Security: Correct the inline docs for the `wp_kses_allowed_html` filter.

Props peterwilsoncc

Fixes #53597


git-svn-id: https://develop.svn.wordpress.org/trunk@51675 602fd350-edb4-49c9-b593-d223f7449a82

1 files changed, 8 insertions, 4 deletions

diff --git a/src/wp-includes/kses.php b/src/wp-includes/kses.php
index 527d374c9c..cf00df3cbd 100644
--- a/src/wp-includes/kses.php
+++ b/src/wp-includes/kses.php
@@ -846,22 +846,26 @@ function wp_kses_one_attr( $string, $element ) {
  *
  * @param string|array $context The context for which to retrieve tags. Allowed values are 'post',
  *                              'strip', 'data', 'entities', or the name of a field filter such as
- *                              'pre_user_description'.
+ *                              'pre_user_description', or an array of allowed HTML elements and attributes.
  * @return array Array of allowed HTML tags and their allowed attributes.
  */
 function wp_kses_allowed_html( $context = '' ) {
 	global $allowedposttags, $allowedtags, $allowedentitynames;
 
 	if ( is_array( $context ) ) {
+		// When `$context` is an array it's actually an array of allowed HTML elements and attributes.
+		$html    = $context;
+		$context = 'explicit';
+
 		/**
 		 * Filters the HTML tags that are allowed for a given context.
 		 *
 		 * @since 3.5.0
 		 *
-		 * @param array[]|string $context      Context to judge allowed tags by.
-		 * @param string         $context_type Context name.
+		 * @param array[] $html    Allowed HTML tags.
+		 * @param string  $context Context name.
 		 */
-		return apply_filters( 'wp_kses_allowed_html', $context, 'explicit' );
+		return apply_filters( 'wp_kses_allowed_html', $html, $context );
 	}
 
 	switch ( $context ) {