Patterns: Decode potentially-malformed ampersands in block content (#533

)
WordPress · Oct 27, 2022 · 5847378 · 5847378
1 parent fbfc3e7
commit 5847378
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 47 deletions.
diff --git a/public_html/wp-content/plugins/pattern-directory/includes/pattern-post-type.php b/public_html/wp-content/plugins/pattern-directory/includes/pattern-post-type.php
@@ -298,7 +298,7 @@ function register_rest_fields() {
 		'pattern_content',
 		array(
 			'get_callback' => function() {
-				return wp_kses_post( get_the_content() );
+				return decode_pattern_content( get_the_content() );
 			},
 
 			'schema' => array(
@@ -793,3 +793,28 @@ function() {
 		exit;
 	}
 );
+
+/**
+ * Intercept the post object and decode the content.
+ */
+add_action(
+	'the_post',
+	function( $post ) {
+		$post->post_content = decode_pattern_content( $post->post_content );
+	}
+);
+
+/**
+ * Process post content, replacing broken encoding.
+ *
+ * Some image URLs have &s, which are double-encoded and sanitized to become malformed,
+ * for example, `https://img.rawpixel.com/s3fs-private/rawpixel_images/website_content/a010-markuss-0964.jpg?w=1200\u0026amp;h=1200\u0026amp;fit=clip\u0026amp;crop=default\u0026amp;dpr=1\u0026amp;q=75\u0026amp;vib=3\u0026amp;con=3\u0026amp;usm=15\u0026amp;cs=srgb\u0026amp;bg=F4F4F3\u0026amp;ixlib=js-2.2.1\u0026amp;s=7d494bd5db8acc2a34321c15ed18ace5`.
+ *
+ * @param string $content The raw post content.
+ *
+ * @return string
+ */
+function decode_pattern_content( $content ) {
+	// Sometimes the initial `\` is missing, so look for both versions.
+	return str_replace( [ '\u0026amp;', 'u0026amp;' ], '&', $content );
+}
diff --git a/public_html/wp-content/themes/pattern-directory/functions.php b/public_html/wp-content/themes/pattern-directory/functions.php
@@ -213,26 +213,6 @@ function user_has_flagged_pattern() {
 	return $items->have_posts();
 }
 
-/**
- * Get the full, filtered content of a post, ignoring more and noteaser tags and pagination.
- *
- * See https://github.com/WordPress/wordcamp.org/blob/442ea26d8e6a1b39f97114e933842b1ec4f8eef9/public_html/wp-content/mu-plugins/blocks/includes/content.php#L21
- *
- * @param int|WP_Post $post Post ID or post object.
- * @return string The full, filtered post content.
- */
-function get_all_the_content( $post ) {
-	$post = get_post( $post );
-
-	$content = wp_kses_post( $post->post_content );
-
-	/** This filter is documented in wp-includes/post-template.php */
-	$content = apply_filters( 'the_content', $content );
-	$content = str_replace( ']]>', ']]&gt;', $content );
-
-	return $content;
-}
-
 /**
  * Set up redirects for the site.
  *

diff --git a/public_html/wp-content/themes/pattern-directory/single-wporg-pattern.php b/public_html/wp-content/themes/pattern-directory/single-wporg-pattern.php
@@ -8,43 +8,42 @@
  */
 
 namespace WordPressdotorg\Pattern_Directory\Theme;
-use function WordPressdotorg\Pattern_Directory\Theme\get_all_the_content;
+use function WordPressdotorg\Pattern_Directory\Pattern_Post_Type\decode_pattern_content;
 
 get_header();
 
-$user_has_reported = is_user_logged_in() ? user_has_flagged_pattern() : false;
-$raw_block_content = get_the_content();
-?>
-	<input id="block-data" type="hidden" value="<?php echo rawurlencode( wp_json_encode( $raw_block_content ) ); ?>" />
-	<main id="main" class="site-main col-12" role="main">
+while ( have_posts() ) :
+	the_post();
 
-		<?php
-		while ( have_posts() ) :
-			the_post();
-			?>
+	$user_has_reported = is_user_logged_in() ? user_has_flagged_pattern() : false;
+	$raw_block_content = decode_pattern_content( get_the_content() );
+	?>
 
-			<article id="post-<?php the_ID(); ?>" <?php post_class(); ?>>
-				<div
-					hidden
-					class="pattern__container"
-					data-post-id="<?php echo intval( get_the_ID() ); ?>"
-					data-user-has-reported="<?php echo json_encode( $user_has_reported ); ?>"
-				></div><!-- .pattern__container -->
+	<input id="block-data" type="hidden" value="<?php echo rawurlencode( wp_json_encode( $raw_block_content ) ); ?>" />
+	<main id="main" class="site-main col-12" role="main">
 
-				<div class="entry-content hide-if-pattern-loaded">
-					<?php the_content(); ?>
+		<article id="post-<?php the_ID(); ?>" <?php post_class(); ?>>
+			<div
+				hidden
+				class="pattern__container"
+				data-post-id="<?php echo intval( get_the_ID() ); ?>"
+				data-user-has-reported="<?php echo json_encode( $user_has_reported ); ?>"
+			></div><!-- .pattern__container -->
 
-					<hr />
+			<div class="entry-content hide-if-pattern-loaded">
+				<?php the_content(); ?>
 
-					<label for="pattern-code"><?php esc_html_e( 'Pattern Code', 'wporg-patterns' ); ?></label>
-					<textarea id="pattern-code" class="pattern-code"><?php echo esc_attr( $raw_block_content ); ?></textarea>
-				</div>
+				<hr />
 
-			</article><!-- #post-## -->
+				<label for="pattern-code"><?php esc_html_e( 'Pattern Code', 'wporg-patterns' ); ?></label>
+				<textarea id="pattern-code" class="pattern-code"><?php echo esc_attr( $raw_block_content ); ?></textarea>
+			</div>
 
-		<?php endwhile; ?>
+		</article><!-- #post-## -->
 
 	</main><!-- #main -->
 
-<?php
+	<?php
+endwhile;
+
 get_footer();