Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Preserve block style variations when securing theme #5013

Open
wants to merge 2 commits into
base: trunk
Choose a base branch
from
Open

Preserve block style variations when securing theme #5013

wants to merge 2 commits into from
+94 −0

Conversation

dsas
Copy link

@dsas dsas commented Aug 15, 2023
edited
Loading

Valid and safe block style variations were being removed by WP_Theme_JSON::remove_insecure_properties when securing the theme.json. When this was a problem varied depending upon site configuration, but out-of-the-box it was a problem for administrators on multi-site installs.

This change adds explicit processing of variations in remove_insecure_properties so that they won't get removed.

Trac ticket: https://core.trac.wordpress.org/ticket/59108

This has already been merged as WordPress/gutenberg#53466 and is a manual sync of that change.

This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.

@dsas
Preserve block style variations when securing theme
7296e5c 
Valid and safe block style variations were being removed by
`WP_Theme_JSON::remove_insecure_properties` when securing the
theme.json. When this was a problem varied depending upon site
configuration, but out-of-the-box it was a problem for administrators on
multi-site installs.

This change adds explicit processing of variations in
`remove_insecure_properties` so that they won't get removed.
@dsas dsas mentioned this pull request Aug 15, 2023
Merged
ramonjd
ramonjd approved these changes Aug 18, 2023
View reviewed changes
Copy link
Member

@ramonjd ramonjd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I managed to successfully test this by defining the constant

define( 'DISALLOW_UNFILTERED_HTML', true );

which prevents setting the 'unfiltered_html' capability.

LGTM

Thank you!

@dsas
Copy link
Author

dsas commented Aug 31, 2023

@ramonjd, sorry I've been afk. What's the next step here?

@ramonjd
Copy link
Member

ramonjd commented Aug 31, 2023
edited
Loading

Thanks for the ping! We're now looking for a core committer to give final review.

cc @tellthemachines

Though I think it might now be punted to 6.3.2 (?) given that it's mentioned on:

At any rate, I added it to the 6.3.x board a while back so it's on the radar.

tellthemachines
tellthemachines approved these changes Sep 1, 2023
View reviewed changes
Copy link
Contributor

@tellthemachines tellthemachines left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR, changes LGTM!

@tellthemachines
Copy link
Contributor

Committed to trunk in r56502; leaving the PR open pending commit to the release branch.

@mikachan mikachan mentioned this pull request Sep 5, 2023
Closed
86 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tellthemachines tellthemachines tellthemachines approved these changes

@ramonjd ramonjd ramonjd approved these changes

Assignees
No one assigned
Labels
None yet
Projects
No open projects
WordPress 6.3.x Editor Tasks
Status: 🎯 Needs core commit
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dsas @ramonjd @tellthemachines