From c681ef6ad8ae13242abb99e0b45afc0bd0bd5a1c Mon Sep 17 00:00:00 2001
From: Jb Audras <audrasjb@git.wordpress.org>
Date: Tue, 29 Mar 2022 13:09:06 +0000
Subject: [PATCH] Editor: Use `wp_unique_id()` instead of `uniqid()` to
 generate CSS class names.

Backports changes from https://github.com/WordPress/gutenberg/pull/38891.
See https://github.com/WordPress/gutenberg/issues/38889.

Props westonruter, mamaduka.
Merges [53012] to the 5.9 branch.
See #55474.

Built from https://develop.svn.wordpress.org/branches/5.9@53013


git-svn-id: https://core.svn.wordpress.org/branches/5.9@52602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/block-supports/duotone.php  | 2 +-
 wp-includes/block-supports/elements.php | 2 +-
 wp-includes/block-supports/layout.php   | 8 ++++----
 wp-includes/version.php                 | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/wp-includes/block-supports/duotone.php b/wp-includes/block-supports/duotone.php
index 6589f4d150..0911636c43 100644
--- a/wp-includes/block-supports/duotone.php
+++ b/wp-includes/block-supports/duotone.php
@@ -520,7 +520,7 @@ function wp_render_duotone_support( $block_content, $block ) {
 	}
 
 	$filter_preset   = array(
-		'slug'   => uniqid(),
+		'slug'   => wp_unique_id( sanitize_key( implode( '-', $block['attrs']['style']['color']['duotone'] ) . '-' ) ),
 		'colors' => $block['attrs']['style']['color']['duotone'],
 	);
 	$filter_property = wp_get_duotone_filter_property( $filter_preset );
diff --git a/wp-includes/block-supports/elements.php b/wp-includes/block-supports/elements.php
index 44a22424ae..ccc21860ff 100644
--- a/wp-includes/block-supports/elements.php
+++ b/wp-includes/block-supports/elements.php
@@ -36,7 +36,7 @@ function wp_render_elements_support( $block_content, $block ) {
 		return $block_content;
 	}
 
-	$class_name = 'wp-elements-' . uniqid();
+	$class_name = wp_unique_id( 'wp-elements-' );
 
 	if ( strpos( $link_color, 'var:preset|color|' ) !== false ) {
 		// Get the name from the string and add proper styles.
diff --git a/wp-includes/block-supports/layout.php b/wp-includes/block-supports/layout.php
index 65e5910dec..c0a52a163b 100644
--- a/wp-includes/block-supports/layout.php
+++ b/wp-includes/block-supports/layout.php
@@ -159,18 +159,18 @@ function wp_render_layout_support_flag( $block_content, $block ) {
 		$used_layout = $default_layout;
 	}
 
-	$id        = uniqid();
-	$gap_value = _wp_array_get( $block, array( 'attrs', 'style', 'spacing', 'blockGap' ) );
+	$class_name = wp_unique_id( 'wp-container-' );
+	$gap_value  = _wp_array_get( $block, array( 'attrs', 'style', 'spacing', 'blockGap' ) );
 	// Skip if gap value contains unsupported characters.
 	// Regex for CSS value borrowed from `safecss_filter_attr`, and used here
 	// because we only want to match against the value, not the CSS attribute.
 	$gap_value = preg_match( '%[\\\(&=}]|/\*%', $gap_value ) ? null : $gap_value;
-	$style     = wp_get_layout_style( ".wp-container-$id", $used_layout, $has_block_gap_support, $gap_value );
+	$style     = wp_get_layout_style( ".$class_name", $used_layout, $has_block_gap_support, $gap_value );
 	// This assumes the hook only applies to blocks with a single wrapper.
 	// I think this is a reasonable limitation for that particular hook.
 	$content = preg_replace(
 		'/' . preg_quote( 'class="', '/' ) . '/',
-		'class="wp-container-' . $id . ' ',
+		'class="' . esc_attr( $class_name ) . ' ',
 		$block_content,
 		1
 	);
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 74afd8a78d..096b242f5a 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.9.3-alpha-53009';
+$wp_version = '5.9.3-alpha-53013';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.