- fixed HTML validation for user description field in header;

2026-06-05 15:09:37 +09:00 · 2023-08-15 23:04:46 +03:00
parent d99b011380
commit 999deb6145
1 changed files with 29 additions and 0 deletions
@@ -770,6 +770,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
 													);
 												}
 												$form[ $k ] = wp_kses( $form[ $k ], $allowed_html );
+												add_filter( 'wp_kses_allowed_html', array( &$this, 'wp_kses_user_desc' ), 10, 2 );
 											} else {
 												$form[ $k ] = sanitize_textarea_field( $form[ $k ] );
 											}
@@ -904,6 +905,8 @@ if ( ! class_exists( 'um\core\Form' ) ) {
 									);
 								}
 								$form[ $description_key ] = wp_kses( $form[ $description_key ], $allowed_html );
+
+								add_filter( 'wp_kses_allowed_html', array( &$this, 'wp_kses_user_desc' ), 10, 2 );
 							} else {
 								$form[ $description_key ] = sanitize_textarea_field( $form[ $description_key ] );
 							}
@@ -930,6 +933,8 @@ if ( ! class_exists( 'um\core\Form' ) ) {
 								);
 							}
 							$form[ $description_key ] = wp_kses( $form[ $description_key ], $allowed_html );
+
+							add_filter( 'wp_kses_allowed_html', array( &$this, 'wp_kses_user_desc' ), 10, 2 );
 						} else {
 							$form[ $description_key ] = sanitize_textarea_field( $form[ $description_key ] );
 						}
@@ -940,6 +945,30 @@ if ( ! class_exists( 'um\core\Form' ) ) {
 			return $form;
 		}

+		public function wp_kses_user_desc( $tags, $context ) {
+			if ( 'user_description' === $context || 'pre_user_description' === $context ) {
+				$allowed_html = UM()->get_allowed_html( 'templates' );
+				if ( empty( $allowed_html['iframe'] ) ) {
+					$allowed_html['iframe'] = array(
+						'allow'           => true,
+						'frameborder'     => true,
+						'loading'         => true,
+						'name'            => true,
+						'referrerpolicy'  => true,
+						'sandbox'         => true,
+						'src'             => true,
+						'srcdoc'          => true,
+						'title'           => true,
+						'width'           => true,
+						'height'          => true,
+						'allowfullscreen' => true,
+					);
+				}
+				$tags = $allowed_html;
+			}
+			return $tags;
+		}
+
 		/**
 		 * Display form type as Title
 		 * @param  string $mode