Opened 2 years ago
Closed 19 months ago
#57321 closed defect (bug) (fixed)
Global Styles: Block spacing and content/wide layout values are not saved if user does not have unfiltered_html capability
Reported by: | andrewserong | Owned by: | peterwilsoncc |
---|---|---|---|
Milestone: | 6.2 | Priority: | normal |
Severity: | normal | Version: | 6.1 |
Component: | Editor | Keywords: | has-patch has-unit-tests gutenberg-merge commit fixed-major dev-reviewed |
Focuses: | Cc: |
Description
This issue was already raised in Gutenberg over in: https://github.com/WordPress/gutenberg/issues/45520. A fix has landed in Gutenberg in https://github.com/WordPress/gutenberg/pull/46388. This trac issue exists to ensure that the fix is backported to core.
To recap: for users without the unfiltered_html capability (e.g. an Admin user within a multi site WordPress instance), when saving custom block spacing values within global styles, the value is stripped on save.
This is due to the blockGap value not being factored in within the theme JSON class's remove_insecure_styles
function, which currently only validates styles that are output via compute_style_properties
.
The proposed fix that landed in Gutenberg is to also support indirect values in remove_insecure_styles
, that is — values that will be output separately to compute_style_properties
. For these values, a list of approved CSS properties is included, to be used for testing whether or not a value is allowed.
Change History (25)
This ticket was mentioned in PR #3742 on WordPress/wordpress-develop by @andrewserong.
2 years ago
#1
- Keywords has-patch has-unit-tests added
#2
@
2 years ago
I've opened up a PR to backport the Gutenberg fix. Also, just a note that it'd be great if this fix can make it into 6.1.2 rather than waiting for 6.2, since it's an unfortunate bug for admins running multi-site WordPress instances.
@andrewserong commented on PR #3742:
2 years ago
#3
Thanks for the feedback @costdev, all good notes! I've implemented those changes. I'm wrapping up for the day, but happy to do any other follow-ups tomorrow (and of course, anyone with access, feel free to jump in and make any changes you might need 😀)
@andrewserong commented on PR #3742:
2 years ago
#4
Just an update that I'm wrapping up for the year now, so likely won't catch continued discussion here. If this change looks suitable, though, please feel free to go ahead and commit it if anyone would like to. I think ideally this would be a good one to make it into 6.1.2 if it can, rather than waiting until 6.2. Thanks again for the reviews!
23 months ago
#5
Just a heads up that I just merged https://github.com/WordPress/gutenberg/pull/46712 in Gutenberg which is a follow-up of the changes backported here, so I think we could use this PR to include the follow-up as well.
@peterwilsoncc commented on PR #3742:
23 months ago
#6
That makes sense @mmtr
I've dismissed my review pending any follow up. I'm not sure when Andrew returns from EOY holidays so someone else may need to create a follow up PR with both issues.
@andrewserong commented on PR #3742:
23 months ago
#7
Thanks for the heads-up @mmtr and Peter! I'm back today, so I'll roll those changes into this PR — if I don't get to it today, I'll fix it up tomorrow.
@andrewserong commented on PR #3742:
23 months ago
#8
Alrighty, I've merged in the changes from https://github.com/WordPress/gutenberg/pull/46712 and re-tested locally, and it appears to all be working well for me, so this should be ready for another look now.
#9
@
23 months ago
- Summary changed from Global Styles: Block spacing values are not saved if user does not have unfiltered_html capability to Global Styles: Block spacing and content/wide layout values are not saved if user does not have unfiltered_html capability
22 months ago
#10
Thanks @andrewserong for backporting https://github.com/WordPress/gutenberg/pull/46712 as well!
#11
@
22 months ago
- Keywords gutenberg-merge commit added
- Milestone changed from Awaiting Review to 6.1.2
- Version changed from trunk to 6.1
I see @peterwilsoncc approved the PR. I pushed a change to simplify the code.
Marking for commit and moving it into 6.1.2 milestone. If it's to be in 6.2 and not 6.1.2, please update the milestone.
@andrewserong commented on PR #3742:
22 months ago
#12
Thanks for tidying this one up @hellofromtonya! Because this resolves a bug in 6.1, the hope was that this could make it into 6.1.2 (and therefore also 6.2).
@peterwilsoncc commented on PR #3742:
22 months ago
#13
@andrewserong @hellofromtonya If the bug, or relevant block, was introduced in 6.1 then I'm happy for this to go in the next minor release too.
@andrewserong commented on PR #3742:
21 months ago
#14
@Mamaduka @ntsekouras just double-checking the status of this one being included in 6.2? Ideally the fix should land for both 6.1.2 and 6.2.
@Mamaduka commented on PR #3742:
21 months ago
#15
@andrewserong, I believe the fix is merged into the trunk first and then backported into the minor branches.
@hellofromTonya commented on PR #3742:
21 months ago
#16
@peterwilsoncc did you want to commit this for 6.2 and then backport to 6.1 branch?
#17
@
21 months ago
- Owner set to peterwilsoncc
- Resolution set to fixed
- Status changed from new to closed
In 55345:
@peterwilsoncc commented on PR #3742:
21 months ago
#18
@andrewserong commented on PR #3742:
21 months ago
#19
Wonderful, thanks for committing, Peter! 🙇
#20
@
21 months ago
- Keywords fixed-major added
- Resolution fixed deleted
- Status changed from closed to reopened
Reopening for merging in to the 6.1 branch.
#21
@
21 months ago
- Keywords dev-reviewed added
LGTM for backport to the 6.1 branch, i.e. for a 6.1.2 minor.
@oandregal commented on PR #3742:
21 months ago
#22
:wave: There are some changes here that are not part of the original gutenberg PR. I've backported them to gutenberg at https://github.com/WordPress/gutenberg/pull/48646
@andrewserong commented on PR #3742:
21 months ago
#23
Thanks so much @oandregal! I'll give that PR a review today.
This PR backports https://github.com/WordPress/gutenberg/pull/46388 which resolved https://github.com/WordPress/gutenberg/issues/45520 in Gutenberg.
To recap: for users without the unfiltered_html capability (e.g. an Admin user within a multi site WordPress instance), when saving custom block spacing values within global styles, the value is stripped on save. The fix is to ensure that indirect properties (that is, Theme JSON properties that are not directly output via
compute_style_properties
within `remove_insecure_styles) are also allowed.For more context, please see: https://github.com/WordPress/gutenberg/pull/46388
Trac ticket: https://core.trac.wordpress.org/ticket/57321
## Testing instructions
src/wp-includes/default-filters.php
):add_action( 'init', 'kses_init_filters' );
— this switching on the kses filters used when a user does not have theunfiltered_html
capability.