Skip to content

Commit

Permalink
Preserve block style variations when securing theme json
Browse files Browse the repository at this point in the history 
Valid and safe block style variations were being removed by
`WP_Theme_JSON_Gutenberg::remove_insecure_properties` when securing the
theme.json. When this was a problem varied depending upon site
configuration, but out-of-the-box it was a problem for administrators on
multi-site installs.

This change adds explicit processing of variations in
`remove_insecure_properties` so that they won't get removed.
  • Loading branch information
@dsas
dsas committed Aug 9, 2023
1 parent da06123 commit ba0f0fd
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 0 deletions.
14 changes: 14 additions & 0 deletions lib/class-wp-theme-json-gutenberg.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2900,6 +2900,20 @@ public static function remove_insecure_properties( $theme_json ) {
if ( ! empty( $output ) ) {
_wp_array_set( $sanitized, $metadata['path'], $output );
}

if ( isset( $metadata['variations'] ) ) {
foreach ( $metadata['variations'] as $variation ) {
$variation_input = _wp_array_get( $theme_json, $variation['path'], array() );
if ( empty( $variation_input ) ) {
continue;
}

$variation_output = static::remove_insecure_styles( $variation_input );
if ( ! empty( $variation_output ) ) {
_wp_array_set( $sanitized, $variation['path'], $variation_output );
}
}
}
}

$setting_nodes = static::get_setting_nodes( $theme_json );
Expand Down
28 changes: 28 additions & 0 deletions phpunit/class-wp-theme-json-test.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1702,6 +1702,34 @@ public function data_get_styles_for_block_with_style_variations() {
);
}

public function test_block_style_variations() {
wp_set_current_user( static::$administrator_id );

$expected = array(
'version' => WP_Theme_JSON_Gutenberg::LATEST_SCHEMA,
'styles' => array(
'blocks' => array(
'core/button' => array(
'color' => array(
'background' => 'blue',
),
'variations' => array(
'outline' => array(
'color' => array(
'background' => 'purple',
),
),
),
),
),
),
);

$actual = WP_Theme_JSON_Gutenberg::remove_insecure_properties( $expected );

$this->assertSameSetsWithIndex( $expected, $actual );
}

public function test_update_separator_declarations() {
// If only background is defined, test that includes border-color to the style so it is applied on the front end.
$theme_json = new WP_Theme_JSON_Gutenberg(
Expand Down

0 comments on commit ba0f0fd

Please sign in to comment.