From a3a7ccf107122e045498f600c5bc796051ea8e44 Mon Sep 17 00:00:00 2001 From: desrosj Date: Mon, 12 Jul 2021 19:03:57 +0000 Subject: [PATCH] =?UTF-8?q?Widgets:=20Use=20`wp=5Fsidebar=5Fdescription()`?= =?UTF-8?q?=20to=20retrieve=20a=20sidebar=E2=80=99s=20`description`.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This switches `WP_REST_Sidebars_Controller` to use `wp_sidebar_description()` for retrieving the `description` of a given sidebar instead of referencing the value in the `$wp_registered_sidebars` global variable directly. `wp_sidebar_description()` uses `wp_kses()` to only allow the default list of `$allowed_tags` to be present in a sidebar’s `description`. Props timothyblynjacobs, desrosj. Fixes #53646. Built from https://develop.svn.wordpress.org/trunk@51408 git-svn-id: http://core.svn.wordpress.org/trunk@51019 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- .../rest-api/endpoints/class-wp-rest-sidebars-controller.php | 2 +- wp-includes/version.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-sidebars-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-sidebars-controller.php index 50c84f1dd9..18dcc4e9c0 100644 --- a/wp-includes/rest-api/endpoints/class-wp-rest-sidebars-controller.php +++ b/wp-includes/rest-api/endpoints/class-wp-rest-sidebars-controller.php @@ -281,7 +281,7 @@ class WP_REST_Sidebars_Controller extends WP_REST_Controller { $sidebar['status'] = 'active'; $sidebar['name'] = isset( $registered_sidebar['name'] ) ? $registered_sidebar['name'] : ''; - $sidebar['description'] = isset( $registered_sidebar['description'] ) ? $registered_sidebar['description'] : ''; + $sidebar['description'] = isset( $registered_sidebar['description'] ) ? wp_sidebar_description( $id ) : ''; $sidebar['class'] = isset( $registered_sidebar['class'] ) ? $registered_sidebar['class'] : ''; $sidebar['before_widget'] = isset( $registered_sidebar['before_widget'] ) ? $registered_sidebar['before_widget'] : ''; $sidebar['after_widget'] = isset( $registered_sidebar['after_widget'] ) ? $registered_sidebar['after_widget'] : ''; diff --git a/wp-includes/version.php b/wp-includes/version.php index 54deb313ea..4590efc690 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.9-alpha-51405'; +$wp_version = '5.9-alpha-51408'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.