WP_Theme_JSON::remove_insecure_settings()protected staticWP 5.9.0

Processes a setting node and returns the same node without the insecure settings.

Method of the class: WP_Theme_JSON{}

No Hooks.

Return

Array.

Usage

$result = WP_Theme_JSON::remove_insecure_settings( $input );
$input(array) (required)
Node to process.

Changelog

Since 5.9.0 Introduced.

WP_Theme_JSON::remove_insecure_settings() code WP 6.6.2

protected static function remove_insecure_settings( $input ) {
	$output = array();
	foreach ( static::PRESETS_METADATA as $preset_metadata ) {
		foreach ( static::VALID_ORIGINS as $origin ) {
			$path_with_origin   = $preset_metadata['path'];
			$path_with_origin[] = $origin;
			$presets            = _wp_array_get( $input, $path_with_origin, null );
			if ( null === $presets ) {
				continue;
			}

			$escaped_preset = array();
			foreach ( $presets as $preset ) {
				if (
					esc_attr( esc_html( $preset['name'] ) ) === $preset['name'] &&
					sanitize_html_class( $preset['slug'] ) === $preset['slug']
				) {
					$value = null;
					if ( isset( $preset_metadata['value_key'], $preset[ $preset_metadata['value_key'] ] ) ) {
						$value = $preset[ $preset_metadata['value_key'] ];
					} elseif (
						isset( $preset_metadata['value_func'] ) &&
						is_callable( $preset_metadata['value_func'] )
					) {
						$value = call_user_func( $preset_metadata['value_func'], $preset );
					}

					$preset_is_valid = true;
					foreach ( $preset_metadata['properties'] as $property ) {
						if ( ! static::is_safe_css_declaration( $property, $value ) ) {
							$preset_is_valid = false;
							break;
						}
					}

					if ( $preset_is_valid ) {
						$escaped_preset[] = $preset;
					}
				}
			}

			if ( ! empty( $escaped_preset ) ) {
				_wp_array_set( $output, $path_with_origin, $escaped_preset );
			}
		}
	}

	// Ensure indirect properties not included in any `PRESETS_METADATA` value are allowed.
	static::remove_indirect_properties( $input, $output );

	return $output;
}