WP_Customize_Manager::setup_theme()publicWP 3.4.0

Starts preview and customize theme.

Check if customize query variable exist. Init filters to filter the active theme.

Method of the class: WP_Customize_Manager{}

No Hooks.

Return

null. Nothing (null).

Usage

$WP_Customize_Manager = new WP_Customize_Manager();
$WP_Customize_Manager->setup_theme();

Notes

  • Global. String. $pagenow The filename of the current screen.

Changelog

Since 3.4.0 Introduced.

WP_Customize_Manager::setup_theme() code WP 6.4.3

public function setup_theme() {
	global $pagenow;

	// Check permissions for customize.php access since this method is called before customize.php can run any code.
	if ( 'customize.php' === $pagenow && ! current_user_can( 'customize' ) ) {
		if ( ! is_user_logged_in() ) {
			auth_redirect();
		} else {
			wp_die(
				'<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
				'<p>' . __( 'Sorry, you are not allowed to customize this site.' ) . '</p>',
				403
			);
		}
		return;
	}

	// If a changeset was provided is invalid.
	if ( isset( $this->_changeset_uuid ) && false !== $this->_changeset_uuid && ! wp_is_uuid( $this->_changeset_uuid ) ) {
		$this->wp_die( -1, __( 'Invalid changeset UUID' ) );
	}

	/*
	 * Clear incoming post data if the user lacks a CSRF token (nonce). Note that the customizer
	 * application will inject the customize_preview_nonce query parameter into all Ajax requests.
	 * For similar behavior elsewhere in WordPress, see rest_cookie_check_errors() which logs out
	 * a user when a valid nonce isn't present.
	 */
	$has_post_data_nonce = (
		check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'nonce', false )
		||
		check_ajax_referer( 'save-customize_' . $this->get_stylesheet(), 'nonce', false )
		||
		check_ajax_referer( 'preview-customize_' . $this->get_stylesheet(), 'customize_preview_nonce', false )
	);
	if ( ! current_user_can( 'customize' ) || ! $has_post_data_nonce ) {
		unset( $_POST['customized'] );
		unset( $_REQUEST['customized'] );
	}

	/*
	 * If unauthenticated then require a valid changeset UUID to load the preview.
	 * In this way, the UUID serves as a secret key. If the messenger channel is present,
	 * then send unauthenticated code to prompt re-auth.
	 */
	if ( ! current_user_can( 'customize' ) && ! $this->changeset_post_id() ) {
		$this->wp_die( $this->messenger_channel ? 0 : -1, __( 'Non-existent changeset UUID.' ) );
	}

	if ( ! headers_sent() ) {
		send_origin_headers();
	}

	// Hide the admin bar if we're embedded in the customizer iframe.
	if ( $this->messenger_channel ) {
		show_admin_bar( false );
	}

	if ( $this->is_theme_active() ) {
		// Once the theme is loaded, we'll validate it.
		add_action( 'after_setup_theme', array( $this, 'after_setup_theme' ) );
	} else {
		/*
		 * If the requested theme is not the active theme and the user doesn't have
		 * the switch_themes cap, bail.
		 */
		if ( ! current_user_can( 'switch_themes' ) ) {
			$this->wp_die( -1, __( 'Sorry, you are not allowed to edit theme options on this site.' ) );
		}

		// If the theme has errors while loading, bail.
		if ( $this->theme()->errors() ) {
			$this->wp_die( -1, $this->theme()->errors()->get_error_message() );
		}

		// If the theme isn't allowed per multisite settings, bail.
		if ( ! $this->theme()->is_allowed() ) {
			$this->wp_die( -1, __( 'The requested theme does not exist.' ) );
		}
	}

	// Make sure changeset UUID is established immediately after the theme is loaded.
	add_action( 'after_setup_theme', array( $this, 'establish_loaded_changeset' ), 5 );

	/*
	 * Import theme starter content for fresh installations when landing in the customizer.
	 * Import starter content at after_setup_theme:100 so that any
	 * add_theme_support( 'starter-content' ) calls will have been made.
	 */
	if ( get_option( 'fresh_site' ) && 'customize.php' === $pagenow ) {
		add_action( 'after_setup_theme', array( $this, 'import_theme_starter_content' ), 100 );
	}

	$this->start_previewing_theme();
}