Make WordPress Core


Ignore:
Timestamp:
11/08/2021 09:23:34 PM (2 years ago)
Author:
jorgefilipecosta
Message:

Add: Global styles user content escaping.

This commit adds global styles user content escaping. In addition, it ports the logic on the Gutenberg plugin implemented on WordPress/gutenberg#28061 to the core.
The logic tries to follow what was done for standard post content.

See #54336.
Props oandregal.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/kses.php

    r52049 r52052  
    20832083
    20842084/**
     2085 * Sanitizes global styles user content removing unsafe rules.
     2086 *
     2087 * @param string $data Post content to filter.
     2088 * @return string Filtered post content with unsafe rules removed.
     2089 */
     2090function wp_filter_global_styles_post( $data ) {
     2091    $decoded_data        = json_decode( wp_unslash( $data ), true );
     2092    $json_decoding_error = json_last_error();
     2093    if (
     2094        JSON_ERROR_NONE === $json_decoding_error &&
     2095        is_array( $decoded_data ) &&
     2096        isset( $decoded_data['isGlobalStylesUserThemeJSON'] ) &&
     2097        $decoded_data['isGlobalStylesUserThemeJSON']
     2098    ) {
     2099        unset( $decoded_data['isGlobalStylesUserThemeJSON'] );
     2100
     2101        $data_to_encode = WP_Theme_JSON::remove_insecure_properties( $decoded_data );
     2102
     2103        $data_to_encode['isGlobalStylesUserThemeJSON'] = true;
     2104        return wp_slash( wp_json_encode( $data_to_encode ) );
     2105    }
     2106    return $data;
     2107}
     2108
     2109/**
    20852110 * Sanitizes content for allowed HTML tags for post content.
    20862111 *
     
    21522177    // Post filtering.
    21532178    add_filter( 'content_save_pre', 'wp_filter_post_kses' );
     2179    add_filter( 'content_save_pre', 'wp_filter_global_styles_post' );
    21542180    add_filter( 'excerpt_save_pre', 'wp_filter_post_kses' );
    21552181    add_filter( 'content_filtered_save_pre', 'wp_filter_post_kses' );
     2182    add_filter( 'content_filtered_save_pre', 'wp_filter_global_styles_post' );
    21562183}
    21572184
     
    21782205    // Post filtering.
    21792206    remove_filter( 'content_save_pre', 'wp_filter_post_kses' );
     2207    remove_filter( 'content_save_pre', 'wp_filter_global_styles_post' );
    21802208    remove_filter( 'excerpt_save_pre', 'wp_filter_post_kses' );
    21812209    remove_filter( 'content_filtered_save_pre', 'wp_filter_post_kses' );
     2210    remove_filter( 'content_filtered_save_pre', 'wp_filter_global_styles_post' );
    21822211}
    21832212
Note: See TracChangeset for help on using the changeset viewer.