From 590a610061a39bbb8175f939b10bec4bfb165a21 Mon Sep 17 00:00:00 2001 From: ramonjd Date: Fri, 26 Aug 2022 11:48:33 +1000 Subject: [PATCH 1/2] Check for elements values and element names in whitelist --- src/wp-includes/class-wp-theme-json.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/wp-includes/class-wp-theme-json.php b/src/wp-includes/class-wp-theme-json.php index a299c8556ef66..401b545d41a6a 100644 --- a/src/wp-includes/class-wp-theme-json.php +++ b/src/wp-includes/class-wp-theme-json.php @@ -1477,6 +1477,9 @@ protected static function get_style_nodes( $theme_json, $selectors = array() ) { if ( isset( $theme_json['styles']['elements'] ) ) { foreach ( $theme_json['styles']['elements'] as $element => $node ) { + if ( ! isset( $theme_json['styles']['elements'][ $element ] ) || empty( static::ELEMENTS[ $element ] ) ) { + continue; + } $nodes[] = array( 'path' => array( 'styles', 'elements', $element ), 'selector' => static::ELEMENTS[ $element ], From 2a3be86d00d994776146f4c0bf763d227468e07c Mon Sep 17 00:00:00 2001 From: Ramon Date: Fri, 26 Aug 2022 15:45:46 +1000 Subject: [PATCH 2/2] Use array_key_exists ... to check if $element key exists in const ELEMENTS --- src/wp-includes/class-wp-theme-json.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wp-includes/class-wp-theme-json.php b/src/wp-includes/class-wp-theme-json.php index 401b545d41a6a..77e790fd8fc5e 100644 --- a/src/wp-includes/class-wp-theme-json.php +++ b/src/wp-includes/class-wp-theme-json.php @@ -1477,7 +1477,7 @@ protected static function get_style_nodes( $theme_json, $selectors = array() ) { if ( isset( $theme_json['styles']['elements'] ) ) { foreach ( $theme_json['styles']['elements'] as $element => $node ) { - if ( ! isset( $theme_json['styles']['elements'][ $element ] ) || empty( static::ELEMENTS[ $element ] ) ) { + if ( ! isset( $theme_json['styles']['elements'][ $element ] ) || ! array_key_exists( $element, static::ELEMENTS ) ) { continue; } $nodes[] = array(