From 52beb9c65d60e654be60c9067d4e21c35f08f182 Mon Sep 17 00:00:00 2001
From: Gary Pendergast <pento@git.wordpress.org>
Date: Wed, 24 Oct 2018 01:18:38 +0000
Subject: [PATCH] KSES: Allow the `download` attribute on `<a>` tags.

To avoid this being a vector for bypassing the filetypes that are allowed to be uploaded, this attribute is only allowed to be added without a value.

Props kalpshit, arshidkv12, welcher, peterwilsoncc, marina_wp, pento.
See #44724.



git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43813 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/kses.php     |  3 +++
 tests/phpunit/tests/kses.php | 11 +++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/kses.php b/src/wp-includes/kses.php
index b5cedc6f85..3083cc94f1 100644
--- a/src/wp-includes/kses.php
+++ b/src/wp-includes/kses.php
@@ -66,6 +66,9 @@ if ( ! CUSTOM_TAGS ) {
 			'rev' => true,
 			'name' => true,
 			'target' => true,
+			'download' => array(
+				'valueless' => 'y',
+			),
 		),
 		'abbr' => array(),
 		'acronym' => array(),
diff --git a/tests/phpunit/tests/kses.php b/tests/phpunit/tests/kses.php
index 599c64d424..4ac0ec83ad 100644
--- a/tests/phpunit/tests/kses.php
+++ b/tests/phpunit/tests/kses.php
@@ -46,11 +46,18 @@ class Tests_Kses extends WP_UnitTestCase {
 			'rev' => 'revision',
 			'name' => 'name',
 			'target' => '_blank',
+			'download' => '',
 		);
 
 		foreach ( $attributes as $name => $value ) {
-			$string = "<a $name='$value'>I link this</a>";
-			$expect_string = "<a $name='" . trim( $value, ';' ) . "'>I link this</a>";
+			if ( $value ) {
+				$attr = "$name='$value'";
+				$expected_attr = "$name='" . trim( $value, ';' ) . "'";
+			} else {
+				$attr = $expected_attr = $name;
+			}
+			$string = "<a $attr>I link this</a>";
+			$expect_string = "<a $expected_attr>I link this</a>";
 			$this->assertEquals( $expect_string, wp_kses( $string, $allowedposttags ) );
 		}
 	}