Make WordPress Core


Ignore:
Timestamp:
02/02/2023 06:50:54 PM (22 months ago)
Author:
flixos90
Message:

Editor: Add support for custom CSS in global styles.

This changeset introduces functions wp_get_global_styles_custom_css() and wp_enqueue_global_styles_custom_css(), which allow accessing and enqueuing custom CSS added via global styles.

Custom CSS via global styles is handled separately from custom CSS via the Customizer. If a site uses both features, the custom CSS from both sources will be loaded. The global styles custom CSS is then loaded after the Customizer custom CSS, so if there are any conflicts between the rules, the global styles take precedence.

Similarly to e.g. [55185], the result is cached in a non-persistent cache, except when WP_DEBUG is on to avoid interrupting the theme developer's workflow.

Props glendaviesnz, oandregal, ntsekouras, mamaduka, davidbaumwald, hellofromtonya, flixos90.
Fixes #57536.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-controller.php

    r55177 r55192  
    269269
    270270        $changes = $this->prepare_item_for_database( $request );
     271        if ( is_wp_error( $changes ) ) {
     272            return $changes;
     273        }
     274
    271275        $result  = wp_update_post( wp_slash( (array) $changes ), true, false );
    272276        if ( is_wp_error( $result ) ) {
     
    291295     *
    292296     * @since 5.9.0
     297     * @since 6.2.0 Added validation of styles.css property.
    293298     *
    294299     * @param WP_REST_Request $request Request object.
    295      * @return stdClass Changes to pass to wp_update_post.
     300     * @return stdClass|WP_Error Prepared item on success. WP_Error on when the custom CSS is not valid.
    296301     */
    297302    protected function prepare_item_for_database( $request ) {
     
    313318            $config = array();
    314319            if ( isset( $request['styles'] ) ) {
     320                if ( isset( $request['styles']['css'] ) ) {
     321                    $css_validation_result = $this->validate_custom_css( $request['styles']['css'] );
     322                    if ( is_wp_error( $css_validation_result ) ) {
     323                        return $css_validation_result;
     324                    }
     325                }
    315326                $config['styles'] = $request['styles'];
    316327            } elseif ( isset( $existing_config['styles'] ) ) {
     
    658669        return $response;
    659670    }
     671
     672    /**
     673     * Validate style.css as valid CSS.
     674     *
     675     * Currently just checks for invalid markup.
     676     *
     677     * @since 6.2.0
     678     *
     679     * @param string $css CSS to validate.
     680     * @return true|WP_Error True if the input was validated, otherwise WP_Error.
     681     */
     682    private function validate_custom_css( $css ) {
     683        if ( preg_match( '#</?\w+#', $css ) ) {
     684            return new WP_Error(
     685                'rest_custom_css_illegal_markup',
     686                __( 'Markup is not allowed in CSS.' ),
     687                array( 'status' => 400 )
     688            );
     689        }
     690        return true;
     691    }
    660692}
Note: See TracChangeset for help on using the changeset viewer.