Merge pull request #2924 from gocodebox/dev

brianhogg · web-flow · commit 1680f7220170 · 2025-04-18T07:13:37.000-04:00
Release 8.0.5
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,14 @@
 LifterLMS Changelog
 ===================
 
+v8.0.5 - 2025-04-17
+-------------------
+
+##### Updates and Enhancements
+
++ Modifies the allowed HTML for a form, in case the allowed post values in WP have been filtered. [#2922](https://github.com/gocodebox/lifterlms/issues/2922)
+
+
 v8.0.4 - 2025-04-11
 -------------------
 
diff --git a/class-lifterlms.php b/class-lifterlms.php
@@ -34,7 +34,7 @@ final class LifterLMS {
 	 *
 	 * @var string
 	 */
-	public $version = '8.0.4';
+	public $version = '8.0.5';
 
 	/**
 	 * LLMS_Assets instance
@@ -271,9 +271,330 @@ private function define_constants() {
 			)
 		);
 
-		// Start with the wp_kses_post allowed fields and ensure all attributes are permitted.
-		$allowed_post_fields = wp_kses_allowed_html( 'post' );
+		// Defining ourselves rather than relying on wp_kses_allowed_html( 'post' ) because it could be filtered.
+		$allowed_post_fields = array(
+			'address'    => array(),
+			'a'          => array(
+				'href'     => true,
+				'rel'      => true,
+				'rev'      => true,
+				'name'     => true,
+				'target'   => true,
+				'download' => array(
+					'valueless' => 'y',
+				),
+			),
+			'abbr'       => array(),
+			'acronym'    => array(),
+			'area'       => array(
+				'alt'    => true,
+				'coords' => true,
+				'href'   => true,
+				'nohref' => true,
+				'shape'  => true,
+				'target' => true,
+			),
+			'article'    => array(
+				'align' => true,
+			),
+			'aside'      => array(
+				'align' => true,
+			),
+			'audio'      => array(
+				'autoplay' => true,
+				'controls' => true,
+				'loop'     => true,
+				'muted'    => true,
+				'preload'  => true,
+				'src'      => true,
+			),
+			'b'          => array(),
+			'bdo'        => array(),
+			'big'        => array(),
+			'blockquote' => array(
+				'cite' => true,
+			),
+			'br'         => array(),
+			'button'     => array(
+				'disabled' => true,
+				'name'     => true,
+				'type'     => true,
+				'value'    => true,
+			),
+			'caption'    => array(
+				'align' => true,
+			),
+			'cite'       => array(),
+			'code'       => array(),
+			'col'        => array(
+				'align'   => true,
+				'char'    => true,
+				'charoff' => true,
+				'span'    => true,
+				'valign'  => true,
+				'width'   => true,
+			),
+			'colgroup'   => array(
+				'align'   => true,
+				'char'    => true,
+				'charoff' => true,
+				'span'    => true,
+				'valign'  => true,
+				'width'   => true,
+			),
+			'del'        => array(
+				'datetime' => true,
+			),
+			'dd'         => array(),
+			'dfn'        => array(),
+			'details'    => array(
+				'align' => true,
+				'open'  => true,
+			),
+			'div'        => array(
+				'align' => true,
+			),
+			'dl'         => array(),
+			'dt'         => array(),
+			'em'         => array(),
+			'fieldset'   => array(),
+			'figure'     => array(
+				'align' => true,
+			),
+			'figcaption' => array(
+				'align' => true,
+			),
+			'font'       => array(
+				'color' => true,
+				'face'  => true,
+				'size'  => true,
+			),
+			'footer'     => array(
+				'align' => true,
+			),
+			'h1'         => array(
+				'align' => true,
+			),
+			'h2'         => array(
+				'align' => true,
+			),
+			'h3'         => array(
+				'align' => true,
+			),
+			'h4'         => array(
+				'align' => true,
+			),
+			'h5'         => array(
+				'align' => true,
+			),
+			'h6'         => array(
+				'align' => true,
+			),
+			'header'     => array(
+				'align' => true,
+			),
+			'hgroup'     => array(
+				'align' => true,
+			),
+			'hr'         => array(
+				'align'   => true,
+				'noshade' => true,
+				'size'    => true,
+				'width'   => true,
+			),
+			'i'          => array(),
+			'img'        => array(
+				'alt'      => true,
+				'align'    => true,
+				'border'   => true,
+				'height'   => true,
+				'hspace'   => true,
+				'loading'  => true,
+				'longdesc' => true,
+				'vspace'   => true,
+				'src'      => true,
+				'usemap'   => true,
+				'width'    => true,
+			),
+			'ins'        => array(
+				'datetime' => true,
+				'cite'     => true,
+			),
+			'kbd'        => array(),
+			'label'      => array(
+				'for' => true,
+			),
+			'legend'     => array(
+				'align' => true,
+			),
+			'li'         => array(
+				'align' => true,
+				'value' => true,
+			),
+			'main'       => array(
+				'align' => true,
+			),
+			'map'        => array(
+				'name' => true,
+			),
+			'mark'       => array(),
+			'menu'       => array(
+				'type' => true,
+			),
+			'nav'        => array(
+				'align' => true,
+			),
+			'object'     => array(
+				'data' => array(
+					'required'       => true,
+					'value_callback' => '_wp_kses_allow_pdf_objects',
+				),
+				'type' => array(
+					'required' => true,
+					'values'   => array( 'application/pdf' ),
+				),
+			),
+			'p'          => array(
+				'align' => true,
+			),
+			'pre'        => array(
+				'width' => true,
+			),
+			'q'          => array(
+				'cite' => true,
+			),
+			'rb'         => array(),
+			'rp'         => array(),
+			'rt'         => array(),
+			'rtc'        => array(),
+			'ruby'       => array(),
+			's'          => array(),
+			'samp'       => array(),
+			'span'       => array(
+				'align' => true,
+			),
+			'section'    => array(
+				'align' => true,
+			),
+			'small'      => array(),
+			'strike'     => array(),
+			'strong'     => array(),
+			'sub'        => array(),
+			'summary'    => array(
+				'align' => true,
+			),
+			'sup'        => array(),
+			'table'      => array(
+				'align'       => true,
+				'bgcolor'     => true,
+				'border'      => true,
+				'cellpadding' => true,
+				'cellspacing' => true,
+				'rules'       => true,
+				'summary'     => true,
+				'width'       => true,
+			),
+			'tbody'      => array(
+				'align'   => true,
+				'char'    => true,
+				'charoff' => true,
+				'valign'  => true,
+			),
+			'td'         => array(
+				'abbr'    => true,
+				'align'   => true,
+				'axis'    => true,
+				'bgcolor' => true,
+				'char'    => true,
+				'charoff' => true,
+				'colspan' => true,
+				'headers' => true,
+				'height'  => true,
+				'nowrap'  => true,
+				'rowspan' => true,
+				'scope'   => true,
+				'valign'  => true,
+				'width'   => true,
+			),
+			'textarea'   => array(
+				'cols'     => true,
+				'rows'     => true,
+				'disabled' => true,
+				'name'     => true,
+				'readonly' => true,
+			),
+			'tfoot'      => array(
+				'align'   => true,
+				'char'    => true,
+				'charoff' => true,
+				'valign'  => true,
+			),
+			'th'         => array(
+				'abbr'    => true,
+				'align'   => true,
+				'axis'    => true,
+				'bgcolor' => true,
+				'char'    => true,
+				'charoff' => true,
+				'colspan' => true,
+				'headers' => true,
+				'height'  => true,
+				'nowrap'  => true,
+				'rowspan' => true,
+				'scope'   => true,
+				'valign'  => true,
+				'width'   => true,
+			),
+			'thead'      => array(
+				'align'   => true,
+				'char'    => true,
+				'charoff' => true,
+				'valign'  => true,
+			),
+			'title'      => array(),
+			'tr'         => array(
+				'align'   => true,
+				'bgcolor' => true,
+				'char'    => true,
+				'charoff' => true,
+				'valign'  => true,
+			),
+			'track'      => array(
+				'default' => true,
+				'kind'    => true,
+				'label'   => true,
+				'src'     => true,
+				'srclang' => true,
+			),
+			'tt'         => array(),
+			'u'          => array(),
+			'ul'         => array(
+				'type' => true,
+			),
+			'ol'         => array(
+				'start'    => true,
+				'type'     => true,
+				'reversed' => true,
+			),
+			'var'        => array(),
+			'video'      => array(
+				'autoplay'    => true,
+				'controls'    => true,
+				'height'      => true,
+				'loop'        => true,
+				'muted'       => true,
+				'playsinline' => true,
+				'poster'      => true,
+				'preload'     => true,
+				'src'         => true,
+				'width'       => true,
+			),
+		);
+
 		foreach ( $allowed_post_fields as $field => $attributes ) {
+			if ( ! is_array( $attributes ) ) {
+				continue;
+			}
 			$allowed_post_fields[ $field ] = array_merge( $attributes, $allowed_atts );
 		}
 
diff --git a/lifterlms.php b/lifterlms.php
@@ -10,7 +10,7 @@
  * Plugin Name: LifterLMS
  * Plugin URI: https://lifterlms.com/
  * Description: Complete e-learning platform to sell online courses, protect lessons, offer memberships, and quiz students. WP Learning Management System.
- * Version: 8.0.4
+ * Version: 8.0.5
  * Author: LifterLMS
  * Author URI: https://lifterlms.com/
  * Text Domain: lifterlms
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "lifterlms",
-  "version": "8.0.4",
+  "version": "8.0.5",
   "description": "LifterLMS by codeBOX",
   "repository": {
     "type": "git",

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "lifterlms",`
`3`		`- "version": "8.0.4",`
	`3`	`+ "version": "8.0.5",`
`4`	`4`	`"description": "LifterLMS by codeBOX",`
`5`	`5`	`"repository": {`
`6`	`6`	`"type": "git",`