Changeset 53012

Timestamp:

03/29/2022 01:04:24 PM (14 months ago)

Author:

audrasjb

Message:

Editor: Use wp_unique_id() instead of uniqid() to generate CSS class names.

Backports changes from ​https://github.com/WordPress/gutenberg/pull/38891.
See ​https://github.com/WordPress/gutenberg/issues/38889.

Props westonruter, mamaduka.
See #55474.

Location:

trunk

Files:

• src/wp-includes/block-supports/duotone.php (modified) (1 diff)
• src/wp-includes/block-supports/elements.php (modified) (1 diff)
• src/wp-includes/block-supports/layout.php (modified) (1 diff)
• tests/phpunit/tests/block-supports/elements.php (modified) (1 diff)

trunk/src/wp-includes/block-supports/duotone.php

@@ -521 +521 @@
 
     $filter_preset   = array(
-        'slug'   => uniqid(),
+        'slug'   => wp_unique_id( sanitize_key( implode( '-', $block['attrs']['style']['color']['duotone'] ) . '-' ) ),
         'colors' => $block['attrs']['style']['color']['duotone'],
     );

trunk/src/wp-includes/block-supports/elements.php

@@ -37 +37 @@
     }
 
-    $class_name = 'wp-elements-' . uniqid();
+    $class_name = wp_unique_id( 'wp-elements-' );
 
     if ( strpos( $link_color, 'var:preset|color|' ) !== false ) {

trunk/src/wp-includes/block-supports/layout.php

@@ -159 +159 @@
     }
 
-    $id        = uniqid();
-    $gap_value = _wp_array_get( $block, array( 'attrs', 'style', 'spacing', 'blockGap' ) );
+    $class_name = wp_unique_id( 'wp-container-' );
+    $gap_value  = _wp_array_get( $block, array( 'attrs', 'style', 'spacing', 'blockGap' ) );
     // Skip if gap value contains unsupported characters.
     // Regex for CSS value borrowed from `safecss_filter_attr`, and used here
     // because we only want to match against the value, not the CSS attribute.
     $gap_value = preg_match( '%[\\\(&=}]|/\*%', $gap_value ) ? null : $gap_value;
-    $style     = wp_get_layout_style( ".wp-container-$id", $used_layout, $has_block_gap_support, $gap_value );
+    $style     = wp_get_layout_style( ".$class_name", $used_layout, $has_block_gap_support, $gap_value );
     // This assumes the hook only applies to blocks with a single wrapper.
     // I think this is a reasonable limitation for that particular hook.
     $content = preg_replace(
         '/' . preg_quote( 'class="', '/' ) . '/',
-        'class="wp-container-' . $id . ' ',
+        'class="' . esc_attr( $class_name ) . ' ',
         $block_content,
         1

trunk/tests/phpunit/tests/block-supports/elements.php

@@ -12 +12 @@
      */
     private static function make_unique_id_one( $string ) {
-        return preg_replace( '/wp-elements-.{13}/', 'wp-elements-1', $string );
+        return preg_replace( '/wp-elements-\d+/', 'wp-elements-1', $string );
     }