Context Navigation

← Previous Ticket
Next Ticket →

#47283 closed enhancement (fixed)

Strip inline JS and CSS while trying to figure out the pingback context

Reported by:	david.binda	Owned by:	SergeyBiryukov
Milestone:	5.3	Priority:	normal
Severity:	normal	Version:
Component:	Pings/Trackbacks	Keywords:	has-patch needs-unit-tests
Focuses:		Cc:

Description

When testing the pingbacks on PHP 7.3, we run into a backward compatibility issue with strip_tags ( see https://bugs.php.net/bug.php?id=78003 ) which made me look into the implementation of the context lookup for the pingback link.

When using the strip_tags with whitelisted <a> element ( see https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-wp-xmlrpc-server.php?rev=45310#L6805 ), we are still getting a lot of inline CSS and JS in the output which needs to be checked. I believe that it would make the implementation more reliable (and it would have actually prevented the PHP bug mentioned above from breaking the stuff) if the inline CSS and JS content would be removed.

Attachments (1)

47283.diff (646 bytes) - added by david.binda 6 years ago.

Download all attachments as: .zip

Change History (3)

@david.binda
6 years ago

Attachment 47283.diff added

#1 @SergeyBiryukov
6 years ago

Keywords has-patch needs-unit-tests added
Milestone changed from Awaiting Review to 5.3

#2 @SergeyBiryukov
6 years ago

Owner set to SergeyBiryukov
Resolution set to fixed
Status changed from new to closed

In 45823:

Pings/Trackbacks: In wp_xmlrpc_server::pingback_ping(), strip inline JS and CSS while trying to figure out the pingback context.

Props david.binda.
Fixes #47283.

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats:

Make WordPress Core