Make WordPress Core

Changeset 56848 for branches/6.3


Ignore:
Timestamp:
10/12/2023 01:51:19 PM (14 months ago)
Author:
audrasjb
Message:

Editor: Harden the display of footnotes.

Props jorgefilipecosta, peterwilsoncc, costdev, xknown, jorbin, desrosj.
Merges [56839] and [56845] to branch 6.3.

Location:
branches/6.3
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/6.3

  • branches/6.3/src/wp-includes/blocks.php

    r56776 r56848  
    16031603    return null;
    16041604}
     1605
     1606/**
     1607 * Strips all HTML from the content of footnotes, and sanitizes the ID.
     1608 * This function expects slashed data on the footnotes content.
     1609 *
     1610 * @access private
     1611 * @since 6.3.2
     1612 *
     1613 * @param string $footnotes JSON encoded string of an array containing the content and ID of each footnote.
     1614 * @return string Filtered content without any HTML on the footnote content and with the sanitized id.
     1615 */
     1616function _wp_filter_post_meta_footnotes( $footnotes ) {
     1617    $footnotes_decoded   = json_decode( $footnotes, true );
     1618    if ( ! is_array( $footnotes_decoded ) ) {
     1619        return '';
     1620    }
     1621    $footnotes_sanitized = array();
     1622    foreach ( $footnotes_decoded as $footnote ) {
     1623        if ( ! empty( $footnote['content'] ) && ! empty( $footnote['id'] ) ) {
     1624            $footnotes_sanitized[] = array(
     1625                'id'      => sanitize_key( $footnote['id'] ),
     1626                'content' => wp_unslash( wp_filter_post_kses( wp_slash( $footnote['content'] ) ) ),
     1627            );
     1628        }
     1629    }
     1630    return wp_json_encode( $footnotes_sanitized );
     1631}
     1632
     1633/**
     1634 * Adds the filters to filter footnotes meta field.
     1635 *
     1636 * @access private
     1637 * @since 6.3.2
     1638 */
     1639function _wp_footnotes_kses_init_filters() {
     1640    add_filter( 'sanitize_post_meta_footnotes', '_wp_filter_post_meta_footnotes' );
     1641}
     1642
     1643/**
     1644 * Removes the filters that filter footnotes meta field.
     1645 *
     1646 * @access private
     1647 * @since 6.3.2
     1648 */
     1649function _wp_footnotes_remove_filters() {
     1650    remove_filter( 'sanitize_post_meta_footnotes', '_wp_filter_post_meta_footnotes' );
     1651}
     1652
     1653/**
     1654 * Registers the filter of footnotes meta field if the user does not have unfiltered_html capability.
     1655 *
     1656 * @access private
     1657 * @since 6.3.2
     1658 */
     1659function _wp_footnotes_kses_init() {
     1660    _wp_footnotes_remove_filters();
     1661    if ( ! current_user_can( 'unfiltered_html' ) ) {
     1662        _wp_footnotes_kses_init_filters();
     1663    }
     1664}
     1665
     1666/**
     1667 * Initializes footnotes meta field filters when imported data should be filtered.
     1668 *
     1669 * This filter is the last being executed on force_filtered_html_on_import.
     1670 * If the input of the filter is true it means we are in an import situation and should
     1671 * enable kses, independently of the user capabilities.
     1672 * So in that case we call _wp_footnotes_kses_init_filters;
     1673 *
     1674 * @access private
     1675 * @since 6.3.2
     1676 *
     1677 * @param string $arg Input argument of the filter.
     1678 * @return string Input argument of the filter.
     1679 */
     1680function _wp_footnotes_force_filtered_html_on_import_filter( $arg ) {
     1681    // force_filtered_html_on_import is true we need to init the global styles kses filters.
     1682    if ( $arg ) {
     1683        _wp_footnotes_kses_init_filters();
     1684    }
     1685    return $arg;
     1686}
  • branches/6.3/src/wp-includes/default-filters.php

    r56758 r56848  
    617617
    618618/*
     619 * Block specific actions and filters.
     620 */
     621
     622// Footnotes Block.
     623add_action( 'init', '_wp_footnotes_kses_init' );
     624add_action( 'set_current_user', '_wp_footnotes_kses_init' );
     625add_filter( 'force_filtered_html_on_import', '_wp_footnotes_force_filtered_html_on_import_filter', 999 );
     626
     627/*
    619628 * Disable "Post Attributes" for wp_navigation post type. The attributes are
    620629 * also conditionally enabled when a site has custom templates. Block Theme
Note: See TracChangeset for help on using the changeset viewer.