From 52d6bd3529306a250df99cd9e3b94864d3eb2ebb Mon Sep 17 00:00:00 2001 From: John Blackbourn Date: Thu, 26 Aug 2021 19:28:57 +0000 Subject: [PATCH] Security: Correct the inline docs for the `wp_kses_allowed_html` filter. Props peterwilsoncc Fixes #53597 Built from https://develop.svn.wordpress.org/trunk@51675 git-svn-id: http://core.svn.wordpress.org/trunk@51281 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/kses.php | 12 ++++++++---- wp-includes/version.php | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/wp-includes/kses.php b/wp-includes/kses.php index 527d374c9c..cf00df3cbd 100644 --- a/wp-includes/kses.php +++ b/wp-includes/kses.php @@ -846,22 +846,26 @@ function wp_kses_one_attr( $string, $element ) { * * @param string|array $context The context for which to retrieve tags. Allowed values are 'post', * 'strip', 'data', 'entities', or the name of a field filter such as - * 'pre_user_description'. + * 'pre_user_description', or an array of allowed HTML elements and attributes. * @return array Array of allowed HTML tags and their allowed attributes. */ function wp_kses_allowed_html( $context = '' ) { global $allowedposttags, $allowedtags, $allowedentitynames; if ( is_array( $context ) ) { + // When `$context` is an array it's actually an array of allowed HTML elements and attributes. + $html = $context; + $context = 'explicit'; + /** * Filters the HTML tags that are allowed for a given context. * * @since 3.5.0 * - * @param array[]|string $context Context to judge allowed tags by. - * @param string $context_type Context name. + * @param array[] $html Allowed HTML tags. + * @param string $context Context name. */ - return apply_filters( 'wp_kses_allowed_html', $context, 'explicit' ); + return apply_filters( 'wp_kses_allowed_html', $html, $context ); } switch ( $context ) { diff --git a/wp-includes/version.php b/wp-includes/version.php index c017c85ecb..65a11458b4 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.9-alpha-51674'; +$wp_version = '5.9-alpha-51675'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.