Make WordPress Core

Opened 3 years ago

Last modified 3 years ago

#39542 new defect (bug)

wp_kses() et al. $allowed_html parameter not documented as accepting string values

Reported by: jdgrimes Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.5
Component: Security Keywords: has-patch
Focuses: docs Cc:


Since [21790] as part of 3.5.0, wp_kses() and some of its companion functions have accepted a string as the value of the $allowed_html parameter, which is then expanded to an array as needed using wp_kses_allowed_html(). However, these functions are still documented as only accepting an array for $allowed_html. The inline docs for them need to be updated to indicate that a string is also accepted. Probably they should reference wp_kses_allowed_html(), where the possible values are documented.

Attachments (1)

39542.0.diff (3.4 KB) - added by Christian1012 3 years ago.

Download all attachments as: .zip

Change History (4)

#1 @SergeyBiryukov
3 years ago

  • Component changed from General to Security

#2 @SergeyBiryukov
3 years ago

  • Keywords needs-patch added

#3 @Christian1012
3 years ago

  • Keywords has-patch added; needs-patch removed

First pass added in 39542.0.diff

Note: See TracTickets for help on using tickets.