Changeset 51414
- Timestamp:
- 07/13/2021 05:57:04 AM (4 years ago)
- Location:
- trunk/src/wp-includes
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/class-wp-customize-widgets.php
r51232 r51414 1420 1420 $widget_object = $wp_widget_factory->get_widget_object( $id_base ); 1421 1421 if ( ! empty( $widget_object->widget_options['show_instance_in_rest'] ) ) { 1422 if ( 'block' === $id_base && ! current_user_can( 'unfiltered_html' ) ) { 1423 // The content of the 'block' widget is not filtered on the 1424 // fly while editing. Filter the content here to prevent 1425 // vulnerabilities. 1426 $value['raw_instance']['content'] = wp_kses_post( $value['raw_instance']['content'] ); 1427 } 1428 1422 1429 return $value['raw_instance']; 1423 1430 } -
trunk/src/wp-includes/widgets/class-wp-widget-block.php
r51249 r51414 179 179 */ 180 180 public function update( $new_instance, $old_instance ) { 181 $instance = array_merge( $this->default_instance, $old_instance ); 182 $instance['content'] = $new_instance['content']; 181 $instance = array_merge( $this->default_instance, $old_instance ); 182 183 if ( current_user_can( 'unfiltered_html' ) ) { 184 $instance['content'] = $new_instance['content']; 185 } else { 186 $instance['content'] = wp_kses_post( $new_instance['content'] ); 187 } 183 188 184 189 return $instance;
Note: See TracChangeset
for help on using the changeset viewer.