WordPress.org
Get WordPress
WordPress.org

WordPress Developer Resources

wp_filter_global_styles_post()

wp_filter_global_styles_post( string $data ): string

In this article

Back to top

Sanitizes global styles user content removing unsafe rules.

Parameters

$datastringrequired
Post content to filter.

Return

string Filtered post content with unsafe rules removed.

Source

function wp_filter_global_styles_post( $data ) {
	$decoded_data        = json_decode( wp_unslash( $data ), true );
	$json_decoding_error = json_last_error();
	if (
		JSON_ERROR_NONE === $json_decoding_error &&
		is_array( $decoded_data ) &&
		isset( $decoded_data['isGlobalStylesUserThemeJSON'] ) &&
		$decoded_data['isGlobalStylesUserThemeJSON']
	) {
		unset( $decoded_data['isGlobalStylesUserThemeJSON'] );

		$data_to_encode = WP_Theme_JSON::remove_insecure_properties( $decoded_data, 'custom' );

		$data_to_encode['isGlobalStylesUserThemeJSON'] = true;
		/**
		 * JSON encode the data stored in post content.
		 * Escape characters that are likely to be mangled by HTML filters: "<>&".
		 *
		 * This matches the escaping in WP_REST_Global_Styles_Controller::prepare_item_for_database().
		 */
		return wp_slash( wp_json_encode( $data_to_encode, JSON_UNESCAPED_SLASHES | JSON_HEX_TAG | JSON_HEX_AMP ) );
	}
	return $data;
}

View all references View on Trac View on GitHub

UsesDescription
WP_Theme_JSON::remove_insecure_properties()wp-includes/class-wp-theme-json.php

Removes insecure data from theme.json.

wp_json_encode()wp-includes/functions.php

Encodes a variable into JSON, with some confidence checks.

wp_unslash()wp-includes/formatting.php

Removes slashes from a string or recursively removes slashes from strings within an array.

wp_slash()wp-includes/formatting.php

Adds slashes to a string or recursively adds slashes to strings within an array.

Show 2 moreShow less

Changelog

VersionDescription
5.9.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.