WordPress · tellthemachines · Jun 19, 2023 · Jun 20, 2023 · Jun 20, 2023
diff --git a/src/wp-includes/kses.php b/src/wp-includes/kses.php
@@ -2279,7 +2279,7 @@ function kses_init() {
  *              Extended `margin-*` and `padding-*` support for logical properties.
  * @since 6.2.0 Added support for `aspect-ratio`, `position`, `top`, `right`, `bottom`, `left`,
  *              and `z-index` CSS properties.
- * @since 6.3.0 Extended support for `filter` to accept a URL.
+ * @since 6.3.0 Extended support for `filter` to accept a URL and added support for repeat().
  *
  * @param string $css        A string of CSS rules.
  * @param string $deprecated Not used.
@@ -2563,7 +2563,7 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 			 * Nested functions and parentheses are also removed, so long as the parentheses are balanced.
 			 */
 			$css_test_string = preg_replace(
-				'/\b(?:var|calc|min|max|minmax|clamp)(\((?:[^()]|(?1))*\))/',
+				'/\b(?:var|calc|min|max|minmax|clamp|repeat)(\((?:[^()]|(?1))*\))/',
 				'',
 				$css_test_string
 			);
@@ -2608,7 +2608,6 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
  * @since 3.5.0
  * @since 5.0.0 Added support for `data-*` wildcard attributes.
  * @since 6.0.0 Added `dir`, `lang`, and `xml:lang` to global attributes.
- * @since 6.3.0 Added `aria-controls`, `aria-current`, and `aria-expanded` attributes.
  *
  * @access private
  * @ignore
@@ -2618,11 +2617,8 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
  */
 function _wp_add_global_attributes( $value ) {
 	$global_attributes = array(
-		'aria-controls'    => true,
-		'aria-current'     => true,
 		'aria-describedby' => true,
 		'aria-details'     => true,
-		'aria-expanded'    => true,
 		'aria-label'       => true,
 		'aria-labelledby'  => true,
 		'aria-hidden'      => true,

diff --git a/tests/phpunit/tests/kses.php b/tests/phpunit/tests/kses.php
@@ -937,6 +937,7 @@ public function test_wp_kses_attr_no_attributes_allowed_with_false() {
 	 * @ticket 48376
 	 * @ticket 55966
 	 * @ticket 56122
+	 * @ticket 58551
 	 * @dataProvider data_safecss_filter_attr
 	 *
 	 * @param string $css      A string of CSS rules.
@@ -1047,9 +1048,9 @@ public function data_safecss_filter_attr() {
 				'css'      => 'grid-template-rows: 40px 4em 40px;grid-auto-rows: min-content;grid-row-start: -1;grid-row-end: 3;grid-row-gap: 1em',
 				'expected' => 'grid-template-rows: 40px 4em 40px;grid-auto-rows: min-content;grid-row-start: -1;grid-row-end: 3;grid-row-gap: 1em',
 			),
-			// `grid` does not yet support functions or `\`.
+			// `grid` does not yet support `\`.
 			array(
-				'css'      => 'grid-template-columns: repeat(2, 50px 1fr);grid-template: 1em / 20% 20px 1fr',
+				'css'      => 'grid-template: 1em / 20% 20px 1fr',
 				'expected' => '',
 			),
 			// `flex` and `grid` alignments introduced in 5.3.
@@ -1321,6 +1322,20 @@ public function data_safecss_filter_attr() {
 				'css'      => 'filter: url( my-file.svg#svg-blur );',
 				'expected' => 'filter: url( my-file.svg#svg-blur )',
 			),
+			// Support for `repeat` function.
+			array(
+				'css'      => 'grid-template-columns: repeat(4, minmax(0, 1fr))',
+				'expected' => 'grid-template-columns: repeat(4, minmax(0, 1fr))',
+			),
+			array(
+				'css'      => 'grid-template-columns: repeat(auto-fill, minmax(min(12rem, 100%), 1fr))',
+				'expected' => 'grid-template-columns: repeat(auto-fill, minmax(min(12rem, 100%), 1fr))',
+			),
+			// Malformed repeat, no closing `)`.
+			array(
+				'css'      => 'grid-template-columns: repeat(4, minmax(0, 1fr)',
+				'expected' => '',
+			),
 		);
 	}