WordPress.org

Make WordPress Core

Opened 12 days ago

Closed 11 days ago

#53646 closed defect (bug) (fixed)

Use `wp_sidebar_description` for sidebar description in the REST API

Reported by: desrosj Owned by: desrosj
Milestone: 5.8 Priority: normal
Severity: normal Version: 5.8
Component: Widgets Keywords: has-patch commit dev-reviewed fixed-major
Focuses: rest-api Cc:

Description

The wp_sidebar_description() function is for retrieving and sanitizing a sidebar description as passed to register_sidebar(). This allows a subset of markup to be allowed as dictated by wp_kses().

The REST API should return the description as generated by wp_sidebar_description() and not by accessing the $registered_sidebar global directly.

Attachments (1)

53646.diff (2.9 KB) - added by desrosj 12 days ago.

Download all attachments as: .zip

Change History (8)

@desrosj
12 days ago

#1 @TimothyBlynJacobs
12 days ago

  • Keywords commit added

Patch looks great to me!

#2 @desrosj
12 days ago

  • Component changed from REST API to Widgets
  • Focuses rest-api added

#3 @desrosj
12 days ago

  • Owner set to desrosj
  • Resolution set to fixed
  • Status changed from new to closed

In 51408:

Widgets: Use wp_sidebar_description() to retrieve a sidebar’s description.

This switches WP_REST_Sidebars_Controller to use wp_sidebar_description() for retrieving the description of a given sidebar instead of referencing the value in the $wp_registered_sidebars global variable directly.

wp_sidebar_description() uses wp_kses() to only allow the default list of $allowed_tags to be present in a sidebar’s description.

Props timothyblynjacobs, desrosj.
Fixes #53646.

#4 @desrosj
12 days ago

  • Keywords dev-feedback fixed-major added
  • Resolution fixed deleted
  • Status changed from closed to reopened

Reopening to backport [51408].

#5 @desrosj
12 days ago

Just a note for the future, I was tempted to simplify further and remove the entire isset() check in favor of wp_sidebar_description(). But because wp_sidebar_description() can return void if the sidebar $id is non-scalar, that can't be done currently.

#6 @SergeyBiryukov
12 days ago

  • Keywords dev-reviewed added; dev-feedback removed

[51408] looks good to backport.

#7 @desrosj
11 days ago

  • Resolution set to fixed
  • Status changed from reopened to closed

[51412] merged [51408] to the 5.8 branch, but Trac missed it. Closing out.

Note: See TracTickets for help on using tickets.