From daea174b3f62388e11287d7cda8289168350a747 Mon Sep 17 00:00:00 2001 From: Jonathan Desrosiers Date: Mon, 12 Jul 2021 19:02:53 +0000 Subject: [PATCH] =?UTF-8?q?Widgets:=20Use=20`wp=5Fsidebar=5Fdescription()`?= =?UTF-8?q?=20to=20retrieve=20a=20sidebar=E2=80=99s=20`description`.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This switches `WP_REST_Sidebars_Controller` to use `wp_sidebar_description()` for retrieving the `description` of a given sidebar instead of referencing the value in the `$wp_registered_sidebars` global variable directly. `wp_sidebar_description()` uses `wp_kses()` to only allow the default list of `$allowed_tags` to be present in a sidebar’s `description`. Props timothyblynjacobs, desrosj. Fixes #53646. git-svn-id: https://develop.svn.wordpress.org/trunk@51408 602fd350-edb4-49c9-b593-d223f7449a82 --- .../class-wp-rest-sidebars-controller.php | 2 +- .../rest-api/rest-sidebars-controller.php | 51 +++++++++++++++++++ 2 files changed, 52 insertions(+), 1 deletion(-) diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-sidebars-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-sidebars-controller.php index 50c84f1dd9..18dcc4e9c0 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-sidebars-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-sidebars-controller.php @@ -281,7 +281,7 @@ class WP_REST_Sidebars_Controller extends WP_REST_Controller { $sidebar['status'] = 'active'; $sidebar['name'] = isset( $registered_sidebar['name'] ) ? $registered_sidebar['name'] : ''; - $sidebar['description'] = isset( $registered_sidebar['description'] ) ? $registered_sidebar['description'] : ''; + $sidebar['description'] = isset( $registered_sidebar['description'] ) ? wp_sidebar_description( $id ) : ''; $sidebar['class'] = isset( $registered_sidebar['class'] ) ? $registered_sidebar['class'] : ''; $sidebar['before_widget'] = isset( $registered_sidebar['before_widget'] ) ? $registered_sidebar['before_widget'] : ''; $sidebar['after_widget'] = isset( $registered_sidebar['after_widget'] ) ? $registered_sidebar['after_widget'] : ''; diff --git a/tests/phpunit/tests/rest-api/rest-sidebars-controller.php b/tests/phpunit/tests/rest-api/rest-sidebars-controller.php index a257281041..5500c054a7 100644 --- a/tests/phpunit/tests/rest-api/rest-sidebars-controller.php +++ b/tests/phpunit/tests/rest-api/rest-sidebars-controller.php @@ -312,6 +312,57 @@ class WP_Test_REST_Sidebars_Controller extends WP_Test_REST_Controller_Testcase ); } + /** + * @ticket 53646 + */ + public function test_get_items_when_descriptions_have_markup() { + register_sidebar( + array( + 'name' => 'New Sidebar', + 'id' => 'new-sidebar', + 'description' => 'This is a description with some markup.', + 'before_widget' => '', + 'after_widget' => '', + 'before_title' => '', + 'after_title' => '', + ) + ); + + $request = new WP_REST_Request( 'GET', '/wp/v2/sidebars' ); + $response = rest_get_server()->dispatch( $request ); + $data = $response->get_data(); + $data = $this->remove_links( $data ); + $this->assertSame( + array( + array( + 'id' => 'wp_inactive_widgets', + 'name' => 'Inactive widgets', + 'description' => '', + 'class' => '', + 'before_widget' => '', + 'after_widget' => '', + 'before_title' => '', + 'after_title' => '', + 'status' => 'inactive', + 'widgets' => array(), + ), + array( + 'id' => 'new-sidebar', + 'name' => 'New Sidebar', + 'description' => 'This is a description with some markup.', + 'class' => '', + 'before_widget' => '', + 'after_widget' => '', + 'before_title' => '', + 'after_title' => '', + 'status' => 'active', + 'widgets' => array(), + ), + ), + $data + ); + } + /** * @ticket 41683 */