo $save_text; ?></button>
206				</div>
207			<?php endif; ?>
208			<span class="spinner"></span>
209			<button type="button" class="customize-controls-preview-toggle">
210				<span class="controls"><?php _e( 'Customize' ); ?></span>
211				<span class="preview"><?php _e( 'Preview' ); ?></span>
212			</button>
213			<a class="customize-controls-close" href="<?php echo esc_url( $wp_customize->get_return_url() ); ?>">
214				<span class="screen-reader-text">
215					<?php
216					/* translators: Hidden accessibility text. */
217					_e( 'Close the Customizer and go back to the previous page' );
218					?>
219				</span>
220			</a>
221		</div>
222
223		<div id="customize-sidebar-outer-content">
224			<div id="customize-outer-theme-controls">
225				<ul class="customize-outer-pane-parent"><?php // Outer panel and sections are not implemented, but its here as a placeholder to avoid any side-effect in api.Section. ?></ul>
226			</div>
227		</div>
228
229		<div id="widgets-right" class="wp-clearfix"><!-- For Widget Customizer, many widgets try to look for instances under div#widgets-right, so we have to add that ID to a container div in the Customizer for compat -->
230			<div id="customize-notifications-area" class="customize-control-notifications-container">
231				<ul></ul>
232			</div>
233			<div class="wp-full-overlay-sidebar-content" tabindex="-1">
234				<div id="customize-info" class="accordion-section customize-info" data-block-theme="<?php echo (int) wp_is_block_theme(); ?>">
235					<div class="accordion-section-title">
236						<h2 class="preview-notice">
237						<?php
238							/* translators: %s: The site/panel title in the Customizer. */
239							printf( __( 'You are customizing %s' ), '<strong class="panel-title site-title">' . get_bloginfo( 'name', 'display' ) . '</strong>' );
240						?>
241						</h2>
242						<button type="button" class="customize-help-toggle dashicons dashicons-editor-help" aria-expanded="false"><span class="screen-reader-text">
243							<?php
244							/* translators: Hidden accessibility text. */
245							_e( 'Help' );
246							?>
247						</span></button>
248					</div>
249					<div class="customize-panel-description">
250						<p>
251							<?php
252							_e( 'The Customizer allows you to preview changes to your site before publishing them. You can navigate to different pages on your site within the preview. Edit shortcuts are shown for some editable elements. The Customizer is intended for use with non-block themes.' );
253							?>
254						</p>
255						<p>
256							<?php
257							_e( '<a href="https://wordpress.org/documentation/article/customizer/">Documentation on Customizer</a>' );
258							?>
259						</p>
260					</div>
261				</div>
262
263				<div id="customize-theme-controls">
264					<ul class="customize-pane-parent"><?php // Panels and sections are managed here via JavaScript ?></ul>
265				</div>
266			</div>
267		</div>
268
269		<div id="customize-footer-actions" class="wp-full-overlay-footer">
270			<button type="button" class="collapse-sidebar button" aria-expanded="true" aria-label="<?php echo esc_attr_x( 'Hide Controls', 'label for hide controls button without length constraints' ); ?>">
271				<span class="collapse-sidebar-arrow" aria-hidden="true"></span>
272				<span class="collapse-sidebar-label"><?php _ex( 'Hide Controls', 'short (~12 characters) label for hide controls button' ); ?></span>
273			</button>
274			<?php $previewable_devices = $wp_customize->get_previewable_devices(); ?>
275			<?php if ( ! empty( $previewable_devices ) ) : ?>
276			<div class="devices-wrapper">
277				<div class="devices">
278					<?php foreach ( (array) $previewable_devices as $device => $settings ) : ?>
279						<?php
280						if ( empty( $settings['label'] ) ) {
281							continue;
282						}
283						$active = ! empty( $settings['default'] );
284						$class  = 'preview-' . $device;
285						if ( $active ) {
286							$class .= ' active';
287						}
288						?>
289						<button type="button" class="<?php echo esc_attr( $class ); ?>" aria-pressed="<?php echo esc_attr( $active ); ?>" data-device="<?php echo esc_attr( $device ); ?>">
290							<span class="screen-reader-text"><?php echo esc_html( $settings['label'] ); ?></span>
291						</button>
292					<?php endforeach; ?>
293				</div>
294			</div>
295			<?php endif; ?>
296		</div>
297	</form>
298	<div id="customize-preview" class="wp-full-overlay-main"></div>
299	<?php
300
301	/**
302	 * Prints templates, control scripts, and settings in the footer.
303	 *
304	 * @since 3.4.0
305	 */
306	do_action( 'customize_controls_print_footer_scripts' );
307	?>
308</div>
309</body>
310</html>
311