Customizer: Social Links crud-moule-part tmpl fetching error when live previewing a child-theme

[eri-trabiccolo]

reported here:
https://wordpress.org/support/topic/having-customizr-child-theme-issue/

This issue, as far as I can see, ONLY happens when previewing a child-theme of this very theme.
And except for the social links, from a global look, I can see the other options working fine (always when live previewing the child-theme).
I cannot spot any PHP error.
So I don't think this is critical.

The user report also refers to a blank preview issue, which I don't think is related to this to be honest.
As we know blank preview are related to server side issues, PHP fatal errors/memory exhausting etc. etc.

[ghost]

thanks for opening the issue :)

OK.

[eri-trabiccolo]

Ah, forgot to add ... the true error

"invalid_nonce"
message
:
"ac_set_ajax_czr_tmpl => Security check failed."

[eri-trabiccolo]

Ok, went a little through this issue.
Basically, from what I understood, the customizer manager creates the nonce in its method get_nonces:

	public function get_nonces() {
		$nonces = array(
			'save' => wp_create_nonce( 'save-customize_' . $this->get_stylesheet() ),
			'preview' => wp_create_nonce( 'preview-customize_' . $this->get_stylesheet() ),
			'switch_themes' => wp_create_nonce( 'switch_themes' ),
			'dismiss_autosave_or_lock' => wp_create_nonce( 'customize_dismiss_autosave_or_lock' ),
			'override_lock' => wp_create_nonce( 'customize_override_changeset_lock' ),
			'trash' => wp_create_nonce( 'trash_customize_changeset' ),
		);

There, when previewing a non active child-theme, $this->get_stylesheet() returns the child-theme stylesheet, while here (ajaxing):
https://github.com/presscustomizr/czr-base-fmk/blob/master/_dev_php/0_2_czr-base-fmk-ajax_filter.php#L37

get_stylesheet returns the current active theme stylesheet. Hence the security check failing
(we use a similar check in the content picker)