fonts-api
2 years ago
interactivity-api
2 years ago
block-editor-settings-mobile.php
2 years ago
block-editor-settings.php
2 years ago
blocks.php
2 years ago
class-gutenberg-rest-global-styles-revisions-controller.php
2 years ago
class-wp-classic-to-block-menu-converter.php
2 years ago
class-wp-navigation-fallback-gutenberg.php
2 years ago
class-wp-rest-block-editor-settings-controller.php
2 years ago
class-wp-rest-customizer-nonces.php
2 years ago
class-wp-rest-navigation-fallback-controller.php
2 years ago
editor-settings.php
2 years ago
kses.php
2 years ago
l10n.php
2 years ago
navigation-fallback.php
2 years ago
navigation-theme-opt-in.php
2 years ago
rest-api.php
2 years ago
kses.php
109 lines
| 1 | <?php |
| 2 | /** |
| 3 | * Temporary compatibility shims for kses rules present in Gutenberg. |
| 4 | * |
| 5 | * The functions in this file should not be backported to core. |
| 6 | * |
| 7 | * @package gutenberg |
| 8 | */ |
| 9 | |
| 10 | /** |
| 11 | * Sanitizes global styles user content removing unsafe rules. |
| 12 | * |
| 13 | * This function is identical to the core version, but called the |
| 14 | * Gutenberg version of the theme JSON class (`WP_Theme_JSON_Gutenberg`). |
| 15 | * |
| 16 | * This function should not be backported to core. |
| 17 | * |
| 18 | * @since 5.9.0 |
| 19 | * |
| 20 | * @param string $data Post content to filter. |
| 21 | * @return string Filtered post content with unsafe rules removed. |
| 22 | */ |
| 23 | function gutenberg_filter_global_styles_post( $data ) { |
| 24 | $decoded_data = json_decode( wp_unslash( $data ), true ); |
| 25 | $json_decoding_error = json_last_error(); |
| 26 | if ( |
| 27 | JSON_ERROR_NONE === $json_decoding_error && |
| 28 | is_array( $decoded_data ) && |
| 29 | isset( $decoded_data['isGlobalStylesUserThemeJSON'] ) && |
| 30 | $decoded_data['isGlobalStylesUserThemeJSON'] |
| 31 | ) { |
| 32 | unset( $decoded_data['isGlobalStylesUserThemeJSON'] ); |
| 33 | |
| 34 | $data_to_encode = WP_Theme_JSON_Gutenberg::remove_insecure_properties( $decoded_data ); |
| 35 | |
| 36 | $data_to_encode['isGlobalStylesUserThemeJSON'] = true; |
| 37 | return wp_slash( wp_json_encode( $data_to_encode ) ); |
| 38 | } |
| 39 | return $data; |
| 40 | } |
| 41 | |
| 42 | /** |
| 43 | * Override core's kses_init_filters hooks for global styles, |
| 44 | * and use Gutenberg's version instead. This ensures that |
| 45 | * Gutenberg's `remove_insecure_properties` function can be called. |
| 46 | * |
| 47 | * The hooks are only set if they are already added, which ensures |
| 48 | * that global styles is only filtered for users without the `unfiltered_html` |
| 49 | * capability. |
| 50 | * |
| 51 | * This function should not be backported to core. |
| 52 | */ |
| 53 | function gutenberg_override_core_kses_init_filters() { |
| 54 | if ( has_filter( 'content_save_pre', 'wp_filter_global_styles_post' ) ) { |
| 55 | remove_filter( 'content_save_pre', 'wp_filter_global_styles_post', 9 ); |
| 56 | add_filter( 'content_save_pre', 'gutenberg_filter_global_styles_post', 9 ); |
| 57 | } |
| 58 | |
| 59 | if ( has_filter( 'content_filtered_save_pre', 'wp_filter_global_styles_post' ) ) { |
| 60 | remove_filter( 'content_filtered_save_pre', 'wp_filter_global_styles_post', 9 ); |
| 61 | add_filter( 'content_filtered_save_pre', 'gutenberg_filter_global_styles_post', 9 ); |
| 62 | } |
| 63 | |
| 64 | } |
| 65 | // The 'kses_init_filters' is usually initialized with default priority. Use higher priority to override. |
| 66 | add_action( 'init', 'gutenberg_override_core_kses_init_filters', 20 ); |
| 67 | add_action( 'set_current_user', 'gutenberg_override_core_kses_init_filters' ); |
| 68 | |
| 69 | /** |
| 70 | * See https://github.com/WordPress/wordpress-develop/pull/4108 |
| 71 | * |
| 72 | * Mark CSS safe if it contains a "filter: url('#wp-duotone-...')" rule. |
| 73 | * |
| 74 | * This function should not be backported to core. |
| 75 | * |
| 76 | * @param bool $allow_css Whether the CSS is allowed. |
| 77 | * @param string $css_test_string The CSS to test. |
| 78 | */ |
| 79 | function allow_filter_in_styles( $allow_css, $css_test_string ) { |
| 80 | if ( preg_match( |
| 81 | "/^filter:\s*url\('#wp-duotone-[-a-zA-Z0-9]+'\) !important$/", |
| 82 | $css_test_string |
| 83 | ) ) { |
| 84 | return true; |
| 85 | } |
| 86 | return $allow_css; |
| 87 | } |
| 88 | |
| 89 | add_filter( 'safecss_filter_attr_allow_css', 'allow_filter_in_styles', 10, 2 ); |
| 90 | |
| 91 | /** |
| 92 | * Mark CSS safe if it contains grid functions |
| 93 | * |
| 94 | * This function should not be backported to core. |
| 95 | * |
| 96 | * @param bool $allow_css Whether the CSS is allowed. |
| 97 | * @param string $css_test_string The CSS to test. |
| 98 | */ |
| 99 | function allow_grid_functions_in_styles( $allow_css, $css_test_string ) { |
| 100 | if ( preg_match( |
| 101 | '/^grid-template-columns:\s*repeat\([0-9,a-z-\s\(\)]*\)$/', |
| 102 | $css_test_string |
| 103 | ) ) { |
| 104 | return true; |
| 105 | } |
| 106 | return $allow_css; |
| 107 | } |
| 108 | add_filter( 'safecss_filter_attr_allow_css', 'allow_grid_functions_in_styles', 10, 2 ); |
| 109 |