Ticket #23012: 23012.5.diff
| File 23012.5.diff, 36.3 KB (added by , 11 years ago) |
|---|
-
src/wp-includes/default-widgets.php
78 78 */ 79 79 public function update( $new_instance, $old_instance ) { 80 80 $instance = $old_instance; 81 $instance['title'] = s trip_tags($new_instance['title']);81 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 82 82 if ( in_array( $new_instance['sortby'], array( 'post_title', 'menu_order', 'ID' ) ) ) { 83 83 $instance['sortby'] = $new_instance['sortby']; 84 84 } else { … … 85 85 $instance['sortby'] = 'menu_order'; 86 86 } 87 87 88 $instance['exclude'] = s trip_tags( $new_instance['exclude'] );88 $instance['exclude'] = sanitize_text_field( $new_instance['exclude'] ); 89 89 90 90 return $instance; 91 91 } … … 96 96 public function form( $instance ) { 97 97 //Defaults 98 98 $instance = wp_parse_args( (array) $instance, array( 'sortby' => 'post_title', 'title' => '', 'exclude' => '') ); 99 $title = esc_attr( $instance['title'] );100 $exclude = esc_attr( $instance['exclude'] );101 99 ?> 102 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo $title; ?>" /></p>103 100 <p> 104 <label for="<?php echo $this->get_field_id('sortby'); ?>"><?php _e( 'Sort by:' ); ?></label> 105 <select name="<?php echo $this->get_field_name('sortby'); ?>" id="<?php echo $this->get_field_id('sortby'); ?>" class="widefat"> 101 <label for="<?php echo esc_attr( $this->get_field_id('title') ); ?>"><?php _e('Title:'); ?></label> 102 <input class="widefat" id="<?php echo esc_attr( $this->get_field_id('title') ); ?>" name="<?php echo esc_attr( $this->get_field_name('title') ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /> 103 </p> 104 <p> 105 <label for="<?php echo esc_attr( $this->get_field_id('sortby') ); ?>"><?php _e( 'Sort by:' ); ?></label> 106 <select name="<?php echo esc_attr( $this->get_field_name('sortby') ); ?>" id="<?php echo esc_attr( $this->get_field_id('sortby') ); ?>" class="widefat"> 106 107 <option value="post_title"<?php selected( $instance['sortby'], 'post_title' ); ?>><?php _e('Page title'); ?></option> 107 108 <option value="menu_order"<?php selected( $instance['sortby'], 'menu_order' ); ?>><?php _e('Page order'); ?></option> 108 109 <option value="ID"<?php selected( $instance['sortby'], 'ID' ); ?>><?php _e( 'Page ID' ); ?></option> … … 109 110 </select> 110 111 </p> 111 112 <p> 112 <label for="<?php echo $this->get_field_id('exclude'); ?>"><?php _e( 'Exclude:' ); ?></label> <input type="text" value="<?php echo $exclude; ?>" name="<?php echo $this->get_field_name('exclude'); ?>" id="<?php echo $this->get_field_id('exclude'); ?>" class="widefat" />113 <label for="<?php echo esc_attr( $this->get_field_id( 'exclude' ) ); ?>"><?php _e( 'Exclude:' ); ?></label> <input type="text" value="<?php echo esc_attr( $instance['exclude'] ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'exclude' ) ); ?>" id="<?php echo esc_attr( $this->get_field_id( 'exclude' ) ); ?>" class="widefat" /> 113 114 <br /> 114 115 <small><?php _e( 'Page IDs, separated by commas.' ); ?></small> 115 116 </p> … … 201 202 $limit = -1; 202 203 ?> 203 204 <p> 204 <label for="<?php echo $this->get_field_id('category'); ?>"><?php _e( 'Select Link Category:' ); ?></label>205 <select class="widefat" id="<?php echo $this->get_field_id('category'); ?>" name="<?php echo $this->get_field_name('category'); ?>">205 <label for="<?php echo esc_attr( $this->get_field_id( 'category' ) ); ?>"><?php _e( 'Select Link Category:' ); ?></label> 206 <select class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'category' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'category' ) ); ?>"> 206 207 <option value=""><?php _ex('All Links', 'links widget'); ?></option> 207 208 <?php 208 209 foreach ( $link_cats as $link_cat ) { … … 212 213 } 213 214 ?> 214 215 </select> 215 <label for="<?php echo $this->get_field_id('orderby'); ?>"><?php _e( 'Sort by:' ); ?></label>216 <select name="<?php echo $this->get_field_name('orderby'); ?>" id="<?php echo $this->get_field_id('orderby'); ?>" class="widefat">216 <label for="<?php echo esc_attr( $this->get_field_id( 'orderby' ) ); ?>"><?php _e( 'Sort by:' ); ?></label> 217 <select name="<?php echo esc_attr( $this->get_field_name( 'orderby' ) ); ?>" id="<?php echo esc_attr( $this->get_field_id( 'orderby' ) ); ?>" class="widefat"> 217 218 <option value="name"<?php selected( $instance['orderby'], 'name' ); ?>><?php _e( 'Link title' ); ?></option> 218 219 <option value="rating"<?php selected( $instance['orderby'], 'rating' ); ?>><?php _e( 'Link rating' ); ?></option> 219 220 <option value="id"<?php selected( $instance['orderby'], 'id' ); ?>><?php _e( 'Link ID' ); ?></option> … … 221 222 </select> 222 223 </p> 223 224 <p> 224 <input class="checkbox" type="checkbox" <?php checked( $instance['images'], true) ?> id="<?php echo $this->get_field_id('images'); ?>" name="<?php echo $this->get_field_name('images'); ?>" />225 <label for="<?php echo $this->get_field_id('images'); ?>"><?php _e('Show Link Image'); ?></label><br />226 <input class="checkbox" type="checkbox" <?php checked( $instance['name'], true) ?> id="<?php echo $this->get_field_id('name'); ?>" name="<?php echo $this->get_field_name('name'); ?>" />227 <label for="<?php echo $this->get_field_id('name'); ?>"><?php _e('Show Link Name'); ?></label><br />228 <input class="checkbox" type="checkbox" <?php checked( $instance['description'], true) ?> id="<?php echo $this->get_field_id('description'); ?>" name="<?php echo $this->get_field_name('description'); ?>" />229 <label for="<?php echo $this->get_field_id('description'); ?>"><?php _e('Show Link Description'); ?></label><br />230 <input class="checkbox" type="checkbox" <?php checked( $instance['rating'], true) ?> id="<?php echo $this->get_field_id('rating'); ?>" name="<?php echo $this->get_field_name('rating'); ?>" />231 <label for="<?php echo $this->get_field_id('rating'); ?>"><?php _e('Show Link Rating'); ?></label>225 <input class="checkbox" type="checkbox" <?php checked( $instance['images'], true ) ?> id="<?php echo esc_attr( $this->get_field_id( 'images' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'images' ) ); ?>" /> 226 <label for="<?php echo esc_attr( $this->get_field_id( 'images' ) ); ?>"><?php _e('Show Link Image'); ?></label><br /> 227 <input class="checkbox" type="checkbox" <?php checked( $instance['name'], true ) ?> id="<?php echo esc_attr( $this->get_field_id( 'name' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'name' ) ); ?>" /> 228 <label for="<?php echo esc_attr( $this->get_field_id( 'name' ) ); ?>"><?php _e('Show Link Name'); ?></label><br /> 229 <input class="checkbox" type="checkbox" <?php checked( $instance['description'], true ) ?> id="<?php echo esc_attr( $this->get_field_id( 'description' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'description' ) ); ?>" /> 230 <label for="<?php echo esc_attr( $this->get_field_id( 'description' ) ); ?>"><?php _e('Show Link Description'); ?></label><br /> 231 <input class="checkbox" type="checkbox" <?php checked( $instance['rating'], true ) ?> id="<?php echo esc_attr( $this->get_field_id( 'rating' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'rating' ) ); ?>" /> 232 <label for="<?php echo esc_attr( $this->get_field_id( 'rating' ) ); ?>"><?php _e('Show Link Rating'); ?></label> 232 233 </p> 233 234 <p> 234 <label for="<?php echo $this->get_field_id('limit'); ?>"><?php _e( 'Number of links to show:' ); ?></label>235 <input id="<?php echo $this->get_field_id('limit'); ?>" name="<?php echo $this->get_field_name('limit'); ?>" type="text" value="<?php echo $limit == -1 ? '' : intval( $limit ); ?>" size="3" />235 <label for="<?php echo esc_attr( $this->get_field_id( 'limit' ) ); ?>"><?php _e( 'Number of links to show:' ); ?></label> 236 <input id="<?php echo esc_attr( $this->get_field_id( 'limit' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'limit' ) ); ?>" type="text" value="<?php echo $limit == -1 ? '' : intval( $limit ); ?>" size="3" /> 236 237 </p> 237 238 <?php 238 239 } … … 276 277 $instance = wp_parse_args( (array) $instance, array( 'title' => '') ); 277 278 $title = $instance['title']; 278 279 ?> 279 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></label></p>280 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></label></p> 280 281 <?php 281 282 } 282 283 … … 288 289 public function update( $new_instance, $old_instance ) { 289 290 $instance = $old_instance; 290 291 $new_instance = wp_parse_args((array) $new_instance, array( 'title' => '')); 291 $instance['title'] = s trip_tags($new_instance['title']);292 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 292 293 return $instance; 293 294 } 294 295 … … 400 401 public function update( $new_instance, $old_instance ) { 401 402 $instance = $old_instance; 402 403 $new_instance = wp_parse_args( (array) $new_instance, array( 'title' => '', 'count' => 0, 'dropdown' => '') ); 403 $instance['title'] = s trip_tags($new_instance['title']);404 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 404 405 $instance['count'] = $new_instance['count'] ? 1 : 0; 405 406 $instance['dropdown'] = $new_instance['dropdown'] ? 1 : 0; 406 407 … … 412 413 */ 413 414 public function form( $instance ) { 414 415 $instance = wp_parse_args( (array) $instance, array( 'title' => '', 'count' => 0, 'dropdown' => '') ); 415 $title = strip_tags($instance['title']);416 $count = $instance['count'] ? 'checked="checked"' : '';417 $dropdown = $instance['dropdown'] ? 'checked="checked"' : '';418 416 ?> 419 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></p>417 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e('Title:'); ?></label> <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p> 420 418 <p> 421 <input class="checkbox" type="checkbox" <?php echo $dropdown; ?> id="<?php echo $this->get_field_id('dropdown'); ?>" name="<?php echo $this->get_field_name('dropdown'); ?>" /> <label for="<?php echo $this->get_field_id('dropdown'); ?>"><?php _e('Display as dropdown'); ?></label>419 <input class="checkbox" type="checkbox" <?php checked( $instance['dropdown'] ); ?> id="<?php echo esc_attr( $this->get_field_id( 'dropdown' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'dropdown' ) ); ?>" /> <label for="<?php echo esc_attr( $this->get_field_id( 'dropdown' ) ); ?>"><?php _e( 'Display as dropdown' ); ?></label> 422 420 <br/> 423 <input class="checkbox" type="checkbox" <?php echo $count; ?> id="<?php echo $this->get_field_id('count'); ?>" name="<?php echo $this->get_field_name('count'); ?>" /> <label for="<?php echo $this->get_field_id('count'); ?>"><?php _e('Show post counts'); ?></label>421 <input class="checkbox" type="checkbox" <?php checked( $instance['count'] ); ?> id="<?php echo esc_attr( $this->get_field_id( 'count' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'count' ) ); ?>" /> <label for="<?php echo esc_attr( $this->get_field_id( 'count' ) ); ?>"><?php _e( 'Show post counts' ); ?></label> 424 422 </p> 425 423 <?php 426 424 } … … 456 454 <ul> 457 455 <?php wp_register(); ?> 458 456 <li><?php wp_loginout(); ?></li> 459 <li><a href="<?php bloginfo('rss2_url'); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>460 <li><a href="<?php bloginfo('comments_rss2_url'); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>457 <li><a href="<?php echo esc_url( get_bloginfo( 'rss2_url' ) ); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li> 458 <li><a href="<?php echo esc_url( get_bloginfo( 'comments_rss2_url' ) ); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li> 461 459 <?php 462 460 /** 463 461 * Filter the "Powered by WordPress" text in the Meta widget. … … 486 484 */ 487 485 public function update( $new_instance, $old_instance ) { 488 486 $instance = $old_instance; 489 $instance['title'] = s trip_tags($new_instance['title']);487 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 490 488 491 489 return $instance; 492 490 } … … 496 494 */ 497 495 public function form( $instance ) { 498 496 $instance = wp_parse_args( (array) $instance, array( 'title' => '' ) ); 499 $title = strip_tags($instance['title']);500 497 ?> 501 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></p>498 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e('Title:'); ?></label> <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p> 502 499 <?php 503 500 } 504 501 } … … 540 537 */ 541 538 public function update( $new_instance, $old_instance ) { 542 539 $instance = $old_instance; 543 $instance['title'] = s trip_tags($new_instance['title']);540 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 544 541 545 542 return $instance; 546 543 } … … 550 547 */ 551 548 public function form( $instance ) { 552 549 $instance = wp_parse_args( (array) $instance, array( 'title' => '' ) ); 553 $title = strip_tags($instance['title']);554 550 ?> 555 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label>556 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></p>551 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e('Title:'); ?></label> 552 <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p> 557 553 <?php 558 554 } 559 555 } … … 604 600 */ 605 601 public function update( $new_instance, $old_instance ) { 606 602 $instance = $old_instance; 607 $instance['title'] = s trip_tags($new_instance['title']);603 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 608 604 if ( current_user_can('unfiltered_html') ) 609 605 $instance['text'] = $new_instance['text']; 610 606 else 611 $instance['text'] = stripslashes( wp_filter_post_kses( addslashes($new_instance['text']) ) ); // wp_filter_post_kses() expects slashed607 $instance['text'] = wp_kses_post( $new_instance['text'] ); 612 608 $instance['filter'] = ! empty( $new_instance['filter'] ); 613 609 return $instance; 614 610 } … … 618 614 */ 619 615 public function form( $instance ) { 620 616 $instance = wp_parse_args( (array) $instance, array( 'title' => '', 'text' => '' ) ); 621 $title = strip_tags($instance['title']); 622 $text = esc_textarea($instance['text']); 623 ?> 624 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> 625 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></p> 617 $filter = isset( $instance['filter'] ) ? $instance['filter'] : 0; 618 ?> 619 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e('Title:'); ?></label> 620 <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p> 626 621 627 <p><label for="<?php echo $this->get_field_id( 'text'); ?>"><?php _e( 'Content:' ); ?></label>628 <textarea class="widefat" rows="16" cols="20" id="<?php echo $this->get_field_id('text'); ?>" name="<?php echo $this->get_field_name('text'); ?>"><?php echo $text; ?></textarea></p>622 <p><label for="<?php echo esc_attr( $this->get_field_id( 'text' ) ); ?>"><?php _e( 'Content:' ); ?></label> 623 <textarea class="widefat" rows="16" cols="20" id="<?php echo esc_attr( $this->get_field_id( 'text' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'text' ) ); ?>"><?php echo esc_textarea( $instance['text'] ); ?></textarea></p> 629 624 630 <p><input id="<?php echo $this->get_field_id('filter'); ?>" name="<?php echo $this->get_field_name('filter'); ?>" type="checkbox" <?php checked(isset($instance['filter']) ? $instance['filter'] : 0); ?> /> <label for="<?php echo $this->get_field_id('filter'); ?>"><?php _e('Automatically add paragraphs'); ?></label></p>625 <p><input id="<?php echo esc_attr( $this->get_field_id( 'filter' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'filter' ) ); ?>" type="checkbox" <?php checked( $filter ); ?> /> <label for="<?php echo esc_attr( $this->get_field_id( 'filter' ) ); ?>"><?php _e('Automatically add paragraphs'); ?></label></p> 631 626 <?php 632 627 } 633 628 } … … 736 731 */ 737 732 public function update( $new_instance, $old_instance ) { 738 733 $instance = $old_instance; 739 $instance['title'] = s trip_tags($new_instance['title']);734 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 740 735 $instance['count'] = !empty($new_instance['count']) ? 1 : 0; 741 736 $instance['hierarchical'] = !empty($new_instance['hierarchical']) ? 1 : 0; 742 737 $instance['dropdown'] = !empty($new_instance['dropdown']) ? 1 : 0; … … 750 745 public function form( $instance ) { 751 746 //Defaults 752 747 $instance = wp_parse_args( (array) $instance, array( 'title' => '') ); 753 $title = esc_attr( $instance['title'] );754 748 $count = isset($instance['count']) ? (bool) $instance['count'] :false; 755 749 $hierarchical = isset( $instance['hierarchical'] ) ? (bool) $instance['hierarchical'] : false; 756 750 $dropdown = isset( $instance['dropdown'] ) ? (bool) $instance['dropdown'] : false; 757 751 ?> 758 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e( 'Title:'); ?></label>759 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo $title; ?>" /></p>752 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e('Title:'); ?></label> 753 <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p> 760 754 761 <p><input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id('dropdown'); ?>" name="<?php echo $this->get_field_name('dropdown'); ?>"<?php checked( $dropdown ); ?> />762 <label for="<?php echo $this->get_field_id('dropdown'); ?>"><?php _e( 'Display as dropdown'); ?></label><br />755 <p><input type="checkbox" class="checkbox" id="<?php echo esc_attr( $this->get_field_id( 'dropdown' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'dropdown' ) ); ?>"<?php checked( $dropdown ); ?> /> 756 <label for="<?php echo esc_attr( $this->get_field_id( 'dropdown' ) ); ?>"><?php _e('Display as dropdown'); ?></label><br /> 763 757 764 <input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id('count'); ?>" name="<?php echo $this->get_field_name('count'); ?>"<?php checked( $count ); ?> />765 <label for="<?php echo $this->get_field_id('count'); ?>"><?php _e( 'Show post counts'); ?></label><br />758 <input type="checkbox" class="checkbox" id="<?php echo esc_attr( $this->get_field_id( 'count' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'count' ) ); ?>"<?php checked( $count ); ?> /> 759 <label for="<?php echo esc_attr( $this->get_field_id( 'count' ) ); ?>"><?php _e('Show post counts'); ?></label><br /> 766 760 767 <input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id('hierarchical'); ?>" name="<?php echo $this->get_field_name('hierarchical'); ?>"<?php checked( $hierarchical ); ?> />768 <label for="<?php echo $this->get_field_id('hierarchical'); ?>"><?php _e( 'Show hierarchy'); ?></label></p>761 <input type="checkbox" class="checkbox" id="<?php echo esc_attr( $this->get_field_id( 'hierarchical' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'hierarchical' ) ); ?>"<?php checked( $hierarchical ); ?> /> 762 <label for="<?php echo esc_attr( $this->get_field_id( 'hierarchical' ) ); ?>"><?php _e('Show hierarchy'); ?></label></p> 769 763 <?php 770 764 } 771 765 … … 877 871 */ 878 872 public function update( $new_instance, $old_instance ) { 879 873 $instance = $old_instance; 880 $instance['title'] = s trip_tags($new_instance['title']);874 $instance['title'] = santize_text_field( $new_instance['title'] ); 881 875 $instance['number'] = (int) $new_instance['number']; 882 876 $instance['show_date'] = isset( $new_instance['show_date'] ) ? (bool) $new_instance['show_date'] : false; 883 877 $this->flush_widget_cache(); … … 904 898 $number = isset( $instance['number'] ) ? absint( $instance['number'] ) : 5; 905 899 $show_date = isset( $instance['show_date'] ) ? (bool) $instance['show_date'] : false; 906 900 ?> 907 <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:'); ?></label>908 <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo $title; ?>" /></p>901 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e('Title:'); ?></label> 902 <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p> 909 903 910 <p><label for="<?php echo $this->get_field_id( 'number' ); ?>"><?php _e( 'Number of posts to show:'); ?></label>911 <input id="<?php echo $this->get_field_id( 'number' ); ?>" name="<?php echo $this->get_field_name( 'number' ); ?>" type="text" value="<?php echo $number; ?>" size="3" /></p>904 <p><label for="<?php echo esc_attr( $this->get_field_id( 'number' ) ); ?>"><?php _e('Number of posts to show:'); ?></label> 905 <input id="<?php echo esc_attr( $this->get_field_id( 'number' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'number' ) ); ?>" type="text" value="<?php echo esc_attr( $number ); ?>" size="3" /></p> 912 906 913 <p><input class="checkbox" type="checkbox" <?php checked( $show_date ); ?> id="<?php echo $this->get_field_id( 'show_date' ); ?>" name="<?php echo $this->get_field_name( 'show_date'); ?>" />914 <label for="<?php echo $this->get_field_id( 'show_date' ); ?>"><?php _e( 'Display post date?'); ?></label></p>907 <p><input class="checkbox" type="checkbox" <?php checked( $show_date ); ?> id="<?php echo esc_attr( $this->get_field_id( 'show_date' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'show_date' ) ); ?>" /> 908 <label for="<?php echo esc_attr( $this->get_field_id( 'show_date' ) ); ?>"><?php _e('Display post date?'); ?></label></p> 915 909 <?php 916 910 } 917 911 } … … 1054 1048 */ 1055 1049 public function update( $new_instance, $old_instance ) { 1056 1050 $instance = $old_instance; 1057 $instance['title'] = s trip_tags($new_instance['title']);1051 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 1058 1052 $instance['number'] = absint( $new_instance['number'] ); 1059 1053 $this->flush_widget_cache(); 1060 1054 … … 1069 1063 * @param array $instance 1070 1064 */ 1071 1065 public function form( $instance ) { 1072 $title = isset( $instance['title'] ) ? esc_attr( $instance['title'] ): '';1073 $number = isset( $instance['number'] ) ? absint( $instance['number'] ): 5;1066 $title = isset( $instance['title'] ) ? $instance['title'] : ''; 1067 $number = isset( $instance['number'] ) ? $instance['number'] : 5; 1074 1068 ?> 1075 <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:'); ?></label>1076 <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo $title; ?>" /></p>1069 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e('Title:'); ?></label> 1070 <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p> 1077 1071 1078 <p><label for="<?php echo $this->get_field_id( 'number' ); ?>"><?php _e( 'Number of comments to show:'); ?></label>1079 <input id="<?php echo $this->get_field_id( 'number' ); ?>" name="<?php echo $this->get_field_name( 'number' ); ?>" type="text" value="<?php echo $number; ?>" size="3" /></p>1072 <p><label for="<?php echo esc_attr( $this->get_field_id( 'number' ) ); ?>"><?php _e('Number of comments to show:'); ?></label> 1073 <input id="<?php echo esc_attr( $this->get_field_id( 'number' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'number' ) ); ?>" type="text" value="<?php echo absint( $number ); ?>" size="3" /></p> 1080 1074 <?php 1081 1075 } 1082 1076 } … … 1121 1115 if ( ! is_wp_error($rss) ) { 1122 1116 $desc = esc_attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset')))); 1123 1117 if ( empty($title) ) 1124 $title = esc_html(strip_tags($rss->get_title()));1125 $link = esc_url(strip_tags($rss->get_permalink()));1118 $title = strip_tags( $rss->get_title() ); 1119 $link = strip_tags( $rss->get_permalink() ); 1126 1120 while ( stristr($link, 'http') != $link ) 1127 1121 $link = substr($link, 1); 1128 1122 } … … 1133 1127 /** This filter is documented in wp-includes/default-widgets.php */ 1134 1128 $title = apply_filters( 'widget_title', $title, $instance, $this->id_base ); 1135 1129 1136 $url = esc_url(strip_tags($url));1137 $icon = includes_url( 'images/rss.png');1130 $url = strip_tags( $url ); 1131 $icon = includes_url( 'images/rss.png' ); 1138 1132 if ( $title ) 1139 $title = "<a class='rsswidget' href='$url'><img style='border:0' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link'>$title</a>";1133 $title = '<a class="rsswidget" href="' . esc_url( $url ) . '"><img style="border:0" width="14" height="14" src="' . esc_url( $icon ) . '" alt="RSS" /></a> <a class="rsswidget" href="' . esc_url( $link ) . '">"'. esc_html( $title ) .'"</a>'; 1140 1134 1141 1135 echo $args['before_widget']; 1142 1136 if ( $title ) { … … 1289 1283 $default_inputs = array( 'url' => true, 'title' => true, 'items' => true, 'show_summary' => true, 'show_author' => true, 'show_date' => true ); 1290 1284 $inputs = wp_parse_args( $inputs, $default_inputs ); 1291 1285 1292 $args['number'] = esc_attr( $args['number'] ); 1293 $args['title'] = isset( $args['title'] ) ? esc_attr( $args['title'] ) : ''; 1294 $args['url'] = isset( $args['url'] ) ? esc_url( $args['url'] ) : ''; 1286 $args['title'] = isset( $args['title'] ) ? $args['title'] : ''; 1287 $args['url'] = isset( $args['url'] ) ? $args['url'] : ''; 1295 1288 $args['items'] = isset( $args['items'] ) ? (int) $args['items'] : 0; 1296 1289 1297 1290 if ( $args['items'] < 1 || 20 < $args['items'] ) { … … 1308 1301 1309 1302 if ( $inputs['url'] ) : 1310 1303 ?> 1311 <p><label for="rss-url-<?php echo $args['number']; ?>"><?php _e( 'Enter the RSS feed URL here:' ); ?></label>1312 <input class="widefat" id="rss-url-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][url]" type="text" value="<?php echo $args['url']; ?>" /></p>1304 <p><label for="rss-url-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'Enter the RSS feed URL here:' ); ?></label> 1305 <input class="widefat" id="rss-url-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][url]" type="text" value="<?php echo esc_url( $args['url'] ); ?>" /></p> 1313 1306 <?php endif; if ( $inputs['title'] ) : ?> 1314 <p><label for="rss-title-<?php echo $args['number']; ?>"><?php _e( 'Give the feed a title (optional):' ); ?></label>1315 <input class="widefat" id="rss-title-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][title]" type="text" value="<?php echo $args['title']; ?>" /></p>1307 <p><label for="rss-title-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'Give the feed a title (optional):' ); ?></label> 1308 <input class="widefat" id="rss-title-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][title]" type="text" value="<?php echo esc_attr( $args['title'] ); ?>" /></p> 1316 1309 <?php endif; if ( $inputs['items'] ) : ?> 1317 <p><label for="rss-items-<?php echo $args['number']; ?>"><?php _e( 'How many items would you like to display?' ); ?></label>1318 <select id="rss-items-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][items]">1319 <?php1320 1321 1322 1323 ?>1310 <p><label for="rss-items-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'How many items would you like to display?' ); ?></label> 1311 <select id="rss-items-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][items]"> 1312 <?php 1313 for ( $i = 1; $i <= 20; ++$i ) { 1314 echo "<option value='$i' " . selected( $args['items'], $i, false ) . ">$i</option>"; 1315 } 1316 ?> 1324 1317 </select></p> 1325 1318 <?php endif; if ( $inputs['show_summary'] ) : ?> 1326 <p><input id="rss-show-summary-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][show_summary]" type="checkbox" value="1" <?php checked( $args['show_summary'] ); ?> />1327 <label for="rss-show-summary-<?php echo $args['number']; ?>"><?php _e( 'Display item content?' ); ?></label></p>1319 <p><input id="rss-show-summary-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][show_summary]" type="checkbox" value="1" <?php checked( $args['show_summary'] ); ?> /> 1320 <label for="rss-show-summary-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'Display item content?' ); ?></label></p> 1328 1321 <?php endif; if ( $inputs['show_author'] ) : ?> 1329 <p><input id="rss-show-author-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][show_author]" type="checkbox" value="1" <?php checked( $args['show_author'] ); ?> />1330 <label for="rss-show-author-<?php echo $args['number']; ?>"><?php _e( 'Display item author if available?' ); ?></label></p>1322 <p><input id="rss-show-author-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][show_author]" type="checkbox" value="1" <?php checked( $args['show_author'] ); ?> /> 1323 <label for="rss-show-author-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'Display item author if available?' ); ?></label></p> 1331 1324 <?php endif; if ( $inputs['show_date'] ) : ?> 1332 <p><input id="rss-show-date-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][show_date]" type="checkbox" value="1" <?php checked( $args['show_date'] ); ?>/>1333 <label for="rss-show-date-<?php echo $args['number']; ?>"><?php _e( 'Display item date?' ); ?></label></p>1325 <p><input id="rss-show-date-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][show_date]" type="checkbox" value="1" <?php checked( $args['show_date'] ); ?>/> 1326 <label for="rss-show-date-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'Display item date?' ); ?></label></p> 1334 1327 <?php 1335 1328 endif; 1336 1329 foreach ( array_keys($default_inputs) as $input ) : … … 1337 1330 if ( 'hidden' === $inputs[$input] ) : 1338 1331 $id = str_replace( '_', '-', $input ); 1339 1332 ?> 1340 <input type="hidden" id="rss-<?php echo $id; ?>-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][<?php echo $input; ?>]" value="<?php echo $args[ $input ]; ?>" />1333 <input type="hidden" id="rss-<?php echo esc_attr( $id ); ?>-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][<?php echo esc_attr( $input ); ?>]" value="<?php echo esc_attr( $args[ $input ] ); ?>" /> 1341 1334 <?php 1342 1335 endif; 1343 1336 endforeach; … … 1451 1444 */ 1452 1445 public function update( $new_instance, $old_instance ) { 1453 1446 $instance = array(); 1454 $instance['title'] = s trip_tags(stripslashes($new_instance['title']));1447 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 1455 1448 $instance['taxonomy'] = stripslashes($new_instance['taxonomy']); 1456 1449 return $instance; 1457 1450 } … … 1461 1454 */ 1462 1455 public function form( $instance ) { 1463 1456 $current_taxonomy = $this->_get_current_taxonomy($instance); 1457 $title = isset( $instance['title'] ) ? $instance['title'] : ''; 1464 1458 ?> 1465 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:') ?></label>1466 <input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php if (isset ( $instance['title'])) {echo esc_attr( $instance['title'] );}?>" /></p>1467 <p><label for="<?php echo $this->get_field_id('taxonomy'); ?>"><?php _e('Taxonomy:') ?></label>1468 <select class="widefat" id="<?php echo $this->get_field_id('taxonomy'); ?>" name="<?php echo $this->get_field_name('taxonomy'); ?>">1459 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e( 'Title:' ) ?></label> 1460 <input type="text" class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" value="<?php echo esc_attr( $title ); ?>" /></p> 1461 <p><label for="<?php echo esc_attr( $this->get_field_id( 'taxonomy' ) ); ?>"><?php _e( 'Taxonomy:' ) ?></label> 1462 <select class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'taxonomy' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'taxonomy' ) ); ?>"> 1469 1463 <?php foreach ( get_taxonomies() as $taxonomy ) : 1470 1471 1472 1464 $tax = get_taxonomy($taxonomy); 1465 if ( !$tax->show_tagcloud || empty($tax->labels->name) ) 1466 continue; 1473 1467 ?> 1474 <option value="<?php echo esc_attr($taxonomy) ?>" <?php selected($taxonomy, $current_taxonomy) ?>><?php echo $tax->labels->name; ?></option>1468 <option value="<?php echo esc_attr($taxonomy) ?>" <?php selected($taxonomy, $current_taxonomy) ?>><?php echo esc_attr( $tax->labels->name ); ?></option> 1475 1469 <?php endforeach; ?> 1476 1470 </select></p><?php 1477 1471 } … … 1551 1545 public function update( $new_instance, $old_instance ) { 1552 1546 $instance = array(); 1553 1547 if ( ! empty( $new_instance['title'] ) ) { 1554 $instance['title'] = s trip_tags( stripslashes($new_instance['title']));1548 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 1555 1549 } 1556 1550 if ( ! empty( $new_instance['nav_menu'] ) ) { 1557 1551 $instance['nav_menu'] = (int) $new_instance['nav_menu']; … … 1584 1578 </p> 1585 1579 <div class="nav-menu-widget-form-controls" <?php if ( empty( $menus ) ) { echo ' style="display:none" '; } ?>> 1586 1580 <p> 1587 <label for="<?php echo $this->get_field_id( 'title'); ?>"><?php _e( 'Title:' ) ?></label>1588 <input type="text" class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title'); ?>" value="<?php echo esc_attr( $title ); ?>"/>1581 <label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e( 'Title:' ) ?></label> 1582 <input type="text" class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" value="<?php echo esc_attr( $title ); ?>"/> 1589 1583 </p> 1590 1584 <p> 1591 <label for="<?php echo $this->get_field_id( 'nav_menu'); ?>"><?php _e( 'Select Menu:' ); ?></label>1592 <select id="<?php echo $this->get_field_id( 'nav_menu' ); ?>" name="<?php echo $this->get_field_name( 'nav_menu'); ?>">1585 <label for="<?php echo esc_attr( $this->get_field_id( 'nav_menu' ) ); ?>"><?php _e( 'Select Menu:' ); ?></label> 1586 <select id="<?php echo esc_attr( $this->get_field_id( 'nav_menu' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'nav_menu' ) ); ?>"> 1593 1587 <option value="0"><?php _e( '— Select —' ); ?></option> 1594 1588 <?php foreach ( $menus as $menu ) : ?> 1595 1589 <option value="<?php echo esc_attr( $menu->term_id ); ?>" <?php selected( $nav_menu, $menu->term_id ); ?>>