WP_Theme_JSON::remove_insecure_properties() – Removes insecure data from theme.json.

You appear to be a bot. Output may be restricted

Description

Removes insecure data from theme.json.

Usage

$array = WP_Theme_JSON::remove_insecure_properties( $theme_json );

Parameters

$theme_json
( array ) required – Structure to sanitize.

Returns

array Sanitized structure.

Source

File name: wordpress/wp-includes/class-wp-theme-json.php


Lines:

1 to 74 of 74
  public static function remove_insecure_properties( $theme_json ) {
    $sanitized = array();

    $theme_json = WP_Theme_JSON_Schema::migrate( $theme_json );

    $valid_block_names   = array_keys( static::get_blocks_metadata() );
    $valid_element_names = array_keys( static::ELEMENTS );

    $theme_json = static::sanitize( $theme_json, $valid_block_names, $valid_element_names );

    $blocks_metadata = static::get_blocks_metadata();
    $style_nodes     = static::get_style_nodes( $theme_json, $blocks_metadata );

    foreach ( $style_nodes as $metadata ) {
      $input = _wp_array_get( $theme_json, $metadata['path'], array() );
      if ( empty( $input ) ) {
        continue;
      }

      $output = static::remove_insecure_styles( $input );

      /*
			 * Get a reference to element name from path.
			 * $metadata['path'] = array( 'styles', 'elements', 'link' );
			 */
      $current_element = $metadata['path'][ count( $metadata['path'] ) - 1 ];

      /*
			 * $output is stripped of pseudo selectors. Re-add and process them
			 * or insecure styles here.
			 */
      // TODO: Replace array_key_exists() with isset() check once WordPress drops
      // support for PHP 5.6. See https://core.trac.wordpress.org/ticket/57067.
      if ( array_key_exists( $current_element, static::VALID_ELEMENT_PSEUDO_SELECTORS ) ) {
        foreach ( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] as $pseudo_selector ) {
          if ( isset( $input[ $pseudo_selector ] ) ) {
            $output[ $pseudo_selector ] = static::remove_insecure_styles( $input[ $pseudo_selector ] );
          }
        }
      }

      if ( ! empty( $output ) ) {
        _wp_array_set( $sanitized, $metadata['path'], $output );
      }
    }

    $setting_nodes = static::get_setting_nodes( $theme_json );
    foreach ( $setting_nodes as $metadata ) {
      $input = _wp_array_get( $theme_json, $metadata['path'], array() );
      if ( empty( $input ) ) {
        continue;
      }

      $output = static::remove_insecure_settings( $input );
      if ( ! empty( $output ) ) {
        _wp_array_set( $sanitized, $metadata['path'], $output );
      }
    }

    if ( empty( $sanitized['styles'] ) ) {
      unset( $theme_json['styles'] );
    } else {
      $theme_json['styles'] = $sanitized['styles'];
    }

    if ( empty( $sanitized['settings'] ) ) {
      unset( $theme_json['settings'] );
    } else {
      $theme_json['settings'] = $sanitized['settings'];
    }

    return $theme_json;
  }
 

 View on GitHub View on Trac