WP_Theme_JSON::remove_insecure_settings() WordPress Method
The WP_Theme_JSON::remove_insecure_settings() WordPress method is used to remove any settings that could potentially be used to compromise a WordPress installation. This includes removing the ability to change the WordPress administrator password, as well as removing any database connection details.
WP_Theme_JSON::remove_insecure_settings( array $input ) #
Processes a setting node and returns the same node without the insecure settings.
Parameters
- $input
(array)(Required)Node to process.
Return
(array)
Source
File: wp-includes/class-wp-theme-json.php
protected static function remove_insecure_settings( $input ) {
$output = array();
foreach ( static::PRESETS_METADATA as $preset_metadata ) {
foreach ( static::VALID_ORIGINS as $origin ) {
$path_with_origin = array_merge( $preset_metadata['path'], array( $origin ) );
$presets = _wp_array_get( $input, $path_with_origin, null );
if ( null === $presets ) {
continue;
}
$escaped_preset = array();
foreach ( $presets as $preset ) {
if (
esc_attr( esc_html( $preset['name'] ) ) === $preset['name'] &&
sanitize_html_class( $preset['slug'] ) === $preset['slug']
) {
$value = null;
if ( isset( $preset_metadata['value_key'], $preset[ $preset_metadata['value_key'] ] ) ) {
$value = $preset[ $preset_metadata['value_key'] ];
} elseif (
isset( $preset_metadata['value_func'] ) &&
is_callable( $preset_metadata['value_func'] )
) {
$value = call_user_func( $preset_metadata['value_func'], $preset );
}
$preset_is_valid = true;
foreach ( $preset_metadata['properties'] as $property ) {
if ( ! static::is_safe_css_declaration( $property, $value ) ) {
$preset_is_valid = false;
break;
}
}
if ( $preset_is_valid ) {
$escaped_preset[] = $preset;
}
}
}
if ( ! empty( $escaped_preset ) ) {
_wp_array_set( $output, $path_with_origin, $escaped_preset );
}
}
}
return $output;
}
Expand full source codeCollapse full source codeView on TracView on GitHub
Changelog
| Version | Description |
|---|---|
| 5.9.0 | Introduced. |