From e61ce467cb14ec0bf721e92b4442784f316b6b6d Mon Sep 17 00:00:00 2001
From: Ian Dunn <ian@iandunn.name>
Date: Wed, 30 Oct 2019 13:09:17 -0700
Subject: [PATCH] Pledge Form: Allow HTML within descriptions.

Fixes #63
---
 plugins/wporg-5ftf/includes/pledge-meta.php   | 19 +++++++++++++++++--
 themes/wporg-5ftf/single-5ftf_pledge.php      |  2 +-
 .../template-parts/content-5ftf_pledge.php    |  2 +-
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/plugins/wporg-5ftf/includes/pledge-meta.php b/plugins/wporg-5ftf/includes/pledge-meta.php
index a9d2e90..f37868a 100755
--- a/plugins/wporg-5ftf/includes/pledge-meta.php
+++ b/plugins/wporg-5ftf/includes/pledge-meta.php
@@ -36,9 +36,9 @@ function get_pledge_meta_config( $context = 'all' ) {
 	$user_input = array(
 		'org-description'  => array(
 			'single'            => true,
-			'sanitize_callback' => 'sanitize_text_field',
+			'sanitize_callback' => __NAMESPACE__ . '\sanitize_description',
 			'show_in_rest'      => true,
-			'php_filter'        => FILTER_SANITIZE_STRING,
+			'php_filter'        => FILTER_UNSAFE_RAW,
 		),
 		'org-name'         => array(
 			'single'            => true,
@@ -93,6 +93,21 @@ function get_pledge_meta_config( $context = 'all' ) {
 	return $return;
 }
 
+/**
+ * Sanitize description fields.
+ *
+ * @param string $insecure
+ *
+ * @return string
+ */
+function sanitize_description( $insecure ) {
+	$secure = wp_kses_data( $insecure );
+	$secure = wpautop( $secure );
+	$secure = wp_unslash( wp_rel_nofollow( $secure ) );
+
+	return $secure;
+}
+
 /**
  * Register post meta keys for the custom post type.
  *
diff --git a/themes/wporg-5ftf/single-5ftf_pledge.php b/themes/wporg-5ftf/single-5ftf_pledge.php
index 546acdf..f01f9a8 100644
--- a/themes/wporg-5ftf/single-5ftf_pledge.php
+++ b/themes/wporg-5ftf/single-5ftf_pledge.php
@@ -49,7 +49,7 @@ get_header(); ?>
 				<h2><?php esc_html_e( 'About', 'wporg' ); ?></h2>
 
 				<div class="pledge-company-description">
-					<?php echo wp_kses_post( wpautop( $post->{ META_PREFIX . 'org-description' } ) ); ?>
+					<?php echo wp_kses_data( wpautop( $post->{ META_PREFIX . 'org-description' } ) ); ?>
 				</div>
 
 				<?php if ( ! empty( $contributors ) ) : ?>
diff --git a/themes/wporg-5ftf/template-parts/content-5ftf_pledge.php b/themes/wporg-5ftf/template-parts/content-5ftf_pledge.php
index c135532..cc2ce97 100644
--- a/themes/wporg-5ftf/template-parts/content-5ftf_pledge.php
+++ b/themes/wporg-5ftf/template-parts/content-5ftf_pledge.php
@@ -53,7 +53,7 @@ $contributor_title = sprintf(
 
 	<div class="entry-content">
 		<?php
-			echo wp_kses_post( $content );
+			echo wpautop( wp_kses_data( $content ) );
 		?>
 		
 		<div class="pledge-contributors">