WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 5 months ago

#39542 closed defect (bug) (fixed)

wp_kses() et al. $allowed_html parameter not documented as accepting string values

Reported by: jdgrimes Owned by: SergeyBiryukov
Milestone: 5.5 Priority: normal
Severity: normal Version: 3.5
Component: Security Keywords: has-patch
Focuses: docs Cc:

Description

Since [21790] as part of 3.5.0, wp_kses() and some of its companion functions have accepted a string as the value of the $allowed_html parameter, which is then expanded to an array as needed using wp_kses_allowed_html(). However, these functions are still documented as only accepting an array for $allowed_html. The inline docs for them need to be updated to indicate that a string is also accepted. Probably they should reference wp_kses_allowed_html(), where the possible values are documented.

Attachments (1)

39542.0.diff (3.4 KB) - added by Christian1012 4 years ago.

Download all attachments as: .zip

Change History (8)

#1 @SergeyBiryukov
4 years ago

  • Component changed from General to Security

#2 @SergeyBiryukov
4 years ago

  • Keywords needs-patch added

#3 @Christian1012
4 years ago

  • Keywords has-patch added; needs-patch removed

First pass added in 39542.0.diff

This ticket was mentioned in Slack in #core by noisysocks. View the logs.


5 months ago

#5 @markparnell
5 months ago

  • Resolution set to worksforme
  • Status changed from new to closed

Looks like this was updated in [43016].

#6 @SergeyBiryukov
5 months ago

  • Milestone changed from Awaiting Review to 5.5
  • Resolution worksforme deleted
  • Status changed from closed to reopened

#7 @SergeyBiryukov
5 months ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from reopened to closed

In 48478:

Docs: Synchronize description for the $allowed_html parameter of various KSES functions.

Follow-up to [43016].

Props Christian1012, jdgrimes, markparnell.
Fixes #39542. See #33801.

Note: See TracTickets for help on using tickets.