[wp-trac] [WordPress Trac] #20862: Limit false positives when enabling WP_Customize_Manager

[WordPress Trac]

#20862: Limit false positives when enabling WP_Customize_Manager
--------------------------+-----------------
 Reporter:  nacin         |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  lowest        |  Milestone:  3.4
Component:  Appearance    |    Version:  3.4
 Severity:  major         |   Keywords:
--------------------------+-----------------
 I'm doing some final reviews of some of our more intricate 3.4 features,
 to see where plugin conflicts are most likely.

 For instantiating the customizer, this is our current check:
 {{{
 ( isset( $_REQUEST['customize'] ) && 'on' == $_REQUEST['customize'] ) ||
 'customize.php' == basename( $_SERVER['PHP_SELF'] )
 }}}

 1. While ?customize=something in itself will not conflict with this (we
 avoid registering a query var), we should consider making this
 `$_REQUEST['wp_customize']` to avoid any chance of `?customize=on`
 conflicting with a theme. Since we now have customize.php for direct URL
 access, it won't make our user-side URLs any uglier.

 2. That customize.php check will catch plugins with a customize.php file
 that is directly accessed. While this is going to be a rare conflict, we
 should include an is_admin() check to ensure we are only looking in the
 wp-admin directory.

 Severity = major in that things will break if there is a conflict.
 Priority = lowest in that the chance of a conflict is rare.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/20862>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software