Ticket #23012: 23012.7.diff
| File 23012.7.diff, 31.9 KB (added by , 11 years ago) |
|---|
-
src/wp-includes/default-widgets.php
98 98 $instance = wp_parse_args( (array) $instance, array( 'sortby' => 'post_title', 'title' => '', 'exclude' => '') ); 99 99 ?> 100 100 <p> 101 <label for="<?php echo esc_attr( $this->get_field_id( 'title' )); ?>"><?php _e( 'Title:' ); ?></label>102 <input class="widefat" id="<?php echo esc_attr( $this->get_field_id('title') ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' )); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" />101 <label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> 102 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /> 103 103 </p> 104 104 <p> 105 <label for="<?php echo esc_attr( $this->get_field_id( 'sortby' )); ?>"><?php _e( 'Sort by:' ); ?></label>106 <select name="<?php echo esc_attr( $this->get_field_name( 'sortby' ) ); ?>" id="<?php echo esc_attr( $this->get_field_id( 'sortby' )); ?>" class="widefat">105 <label for="<?php echo $this->get_field_id( 'sortby' ); ?>"><?php _e( 'Sort by:' ); ?></label> 106 <select name="<?php echo $this->get_field_name( 'sortby' ); ?>" id="<?php echo $this->get_field_id( 'sortby' ); ?>" class="widefat"> 107 107 <option value="post_title"<?php selected( $instance['sortby'], 'post_title' ); ?>><?php _e('Page title'); ?></option> 108 108 <option value="menu_order"<?php selected( $instance['sortby'], 'menu_order' ); ?>><?php _e('Page order'); ?></option> 109 109 <option value="ID"<?php selected( $instance['sortby'], 'ID' ); ?>><?php _e( 'Page ID' ); ?></option> … … 110 110 </select> 111 111 </p> 112 112 <p> 113 <label for="<?php echo esc_attr( $this->get_field_id( 'exclude' )); ?>"><?php _e( 'Exclude:' ); ?></label>114 <input type="text" value="<?php echo esc_attr( $instance['exclude'] ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'exclude' ) ); ?>" id="<?php echo esc_attr( $this->get_field_id( 'exclude' )); ?>" class="widefat" />113 <label for="<?php echo $this->get_field_id( 'exclude' ); ?>"><?php _e( 'Exclude:' ); ?></label> 114 <input type="text" value="<?php echo esc_attr( $instance['exclude'] ); ?>" name="<?php echo $this->get_field_name( 'exclude' ); ?>" id="<?php echo $this->get_field_id( 'exclude' ); ?>" class="widefat" /> 115 115 <br /> 116 116 <small><?php _e( 'Page IDs, separated by commas.' ); ?></small> 117 117 </p> … … 203 203 $limit = -1; 204 204 ?> 205 205 <p> 206 <label for="<?php echo $this->get_field_id( 'category'); ?>"><?php _e( 'Select Link Category:' ); ?></label>207 <select class="widefat" id="<?php echo $this->get_field_id( 'category'); ?>" name="<?php echo $this->get_field_name('category'); ?>">206 <label for="<?php echo $this->get_field_id( 'category' ); ?>"><?php _e( 'Select Link Category:' ); ?></label> 207 <select class="widefat" id="<?php echo $this->get_field_id( 'category' ); ?>" name="<?php echo $this->get_field_name( 'category' ); ?>"> 208 208 <option value=""><?php _ex('All Links', 'links widget'); ?></option> 209 209 <?php 210 210 foreach ( $link_cats as $link_cat ) { … … 214 214 } 215 215 ?> 216 216 </select> 217 <label for="<?php echo $this->get_field_id( 'orderby'); ?>"><?php _e( 'Sort by:' ); ?></label>218 <select name="<?php echo $this->get_field_name( 'orderby'); ?>" id="<?php echo $this->get_field_id('orderby'); ?>" class="widefat">217 <label for="<?php echo $this->get_field_id( 'orderby' ); ?>"><?php _e( 'Sort by:' ); ?></label> 218 <select name="<?php echo $this->get_field_name( 'orderby' ); ?>" id="<?php echo $this->get_field_id( 'orderby' ); ?>" class="widefat"> 219 219 <option value="name"<?php selected( $instance['orderby'], 'name' ); ?>><?php _e( 'Link title' ); ?></option> 220 220 <option value="rating"<?php selected( $instance['orderby'], 'rating' ); ?>><?php _e( 'Link rating' ); ?></option> 221 221 <option value="id"<?php selected( $instance['orderby'], 'id' ); ?>><?php _e( 'Link ID' ); ?></option> … … 223 223 </select> 224 224 </p> 225 225 <p> 226 <input class="checkbox" type="checkbox" <?php checked( $instance['images'], true) ?> id="<?php echo $this->get_field_id('images'); ?>" name="<?php echo $this->get_field_name('images'); ?>" />227 <label for="<?php echo $this->get_field_id( 'images'); ?>"><?php _e('Show Link Image'); ?></label><br />228 <input class="checkbox" type="checkbox" <?php checked( $instance['name'], true) ?> id="<?php echo $this->get_field_id('name'); ?>" name="<?php echo $this->get_field_name('name'); ?>" />229 <label for="<?php echo $this->get_field_id( 'name'); ?>"><?php _e('Show Link Name'); ?></label><br />230 <input class="checkbox" type="checkbox" <?php checked( $instance['description'], true) ?> id="<?php echo $this->get_field_id('description'); ?>" name="<?php echo $this->get_field_name('description'); ?>" />231 <label for="<?php echo $this->get_field_id( 'description'); ?>"><?php _e('Show Link Description'); ?></label><br />232 <input class="checkbox" type="checkbox" <?php checked( $instance['rating'], true) ?> id="<?php echo $this->get_field_id('rating'); ?>" name="<?php echo $this->get_field_name('rating'); ?>" />233 <label for="<?php echo $this->get_field_id( 'rating'); ?>"><?php _e('Show Link Rating'); ?></label>226 <input class="checkbox" type="checkbox" <?php checked( $instance['images'], true ) ?> id="<?php echo $this->get_field_id( 'images' ); ?>" name="<?php echo $this->get_field_name( 'images' ); ?>" /> 227 <label for="<?php echo $this->get_field_id( 'images' ); ?>"><?php _e('Show Link Image'); ?></label><br /> 228 <input class="checkbox" type="checkbox" <?php checked( $instance['name'], true ) ?> id="<?php echo $this->get_field_id( 'name' ); ?>" name="<?php echo $this->get_field_name( 'name' ); ?>" /> 229 <label for="<?php echo $this->get_field_id( 'name' ); ?>"><?php _e('Show Link Name'); ?></label><br /> 230 <input class="checkbox" type="checkbox" <?php checked( $instance['description'], true ) ?> id="<?php echo $this->get_field_id( 'description' ); ?>" name="<?php echo $this->get_field_name( 'description' ); ?>" /> 231 <label for="<?php echo $this->get_field_id( 'description' ); ?>"><?php _e('Show Link Description'); ?></label><br /> 232 <input class="checkbox" type="checkbox" <?php checked( $instance['rating'], true ) ?> id="<?php echo $this->get_field_id( 'rating' ); ?>" name="<?php echo $this->get_field_name( 'rating' ); ?>" /> 233 <label for="<?php echo $this->get_field_id( 'rating' ); ?>"><?php _e('Show Link Rating'); ?></label> 234 234 </p> 235 235 <p> 236 <label for="<?php echo $this->get_field_id( 'limit'); ?>"><?php _e( 'Number of links to show:' ); ?></label>237 <input id="<?php echo $this->get_field_id( 'limit'); ?>" name="<?php echo $this->get_field_name('limit'); ?>" type="text" value="<?php echo $limit == -1 ? '' : intval( $limit ); ?>" size="3" />236 <label for="<?php echo $this->get_field_id( 'limit' ); ?>"><?php _e( 'Number of links to show:' ); ?></label> 237 <input id="<?php echo $this->get_field_id( 'limit' ); ?>" name="<?php echo $this->get_field_name( 'limit' ); ?>" type="text" value="<?php echo $limit == -1 ? '' : intval( $limit ); ?>" size="3" /> 238 238 </p> 239 239 <?php 240 240 } … … 290 290 public function update( $new_instance, $old_instance ) { 291 291 $instance = $old_instance; 292 292 $new_instance = wp_parse_args((array) $new_instance, array( 'title' => '')); 293 $instance['title'] = s trip_tags($new_instance['title']);293 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 294 294 return $instance; 295 295 } 296 296 … … 402 402 public function update( $new_instance, $old_instance ) { 403 403 $instance = $old_instance; 404 404 $new_instance = wp_parse_args( (array) $new_instance, array( 'title' => '', 'count' => 0, 'dropdown' => '') ); 405 $instance['title'] = s trip_tags($new_instance['title']);405 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 406 406 $instance['count'] = $new_instance['count'] ? 1 : 0; 407 407 $instance['dropdown'] = $new_instance['dropdown'] ? 1 : 0; 408 408 … … 414 414 */ 415 415 public function form( $instance ) { 416 416 $instance = wp_parse_args( (array) $instance, array( 'title' => '', 'count' => 0, 'dropdown' => '') ); 417 $title = strip_tags($instance['title']); 418 $count = $instance['count'] ? 'checked="checked"' : ''; 419 $dropdown = $instance['dropdown'] ? 'checked="checked"' : ''; 417 $title = sanitize_text_field( $instance['title'] ); 420 418 ?> 421 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr( $title); ?>" /></p>419 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p> 422 420 <p> 423 <input class="checkbox" type="checkbox" <?php echo $dropdown; ?> id="<?php echo $this->get_field_id('dropdown'); ?>" name="<?php echo $this->get_field_name('dropdown'); ?>" /> <label for="<?php echo $this->get_field_id('dropdown'); ?>"><?php _e('Display as dropdown'); ?></label>421 <input class="checkbox" type="checkbox" <?php checked( $instance['dropdown'] ); ?> id="<?php echo $this->get_field_id( 'dropdown' ); ?>" name="<?php echo $this->get_field_name( 'dropdown' ); ?>" /> <label for="<?php echo $this->get_field_id( 'dropdown' ); ?>"><?php _e( 'Display as dropdown' ); ?></label> 424 422 <br/> 425 <input class="checkbox" type="checkbox" <?php echo $count; ?> id="<?php echo $this->get_field_id('count'); ?>" name="<?php echo $this->get_field_name('count'); ?>" /> <label for="<?php echo $this->get_field_id('count'); ?>"><?php _e('Show post counts'); ?></label>423 <input class="checkbox" type="checkbox" <?php checked( $instance['count'] ); ?> id="<?php echo $this->get_field_id( 'count' ); ?>" name="<?php echo $this->get_field_name( 'count' ); ?>" /> <label for="<?php echo $this->get_field_id( 'count' ); ?>"><?php _e( 'Show post counts' ); ?></label> 426 424 </p> 427 425 <?php 428 426 } … … 458 456 <ul> 459 457 <?php wp_register(); ?> 460 458 <li><?php wp_loginout(); ?></li> 461 <li><a href="<?php bloginfo('rss2_url'); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>462 <li><a href="<?php bloginfo('comments_rss2_url'); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>459 <li><a href="<?php echo esc_url( get_bloginfo( 'rss2_url' ) ); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li> 460 <li><a href="<?php echo esc_url( get_bloginfo( 'comments_rss2_url' ) ); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li> 463 461 <?php 464 462 /** 465 463 * Filter the "Powered by WordPress" text in the Meta widget. … … 488 486 */ 489 487 public function update( $new_instance, $old_instance ) { 490 488 $instance = $old_instance; 491 $instance['title'] = s trip_tags($new_instance['title']);489 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 492 490 493 491 return $instance; 494 492 } … … 498 496 */ 499 497 public function form( $instance ) { 500 498 $instance = wp_parse_args( (array) $instance, array( 'title' => '' ) ); 501 $title = strip_tags($instance['title']);502 499 ?> 503 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></p>500 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p> 504 501 <?php 505 502 } 506 503 } … … 542 539 */ 543 540 public function update( $new_instance, $old_instance ) { 544 541 $instance = $old_instance; 545 $instance['title'] = s trip_tags($new_instance['title']);542 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 546 543 547 544 return $instance; 548 545 } … … 552 549 */ 553 550 public function form( $instance ) { 554 551 $instance = wp_parse_args( (array) $instance, array( 'title' => '' ) ); 555 $title = strip_tags($instance['title']);556 552 ?> 557 <p><label for="<?php echo $this->get_field_id( 'title'); ?>"><?php _e('Title:'); ?></label>558 <input class="widefat" id="<?php echo $this->get_field_id( 'title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></p>553 <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e('Title:'); ?></label> 554 <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p> 559 555 <?php 560 556 } 561 557 } … … 606 602 */ 607 603 public function update( $new_instance, $old_instance ) { 608 604 $instance = $old_instance; 609 $instance['title'] = s trip_tags($new_instance['title']);605 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 610 606 if ( current_user_can('unfiltered_html') ) 611 607 $instance['text'] = $new_instance['text']; 612 608 else 613 $instance['text'] = stripslashes( wp_filter_post_kses( addslashes($new_instance['text']) ) ); // wp_filter_post_kses() expects slashed609 $instance['text'] = wp_kses_post( $new_instance['text'] ); 614 610 $instance['filter'] = ! empty( $new_instance['filter'] ); 615 611 return $instance; 616 612 } … … 620 616 */ 621 617 public function form( $instance ) { 622 618 $instance = wp_parse_args( (array) $instance, array( 'title' => '', 'text' => '' ) ); 623 $title = strip_tags($instance['title']); 624 $text = esc_textarea($instance['text']); 625 ?> 626 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> 627 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></p> 619 $filter = isset( $instance['filter'] ) ? $instance['filter'] : 0; 620 ?> 621 <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e('Title:'); ?></label> 622 <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p> 628 623 629 624 <p><label for="<?php echo $this->get_field_id( 'text' ); ?>"><?php _e( 'Content:' ); ?></label> 630 <textarea class="widefat" rows="16" cols="20" id="<?php echo $this->get_field_id( 'text'); ?>" name="<?php echo $this->get_field_name('text'); ?>"><?php echo $text; ?></textarea></p>625 <textarea class="widefat" rows="16" cols="20" id="<?php echo $this->get_field_id( 'text' ); ?>" name="<?php echo $this->get_field_name( 'text' ); ?>"><?php echo esc_textarea( $instance['text'] ); ?></textarea></p> 631 626 632 <p><input id="<?php echo $this->get_field_id( 'filter'); ?>" name="<?php echo $this->get_field_name('filter'); ?>" type="checkbox" <?php checked(isset($instance['filter']) ? $instance['filter'] : 0); ?> /> <label for="<?php echo $this->get_field_id('filter'); ?>"><?php _e('Automatically add paragraphs'); ?></label></p>627 <p><input id="<?php echo $this->get_field_id( 'filter' ); ?>" name="<?php echo $this->get_field_name( 'filter' ); ?>" type="checkbox" <?php checked( $filter ); ?> /> <label for="<?php echo $this->get_field_id( 'filter' ); ?>"><?php _e('Automatically add paragraphs'); ?></label></p> 633 628 <?php 634 629 } 635 630 } … … 738 733 */ 739 734 public function update( $new_instance, $old_instance ) { 740 735 $instance = $old_instance; 741 $instance['title'] = s trip_tags($new_instance['title']);736 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 742 737 $instance['count'] = !empty($new_instance['count']) ? 1 : 0; 743 738 $instance['hierarchical'] = !empty($new_instance['hierarchical']) ? 1 : 0; 744 739 $instance['dropdown'] = !empty($new_instance['dropdown']) ? 1 : 0; … … 752 747 public function form( $instance ) { 753 748 //Defaults 754 749 $instance = wp_parse_args( (array) $instance, array( 'title' => '') ); 755 $title = esc_attr( $instance['title'] );756 750 $count = isset($instance['count']) ? (bool) $instance['count'] :false; 757 751 $hierarchical = isset( $instance['hierarchical'] ) ? (bool) $instance['hierarchical'] : false; 758 752 $dropdown = isset( $instance['dropdown'] ) ? (bool) $instance['dropdown'] : false; 759 753 ?> 760 <p><label for="<?php echo $this->get_field_id( 'title'); ?>"><?php _e( 'Title:'); ?></label>761 <input class="widefat" id="<?php echo $this->get_field_id( 'title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo $title; ?>" /></p>754 <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e('Title:'); ?></label> 755 <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p> 762 756 763 <p><input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id( 'dropdown'); ?>" name="<?php echo $this->get_field_name('dropdown'); ?>"<?php checked( $dropdown ); ?> />764 <label for="<?php echo $this->get_field_id( 'dropdown'); ?>"><?php _e( 'Display as dropdown'); ?></label><br />757 <p><input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id( 'dropdown' ); ?>" name="<?php echo $this->get_field_name( 'dropdown' ); ?>"<?php checked( $dropdown ); ?> /> 758 <label for="<?php echo $this->get_field_id( 'dropdown' ); ?>"><?php _e('Display as dropdown'); ?></label><br /> 765 759 766 <input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id( 'count'); ?>" name="<?php echo $this->get_field_name('count'); ?>"<?php checked( $count ); ?> />767 <label for="<?php echo $this->get_field_id( 'count'); ?>"><?php _e( 'Show post counts'); ?></label><br />760 <input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id( 'count' ); ?>" name="<?php echo $this->get_field_name( 'count' ); ?>"<?php checked( $count ); ?> /> 761 <label for="<?php echo $this->get_field_id( 'count' ); ?>"><?php _e('Show post counts'); ?></label><br /> 768 762 769 <input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id( 'hierarchical'); ?>" name="<?php echo $this->get_field_name('hierarchical'); ?>"<?php checked( $hierarchical ); ?> />770 <label for="<?php echo $this->get_field_id( 'hierarchical'); ?>"><?php _e( 'Show hierarchy'); ?></label></p>763 <input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id( 'hierarchical' ); ?>" name="<?php echo $this->get_field_name( 'hierarchical' ); ?>"<?php checked( $hierarchical ); ?> /> 764 <label for="<?php echo $this->get_field_id( 'hierarchical' ); ?>"><?php _e('Show hierarchy'); ?></label></p> 771 765 <?php 772 766 } 773 767 … … 879 873 */ 880 874 public function update( $new_instance, $old_instance ) { 881 875 $instance = $old_instance; 882 $instance['title'] = s trip_tags($new_instance['title']);876 $instance['title'] = santize_text_field( $new_instance['title'] ); 883 877 $instance['number'] = (int) $new_instance['number']; 884 878 $instance['show_date'] = isset( $new_instance['show_date'] ) ? (bool) $new_instance['show_date'] : false; 885 879 $this->flush_widget_cache(); … … 907 901 $show_date = isset( $instance['show_date'] ) ? (bool) $instance['show_date'] : false; 908 902 ?> 909 903 <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> 910 <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo $title; ?>" /></p>904 <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p> 911 905 912 <p><label for="<?php echo $this->get_field_id( 'number' ); ?>"><?php _e( 'Number of posts to show:'); ?></label>913 <input id="<?php echo $this->get_field_id( 'number' ); ?>" name="<?php echo $this->get_field_name( 'number' ); ?>" type="text" value="<?php echo $number; ?>" size="3" /></p>906 <p><label for="<?php echo $this->get_field_id( 'number' ); ?>"><?php _e('Number of posts to show:'); ?></label> 907 <input id="<?php echo $this->get_field_id( 'number' ); ?>" name="<?php echo $this->get_field_name( 'number' ); ?>" type="text" value="<?php echo esc_attr( $number ); ?>" size="3" /></p> 914 908 915 909 <p><input class="checkbox" type="checkbox" <?php checked( $show_date ); ?> id="<?php echo $this->get_field_id( 'show_date' ); ?>" name="<?php echo $this->get_field_name( 'show_date' ); ?>" /> 916 910 <label for="<?php echo $this->get_field_id( 'show_date' ); ?>"><?php _e( 'Display post date?' ); ?></label></p> … … 1056 1050 */ 1057 1051 public function update( $new_instance, $old_instance ) { 1058 1052 $instance = $old_instance; 1059 $instance['title'] = s trip_tags($new_instance['title']);1053 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 1060 1054 $instance['number'] = absint( $new_instance['number'] ); 1061 1055 $this->flush_widget_cache(); 1062 1056 … … 1071 1065 * @param array $instance 1072 1066 */ 1073 1067 public function form( $instance ) { 1074 $title = isset( $instance['title'] ) ? esc_attr( $instance['title'] ): '';1075 $number = isset( $instance['number'] ) ? absint( $instance['number'] ): 5;1068 $title = isset( $instance['title'] ) ? $instance['title'] : ''; 1069 $number = isset( $instance['number'] ) ? $instance['number'] : 5; 1076 1070 ?> 1077 1071 <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> 1078 <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo $title; ?>" /></p>1072 <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p> 1079 1073 1080 <p><label for="<?php echo $this->get_field_id( 'number' ); ?>"><?php _e( 'Number of comments to show:'); ?></label>1081 <input id="<?php echo $this->get_field_id( 'number' ); ?>" name="<?php echo $this->get_field_name( 'number' ); ?>" type="text" value="<?php echo $number; ?>" size="3" /></p>1074 <p><label for="<?php echo $this->get_field_id( 'number' ); ?>"><?php _e('Number of comments to show:'); ?></label> 1075 <input id="<?php echo $this->get_field_id( 'number' ); ?>" name="<?php echo $this->get_field_name( 'number' ); ?>" type="text" value="<?php echo absint( $number ); ?>" size="3" /></p> 1082 1076 <?php 1083 1077 } 1084 1078 } … … 1123 1117 if ( ! is_wp_error($rss) ) { 1124 1118 $desc = esc_attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset')))); 1125 1119 if ( empty($title) ) 1126 $title = esc_html(strip_tags($rss->get_title()));1127 $link = esc_url(strip_tags($rss->get_permalink()));1120 $title = strip_tags( $rss->get_title() ); 1121 $link = strip_tags( $rss->get_permalink() ); 1128 1122 while ( stristr($link, 'http') != $link ) 1129 1123 $link = substr($link, 1); 1130 1124 } … … 1135 1129 /** This filter is documented in wp-includes/default-widgets.php */ 1136 1130 $title = apply_filters( 'widget_title', $title, $instance, $this->id_base ); 1137 1131 1138 $url = esc_url(strip_tags($url));1139 $icon = includes_url( 'images/rss.png');1132 $url = strip_tags( $url ); 1133 $icon = includes_url( 'images/rss.png' ); 1140 1134 if ( $title ) 1141 $title = "<a class='rsswidget' href='$url'><img style='border:0' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link'>$title</a>";1135 $title = '<a class="rsswidget" href="' . esc_url( $url ) . '"><img style="border:0" width="14" height="14" src="' . esc_url( $icon ) . '" alt="RSS" /></a> <a class="rsswidget" href="' . esc_url( $link ) . '">"'. esc_html( $title ) .'"</a>'; 1142 1136 1143 1137 echo $args['before_widget']; 1144 1138 if ( $title ) { … … 1291 1285 $default_inputs = array( 'url' => true, 'title' => true, 'items' => true, 'show_summary' => true, 'show_author' => true, 'show_date' => true ); 1292 1286 $inputs = wp_parse_args( $inputs, $default_inputs ); 1293 1287 1294 $args['number'] = esc_attr( $args['number'] ); 1295 $args['title'] = isset( $args['title'] ) ? esc_attr( $args['title'] ) : ''; 1296 $args['url'] = isset( $args['url'] ) ? esc_url( $args['url'] ) : ''; 1288 $args['title'] = isset( $args['title'] ) ? $args['title'] : ''; 1289 $args['url'] = isset( $args['url'] ) ? $args['url'] : ''; 1297 1290 $args['items'] = isset( $args['items'] ) ? (int) $args['items'] : 0; 1298 1291 1299 1292 if ( $args['items'] < 1 || 20 < $args['items'] ) { … … 1310 1303 1311 1304 if ( $inputs['url'] ) : 1312 1305 ?> 1313 <p><label for="rss-url-<?php echo $args['number']; ?>"><?php _e( 'Enter the RSS feed URL here:' ); ?></label>1314 <input class="widefat" id="rss-url-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][url]" type="text" value="<?php echo $args['url']; ?>" /></p>1306 <p><label for="rss-url-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'Enter the RSS feed URL here:' ); ?></label> 1307 <input class="widefat" id="rss-url-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][url]" type="text" value="<?php echo esc_url( $args['url'] ); ?>" /></p> 1315 1308 <?php endif; if ( $inputs['title'] ) : ?> 1316 <p><label for="rss-title-<?php echo $args['number']; ?>"><?php _e( 'Give the feed a title (optional):' ); ?></label>1317 <input class="widefat" id="rss-title-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][title]" type="text" value="<?php echo $args['title']; ?>" /></p>1309 <p><label for="rss-title-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'Give the feed a title (optional):' ); ?></label> 1310 <input class="widefat" id="rss-title-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][title]" type="text" value="<?php echo esc_attr( $args['title'] ); ?>" /></p> 1318 1311 <?php endif; if ( $inputs['items'] ) : ?> 1319 <p><label for="rss-items-<?php echo $args['number']; ?>"><?php _e( 'How many items would you like to display?' ); ?></label>1320 <select id="rss-items-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][items]">1321 <?php1322 1323 1324 1325 ?>1312 <p><label for="rss-items-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'How many items would you like to display?' ); ?></label> 1313 <select id="rss-items-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][items]"> 1314 <?php 1315 for ( $i = 1; $i <= 20; ++$i ) { 1316 echo "<option value='$i' " . selected( $args['items'], $i, false ) . ">$i</option>"; 1317 } 1318 ?> 1326 1319 </select></p> 1327 1320 <?php endif; if ( $inputs['show_summary'] ) : ?> 1328 <p><input id="rss-show-summary-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][show_summary]" type="checkbox" value="1" <?php checked( $args['show_summary'] ); ?> />1329 <label for="rss-show-summary-<?php echo $args['number']; ?>"><?php _e( 'Display item content?' ); ?></label></p>1321 <p><input id="rss-show-summary-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][show_summary]" type="checkbox" value="1" <?php checked( $args['show_summary'] ); ?> /> 1322 <label for="rss-show-summary-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'Display item content?' ); ?></label></p> 1330 1323 <?php endif; if ( $inputs['show_author'] ) : ?> 1331 <p><input id="rss-show-author-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][show_author]" type="checkbox" value="1" <?php checked( $args['show_author'] ); ?> />1332 <label for="rss-show-author-<?php echo $args['number']; ?>"><?php _e( 'Display item author if available?' ); ?></label></p>1324 <p><input id="rss-show-author-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][show_author]" type="checkbox" value="1" <?php checked( $args['show_author'] ); ?> /> 1325 <label for="rss-show-author-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'Display item author if available?' ); ?></label></p> 1333 1326 <?php endif; if ( $inputs['show_date'] ) : ?> 1334 <p><input id="rss-show-date-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][show_date]" type="checkbox" value="1" <?php checked( $args['show_date'] ); ?>/>1335 <label for="rss-show-date-<?php echo $args['number']; ?>"><?php _e( 'Display item date?' ); ?></label></p>1327 <p><input id="rss-show-date-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][show_date]" type="checkbox" value="1" <?php checked( $args['show_date'] ); ?>/> 1328 <label for="rss-show-date-<?php echo esc_attr( $args['number'] ); ?>"><?php _e( 'Display item date?' ); ?></label></p> 1336 1329 <?php 1337 1330 endif; 1338 1331 foreach ( array_keys($default_inputs) as $input ) : … … 1339 1332 if ( 'hidden' === $inputs[$input] ) : 1340 1333 $id = str_replace( '_', '-', $input ); 1341 1334 ?> 1342 <input type="hidden" id="rss-<?php echo $id; ?>-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][<?php echo $input; ?>]" value="<?php echo $args[ $input ]; ?>" />1335 <input type="hidden" id="rss-<?php echo esc_attr( $id ); ?>-<?php echo esc_attr( $args['number'] ); ?>" name="widget-rss[<?php echo esc_attr( $args['number'] ); ?>][<?php echo esc_attr( $input ); ?>]" value="<?php echo esc_attr( $args[ $input ] ); ?>" /> 1343 1336 <?php 1344 1337 endif; 1345 1338 endforeach; … … 1453 1446 */ 1454 1447 public function update( $new_instance, $old_instance ) { 1455 1448 $instance = array(); 1456 $instance['title'] = s trip_tags(stripslashes($new_instance['title']));1449 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 1457 1450 $instance['taxonomy'] = stripslashes($new_instance['taxonomy']); 1458 1451 return $instance; 1459 1452 } … … 1463 1456 */ 1464 1457 public function form( $instance ) { 1465 1458 $current_taxonomy = $this->_get_current_taxonomy($instance); 1459 $title = isset( $instance['title'] ) ? $instance['title'] : ''; 1466 1460 ?> 1467 <p><label for="<?php echo $this->get_field_id( 'title'); ?>"><?php _e('Title:') ?></label>1468 <input type="text" class="widefat" id="<?php echo $this->get_field_id( 'title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php if (isset ( $instance['title'])) {echo esc_attr( $instance['title'] );}?>" /></p>1469 <p><label for="<?php echo $this->get_field_id( 'taxonomy'); ?>"><?php _e('Taxonomy:') ?></label>1470 <select class="widefat" id="<?php echo $this->get_field_id( 'taxonomy'); ?>" name="<?php echo $this->get_field_name('taxonomy'); ?>">1461 <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ) ?></label> 1462 <input type="text" class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" value="<?php echo esc_attr( $title ); ?>" /></p> 1463 <p><label for="<?php echo $this->get_field_id( 'taxonomy' ); ?>"><?php _e( 'Taxonomy:' ) ?></label> 1464 <select class="widefat" id="<?php echo $this->get_field_id( 'taxonomy' ); ?>" name="<?php echo $this->get_field_name( 'taxonomy' ); ?>"> 1471 1465 <?php foreach ( get_taxonomies() as $taxonomy ) : 1472 1473 1474 1466 $tax = get_taxonomy($taxonomy); 1467 if ( !$tax->show_tagcloud || empty($tax->labels->name) ) 1468 continue; 1475 1469 ?> 1476 <option value="<?php echo esc_attr($taxonomy) ?>" <?php selected($taxonomy, $current_taxonomy) ?>><?php echo $tax->labels->name; ?></option>1470 <option value="<?php echo esc_attr($taxonomy) ?>" <?php selected($taxonomy, $current_taxonomy) ?>><?php echo esc_attr( $tax->labels->name ); ?></option> 1477 1471 <?php endforeach; ?> 1478 1472 </select></p><?php 1479 1473 } … … 1553 1547 public function update( $new_instance, $old_instance ) { 1554 1548 $instance = array(); 1555 1549 if ( ! empty( $new_instance['title'] ) ) { 1556 $instance['title'] = s trip_tags( stripslashes($new_instance['title']));1550 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 1557 1551 } 1558 1552 if ( ! empty( $new_instance['nav_menu'] ) ) { 1559 1553 $instance['nav_menu'] = (int) $new_instance['nav_menu'];