Changeset 4574 for sites/trunk/wordcamp.org/public_html/wp-content/mu-plugins/jetpack-tweaks/css-sanitization.php
- Timestamp:
- 12/23/2016 05:27:03 PM (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordcamp.org/public_html/wp-content/mu-plugins/jetpack-tweaks/css-sanitization.php
r2958 r4574 2 2 3 3 namespace WordCamp\Jetpack_Tweaks; 4 use WordCamp\RemoteCSS; 5 use Exception; 6 4 7 defined( 'WPINC' ) or die(); 5 8 9 add_filter( 'update_custom_css_data', __NAMESPACE__ . '\sanitize_custom_css', 15 ); // After Jetpack_Custom_CSS_Enhancements::update_custom_css_data() 6 10 add_action( 'csstidy_optimize_postparse', __NAMESPACE__ . '\sanitize_csstidy_parsed_rules' ); 7 11 add_action( 'admin_notices', __NAMESPACE__ . '\notify_import_rules_stripped' ); 8 12 add_action( 'csstidy_optimize_subvalue', __NAMESPACE__ . '\sanitize_csstidy_subvalues' ); 13 14 /** 15 * Sanitize CSS saved through the Core/Jetpack editor inside the Customizer 16 * 17 * By default, the Additional CSS section is only available to users with `unfiltered_html` -- which nobody on 18 * wordcamp.org has, not even super-admins -- but Jetpack re-maps that to `edit_theme_options`, allowing 19 * regular admins on all sites to use it. 20 * 21 * @param array $post 22 * 23 * @return array 24 */ 25 function sanitize_custom_css( $post ) { 26 try { 27 $post['css'] = RemoteCSS\sanitize_unsafe_css( $post['css'] ); 28 } catch ( Exception $exception ) { 29 /* 30 * We can't save unsanitized CSS, and also don't want to overwrite the known-good value in the database. 31 * There's no way to gracefully abort the process and show an error message, so just die. 32 */ 33 wp_die( $exception->getMessage() ); 34 } 35 36 return $post; 37 } 9 38 10 39 /** … … 31 60 /** 32 61 * Notify the user that @import rules were stripped from their CSS 62 * 63 * todo Since WP 4.7 / Jetpack 4.2.2, we also need a way to show this warning in Customizer > Additional CSS. It 64 * still needs to work in Remote CSS, though. 33 65 */ 34 66 function notify_import_rules_stripped() {
Note: See TracChangeset
for help on using the changeset viewer.