From d89f6097c409c7f29fc38671e584035dae998d30 Mon Sep 17 00:00:00 2001
From: Peter Wilson <wilson@peterwilson.cc>
Date: Mon, 21 Mar 2022 00:13:05 +0000
Subject: [PATCH] KSES: Allow `lang`, `xml:lang`, `dir` attributes globally.

Globally permit the `lang`, `xml:lang`, and `dir` attributes on all elements rather than a subset in accordance with the HTML specification.

Props upsuper, SergeyBiryukov, mukesh27, audrasjb.
Fixes #54699.

Built from https://develop.svn.wordpress.org/trunk@52968


git-svn-id: http://core.svn.wordpress.org/trunk@52557 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/kses.php    | 108 +++++++++++-----------------------------
 wp-includes/version.php |   2 +-
 2 files changed, 31 insertions(+), 79 deletions(-)

diff --git a/wp-includes/kses.php b/wp-includes/kses.php
index e9a50aac5d..91bb04260a 100644
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@@ -81,16 +81,10 @@ if ( ! CUSTOM_TAGS ) {
 			'target' => true,
 		),
 		'article'    => array(
-			'align'    => true,
-			'dir'      => true,
-			'lang'     => true,
-			'xml:lang' => true,
+			'align' => true,
 		),
 		'aside'      => array(
-			'align'    => true,
-			'dir'      => true,
-			'lang'     => true,
-			'xml:lang' => true,
+			'align' => true,
 		),
 		'audio'      => array(
 			'autoplay' => true,
@@ -101,14 +95,10 @@ if ( ! CUSTOM_TAGS ) {
 			'src'      => true,
 		),
 		'b'          => array(),
-		'bdo'        => array(
-			'dir' => true,
-		),
+		'bdo'        => array(),
 		'big'        => array(),
 		'blockquote' => array(
-			'cite'     => true,
-			'lang'     => true,
-			'xml:lang' => true,
+			'cite' => true,
 		),
 		'br'         => array(),
 		'button'     => array(
@@ -120,17 +110,13 @@ if ( ! CUSTOM_TAGS ) {
 		'caption'    => array(
 			'align' => true,
 		),
-		'cite'       => array(
-			'dir'  => true,
-			'lang' => true,
-		),
+		'cite'       => array(),
 		'code'       => array(),
 		'col'        => array(
 			'align'   => true,
 			'char'    => true,
 			'charoff' => true,
 			'span'    => true,
-			'dir'     => true,
 			'valign'  => true,
 			'width'   => true,
 		),
@@ -148,33 +134,21 @@ if ( ! CUSTOM_TAGS ) {
 		'dd'         => array(),
 		'dfn'        => array(),
 		'details'    => array(
-			'align'    => true,
-			'dir'      => true,
-			'lang'     => true,
-			'open'     => true,
-			'xml:lang' => true,
+			'align' => true,
+			'open'  => true,
 		),
 		'div'        => array(
-			'align'    => true,
-			'dir'      => true,
-			'lang'     => true,
-			'xml:lang' => true,
+			'align' => true,
 		),
 		'dl'         => array(),
 		'dt'         => array(),
 		'em'         => array(),
 		'fieldset'   => array(),
 		'figure'     => array(
-			'align'    => true,
-			'dir'      => true,
-			'lang'     => true,
-			'xml:lang' => true,
+			'align' => true,
 		),
 		'figcaption' => array(
-			'align'    => true,
-			'dir'      => true,
-			'lang'     => true,
-			'xml:lang' => true,
+			'align' => true,
 		),
 		'font'       => array(
 			'color' => true,
@@ -182,10 +156,7 @@ if ( ! CUSTOM_TAGS ) {
 			'size'  => true,
 		),
 		'footer'     => array(
-			'align'    => true,
-			'dir'      => true,
-			'lang'     => true,
-			'xml:lang' => true,
+			'align' => true,
 		),
 		'h1'         => array(
 			'align' => true,
@@ -206,16 +177,10 @@ if ( ! CUSTOM_TAGS ) {
 			'align' => true,
 		),
 		'header'     => array(
-			'align'    => true,
-			'dir'      => true,
-			'lang'     => true,
-			'xml:lang' => true,
+			'align' => true,
 		),
 		'hgroup'     => array(
-			'align'    => true,
-			'dir'      => true,
-			'lang'     => true,
-			'xml:lang' => true,
+			'align' => true,
 		),
 		'hr'         => array(
 			'align'   => true,
@@ -253,10 +218,7 @@ if ( ! CUSTOM_TAGS ) {
 			'value' => true,
 		),
 		'main'       => array(
-			'align'    => true,
-			'dir'      => true,
-			'lang'     => true,
-			'xml:lang' => true,
+			'align' => true,
 		),
 		'map'        => array(
 			'name' => true,
@@ -266,10 +228,7 @@ if ( ! CUSTOM_TAGS ) {
 			'type' => true,
 		),
 		'nav'        => array(
-			'align'    => true,
-			'dir'      => true,
-			'lang'     => true,
-			'xml:lang' => true,
+			'align' => true,
 		),
 		'object'     => array(
 			'data' => array(
@@ -282,10 +241,7 @@ if ( ! CUSTOM_TAGS ) {
 			),
 		),
 		'p'          => array(
-			'align'    => true,
-			'dir'      => true,
-			'lang'     => true,
-			'xml:lang' => true,
+			'align' => true,
 		),
 		'pre'        => array(
 			'width' => true,
@@ -296,26 +252,17 @@ if ( ! CUSTOM_TAGS ) {
 		's'          => array(),
 		'samp'       => array(),
 		'span'       => array(
-			'dir'      => true,
-			'align'    => true,
-			'lang'     => true,
-			'xml:lang' => true,
+			'align' => true,
 		),
 		'section'    => array(
-			'align'    => true,
-			'dir'      => true,
-			'lang'     => true,
-			'xml:lang' => true,
+			'align' => true,
 		),
 		'small'      => array(),
 		'strike'     => array(),
 		'strong'     => array(),
 		'sub'        => array(),
 		'summary'    => array(
-			'align'    => true,
-			'dir'      => true,
-			'lang'     => true,
-			'xml:lang' => true,
+			'align' => true,
 		),
 		'sup'        => array(),
 		'table'      => array(
@@ -324,7 +271,6 @@ if ( ! CUSTOM_TAGS ) {
 			'border'      => true,
 			'cellpadding' => true,
 			'cellspacing' => true,
-			'dir'         => true,
 			'rules'       => true,
 			'summary'     => true,
 			'width'       => true,
@@ -343,7 +289,6 @@ if ( ! CUSTOM_TAGS ) {
 			'char'    => true,
 			'charoff' => true,
 			'colspan' => true,
-			'dir'     => true,
 			'headers' => true,
 			'height'  => true,
 			'nowrap'  => true,
@@ -1237,7 +1182,7 @@ function wp_kses_attr( $element, $attr, $allowed_html, $allowed_protocols ) {
  * Determines whether an attribute is allowed.
  *
  * @since 4.2.3
- * @since 5.0.0 Add support for `data-*` wildcard attributes.
+ * @since 5.0.0 Added support for `data-*` wildcard attributes.
  *
  * @param string $name         The attribute name. Passed by reference. Returns empty string when not allowed.
  * @param string $value        The attribute value. Passed by reference. Returns a filtered value.
@@ -1271,7 +1216,9 @@ function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowe
 		 * Note: the attribute name should only contain `A-Za-z0-9_-` chars,
 		 * double hyphens `--` are not accepted by WordPress.
 		 */
-		if ( strpos( $name_low, 'data-' ) === 0 && ! empty( $allowed_attr['data-*'] ) && preg_match( '/^data(?:-[a-z0-9_]+)+$/', $name_low, $match ) ) {
+		if ( strpos( $name_low, 'data-' ) === 0 && ! empty( $allowed_attr['data-*'] )
+			&& preg_match( '/^data(?:-[a-z0-9_]+)+$/', $name_low, $match )
+		) {
 			/*
 			 * Add the whole attribute name to the allowed attributes and set any restrictions
 			 * for the `data-*` attribute values for the current element.
@@ -2552,7 +2499,9 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
  * Helper function to add global attributes to a tag in the allowed HTML list.
  *
  * @since 3.5.0
- * @since 5.0.0 Add support for `data-*` wildcard attributes.
+ * @since 5.0.0 Added support for `data-*` wildcard attributes.
+ * @since 6.0.0 Added `dir`, `lang`, and `xml:lang` to global attributes.
+ *
  * @access private
  * @ignore
  *
@@ -2567,11 +2516,14 @@ function _wp_add_global_attributes( $value ) {
 		'aria-labelledby'  => true,
 		'aria-hidden'      => true,
 		'class'            => true,
+		'data-*'           => true,
+		'dir'              => true,
 		'id'               => true,
+		'lang'             => true,
 		'style'            => true,
 		'title'            => true,
 		'role'             => true,
-		'data-*'           => true,
+		'xml:lang'         => true,
 	);
 
 	if ( true === $value ) {
diff --git a/wp-includes/version.php b/wp-includes/version.php
index a35dfd6754..0403b78bcb 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.0-alpha-52967';
+$wp_version = '6.0-alpha-52968';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.