Changeset 58471
- Timestamp:
- 06/24/2024 02:40:47 PM (8 months ago)
- Location:
- trunk/src/wp-includes
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/blocks.php
r58408 r58471 1726 1726 */ 1727 1727 function filter_block_kses( $block, $allowed_html, $allowed_protocols = array() ) { 1728 $block['attrs'] = filter_block_kses_value( $block['attrs'], $allowed_html, $allowed_protocols );1728 $block['attrs'] = filter_block_kses_value( $block['attrs'], $allowed_html, $allowed_protocols, $block ); 1729 1729 1730 1730 if ( is_array( $block['innerBlocks'] ) ) { … … 1742 1742 * 1743 1743 * @since 5.3.1 1744 * @since 6.5.5 Added the `$block_context` parameter. 1744 1745 * 1745 1746 * @param string[]|string $value The attribute value to filter. … … 1749 1750 * @param string[] $allowed_protocols Optional. Array of allowed URL protocols. 1750 1751 * Defaults to the result of wp_allowed_protocols(). 1752 * @param array $block_context Optional. The block the attribute belongs to, in parsed block array format. 1751 1753 * @return string[]|string The filtered and sanitized result. 1752 1754 */ 1753 function filter_block_kses_value( $value, $allowed_html, $allowed_protocols = array() ) {1755 function filter_block_kses_value( $value, $allowed_html, $allowed_protocols = array(), $block_context = null ) { 1754 1756 if ( is_array( $value ) ) { 1755 1757 foreach ( $value as $key => $inner_value ) { 1756 $filtered_key = filter_block_kses_value( $key, $allowed_html, $allowed_protocols ); 1757 $filtered_value = filter_block_kses_value( $inner_value, $allowed_html, $allowed_protocols ); 1758 1758 $filtered_key = filter_block_kses_value( $key, $allowed_html, $allowed_protocols, $block_context ); 1759 $filtered_value = filter_block_kses_value( $inner_value, $allowed_html, $allowed_protocols, $block_context ); 1760 1761 if ( isset( $block_context['blockName'] ) && 'core/template-part' === $block_context['blockName'] ) { 1762 $filtered_value = filter_block_core_template_part_attributes( $filtered_value, $filtered_key, $allowed_html ); 1763 } 1759 1764 if ( $filtered_key !== $key ) { 1760 1765 unset( $value[ $key ] ); … … 1768 1773 1769 1774 return $value; 1775 } 1776 1777 1778 /** 1779 * Sanitizes the value of the Template Part block's `tagName` attribute. 1780 * 1781 * @since 6.5.5 1782 * 1783 * @param string $attribute_value The attribute value to filter. 1784 * @param string $attribute_name The attribute name. 1785 * @param array[]|string $allowed_html An array of allowed HTML elements and attributes, 1786 * or a context name such as 'post'. See wp_kses_allowed_html() 1787 * for the list of accepted context names. 1788 * @return string The sanitized attribute value. 1789 */ 1790 function filter_block_core_template_part_attributes( $attribute_value, $attribute_name, $allowed_html ) { 1791 if ( empty( $attribute_value ) || 'tagName' !== $attribute_name ) { 1792 return $attribute_value; 1793 } 1794 if ( ! is_array( $allowed_html ) ) { 1795 $allowed_html = wp_kses_allowed_html( $allowed_html ); 1796 } 1797 return isset( $allowed_html[ $attribute_value ] ) ? $attribute_value : ''; 1770 1798 } 1771 1799 -
trunk/src/wp-includes/formatting.php
r58409 r58471 4791 4791 * 4792 4792 * @since 2.5.0 4793 * @since 6.5.5 Allow hyphens in tag names (i.e. custom elements). 4793 4794 * 4794 4795 * @param string $tag_name … … 4796 4797 */ 4797 4798 function tag_escape( $tag_name ) { 4798 $safe_tag = strtolower( preg_replace( '/[^a-zA-Z0-9 _:]/', '', $tag_name ) );4799 $safe_tag = strtolower( preg_replace( '/[^a-zA-Z0-9-_:]/', '', $tag_name ) ); 4799 4800 /** 4800 4801 * Filters a string cleaned and escaped for output as an HTML tag.
Note: See TracChangeset
for help on using the changeset viewer.