Skip to content

Commit

Permalink
HTML API: Revert using regex in block bindings HTML replacement logic.
Browse files Browse the repository at this point in the history 
This changeset reverts part of the changes made in [58298] to avoid using regex that can cause potential bugs. It is indeed safer to revert these changes for now and do the refactoring once the HTML API supports CSS selectors and provides a way to set inner content.

It also adds a unit test to cover the regression experienced in WordPress/gutenberg#62347.

Follow-up to [58298].

Props santosguillamot, gziolo.
Fixes #61385.
See #61351.




git-svn-id: https://develop.svn.wordpress.org/trunk@58398 602fd350-edb4-49c9-b593-d223f7449a82
  • Loading branch information
@audrasjb
audrasjb committed Jun 13, 2024
1 parent 459d996 commit 3806b25
Show file tree
Hide file tree
Showing 2 changed files with 94 additions and 17 deletions.
75 changes: 58 additions & 17 deletions src/wp-includes/class-wp-block.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -333,27 +333,68 @@ private function replace_html( string $block_content, string $attribute_name, $s
switch ( $block_type->attributes[ $attribute_name ]['source'] ) {
case 'html':
case 'rich-text':
// Hardcode the selectors and processing until the HTML API is able to read CSS selectors and replace inner HTML.
// TODO: Use the HTML API instead.
if ( 'core/paragraph' === $this->name && 'content' === $attribute_name ) {
$selector = 'p';
}
if ( 'core/heading' === $this->name && 'content' === $attribute_name ) {
$selector = 'h[1-6]';
$block_reader = new WP_HTML_Tag_Processor( $block_content );

// TODO: Support for CSS selectors whenever they are ready in the HTML API.
// In the meantime, support comma-separated selectors by exploding them into an array.
$selectors = explode( ',', $block_type->attributes[ $attribute_name ]['selector'] );
// Add a bookmark to the first tag to be able to iterate over the selectors.
$block_reader->next_tag();
$block_reader->set_bookmark( 'iterate-selectors' );

// TODO: This shouldn't be needed when the `set_inner_html` function is ready.
// Store the parent tag and its attributes to be able to restore them later in the button.
// The button block has a wrapper while the paragraph and heading blocks don't.
if ( 'core/button' === $this->name ) {
$button_wrapper = $block_reader->get_tag();
$button_wrapper_attribute_names = $block_reader->get_attribute_names_with_prefix( '' );
$button_wrapper_attrs = array();
foreach ( $button_wrapper_attribute_names as $name ) {
$button_wrapper_attrs[ $name ] = $block_reader->get_attribute( $name );
}
}
if ( 'core/button' === $this->name && 'text' === $attribute_name ) {
// Check if it is a <button> or <a> tag.
if ( preg_match( '/<button[^>]*>.*?<\/button>/', $block_content ) ) {
$selector = 'button';

foreach ( $selectors as $selector ) {
// If the parent tag, or any of its children, matches the selector, replace the HTML.
if ( strcasecmp( $block_reader->get_tag( $selector ), $selector ) === 0 || $block_reader->next_tag(
array(
'tag_name' => $selector,
)
) ) {
$block_reader->release_bookmark( 'iterate-selectors' );

// TODO: Use `set_inner_html` method whenever it's ready in the HTML API.
// Until then, it is hardcoded for the paragraph, heading, and button blocks.
// Store the tag and its attributes to be able to restore them later.
$selector_attribute_names = $block_reader->get_attribute_names_with_prefix( '' );
$selector_attrs = array();
foreach ( $selector_attribute_names as $name ) {
$selector_attrs[ $name ] = $block_reader->get_attribute( $name );
}
$selector_markup = "<$selector>" . wp_kses_post( $source_value ) . "</$selector>";
$amended_content = new WP_HTML_Tag_Processor( $selector_markup );
$amended_content->next_tag();
foreach ( $selector_attrs as $attribute_key => $attribute_value ) {
$amended_content->set_attribute( $attribute_key, $attribute_value );
}
if ( 'core/paragraph' === $this->name || 'core/heading' === $this->name ) {
return $amended_content->get_updated_html();
}
if ( 'core/button' === $this->name ) {
$button_markup = "<$button_wrapper>{$amended_content->get_updated_html()}</$button_wrapper>";
$amended_button = new WP_HTML_Tag_Processor( $button_markup );
$amended_button->next_tag();
foreach ( $button_wrapper_attrs as $attribute_key => $attribute_value ) {
$amended_button->set_attribute( $attribute_key, $attribute_value );
}
return $amended_button->get_updated_html();
}
} else {
$selector = 'a';
$block_reader->seek( 'iterate-selectors' );
}
}
if ( empty( $selector ) ) {
return $block_content;
}
$pattern = '/(<' . $selector . '[^>]*>).*?(<\/' . $selector . '>)/i';
return preg_replace( $pattern, '$1' . wp_kses_post( $source_value ) . '$2', $block_content );
$block_reader->release_bookmark( 'iterate-selectors' );
return $block_content;

case 'attribute':
$amended_content = new WP_HTML_Tag_Processor( $block_content );
Expand Down
36 changes: 36 additions & 0 deletions tests/phpunit/tests/block-bindings/render.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,42 @@ public function test_source_value_with_unsafe_html_is_sanitized() {
);
}

/**
* Tests that including symbols and numbers works well with bound attributes.
*
* @ticket 61385
*
* @covers WP_Block::process_block_bindings
*/
public function test_using_symbols_in_block_bindings_value() {
$get_value_callback = function () {
return '$12.50';
};

register_block_bindings_source(
self::SOURCE_NAME,
array(
'label' => self::SOURCE_LABEL,
'get_value_callback' => $get_value_callback,
)
);

$block_content = <<<HTML
<!-- wp:paragraph {"metadata":{"bindings":{"content":{"source":"test/source"}}}} -->
<p>Default content</p>
<!-- /wp:paragraph -->
HTML;
$parsed_blocks = parse_blocks( $block_content );
$block = new WP_Block( $parsed_blocks[0] );
$result = $block->render();

$this->assertSame(
'<p>$12.50</p>',
trim( $result ),
'The block content should properly show the symbol and numbers.'
);
}

/**
* Tests if the `__default` attribute is replaced with real attribues for
* pattern overrides.
Expand Down

0 comments on commit 3806b25

Please sign in to comment.