[wp-trac] [WordPress Trac] #48955: WP 5.3.1 changes cause potential backwards compatibility breakage with kses

WordPress Trac noreply at wordpress.org
Mon Dec 23 20:58:45 UTC 2019 

#48955: WP 5.3.1 changes cause potential backwards compatibility breakage with kses
--------------------------+---------------------
 Reporter:  iCaleb        |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  5.3.3
Component:  Security      |     Version:  5.3.1
 Severity:  normal        |  Resolution:
 Keywords:  needs-patch   |     Focuses:
--------------------------+---------------------

Comment (by xkon):

 Sorry for bumping in as I didn't know about this ticket and it took me way
 longer to find out why Customizer was producing massive amounts of errors
 for me today as an array was trying to pass from some custom options.

 It seems that due to the mentioned hook `add_filter( 'pre_kses',
 'wp_pre_kses_block_attributes', 10, 3 );` the `parse_blocks()` is running
 everywhere throughout the admin. Is this expected behavior?

 As an example:

 1] I've added `an error_log( $content );` at `wp-includes\blocks.php:511`.
 2] Went into my Appearance -> Themes

 debug.log shows:
 {{{
 [23-Dec-2019 20:36:57 UTC] Twenty Twenty
 [23-Dec-2019 20:36:57 UTC] the WordPress team
 [23-Dec-2019 20:36:57 UTC] Our default theme for 2020 is designed to take
 full advantage of the flexibility of the block editor. Organizations and
 businesses have the ability to create dynamic landing pages with endless
 layouts using the group and column blocks. The centered content column and
 fine-tuned typography also makes it perfect for traditional blogs.
 Complete editor styles give you a good idea of what your content will look
 like, even before you publish. You can give your site a personal touch by
 changing the background colors and the accent color in the Customizer. The
 colors of all elements on your site are automatically calculated based on
 the colors you pick, ensuring a high, accessible color contrast for your
 visitors.
 }}}

 Same thing happens on Plugins page for each existing plugin so on so
 forth.


 ---

 Also note that if the filter is simply commented out, there are no errors
 produced at all from any of the Arrays that options in the Customizer
 might be returning.

 Again sorry if this might be throwing the conversation off, but it hasn't
 been making any sense to me for hours now the part of why having an output
 everywhere from the admin area when there are no blocks involved at all
 (at least as far as I know ).

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/48955#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list