WordPress.org

Make WordPress Core

Ticket #19712: meta-boxes.diff

File meta-boxes.diff, 3.3 KB (added by niallkennedy, 6 years ago)

escape taxonomy labels; assign capability test; HTML5 boolean disabled attr

  • wp-admin/includes/meta-boxes.php

     
    268268 * @since 2.6.0
    269269 *
    270270 * @param object $post
     271 * @param array $box associative array
    271272 */
    272273function post_tags_meta_box($post, $box) {
    273         $defaults = array('taxonomy' => 'post_tag');
    274         if ( !isset($box['args']) || !is_array($box['args']) )
     274        $defaults = array( 'taxonomy' => 'post_tag' );
     275        if ( ! isset( $box['args'] ) || ! is_array( $box['args'] ) )
    275276                $args = array();
    276277        else
    277278                $args = $box['args'];
    278279        extract( wp_parse_args($args, $defaults), EXTR_SKIP );
    279280        $tax_name = esc_attr($taxonomy);
    280281        $taxonomy = get_taxonomy($taxonomy);
    281         $disabled = !current_user_can($taxonomy->cap->assign_terms) ? 'disabled="disabled"' : '';
     282        $user_can_assign_terms = current_user_can( $taxonomy->cap->assign_terms );
     283        $disabled = '';
     284        if ( ! $user_can_assign_terms )
     285                $disabled = 'disabled';
    282286?>
    283287<div class="tagsdiv" id="<?php echo $tax_name; ?>">
    284288        <div class="jaxtag">
    285289        <div class="nojs-tags hide-if-js">
    286         <p><?php echo $taxonomy->labels->add_or_remove_items; ?></p>
    287         <textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo get_terms_to_edit( $post->ID, $tax_name ); // textarea_escaped by esc_attr() ?></textarea></div>
    288         <?php if ( current_user_can($taxonomy->cap->assign_terms) ) : ?>
     290        <p><?php echo esc_html( $taxonomy->labels->add_or_remove_items ); ?></p>
     291        <textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo get_terms_to_edit( $post->ID, $tax_name ); // textarea_escaped by esc_attr() ?></textarea>
     292        </div>
     293        <?php if ( $user_can_assign_terms ) : ?>
    289294        <div class="ajaxtag hide-if-no-js">
    290                 <label class="screen-reader-text" for="new-tag-<?php echo $tax_name; ?>"><?php echo $box['title']; ?></label>
    291                 <div class="taghint"><?php echo $taxonomy->labels->add_new_item; ?></div>
     295                <label class="screen-reader-text" for="new-tag-<?php echo $tax_name; ?>"><?php echo esc_html( $box['title'] ); ?></label>
     296                <div class="taghint"><?php echo esc_html( $taxonomy->labels->add_new_item ); ?></div>
    292297                <p><input type="text" id="new-tag-<?php echo $tax_name; ?>" name="newtag[<?php echo $tax_name; ?>]" class="newtag form-input-tip" size="16" autocomplete="off" value="" />
    293298                <input type="button" class="button tagadd" value="<?php esc_attr_e('Add'); ?>" tabindex="3" /></p>
    294299        </div>
    295         <p class="howto"><?php echo esc_attr( $taxonomy->labels->separate_items_with_commas ); ?></p>
     300        <p class="howto"><?php echo esc_html( $taxonomy->labels->separate_items_with_commas ); ?></p>
    296301        <?php endif; ?>
    297302        </div>
    298303        <div class="tagchecklist"></div>
    299304</div>
    300 <?php if ( current_user_can($taxonomy->cap->assign_terms) ) : ?>
    301 <p class="hide-if-no-js"><a href="#titlediv" class="tagcloud-link" id="link-<?php echo $tax_name; ?>"><?php echo $taxonomy->labels->choose_from_most_used; ?></a></p>
     305<?php if ( $user_can_assign_terms ) : ?>
     306<p class="hide-if-no-js"><a href="#titlediv" class="tagcloud-link" id="link-<?php echo $tax_name; ?>"><?php echo esc_html( $taxonomy->labels->choose_from_most_used ); ?></a></p>
    302307<?php endif; ?>
    303308<?php
    304309}