Changeset 51412 for branches/5.8/src/wp-includes/rest-api/endpoints/class-wp-rest-sidebars-controller.php

Timestamp:

07/13/2021 12:09:11 AM (4 years ago)

Author:

desrosj

Message:

Widgets: Use wp_sidebar_description() to retrieve a sidebar’s description.

This switches WP_REST_Sidebars_Controller to use wp_sidebar_description() for retrieving the description of a given sidebar instead of referencing the value in the $wp_registered_sidebars global variable directly.

wp_sidebar_description() uses wp_kses() to only allow the default list of $allowed_tags to be present in a sidebar’s description.

Props timothyblynjacobs, desrosj, SergeyBiryukov.
Merges [51408] to the 5.8 branch.
Fixes #53646.

Location:

branches/5.8

Files:

• . (modified) (1 prop)
• src/wp-includes/rest-api/endpoints/class-wp-rest-sidebars-controller.php (modified) (1 diff)

branches/5.8/src/wp-includes/rest-api/endpoints/class-wp-rest-sidebars-controller.php

@@ -282 +282 @@
             $sidebar['status']        = 'active';
             $sidebar['name']          = isset( $registered_sidebar['name'] ) ? $registered_sidebar['name'] : '';
-            $sidebar['description']   = isset( $registered_sidebar['description'] ) ? $registered_sidebar['description'] : '';
+            $sidebar['description']   = isset( $registered_sidebar['description'] ) ? wp_sidebar_description( $id ) : '';
             $sidebar['class']         = isset( $registered_sidebar['class'] ) ? $registered_sidebar['class'] : '';
             $sidebar['before_widget'] = isset( $registered_sidebar['before_widget'] ) ? $registered_sidebar['before_widget'] : '';