Ticket #19712: meta-boxes.diff

File meta-boxes.diff, 3.3 KB (added by niallkennedy, 17 months ago)

escape taxonomy labels; assign capability test; HTML5 boolean disabled attr

Line 
1Index: wp-admin/includes/meta-boxes.php
2===================================================================
3--- wp-admin/includes/meta-boxes.php    (revision 19641)
4+++ wp-admin/includes/meta-boxes.php    (working copy)
5@@ -268,37 +268,42 @@
6  * @since 2.6.0
7  *
8  * @param object $post
9+ * @param array $box associative array
10  */
11 function post_tags_meta_box($post, $box) {
12-       $defaults = array('taxonomy' => 'post_tag');
13-       if ( !isset($box['args']) || !is_array($box['args']) )
14+       $defaults = array( 'taxonomy' => 'post_tag' );
15+       if ( ! isset( $box['args'] ) || ! is_array( $box['args'] ) )
16                $args = array();
17        else
18                $args = $box['args'];
19        extract( wp_parse_args($args, $defaults), EXTR_SKIP );
20        $tax_name = esc_attr($taxonomy);
21        $taxonomy = get_taxonomy($taxonomy);
22-       $disabled = !current_user_can($taxonomy->cap->assign_terms) ? 'disabled="disabled"' : '';
23+       $user_can_assign_terms = current_user_can( $taxonomy->cap->assign_terms );
24+       $disabled = '';
25+       if ( ! $user_can_assign_terms )
26+               $disabled = 'disabled';
27 ?>
28 <div class="tagsdiv" id="<?php echo $tax_name; ?>">
29        <div class="jaxtag">
30        <div class="nojs-tags hide-if-js">
31-       <p><?php echo $taxonomy->labels->add_or_remove_items; ?></p>
32-       <textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo get_terms_to_edit( $post->ID, $tax_name ); // textarea_escaped by esc_attr() ?></textarea></div>
33-       <?php if ( current_user_can($taxonomy->cap->assign_terms) ) : ?>
34+       <p><?php echo esc_html( $taxonomy->labels->add_or_remove_items ); ?></p>
35+       <textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo get_terms_to_edit( $post->ID, $tax_name ); // textarea_escaped by esc_attr() ?></textarea>
36+       </div>
37+       <?php if ( $user_can_assign_terms ) : ?>
38        <div class="ajaxtag hide-if-no-js">
39-               <label class="screen-reader-text" for="new-tag-<?php echo $tax_name; ?>"><?php echo $box['title']; ?></label>
40-               <div class="taghint"><?php echo $taxonomy->labels->add_new_item; ?></div>
41+               <label class="screen-reader-text" for="new-tag-<?php echo $tax_name; ?>"><?php echo esc_html( $box['title'] ); ?></label>
42+               <div class="taghint"><?php echo esc_html( $taxonomy->labels->add_new_item ); ?></div>
43                <p><input type="text" id="new-tag-<?php echo $tax_name; ?>" name="newtag[<?php echo $tax_name; ?>]" class="newtag form-input-tip" size="16" autocomplete="off" value="" />
44                <input type="button" class="button tagadd" value="<?php esc_attr_e('Add'); ?>" tabindex="3" /></p>
45        </div>
46-       <p class="howto"><?php echo esc_attr( $taxonomy->labels->separate_items_with_commas ); ?></p>
47+       <p class="howto"><?php echo esc_html( $taxonomy->labels->separate_items_with_commas ); ?></p>
48        <?php endif; ?>
49        </div>
50        <div class="tagchecklist"></div>
51 </div>
52-<?php if ( current_user_can($taxonomy->cap->assign_terms) ) : ?>
53-<p class="hide-if-no-js"><a href="#titlediv" class="tagcloud-link" id="link-<?php echo $tax_name; ?>"><?php echo $taxonomy->labels->choose_from_most_used; ?></a></p>
54+<?php if ( $user_can_assign_terms ) : ?>
55+<p class="hide-if-no-js"><a href="#titlediv" class="tagcloud-link" id="link-<?php echo $tax_name; ?>"><?php echo esc_html( $taxonomy->labels->choose_from_most_used ); ?></a></p>
56 <?php endif; ?>
57 <?php
58 }