diff --git a/wp-includes/kses.php b/wp-includes/kses.php index 9c57c3a8e5..846c2dc2be 100644 --- a/wp-includes/kses.php +++ b/wp-includes/kses.php @@ -2073,6 +2073,7 @@ function safecss_filter_attr( $css, $deprecated = '' ) { * @since 5.2.0 Added support for `background-position` and `grid-template-columns` * @since 5.3.0 Added support for `grid`, `flex` and `column` layout properties. * Extend `background-*` support of individual properties. + * @since 5.3.1 Added support for gradient backgrounds. * * @param string[] $attr Array of allowed CSS attributes. */ @@ -2209,6 +2210,15 @@ function safecss_filter_attr( $css, $deprecated = '' ) { 'list-style-image', ); + /* + * CSS attributes that accept gradient data types. + * + */ + $css_gradient_data_types = array( + 'background', + 'background-image', + ); + if ( empty( $allowed_attr ) ) { return $css; } @@ -2223,6 +2233,7 @@ function safecss_filter_attr( $css, $deprecated = '' ) { $css_test_string = $css_item; $found = false; $url_attr = false; + $gradient_attr = false; if ( strpos( $css_item, ':' ) === false ) { $found = true; @@ -2231,8 +2242,9 @@ function safecss_filter_attr( $css, $deprecated = '' ) { $css_selector = trim( $parts[0] ); if ( in_array( $css_selector, $allowed_attr, true ) ) { - $found = true; - $url_attr = in_array( $css_selector, $css_url_data_types, true ); + $found = true; + $url_attr = in_array( $css_selector, $css_url_data_types, true ); + $gradient_attr = in_array( $css_selector, $css_gradient_data_types, true ); } } @@ -2261,6 +2273,14 @@ function safecss_filter_attr( $css, $deprecated = '' ) { } } + if ( $found && $gradient_attr ) { + $css_value = trim( $parts[1] ); + if ( preg_match( '/^(repeating-)?(linear|radial|conic)-gradient\(([^()]|rgb[a]?\([^()]*\))*\)$/', $css_value ) ) { + // Remove the whole `gradient` bit that was matched above from the CSS. + $css_test_string = str_replace( $css_value, '', $css_test_string ); + } + } + // Remove any CSS containing containing \ ( & } = or comments, except for url() useage checked above. if ( $found && ! preg_match( '%[\\\(&=}]|/\*%', $css_test_string ) ) { if ( $css != '' ) { diff --git a/wp-includes/version.php b/wp-includes/version.php index cb66e0f818..0f7a300199 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.4-alpha-46792'; +$wp_version = '5.4-alpha-46793'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.