Gallery Style in player-gallery.php is not applied

[nerdfactor]

The last commit in player-gallery.php (23ba244) introduced a bug, where the $gallery_style is sanitized by wp_kses_post() (line 116), removing the <style> tags and therefore not applying the style for the player gallery and in turn printing the raw css to the page.

Using wp_kses_post() may not be the right way, if the goal was to sanitize the css within the style tags. The variables $selector, $float and $itemwith within the css block are generated by your code and are not from user input. Therefore, sanitation seems to be not required at this point.

Otherwise you might want to add <style> to the allowed protocols globally or specifically for that call to wp_kses(). I can provide a pull request for that.

[savvasha]

Hi @nerdfactor ,

I am not able to reproduce this issue. I am using the latest version of SportsPress and Rookie theme. Maybe is a theme related issue? https://snipboard.io/h5f3qX.jpg

Thanks,
Savvas

[nerdfactor]

Hi @savvasha,

you are correct. The bug can't be reproduced with the default Twenty Twenty-One theme, as it does support html5. I assume your rookie theme has the same html5 support. The $gallery_style is only set if the theme does not support html5 (see lines 93 to 113 in player-gallery.php). Therefore only those type of themes are affected.

[zakkyb]

Hi I am having this issue on my site, using Divi. https://snipboard.io/fIDlwq.jpg