WordPress.org

Make WordPress Core

Ticket #14543: 14543.diff

File 14543.diff, 4.5 KB (added by nacin, 9 years ago)
  • wp-includes/default-widgets.php

     
    11<?php
    2 
    32/**
    43 * Default Widgets
    54 *
     
    535534                extract($args);
    536535
    537536                $title = apply_filters('widget_title', empty($instance['title']) ? __('Recent Posts') : $instance['title'], $instance, $this->id_base);
    538                 if ( !$number = (int) $instance['number'] )
    539                         $number = 10;
    540                 else if ( $number < 1 )
    541                         $number = 1;
    542                 else if ( $number > 15 )
    543                         $number = 15;
     537                if ( ! $number = absint( $instance['number'] ) )
     538                        $number = 10;
    544539
    545540                $r = new WP_Query(array('posts_per_page' => $number, 'nopaging' => 0, 'post_status' => 'publish', 'ignore_sticky_posts' => true));
    546541                if ($r->have_posts()) :
     
    582577
    583578        function form( $instance ) {
    584579                $title = isset($instance['title']) ? esc_attr($instance['title']) : '';
    585                 if ( !isset($instance['number']) || !$number = (int) $instance['number'] )
    586                         $number = 5;
     580                $number = isset($instance['number']) ? absint($instance['number']) : 5;
    587581?>
    588582                <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label>
    589583                <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo $title; ?>" /></p>
    590584
    591585                <p><label for="<?php echo $this->get_field_id('number'); ?>"><?php _e('Number of posts to show:'); ?></label>
    592586                <input id="<?php echo $this->get_field_id('number'); ?>" name="<?php echo $this->get_field_name('number'); ?>" type="text" value="<?php echo $number; ?>" size="3" /></p>
    593                 <small><?php _e('(at most 15)'); ?></small>
    594587<?php
    595588        }
    596589}
     
    640633                $output = '';
    641634                $title = apply_filters('widget_title', empty($instance['title']) ? __('Recent Comments') : $instance['title']);
    642635
    643                 if ( ! $number = (int) $instance['number'] )
     636                if ( ! $number = absint( $instance['number'] ) )
    644637                        $number = 5;
    645                 else if ( $number < 1 )
    646                         $number = 1;
    647638
    648639                $comments = get_comments( array( 'number' => $number, 'status' => 'approve' ) );
    649640                $output .= $before_widget;
     
    667658        function update( $new_instance, $old_instance ) {
    668659                $instance = $old_instance;
    669660                $instance['title'] = strip_tags($new_instance['title']);
    670                 $instance['number'] = (int) $new_instance['number'];
     661                $instance['number'] = absint( $new_instance['number'] );
    671662                $this->flush_widget_cache();
    672663
    673664                $alloptions = wp_cache_get( 'alloptions', 'options' );
  • wp-admin/includes/dashboard.php

     
    605605        $start = 0;
    606606
    607607        $widgets = get_option( 'dashboard_widget_options' );
    608         if ( isset( $widgets['dashboard_recent_comments'] ) && isset( $widgets['dashboard_recent_comments']['items'] ) )
    609                 $total_items = (int) $widgets['dashboard_recent_comments']['items'];
    610         else
    611                 $total_items = 5;
     608        $total_items = isset( $widgets['dashboard_recent_comments'] ) && isset( $widgets['dashboard_recent_comments']['items'] )
     609                ? absint( $widgets['dashboard_recent_comments']['items'] ) : 5;
    612610
    613611        while ( count( $comments ) < 5 && $possible = $wpdb->get_results( "SELECT * FROM $wpdb->comments c LEFT JOIN $wpdb->posts p ON c.comment_post_ID = p.ID WHERE p.post_status != 'trash' ORDER BY c.comment_date_gmt DESC LIMIT $start, 50" ) ) {
    614612
     
    756754                $widget_options['dashboard_recent_comments'] = array();
    757755
    758756        if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['widget-recent-comments']) ) {
    759                 $number = (int) stripslashes($_POST['widget-recent-comments']['items']);
    760                 if ( $number < 1 || $number > 30 )
    761                         $number = 5;
     757                $number = absint( stripslashes($_POST['widget-recent-comments']['items']) );
    762758                $widget_options['dashboard_recent_comments']['items'] = $number;
    763759                update_option( 'dashboard_widget_options', $widget_options );
    764760        }
     
    766762        $number = isset( $widget_options['dashboard_recent_comments']['items'] ) ? (int) $widget_options['dashboard_recent_comments']['items'] : '';
    767763
    768764        echo '<p><label for="comments-number">' . __('Number of comments to show:') . '</label>';
    769         echo '<input id="comments-number" name="widget-recent-comments[items]" type="text" value="' . $number . '" size="3" /> <small>' . __( '(at most 30)' ) . '</small></p>';
     765        echo '<input id="comments-number" name="widget-recent-comments[items]" type="text" value="' . $number . '" size="3" /></p>';
    770766}
    771767
    772768function wp_dashboard_incoming_links() {