-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Preserve block style variations when securing theme #5013
base: trunk
Are you sure you want to change the base?
Conversation
Valid and safe block style variations were being removed by `WP_Theme_JSON::remove_insecure_properties` when securing the theme.json. When this was a problem varied depending upon site configuration, but out-of-the-box it was a problem for administrators on multi-site installs. This change adds explicit processing of variations in `remove_insecure_properties` so that they won't get removed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I managed to successfully test this by defining the constant
define( 'DISALLOW_UNFILTERED_HTML', true );
which prevents setting the 'unfiltered_html'
capability.
LGTM
Thank you!
@ramonjd, sorry I've been afk. What's the next step here? |
Thanks for the ping! We're now looking for a core committer to give final review. Though I think it might now be punted to 6.3.2 (?) given that it's mentioned on: At any rate, I added it to the 6.3.x board a while back so it's on the radar. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR, changes LGTM!
Committed to trunk in r56502; leaving the PR open pending commit to the release branch. |
Valid and safe block style variations were being removed by
WP_Theme_JSON::remove_insecure_properties
when securing the theme.json. When this was a problem varied depending upon site configuration, but out-of-the-box it was a problem for administrators on multi-site installs.This change adds explicit processing of variations in
remove_insecure_properties
so that they won't get removed.Trac ticket: https://core.trac.wordpress.org/ticket/59108
This has already been merged as WordPress/gutenberg#53466 and is a manual sync of that change.
This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.