Changeset 55192 for trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-controller.php
- Timestamp:
- 02/02/2023 06:50:54 PM (22 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-controller.php
r55177 r55192 269 269 270 270 $changes = $this->prepare_item_for_database( $request ); 271 if ( is_wp_error( $changes ) ) { 272 return $changes; 273 } 274 271 275 $result = wp_update_post( wp_slash( (array) $changes ), true, false ); 272 276 if ( is_wp_error( $result ) ) { … … 291 295 * 292 296 * @since 5.9.0 297 * @since 6.2.0 Added validation of styles.css property. 293 298 * 294 299 * @param WP_REST_Request $request Request object. 295 * @return stdClass Changes to pass to wp_update_post.300 * @return stdClass|WP_Error Prepared item on success. WP_Error on when the custom CSS is not valid. 296 301 */ 297 302 protected function prepare_item_for_database( $request ) { … … 313 318 $config = array(); 314 319 if ( isset( $request['styles'] ) ) { 320 if ( isset( $request['styles']['css'] ) ) { 321 $css_validation_result = $this->validate_custom_css( $request['styles']['css'] ); 322 if ( is_wp_error( $css_validation_result ) ) { 323 return $css_validation_result; 324 } 325 } 315 326 $config['styles'] = $request['styles']; 316 327 } elseif ( isset( $existing_config['styles'] ) ) { … … 658 669 return $response; 659 670 } 671 672 /** 673 * Validate style.css as valid CSS. 674 * 675 * Currently just checks for invalid markup. 676 * 677 * @since 6.2.0 678 * 679 * @param string $css CSS to validate. 680 * @return true|WP_Error True if the input was validated, otherwise WP_Error. 681 */ 682 private function validate_custom_css( $css ) { 683 if ( preg_match( '#</?\w+#', $css ) ) { 684 return new WP_Error( 685 'rest_custom_css_illegal_markup', 686 __( 'Markup is not allowed in CSS.' ), 687 array( 'status' => 400 ) 688 ); 689 } 690 return true; 691 } 660 692 }
Note: See TracChangeset
for help on using the changeset viewer.