Ticket #23012: 23012.6.diff
| File 23012.6.diff, 33.3 KB (added by , 10 years ago) |
|---|
-
src/wp-includes/default-widgets.php
203 203 $limit = -1; 204 204 ?> 205 205 <p> 206 <label for="<?php echo $this->get_field_id('category'); ?>"><?php _e( 'Select Link Category:' ); ?></label>207 <select class="widefat" id="<?php echo $this->get_field_id('category'); ?>" name="<?php echo $this->get_field_name('category'); ?>">206 <label for="<?php echo esc_attr( $this->get_field_id( 'category' ) ); ?>"><?php _e( 'Select Link Category:' ); ?></label> 207 <select class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'category' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'category' ) ); ?>"> 208 208 <option value=""><?php _ex('All Links', 'links widget'); ?></option> 209 209 <?php 210 210 foreach ( $link_cats as $link_cat ) { … … 214 214 } 215 215 ?> 216 216 </select> 217 <label for="<?php echo $this->get_field_id('orderby'); ?>"><?php _e( 'Sort by:' ); ?></label>218 <select name="<?php echo $this->get_field_name('orderby'); ?>" id="<?php echo $this->get_field_id('orderby'); ?>" class="widefat">217 <label for="<?php echo esc_attr( $this->get_field_id( 'orderby' ) ); ?>"><?php _e( 'Sort by:' ); ?></label> 218 <select name="<?php echo esc_attr( $this->get_field_name( 'orderby' ) ); ?>" id="<?php echo esc_attr( $this->get_field_id( 'orderby' ) ); ?>" class="widefat"> 219 219 <option value="name"<?php selected( $instance['orderby'], 'name' ); ?>><?php _e( 'Link title' ); ?></option> 220 220 <option value="rating"<?php selected( $instance['orderby'], 'rating' ); ?>><?php _e( 'Link rating' ); ?></option> 221 221 <option value="id"<?php selected( $instance['orderby'], 'id' ); ?>><?php _e( 'Link ID' ); ?></option> … … 223 223 </select> 224 224 </p> 225 225 <p> 226 <input class="checkbox" type="checkbox" <?php checked( $instance['images'], true) ?> id="<?php echo $this->get_field_id('images'); ?>" name="<?php echo $this->get_field_name('images'); ?>" />227 <label for="<?php echo $this->get_field_id('images'); ?>"><?php _e('Show Link Image'); ?></label><br />228 <input class="checkbox" type="checkbox" <?php checked( $instance['name'], true) ?> id="<?php echo $this->get_field_id('name'); ?>" name="<?php echo $this->get_field_name('name'); ?>" />229 <label for="<?php echo $this->get_field_id('name'); ?>"><?php _e('Show Link Name'); ?></label><br />230 <input class="checkbox" type="checkbox" <?php checked( $instance['description'], true) ?> id="<?php echo $this->get_field_id('description'); ?>" name="<?php echo $this->get_field_name('description'); ?>" />231 <label for="<?php echo $this->get_field_id('description'); ?>"><?php _e('Show Link Description'); ?></label><br />232 <input class="checkbox" type="checkbox" <?php checked( $instance['rating'], true) ?> id="<?php echo $this->get_field_id('rating'); ?>" name="<?php echo $this->get_field_name('rating'); ?>" />233 <label for="<?php echo $this->get_field_id('rating'); ?>"><?php _e('Show Link Rating'); ?></label>226 <input class="checkbox" type="checkbox" <?php checked( $instance['images'], true ) ?> id="<?php echo esc_attr( $this->get_field_id( 'images' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'images' ) ); ?>" /> 227 <label for="<?php echo esc_attr( $this->get_field_id( 'images' ) ); ?>"><?php _e('Show Link Image'); ?></label><br /> 228 <input class="checkbox" type="checkbox" <?php checked( $instance['name'], true ) ?> id="<?php echo esc_attr( $this->get_field_id( 'name' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'name' ) ); ?>" /> 229 <label for="<?php echo esc_attr( $this->get_field_id( 'name' ) ); ?>"><?php _e('Show Link Name'); ?></label><br /> 230 <input class="checkbox" type="checkbox" <?php checked( $instance['description'], true ) ?> id="<?php echo esc_attr( $this->get_field_id( 'description' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'description' ) ); ?>" /> 231 <label for="<?php echo esc_attr( $this->get_field_id( 'description' ) ); ?>"><?php _e('Show Link Description'); ?></label><br /> 232 <input class="checkbox" type="checkbox" <?php checked( $instance['rating'], true ) ?> id="<?php echo esc_attr( $this->get_field_id( 'rating' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'rating' ) ); ?>" /> 233 <label for="<?php echo esc_attr( $this->get_field_id( 'rating' ) ); ?>"><?php _e('Show Link Rating'); ?></label> 234 234 </p> 235 235 <p> 236 <label for="<?php echo $this->get_field_id('limit'); ?>"><?php _e( 'Number of links to show:' ); ?></label>237 <input id="<?php echo $this->get_field_id('limit'); ?>" name="<?php echo $this->get_field_name('limit'); ?>" type="text" value="<?php echo $limit == -1 ? '' : intval( $limit ); ?>" size="3" />236 <label for="<?php echo esc_attr( $this->get_field_id( 'limit' ) ); ?>"><?php _e( 'Number of links to show:' ); ?></label> 237 <input id="<?php echo esc_attr( $this->get_field_id( 'limit' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'limit' ) ); ?>" type="text" value="<?php echo $limit == -1 ? '' : intval( $limit ); ?>" size="3" /> 238 238 </p> 239 239 <?php 240 240 } … … 278 278 $instance = wp_parse_args( (array) $instance, array( 'title' => '') ); 279 279 $title = $instance['title']; 280 280 ?> 281 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></label></p>281 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></label></p> 282 282 <?php 283 283 } 284 284 … … 290 290 public function update( $new_instance, $old_instance ) { 291 291 $instance = $old_instance; 292 292 $new_instance = wp_parse_args((array) $new_instance, array( 'title' => '')); 293 $instance['title'] = s trip_tags($new_instance['title']);293 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 294 294 return $instance; 295 295 } 296 296 … … 402 402 public function update( $new_instance, $old_instance ) { 403 403 $instance = $old_instance; 404 404 $new_instance = wp_parse_args( (array) $new_instance, array( 'title' => '', 'count' => 0, 'dropdown' => '') ); 405 $instance['title'] = s trip_tags($new_instance['title']);405 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 406 406 $instance['count'] = $new_instance['count'] ? 1 : 0; 407 407 $instance['dropdown'] = $new_instance['dropdown'] ? 1 : 0; 408 408 … … 414 414 */ 415 415 public function form( $instance ) { 416 416 $instance = wp_parse_args( (array) $instance, array( 'title' => '', 'count' => 0, 'dropdown' => '') ); 417 $title = strip_tags($instance['title']);418 $count = $instance['count'] ? 'checked="checked"' : '';419 $dropdown = $instance['dropdown'] ? 'checked="checked"' : '';420 417 ?> 421 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></p>418 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e('Title:'); ?></label> <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p> 422 419 <p> 423 <input class="checkbox" type="checkbox" <?php echo $dropdown; ?> id="<?php echo $this->get_field_id('dropdown'); ?>" name="<?php echo $this->get_field_name('dropdown'); ?>" /> <label for="<?php echo $this->get_field_id('dropdown'); ?>"><?php _e('Display as dropdown'); ?></label>420 <input class="checkbox" type="checkbox" <?php checked( $instance['dropdown'] ); ?> id="<?php echo esc_attr( $this->get_field_id( 'dropdown' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'dropdown' ) ); ?>" /> <label for="<?php echo esc_attr( $this->get_field_id( 'dropdown' ) ); ?>"><?php _e( 'Display as dropdown' ); ?></label> 424 421 <br/> 425 <input class="checkbox" type="checkbox" <?php echo $count; ?> id="<?php echo $this->get_field_id('count'); ?>" name="<?php echo $this->get_field_name('count'); ?>" /> <label for="<?php echo $this->get_field_id('count'); ?>"><?php _e('Show post counts'); ?></label>422 <input class="checkbox" type="checkbox" <?php checked( $instance['count'] ); ?> id="<?php echo esc_attr( $this->get_field_id( 'count' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'count' ) ); ?>" /> <label for="<?php echo esc_attr( $this->get_field_id( 'count' ) ); ?>"><?php _e( 'Show post counts' ); ?></label> 426 423 </p> 427 424 <?php 428 425 } … … 458 455 <ul> 459 456 <?php wp_register(); ?> 460 457 <li><?php wp_loginout(); ?></li> 461 <li><a href="<?php bloginfo('rss2_url'); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>462 <li><a href="<?php bloginfo('comments_rss2_url'); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>458 <li><a href="<?php echo esc_url( get_bloginfo( 'rss2_url' ) ); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li> 459 <li><a href="<?php echo esc_url( get_bloginfo( 'comments_rss2_url' ) ); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li> 463 460 <?php 464 461 /** 465 462 * Filter the "Powered by WordPress" text in the Meta widget. … … 488 485 */ 489 486 public function update( $new_instance, $old_instance ) { 490 487 $instance = $old_instance; 491 $instance['title'] = s trip_tags($new_instance['title']);488 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 492 489 493 490 return $instance; 494 491 } … … 498 495 */ 499 496 public function form( $instance ) { 500 497 $instance = wp_parse_args( (array) $instance, array( 'title' => '' ) ); 501 $title = strip_tags($instance['title']);502 498 ?> 503 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></p>499 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e('Title:'); ?></label> <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p> 504 500 <?php 505 501 } 506 502 } … … 542 538 */ 543 539 public function update( $new_instance, $old_instance ) { 544 540 $instance = $old_instance; 545 $instance['title'] = s trip_tags($new_instance['title']);541 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 546 542 547 543 return $instance; 548 544 } … … 552 548 */ 553 549 public function form( $instance ) { 554 550 $instance = wp_parse_args( (array) $instance, array( 'title' => '' ) ); 555 $title = strip_tags($instance['title']);556 551 ?> 557 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label>558 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></p>552 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e('Title:'); ?></label> 553 <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p> 559 554 <?php 560 555 } 561 556 } … … 606 601 */ 607 602 public function update( $new_instance, $old_instance ) { 608 603 $instance = $old_instance; 609 $instance['title'] = s trip_tags($new_instance['title']);604 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 610 605 if ( current_user_can('unfiltered_html') ) 611 606 $instance['text'] = $new_instance['text']; 612 607 else 613 $instance['text'] = stripslashes( wp_filter_post_kses( addslashes($new_instance['text']) ) ); // wp_filter_post_kses() expects slashed608 $instance['text'] = wp_kses_post( $new_instance['text'] ); 614 609 $instance['filter'] = ! empty( $new_instance['filter'] ); 615 610 return $instance; 616 611 } … … 620 615 */ 621 616 public function form( $instance ) { 622 617 $instance = wp_parse_args( (array) $instance, array( 'title' => '', 'text' => '' ) ); 623 $title = strip_tags($instance['title']); 624 $text = esc_textarea($instance['text']); 625 ?> 626 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> 627 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></p> 618 $filter = isset( $instance['filter'] ) ? $instance['filter'] : 0; 619 ?> 620 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e('Title:'); ?></label> 621 <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p> 628 622 629 <p><label for="<?php echo $this->get_field_id( 'text'); ?>"><?php _e( 'Content:' ); ?></label>630 <textarea class="widefat" rows="16" cols="20" id="<?php echo $this->get_field_id('text'); ?>" name="<?php echo $this->get_field_name('text'); ?>"><?php echo $text; ?></textarea></p>623 <p><label for="<?php echo esc_attr( $this->get_field_id( 'text' ) ); ?>"><?php _e( 'Content:' ); ?></label> 624 <textarea class="widefat" rows="16" cols="20" id="<?php echo esc_attr( $this->get_field_id( 'text' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'text' ) ); ?>"><?php echo esc_textarea( $instance['text'] ); ?></textarea></p> 631 625 632 <p><input id="<?php echo $this->get_field_id('filter'); ?>" name="<?php echo $this->get_field_name('filter'); ?>" type="checkbox" <?php checked(isset($instance['filter']) ? $instance['filter'] : 0); ?> /> <label for="<?php echo $this->get_field_id('filter'); ?>"><?php _e('Automatically add paragraphs'); ?></label></p>626 <p><input id="<?php echo esc_attr( $this->get_field_id( 'filter' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'filter' ) ); ?>" type="checkbox" <?php checked( $filter ); ?> /> <label for="<?php echo esc_attr( $this->get_field_id( 'filter' ) ); ?>"><?php _e('Automatically add paragraphs'); ?></label></p> 633 627 <?php 634 628 } 635 629 } … … 738 732 */ 739 733 public function update( $new_instance, $old_instance ) { 740 734 $instance = $old_instance; 741 $instance['title'] = s trip_tags($new_instance['title']);735 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 742 736 $instance['count'] = !empty($new_instance['count']) ? 1 : 0; 743 737 $instance['hierarchical'] = !empty($new_instance['hierarchical']) ? 1 : 0; 744 738 $instance['dropdown'] = !empty($new_instance['dropdown']) ? 1 : 0; … … 752 746 public function form( $instance ) { 753 747 //Defaults 754 748 $instance = wp_parse_args( (array) $instance, array( 'title' => '') ); 755 $title = esc_attr( $instance['title'] );756 749 $count = isset($instance['count']) ? (bool) $instance['count'] :false; 757 750 $hierarchical = isset( $instance['hierarchical'] ) ? (bool) $instance['hierarchical'] : false; 758 751 $dropdown = isset( $instance['dropdown'] ) ? (bool) $instance['dropdown'] : false; 759 752 ?> 760 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e( 'Title:'); ?></label>761 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo $title; ?>" /></p>753 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e('Title:'); ?></label> 754 <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p> 762 755 763 <p><input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id('dropdown'); ?>" name="<?php echo $this->get_field_name('dropdown'); ?>"<?php checked( $dropdown ); ?> />764 <label for="<?php echo $this->get_field_id('dropdown'); ?>"><?php _e( 'Display as dropdown'); ?></label><br />756 <p><input type="checkbox" class="checkbox" id="<?php echo esc_attr( $this->get_field_id( 'dropdown' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'dropdown' ) ); ?>"<?php checked( $dropdown ); ?> /> 757 <label for="<?php echo esc_attr( $this->get_field_id( 'dropdown' ) ); ?>"><?php _e('Display as dropdown'); ?></label><br /> 765 758 766 <input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id('count'); ?>" name="<?php echo $this->get_field_name('count'); ?>"<?php checked( $count ); ?> />767 <label for="<?php echo $this->get_field_id('count'); ?>"><?php _e( 'Show post counts'); ?></label><br />759 <input type="checkbox" class="checkbox" id="<?php echo esc_attr( $this->get_field_id( 'count' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'count' ) ); ?>"<?php checked( $count ); ?> /> 760 <label for="<?php echo esc_attr( $this->get_field_id( 'count' ) ); ?>"><?php _e('Show post counts'); ?></label><br /> 768 761 769 <input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id('hierarchical'); ?>" name="<?php echo $this->get_field_name('hierarchical'); ?>"<?php checked( $hierarchical ); ?> />770 <label for="<?php echo $this->get_field_id('hierarchical'); ?>"><?php _e( 'Show hierarchy'); ?></label></p>762 <input type="checkbox" class="checkbox" id="<?php echo esc_attr( $this->get_field_id( 'hierarchical' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'hierarchical' ) ); ?>"<?php checked( $hierarchical ); ?> /> 763 <label for="<?php echo esc_attr( $this->get_field_id( 'hierarchical' ) ); ?>"><?php _e('Show hierarchy'); ?></label></p> 771 764 <?php 772 765 } 773 766 … … 879 872 */ 880 873 public function update( $new_instance, $old_instance ) { 881 874 $instance = $old_instance; 882 $instance['title'] = s trip_tags($new_instance['title']);875 $instance['title'] = santize_text_field( $new_instance['title'] ); 883 876 $instance['number'] = (int) $new_instance['number']; 884 877 $instance['show_date'] = isset( $new_instance['show_date'] ) ? (bool) $new_instance['show_date'] : false; 885 878 $this->flush_widget_cache(); … … 906 899 $number = isset( $instance['number'] ) ? absint( $instance['number'] ) : 5; 907 900 $show_date = isset( $instance['show_date'] ) ? (bool) $instance['show_date'] : false; 908 901 ?> 909 <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:'); ?></label>910 <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo $title; ?>" /></p>902 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e('Title:'); ?></label> 903 <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p> 911 904 912 <p><label for="<?php echo $this->get_field_id( 'number' ); ?>"><?php _e( 'Number of posts to show:'); ?></label>913 <input id="<?php echo $this->get_field_id( 'number' ); ?>" name="<?php echo $this->get_field_name( 'number' ); ?>" type="text" value="<?php echo $number; ?>" size="3" /></p>905 <p><label for="<?php echo esc_attr( $this->get_field_id( 'number' ) ); ?>"><?php _e('Number of posts to show:'); ?></label> 906 <input id="<?php echo esc_attr( $this->get_field_id( 'number' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'number' ) ); ?>" type="text" value="<?php echo esc_attr( $number ); ?>" size="3" /></p> 914 907 915 <p><input class="checkbox" type="checkbox" <?php checked( $show_date ); ?> id="<?php echo $this->get_field_id( 'show_date' ); ?>" name="<?php echo $this->get_field_name( 'show_date'); ?>" />916 <label for="<?php echo $this->get_field_id( 'show_date' ); ?>"><?php _e( 'Display post date?'); ?></label></p>908 <p><input class="checkbox" type="checkbox" <?php checked( $show_date ); ?> id="<?php echo esc_attr( $this->get_field_id( 'show_date' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'show_date' ) ); ?>" /> 909 <label for="<?php echo esc_attr( $this->get_field_id( 'show_date' ) ); ?>"><?php _e('Display post date?'); ?></label></p> 917 910 <?php 918 911 } 919 912 } … … 1056 1049 */ 1057 1050 public function update( $new_instance, $old_instance ) { 1058 1051 $instance = $old_instance; 1059 $instance['title'] = s trip_tags($new_instance['title']);1052 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 1060 1053 $instance['number'] = absint( $new_instance['number'] ); 1061 1054 $this->flush_widget_cache(); 1062 1055 … … 1071 1064 * @param array $instance 1072 1065 */ 1073 1066 public function form( $instance ) { 1074 $title = isset( $instance['title'] ) ? esc_attr( $instance['title'] ): '';1075 $number = isset( $instance['number'] ) ? absint( $instance['number'] ): 5;1067 $title = isset( $instance['title'] ) ? $instance['title'] : ''; 1068 $number = isset( $instance['number'] ) ? $instance['number'] : 5; 1076 1069 ?> 1077 <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:'); ?></label>1078 <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo $title; ?>" /></p>1070 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e('Title:'); ?></label> 1071 <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p> 1079 1072 1080 <p><label for="<?php echo $this->get_field_id( 'number' ); ?>"><?php _e( 'Number of comments to show:'); ?></label>1081 <input id="<?php echo $this->get_field_id( 'number' ); ?>" name="<?php echo $this->get_field_name( 'number' ); ?>" type="text" value="<?php echo $number; ?>" size="3" /></p>1073 <p><label for="<?php echo esc_attr( $this->get_field_id( 'number' ) ); ?>"><?php _e('Number of comments to show:'); ?></label> 1074 <input id="<?php echo esc_attr( $this->get_field_id( 'number' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'number' ) ); ?>" type="text" value="<?php echo absint( $number ); ?>" size="3" /></p> 1082 1075 <?php 1083 1076 } 1084 1077 } … … 1123 1116 if ( ! is_wp_error($rss) ) { 1124 1117 $desc = esc_attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset')))); 1125 1118 if ( empty($title) ) 1126 $title = esc_html(strip_tags($rss->get_title()));1127 $link = esc_url(strip_tags($rss->get_permalink()));1119 $title = strip_tags( $rss->get_title() ); 1120 $link = strip_tags( $rss->get_permalink() ); 1128 1121 while ( stristr($link, 'http') != $link ) 1129 1122 $link = substr($link, 1); 1130 1123 } … … 1135 1128 /** This filter is documented in wp-includes/default-widgets.php */ 1136 1129 $title = apply_filters( 'widget_title', $title, $instance, $this->id_base ); 1137 1130 1138 $url = esc_url(strip_tags($url));1139 $icon = includes_url( 'images/rss.png');1131 $url = strip_tags( $url ); 1132 $icon = includes_url( 'images/rss.png' ); 1140 1133 if ( $title ) 1141 $title = "<a class='rsswidget' href='$url'><img style='border:0' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link'>$title</a>";1134 $title = '<a class="rsswidget" href="' . esc_url( $url ) . '"><img style="border:0" width="14" height="14" src="' . esc_url( $icon ) . '" alt="RSS" /></a> <a class="rsswidget" href="' . esc_url( $link ) . '">"'. esc_html( $title ) .'"</a>'; 1142 1135 1143 1136 echo $args['before_widget']; 1144 1137 if ( $title ) { … … 1291 1284 $default_inputs = array( 'url' => true, 'title' => true, 'items' => true, 'show_summary' => true, 'show_author' => true, 'show_date' => true ); 1292 1285 $inputs = wp_parse_args( $inputs, $default_inputs ); 1293 1286 1294 $args['number'] = esc_attr( $args['number'] ); 1295 $args['title'] = isset( $args['title'] ) ? esc_attr( $args['title'] ) : ''; 1296 $args['url'] = isset( $args['url'] ) ? esc_url( $args['url'] ) : ''; 1287 $args['title'] = isset( $args['title'] ) ? $args['title'] : ''; 1288 $args['url'] = isset( $args['url'] ) ? $args['url'] : ''; 1297 1289 $args['items'] = isset( $args['items'] ) ? (int) $args['items'] : 0; 1298 1290 1299 1291 if ( $args['items'] < 1 || 20 < $args['items'] ) { … … 1310 1302 1311 1303 if ( $inputs['url'] ) : 1312 1304 ?> 1313 <p><label for="rss-url-<?php echo $args['number']; ?>"><?php _e( 'Enter the RSS feed URL here:' ); ?></label>1314 <input class="widefat" id="rss-url-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][url]" type="text" value="<?php echo $args['url']; ?>" /></p>1305 <p><label for="rss-url-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'Enter the RSS feed URL here:' ); ?></label> 1306 <input class="widefat" id="rss-url-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][url]" type="text" value="<?php echo esc_url( $args['url'] ); ?>" /></p> 1315 1307 <?php endif; if ( $inputs['title'] ) : ?> 1316 <p><label for="rss-title-<?php echo $args['number']; ?>"><?php _e( 'Give the feed a title (optional):' ); ?></label>1317 <input class="widefat" id="rss-title-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][title]" type="text" value="<?php echo $args['title']; ?>" /></p>1308 <p><label for="rss-title-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'Give the feed a title (optional):' ); ?></label> 1309 <input class="widefat" id="rss-title-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][title]" type="text" value="<?php echo esc_attr( $args['title'] ); ?>" /></p> 1318 1310 <?php endif; if ( $inputs['items'] ) : ?> 1319 <p><label for="rss-items-<?php echo $args['number']; ?>"><?php _e( 'How many items would you like to display?' ); ?></label>1320 <select id="rss-items-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][items]">1321 <?php1322 1323 1324 1325 ?>1311 <p><label for="rss-items-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'How many items would you like to display?' ); ?></label> 1312 <select id="rss-items-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][items]"> 1313 <?php 1314 for ( $i = 1; $i <= 20; ++$i ) { 1315 echo "<option value='$i' " . selected( $args['items'], $i, false ) . ">$i</option>"; 1316 } 1317 ?> 1326 1318 </select></p> 1327 1319 <?php endif; if ( $inputs['show_summary'] ) : ?> 1328 <p><input id="rss-show-summary-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][show_summary]" type="checkbox" value="1" <?php checked( $args['show_summary'] ); ?> />1329 <label for="rss-show-summary-<?php echo $args['number']; ?>"><?php _e( 'Display item content?' ); ?></label></p>1320 <p><input id="rss-show-summary-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][show_summary]" type="checkbox" value="1" <?php checked( $args['show_summary'] ); ?> /> 1321 <label for="rss-show-summary-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'Display item content?' ); ?></label></p> 1330 1322 <?php endif; if ( $inputs['show_author'] ) : ?> 1331 <p><input id="rss-show-author-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][show_author]" type="checkbox" value="1" <?php checked( $args['show_author'] ); ?> />1332 <label for="rss-show-author-<?php echo $args['number']; ?>"><?php _e( 'Display item author if available?' ); ?></label></p>1323 <p><input id="rss-show-author-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][show_author]" type="checkbox" value="1" <?php checked( $args['show_author'] ); ?> /> 1324 <label for="rss-show-author-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'Display item author if available?' ); ?></label></p> 1333 1325 <?php endif; if ( $inputs['show_date'] ) : ?> 1334 <p><input id="rss-show-date-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][show_date]" type="checkbox" value="1" <?php checked( $args['show_date'] ); ?>/>1335 <label for="rss-show-date-<?php echo $args['number']; ?>"><?php _e( 'Display item date?' ); ?></label></p>1326 <p><input id="rss-show-date-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][show_date]" type="checkbox" value="1" <?php checked( $args['show_date'] ); ?>/> 1327 <label for="rss-show-date-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'Display item date?' ); ?></label></p> 1336 1328 <?php 1337 1329 endif; 1338 1330 foreach ( array_keys($default_inputs) as $input ) : … … 1339 1331 if ( 'hidden' === $inputs[$input] ) : 1340 1332 $id = str_replace( '_', '-', $input ); 1341 1333 ?> 1342 <input type="hidden" id="rss-<?php echo $id; ?>-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][<?php echo $input; ?>]" value="<?php echo $args[ $input ]; ?>" />1334 <input type="hidden" id="rss-<?php echo esc_attr( $id ); ?>-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][<?php echo esc_attr( $input ); ?>]" value="<?php echo esc_attr( $args[ $input ] ); ?>" /> 1343 1335 <?php 1344 1336 endif; 1345 1337 endforeach; … … 1453 1445 */ 1454 1446 public function update( $new_instance, $old_instance ) { 1455 1447 $instance = array(); 1456 $instance['title'] = s trip_tags(stripslashes($new_instance['title']));1448 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 1457 1449 $instance['taxonomy'] = stripslashes($new_instance['taxonomy']); 1458 1450 return $instance; 1459 1451 } … … 1463 1455 */ 1464 1456 public function form( $instance ) { 1465 1457 $current_taxonomy = $this->_get_current_taxonomy($instance); 1458 $title = isset( $instance['title'] ) ? $instance['title'] : ''; 1466 1459 ?> 1467 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:') ?></label>1468 <input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php if (isset ( $instance['title'])) {echo esc_attr( $instance['title'] );}?>" /></p>1469 <p><label for="<?php echo $this->get_field_id('taxonomy'); ?>"><?php _e('Taxonomy:') ?></label>1470 <select class="widefat" id="<?php echo $this->get_field_id('taxonomy'); ?>" name="<?php echo $this->get_field_name('taxonomy'); ?>">1460 <p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e( 'Title:' ) ?></label> 1461 <input type="text" class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" value="<?php echo esc_attr( $title ); ?>" /></p> 1462 <p><label for="<?php echo esc_attr( $this->get_field_id( 'taxonomy' ) ); ?>"><?php _e( 'Taxonomy:' ) ?></label> 1463 <select class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'taxonomy' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'taxonomy' ) ); ?>"> 1471 1464 <?php foreach ( get_taxonomies() as $taxonomy ) : 1472 1473 1474 1465 $tax = get_taxonomy($taxonomy); 1466 if ( !$tax->show_tagcloud || empty($tax->labels->name) ) 1467 continue; 1475 1468 ?> 1476 <option value="<?php echo esc_attr($taxonomy) ?>" <?php selected($taxonomy, $current_taxonomy) ?>><?php echo $tax->labels->name; ?></option>1469 <option value="<?php echo esc_attr($taxonomy) ?>" <?php selected($taxonomy, $current_taxonomy) ?>><?php echo esc_attr( $tax->labels->name ); ?></option> 1477 1470 <?php endforeach; ?> 1478 1471 </select></p><?php 1479 1472 } … … 1553 1546 public function update( $new_instance, $old_instance ) { 1554 1547 $instance = array(); 1555 1548 if ( ! empty( $new_instance['title'] ) ) { 1556 $instance['title'] = s trip_tags( stripslashes($new_instance['title']));1549 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 1557 1550 } 1558 1551 if ( ! empty( $new_instance['nav_menu'] ) ) { 1559 1552 $instance['nav_menu'] = (int) $new_instance['nav_menu']; … … 1586 1579 </p> 1587 1580 <div class="nav-menu-widget-form-controls" <?php if ( empty( $menus ) ) { echo ' style="display:none" '; } ?>> 1588 1581 <p> 1589 <label for="<?php echo $this->get_field_id( 'title'); ?>"><?php _e( 'Title:' ) ?></label>1590 <input type="text" class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title'); ?>" value="<?php echo esc_attr( $title ); ?>"/>1582 <label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e( 'Title:' ) ?></label> 1583 <input type="text" class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" value="<?php echo esc_attr( $title ); ?>"/> 1591 1584 </p> 1592 1585 <p> 1593 <label for="<?php echo $this->get_field_id( 'nav_menu'); ?>"><?php _e( 'Select Menu:' ); ?></label>1594 <select id="<?php echo $this->get_field_id( 'nav_menu' ); ?>" name="<?php echo $this->get_field_name( 'nav_menu'); ?>">1586 <label for="<?php echo esc_attr( $this->get_field_id( 'nav_menu' ) ); ?>"><?php _e( 'Select Menu:' ); ?></label> 1587 <select id="<?php echo esc_attr( $this->get_field_id( 'nav_menu' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'nav_menu' ) ); ?>"> 1595 1588 <option value="0"><?php _e( '— Select —' ); ?></option> 1596 1589 <?php foreach ( $menus as $menu ) : ?> 1597 1590 <option value="<?php echo esc_attr( $menu->term_id ); ?>" <?php selected( $nav_menu, $menu->term_id ); ?>>