From 86b50870ec1f4a9ad263d387867c7f5b89ec5486 Mon Sep 17 00:00:00 2001 From: Adam Silverstein Date: Tue, 2 Jun 2020 23:46:11 +0000 Subject: [PATCH] Formatting: add a new 'safe_style_disallowed_chars' filter. Enable developers to change the regex used in `safecss_filter_attr` to limit characters in the parsed CSS. Props paulschreiber, swissspidy, rmccue, bartekcholewa, miinasikk. Fixes #37134. Built from https://develop.svn.wordpress.org/trunk@47891 git-svn-id: http://core.svn.wordpress.org/trunk@47665 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/kses.php | 23 +++++++++++++++++------ wp-includes/version.php | 2 +- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/wp-includes/kses.php b/wp-includes/kses.php index 1aace6c4fa..f1372fbd52 100644 --- a/wp-includes/kses.php +++ b/wp-includes/kses.php @@ -2301,13 +2301,24 @@ function safecss_filter_attr( $css, $deprecated = '' ) { } } - // Remove any CSS containing containing \ ( & } = or comments, except for url() useage checked above. - if ( $found && ! preg_match( '%[\\\(&=}]|/\*%', $css_test_string ) ) { - if ( '' !== $css ) { - $css .= ';'; + if ( $found ) { + /** + * Filters the regex limiting the list of characters not allowed in CSS rules. + * + * Default behaviour is to remove any css containing \ ( & } = or comments, except for url() usage. + * + * @since 5.5.0 + * + * @param string $regex Regex pattern of disallowed characters in CSS rules. Default is '%[\\\(&=}]|/\*%'. + * @param string $css_test_string CSS value to test. + */ + $disallowed_chars = apply_filters( 'safe_style_disallowed_chars', '%[\\\(&=}]|/\*%', $css_test_string ); + if ( ! preg_match( $disallowed_chars, $css_test_string ) ) { + if ( '' !== $css ) { + $css .= ';'; + } + $css .= $css_item; } - - $css .= $css_item; } } diff --git a/wp-includes/version.php b/wp-includes/version.php index 261a212db4..5479a96f5e 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.5-alpha-47889'; +$wp_version = '5.5-alpha-47891'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.