KSES: Conditionally remove the `<form>` element from `$allowedposttags`.
To avoid backwards compatibility issues, `<form>` is re-added if a custom filter has added the `<input>` or `<select>` elements to `$allowedposttags`. Merges [43994] to the 4.1 branch. Built from https://develop.svn.wordpress.org/branches/4.1@44013 git-svn-id: http://core.svn.wordpress.org/branches/4.1@43843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
9ba26aa950
commit
1a074d093a
|
@ -180,15 +180,6 @@ if ( ! CUSTOM_TAGS ) {
|
||||||
'lang' => true,
|
'lang' => true,
|
||||||
'xml:lang' => true,
|
'xml:lang' => true,
|
||||||
),
|
),
|
||||||
'form' => array(
|
|
||||||
'action' => true,
|
|
||||||
'accept' => true,
|
|
||||||
'accept-charset' => true,
|
|
||||||
'enctype' => true,
|
|
||||||
'method' => true,
|
|
||||||
'name' => true,
|
|
||||||
'target' => true,
|
|
||||||
),
|
|
||||||
'h1' => array(
|
'h1' => array(
|
||||||
'align' => true,
|
'align' => true,
|
||||||
),
|
),
|
||||||
|
@ -607,6 +598,7 @@ function wp_kses_one_attr( $string, $element ) {
|
||||||
* Return a list of allowed tags and attributes for a given context.
|
* Return a list of allowed tags and attributes for a given context.
|
||||||
*
|
*
|
||||||
* @since 3.5.0
|
* @since 3.5.0
|
||||||
|
* @since 5.0.1 `form` removed as allowable HTML tag.
|
||||||
*
|
*
|
||||||
* @param string $context The context for which to retrieve tags. Allowed values are
|
* @param string $context The context for which to retrieve tags. Allowed values are
|
||||||
* post | strip | data | entities or the name of a field filter such as pre_user_description.
|
* post | strip | data | entities or the name of a field filter such as pre_user_description.
|
||||||
|
@ -631,8 +623,27 @@ function wp_kses_allowed_html( $context = '' ) {
|
||||||
switch ( $context ) {
|
switch ( $context ) {
|
||||||
case 'post':
|
case 'post':
|
||||||
/** This filter is documented in wp-includes/kses.php */
|
/** This filter is documented in wp-includes/kses.php */
|
||||||
return apply_filters( 'wp_kses_allowed_html', $allowedposttags, $context );
|
$tags = apply_filters( 'wp_kses_allowed_html', $allowedposttags, $context );
|
||||||
break;
|
|
||||||
|
// 5.0.1 removed the `<form>` tag, allow it if a filter is allowing it's sub-elements `<input>` or `<select>`.
|
||||||
|
if ( ! CUSTOM_TAGS && ! isset( $tags['form'] ) && ( isset( $tags['input'] ) || isset( $tags['select'] ) ) ) {
|
||||||
|
$tags = $allowedposttags;
|
||||||
|
|
||||||
|
$tags['form'] = array(
|
||||||
|
'action' => true,
|
||||||
|
'accept' => true,
|
||||||
|
'accept-charset' => true,
|
||||||
|
'enctype' => true,
|
||||||
|
'method' => true,
|
||||||
|
'name' => true,
|
||||||
|
'target' => true,
|
||||||
|
);
|
||||||
|
|
||||||
|
/** This filter is documented in wp-includes/kses.php */
|
||||||
|
$tags = apply_filters( 'wp_kses_allowed_html', $tags, $context );
|
||||||
|
}
|
||||||
|
|
||||||
|
return $tags;
|
||||||
case 'user_description':
|
case 'user_description':
|
||||||
case 'pre_user_description':
|
case 'pre_user_description':
|
||||||
$tags = $allowedtags;
|
$tags = $allowedtags;
|
||||||
|
|
Loading…
Reference in New Issue