[wp-trac] [WordPress Trac] #56855: Featured Image bug in 6.0.3
WordPress Trac
noreply at wordpress.org
Wed Oct 19 20:50:13 UTC 2022
#56855: Featured Image bug in 6.0.3
--------------------------+---------------------
Reporter: raduiason | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.1
Component: Media | Version: 6.0.3
Severity: minor | Resolution:
Keywords: | Focuses:
--------------------------+---------------------
Comment (by pbiron):
The problem reported here seems to be that the security fixes in 6.0.3
added a call to
[https://developer.wordpress.org/reference/functions/safecss_filter_attr/
safecss_filter_attr()] in the render callback for the featured image block
and that the `object-fit` CSS is stripped out by `safecss_filter_attr()`.
[attachment:"56855.diff"] adds `object-fit` to the list of allowed CSS
properties, so that `safecss_filter_attr()` no longer strips it out.
As the the addition of the call to `safecss_filter_attr()` was added for
security reasons, the WP security team should double check the patch to
make sure it doesn't open any vulnerabilities.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56855#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list