else { wp_die( '<h1>' .
__( 'You need a higher level of permission.'
) . '</h1>' .
'<p>' .
__( 'Sorry, you are not allowed to customize this site.'
) . '</p>',
403
);
} return;
} // If a changeset was provided is invalid.
if ( isset( $this->_changeset_uuid
) && false !==
$this->_changeset_uuid && !
wp_is_uuid( $this->_changeset_uuid
) ) { $this->
wp_die( -1,
__( 'Invalid changeset UUID'
) );
} /*
* Clear incoming post data if the user lacks a CSRF token (nonce). Note that the customizer
* application will inject the customize_preview_nonce query parameter into all Ajax requests.
* For similar behavior elsewhere in WordPress, see rest_cookie_check_errors() which logs out
* a user when a valid nonce isn't present.
*/
$has_post_data_nonce =
( check_ajax_referer( 'preview-customize_' .
$this->
get_stylesheet(), 'nonce', false
)