Global Styles: Fix block spacing values being stripped for users without unfiltered_html capability #3742
Conversation
There was a problem hiding this comment.
Thanks for handling this @andrewserong! I've left a few thoughts below.
|
Thanks for the feedback @costdev, all good notes! I've implemented those changes. I'm wrapping up for the day, but happy to do any other follow-ups tomorrow (and of course, anyone with access, feel free to jump in and make any changes you might need 😀) |
andrewserong
changed the title
|
Just an update that I'm wrapping up for the year now, so likely won't catch continued discussion here. If this change looks suitable, though, please feel free to go ahead and commit it if anyone would like to. I think ideally this would be a good one to make it into 6.1.2 if it can, rather than waiting until 6.2. Thanks again for the reviews! |
|
Just a heads up that I just merged WordPress/gutenberg#46712 in Gutenberg which is a follow-up of the changes backported here, so I think we could use this PR to include the follow-up as well. |
peterwilsoncc
dismissed
their stale review
Per comment above re WordPress/gutenberg#46712
|
That makes sense @mmtr I've dismissed my review pending any follow up. I'm not sure when Andrew returns from EOY holidays so someone else may need to create a follow up PR with both issues. |
|
Thanks for the heads-up @mmtr and Peter! I'm back today, so I'll roll those changes into this PR — if I don't get to it today, I'll fix it up tomorrow. |
…ut unfiltered_html capability
Co-authored-by: Colin Stewart <79332690+costdev@users.noreply.github.com>
Co-authored-by: Colin Stewart <79332690+costdev@users.noreply.github.com>
andrewserong
force-pushed
the
fix/global-spacing-stripped-block-spacing-values
branch
from
64c4621 to
b7f4a5d
Compare
|
Alrighty, I've merged in the changes from WordPress/gutenberg#46712 and re-tested locally, and it appears to all be working well for me, so this should be ready for another look now. |
|
Thanks @andrewserong for backporting WordPress/gutenberg#46712 as well! |
Co-authored-by: Miguel Torres <miguelmariatorresrojas@gmail.com>
| * but are used elsewhere in the processing of global styles. The indirect | ||
| * property is used to validate whether or not a style value is allowed. | ||
| * | ||
| * @since 6.1.2 |
There was a problem hiding this comment.
@peterwilsoncc is this planned for 6.1.2? Or is this for 6.2?
|
Thanks for tidying this one up @hellofromtonya! Because this resolves a bug in 6.1, the hope was that this could make it into 6.1.2 (and therefore also 6.2). |
|
@andrewserong @hellofromtonya If the bug, or relevant block, was introduced in 6.1 then I'm happy for this to go in the next minor release too. |
|
@Mamaduka @ntsekouras just double-checking the status of this one being included in 6.2? Ideally the fix should land for both 6.1.2 and 6.2. |
|
@andrewserong, I believe the fix is merged into the trunk first and then backported into the minor branches. |
|
@peterwilsoncc did you want to commit this for 6.2 and then backport to 6.1 branch? |
|
Wonderful, thanks for committing, Peter! 🙇 |
|
👋 There are some changes here that are not part of the original gutenberg PR. I've backported them to gutenberg at WordPress/gutenberg#48646 |
|
Thanks so much @oandregal! I'll give that PR a review today. |
This PR backports WordPress/gutenberg#46388 and WordPress/gutenberg#46712 which resolved WordPress/gutenberg#45520 in Gutenberg.
To recap: for users without the
unfiltered_htmlcapability (e.g. an Admin user within a multi site WordPress instance), when saving custom block spacing values or content/wide layout sizes within global styles, the value is stripped on save. The fix is to ensure that indirect properties (that is, Theme JSON properties that are not directly output viacompute_style_propertieswithinremove_insecure_stylesandremove_insecure_settings) are also allowed.For more context, please see: WordPress/gutenberg#46388
Trac ticket: https://core.trac.wordpress.org/ticket/57321
Testing instructions
src/wp-includes/default-filters.php):add_action( 'init', 'kses_init_filters' );— this switches on the kses filters used when a user does not have theunfiltered_htmlcapability.This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.