Make WordPress Core

Changeset 58361


Ignore:
Timestamp:
06/07/2024 04:48:42 PM (5 weeks ago)
Author:
westonruter
Message:

General: Fix array format for allowed HTML passed into wp_kses() for wp_trigger_error().

Kses requires an associative array of allowed HTML.

See #57686. Follow-up to [56707].

Props thelovekesh, westonruter.
Fixes #61318.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/functions.php

    r58278 r58361  
    60696069        $message,
    60706070        array(
    6071             'a' => array( 'href' ),
    6072             'br',
    6073             'code',
    6074             'em',
    6075             'strong',
     6071            'a'      => array( 'href' => true ),
     6072            'br'     => array(),
     6073            'code'   => array(),
     6074            'em'     => array(),
     6075            'strong' => array(),
    60766076        ),
    60776077        array( 'http', 'https' )
  • trunk/tests/phpunit/tests/functions/wpTriggerError.php

    r57735 r58361  
    8383    public function data_should_trigger_error() {
    8484        return array(
    85             'function name and message are given' => array(
     85            'function name and message are given'          => array(
    8686                'function_name'    => 'some_function',
    8787                'message'          => 'expected the function name and message',
    8888                'expected_message' => 'some_function(): expected the function name and message',
    8989            ),
    90             'message is given'                    => array(
     90            'message is given'                             => array(
    9191                'function_name'    => '',
    9292                'message'          => 'expect only the message',
    9393                'expected_message' => 'expect only the message',
    9494            ),
    95             'function name is given'              => array(
     95            'function name is given'                       => array(
    9696                'function_name'    => 'some_function',
    9797                'message'          => '',
    9898                'expected_message' => 'some_function(): ',
    9999            ),
     100            'allowed HTML elements are present in message' => array(
     101                'function_name'    => 'some_function',
     102                'message'          => '<strong>expected</strong> the function name and message',
     103                'expected_message' => 'some_function(): <strong>expected</strong> the function name and message',
     104            ),
     105            'HTML links are present in message'            => array(
     106                'function_name'    => 'some_function',
     107                'message'          => '<a href="https://example.com">expected the function name and message</a>',
     108                'expected_message' => 'some_function(): <a href="https://example.com">expected the function name and message</a>',
     109            ),
     110            'disallowed HTML elements are present in message' => array(
     111                'function_name'    => 'some_function',
     112                'message'          => '<script>alert("expected the function name and message")</script>',
     113                'expected_message' => 'some_function(): alert("expected the function name and message")',
     114            ),
    100115        );
    101116    }
Note: See TracChangeset for help on using the changeset viewer.