[wp-trac] [WordPress Trac] #24221: Importer doesn't import properly
WordPress Trac
noreply at wordpress.org
Fri Feb 21 16:22:45 UTC 2014
#24221: Importer doesn't import properly
--------------------------+----------------------
Reporter: Looimaster | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Import | Version:
Severity: normal | Resolution: invalid
Keywords: | Focuses:
--------------------------+----------------------
Changes (by danielbachhuber):
* status: new => closed
* version: 3.5 =>
* resolution: => invalid
* milestone: WordPress.org =>
Comment:
Hi Looimaster,
I did some testing on this today using this data:
<content:encoded><![CDATA[<div class="container" style="padding: 3em 0
0 0; margin: 0 0 3em 0; background-color: rgba(195, 195, 195, 0.15);">
<h2>Heading</h2>
<p>Paragraph</p>
</div>]]></content:encoded>
Here are my results:
* Doesn't reproduce on WordPress trunk for a single site.
* On WordPress trunk for multisite, this gets stripped: `style="padding:
3em 0 0 0; margin: 0 0 3em 0; background-color: rgba(195, 195, 195,
0.15);"`
* On import, the WordPress importer doesn't actually do any sanitization.
It passes my expected data to `wp_insert_post()`, which the normal kses
rules apply to.
* Your inline CSS is sanitized by `safecss_filter_attr()`
([https://core.trac.wordpress.org/browser/tags/3.8.1/src/wp-
includes/kses.php#L1398 ref]). It's stripped out entirely because of
#10336
I think your best bet in this use case is to remove kses filters when it's
a "trusted" import. You might also want to come up with an alternative
styling mechanism such that you don't need to let your users use
potentially sketchy inline CSS.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24221#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list