Dev news

Commit 22a17dff56 for wordpress.org

commit 22a17dff5624bf8b235a39827e6fedfd59bcd984
Author: dmsnell <dmsnell@git.wordpress.org>
Date:   Mon Jan 19 20:45:34 2026 +0000

    HTML API: Fix missing null-check in wp_kses_hair() refactor.

    When no attributes are present, `wp_kses_hair()` should return an empty
    array, but when the refactor was merged, the code assumed there would be
    attributes.

    An alternative fix is to use null-coalescing to iterate over an empty
    array. This would produce a marginally smaller function and read
    slightly more cleanly, but there’s no need to enter the `foreach` loop
    when it’s known in advance that there’s nothing over which to iterate.

    Developed in: https://github.com/WordPress/wordpress-develop/pull/10758
    Discussed in: https://core.trac.wordpress.org/ticket/63724

    Follow-up to [61467].

    Props: dd32, dmsnell, jonsurrell.
    See: #63724.

    Built from https://develop.svn.wordpress.org/trunk@61499


    git-svn-id: http://core.svn.wordpress.org/trunk@60810 1a063a9b-81f0-0310-95a4-ce76da25c4cd

diff --git a/wp-includes/kses.php b/wp-includes/kses.php
index fd489c06c7..872034621f 100644
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@@ -1623,6 +1623,11 @@ function wp_kses_hair( $attr, $allowed_protocols ) {
 	$processor = new WP_HTML_Tag_Processor( "<wp {$attr}>" );
 	$processor->next_token();

+	$attribute_names = $processor->get_attribute_names_with_prefix( '' );
+	if ( ! isset( $attribute_names ) ) {
+		return $attributes;
+	}
+
 	$syntax_characters = array(
 		'&' => '&amp;',
 		'<' => '&lt;',
@@ -1631,7 +1636,7 @@ function wp_kses_hair( $attr, $allowed_protocols ) {
 		'"' => '&quot;',
 	);

-	foreach ( $processor->get_attribute_names_with_prefix( '' ) as $name ) {
+	foreach ( $attribute_names as $name ) {
 		$value   = $processor->get_attribute( $name );
 		$is_bool = true === $value;
 		if ( is_string( $value ) && in_array( $name, $uris, true ) ) {
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 253661c06e..605258ad2f 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '7.0-alpha-61498';
+$wp_version = '7.0-alpha-61499';

 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.