Changeset 54100 for trunk/src/wp-includes/kses.php
- Timestamp:
- 09/08/2022 01:24:10 PM (2 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/kses.php
r54093 r54100 2229 2229 * @since 5.7.1 Added support for `object-position`. 2230 2230 * @since 5.8.0 Added support for `calc()` and `var()` values. 2231 * @since 6.1.0 Added support for `min()`, `max()`, `minmax()`, `clamp()`, 2232 * and nested `var()` values. 2231 2233 * 2232 2234 * @param string $css A string of CSS rules. … … 2468 2470 2469 2471 if ( $found ) { 2470 // Allow CSS calc(). 2471 $css_test_string = preg_replace( '/calc\(((?:\([^()]*\)?|[^()])*)\)/', '', $css_test_string ); 2472 // Allow CSS var(). 2473 $css_test_string = preg_replace( '/\(?var\(--[a-zA-Z0-9_-]*\)/', '', $css_test_string ); 2474 2475 // Check for any CSS containing \ ( & } = or comments, 2476 // except for url(), calc(), or var() usage checked above. 2472 /* 2473 * Allow CSS functions like var(), calc(), etc. by removing them from the test string. 2474 * Nested functions and parentheses are also removed, so long as the parentheses are balanced. 2475 */ 2476 $css_test_string = preg_replace( 2477 '/\b(?:var|calc|min|max|minmax|clamp)(\((?:[^()]|(?1))*\))/', 2478 '', 2479 $css_test_string 2480 ); 2481 2482 /* 2483 * Disallow CSS containing \ ( & } = or comments, except for within url(), var(), calc(), etc. 2484 * which were removed from the test string above. 2485 */ 2477 2486 $allow_css = ! preg_match( '%[\\\(&=}]|/\*%', $css_test_string ); 2478 2487
Note: See TracChangeset
for help on using the changeset viewer.