Ticket #23012: 23012.8.diff
| File 23012.8.diff, 20.1 KB (added by , 11 years ago) |
|---|
-
src/wp-includes/default-widgets.php
290 290 public function update( $new_instance, $old_instance ) { 291 291 $instance = $old_instance; 292 292 $new_instance = wp_parse_args((array) $new_instance, array( 'title' => '')); 293 $instance['title'] = s trip_tags($new_instance['title']);293 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 294 294 return $instance; 295 295 } 296 296 … … 402 402 public function update( $new_instance, $old_instance ) { 403 403 $instance = $old_instance; 404 404 $new_instance = wp_parse_args( (array) $new_instance, array( 'title' => '', 'count' => 0, 'dropdown' => '') ); 405 $instance['title'] = s trip_tags($new_instance['title']);405 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 406 406 $instance['count'] = $new_instance['count'] ? 1 : 0; 407 407 $instance['dropdown'] = $new_instance['dropdown'] ? 1 : 0; 408 408 … … 414 414 */ 415 415 public function form( $instance ) { 416 416 $instance = wp_parse_args( (array) $instance, array( 'title' => '', 'count' => 0, 'dropdown' => '') ); 417 $title = strip_tags($instance['title']); 418 $count = $instance['count'] ? 'checked="checked"' : ''; 419 $dropdown = $instance['dropdown'] ? 'checked="checked"' : ''; 417 $title = sanitize_text_field( $instance['title'] ); 420 418 ?> 421 419 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></p> 422 420 <p> 423 <input class="checkbox" type="checkbox" <?php echo $dropdown; ?> id="<?php echo $this->get_field_id('dropdown'); ?>" name="<?php echo $this->get_field_name('dropdown'); ?>" /> <label for="<?php echo $this->get_field_id('dropdown'); ?>"><?php _e('Display as dropdown'); ?></label>421 <input class="checkbox" type="checkbox" <?php checked( $instance['dropdown'] ); ?> id="<?php echo $this->get_field_id('dropdown'); ?>" name="<?php echo $this->get_field_name('dropdown'); ?>" /> <label for="<?php echo $this->get_field_id('dropdown'); ?>"><?php _e('Display as dropdown'); ?></label> 424 422 <br/> 425 <input class="checkbox" type="checkbox" <?php echo $count; ?> id="<?php echo $this->get_field_id('count'); ?>" name="<?php echo $this->get_field_name('count'); ?>" /> <label for="<?php echo $this->get_field_id('count'); ?>"><?php _e('Show post counts'); ?></label>423 <input class="checkbox" type="checkbox" <?php checked( $instance['count'] ); ?> id="<?php echo $this->get_field_id('count'); ?>" name="<?php echo $this->get_field_name('count'); ?>" /> <label for="<?php echo $this->get_field_id('count'); ?>"><?php _e('Show post counts'); ?></label> 426 424 </p> 427 425 <?php 428 426 } … … 458 456 <ul> 459 457 <?php wp_register(); ?> 460 458 <li><?php wp_loginout(); ?></li> 461 <li><a href="<?php bloginfo('rss2_url'); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>462 <li><a href="<?php bloginfo('comments_rss2_url'); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>459 <li><a href="<?php echo esc_url( get_bloginfo( 'rss2_url' ) ); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li> 460 <li><a href="<?php echo esc_url( get_bloginfo( 'comments_rss2_url' ) ); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li> 463 461 <?php 464 462 /** 465 463 * Filter the "Powered by WordPress" text in the Meta widget. … … 488 486 */ 489 487 public function update( $new_instance, $old_instance ) { 490 488 $instance = $old_instance; 491 $instance['title'] = s trip_tags($new_instance['title']);489 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 492 490 493 491 return $instance; 494 492 } … … 498 496 */ 499 497 public function form( $instance ) { 500 498 $instance = wp_parse_args( (array) $instance, array( 'title' => '' ) ); 501 $title = s trip_tags($instance['title']);499 $title = sanitize_text_field( $instance['title'] ); 502 500 ?> 503 501 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></p> 504 502 <?php … … 542 540 */ 543 541 public function update( $new_instance, $old_instance ) { 544 542 $instance = $old_instance; 545 $instance['title'] = s trip_tags($new_instance['title']);543 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 546 544 547 545 return $instance; 548 546 } … … 552 550 */ 553 551 public function form( $instance ) { 554 552 $instance = wp_parse_args( (array) $instance, array( 'title' => '' ) ); 555 $title = s trip_tags($instance['title']);553 $title = sanitize_text_field( $instance['title'] ); 556 554 ?> 557 555 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> 558 556 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></p> … … 606 604 */ 607 605 public function update( $new_instance, $old_instance ) { 608 606 $instance = $old_instance; 609 $instance['title'] = s trip_tags($new_instance['title']);607 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 610 608 if ( current_user_can('unfiltered_html') ) 611 609 $instance['text'] = $new_instance['text']; 612 610 else 613 $instance['text'] = stripslashes( wp_filter_post_kses( addslashes($new_instance['text']) ) ); // wp_filter_post_kses() expects slashed611 $instance['text'] = wp_kses_post( stripslashes( $new_instance['text'] ) ); 614 612 $instance['filter'] = ! empty( $new_instance['filter'] ); 615 613 return $instance; 616 614 } … … 620 618 */ 621 619 public function form( $instance ) { 622 620 $instance = wp_parse_args( (array) $instance, array( 'title' => '', 'text' => '' ) ); 623 $ title = strip_tags($instance['title']);624 $t ext = esc_textarea($instance['text']);625 ?>621 $filter = isset( $instance['filter'] ) ? $instance['filter'] : 0; 622 $title = sanitize_text_field( $instance['title'] ); 623 ?> 626 624 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> 627 625 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></p> 628 626 629 627 <p><label for="<?php echo $this->get_field_id( 'text' ); ?>"><?php _e( 'Content:' ); ?></label> 630 <textarea class="widefat" rows="16" cols="20" id="<?php echo $this->get_field_id('text'); ?>" name="<?php echo $this->get_field_name('text'); ?>"><?php echo $text; ?></textarea></p>628 <textarea class="widefat" rows="16" cols="20" id="<?php echo $this->get_field_id('text'); ?>" name="<?php echo $this->get_field_name('text'); ?>"><?php echo esc_textarea( $instance['text'] ); ?></textarea></p> 631 629 632 <p><input id="<?php echo $this->get_field_id('filter'); ?>" name="<?php echo $this->get_field_name('filter'); ?>" type="checkbox" <?php checked( isset($instance['filter']) ? $instance['filter'] : 0); ?> /> <label for="<?php echo $this->get_field_id('filter'); ?>"><?php _e('Automatically add paragraphs'); ?></label></p>630 <p><input id="<?php echo $this->get_field_id('filter'); ?>" name="<?php echo $this->get_field_name('filter'); ?>" type="checkbox" <?php checked( $filter ); ?> /> <label for="<?php echo $this->get_field_id('filter'); ?>"><?php _e('Automatically add paragraphs'); ?></label></p> 633 631 <?php 634 632 } 635 633 } … … 738 736 */ 739 737 public function update( $new_instance, $old_instance ) { 740 738 $instance = $old_instance; 741 $instance['title'] = s trip_tags($new_instance['title']);739 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 742 740 $instance['count'] = !empty($new_instance['count']) ? 1 : 0; 743 741 $instance['hierarchical'] = !empty($new_instance['hierarchical']) ? 1 : 0; 744 742 $instance['dropdown'] = !empty($new_instance['dropdown']) ? 1 : 0; … … 752 750 public function form( $instance ) { 753 751 //Defaults 754 752 $instance = wp_parse_args( (array) $instance, array( 'title' => '') ); 755 $title = esc_attr( $instance['title'] );753 $title = sanitize_text_field( $instance['title'] ); 756 754 $count = isset($instance['count']) ? (bool) $instance['count'] :false; 757 755 $hierarchical = isset( $instance['hierarchical'] ) ? (bool) $instance['hierarchical'] : false; 758 756 $dropdown = isset( $instance['dropdown'] ) ? (bool) $instance['dropdown'] : false; 759 757 ?> 760 758 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e( 'Title:' ); ?></label> 761 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo $title; ?>" /></p>759 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p> 762 760 763 761 <p><input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id('dropdown'); ?>" name="<?php echo $this->get_field_name('dropdown'); ?>"<?php checked( $dropdown ); ?> /> 764 762 <label for="<?php echo $this->get_field_id('dropdown'); ?>"><?php _e( 'Display as dropdown' ); ?></label><br /> … … 879 877 */ 880 878 public function update( $new_instance, $old_instance ) { 881 879 $instance = $old_instance; 882 $instance['title'] = s trip_tags($new_instance['title']);880 $instance['title'] = santize_text_field( $new_instance['title'] ); 883 881 $instance['number'] = (int) $new_instance['number']; 884 882 $instance['show_date'] = isset( $new_instance['show_date'] ) ? (bool) $new_instance['show_date'] : false; 885 883 $this->flush_widget_cache(); … … 1056 1054 */ 1057 1055 public function update( $new_instance, $old_instance ) { 1058 1056 $instance = $old_instance; 1059 $instance['title'] = s trip_tags($new_instance['title']);1057 $instance['title'] = sanitize_text_field( $new_instance['title'] ); 1060 1058 $instance['number'] = absint( $new_instance['number'] ); 1061 1059 $this->flush_widget_cache(); 1062 1060 … … 1071 1069 * @param array $instance 1072 1070 */ 1073 1071 public function form( $instance ) { 1074 $title = isset( $instance['title'] ) ? esc_attr( $instance['title'] ): '';1072 $title = isset( $instance['title'] ) ? $instance['title'] : ''; 1075 1073 $number = isset( $instance['number'] ) ? absint( $instance['number'] ) : 5; 1076 1074 ?> 1077 1075 <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> 1078 <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo $title; ?>" /></p>1076 <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p> 1079 1077 1080 1078 <p><label for="<?php echo $this->get_field_id( 'number' ); ?>"><?php _e( 'Number of comments to show:' ); ?></label> 1081 1079 <input id="<?php echo $this->get_field_id( 'number' ); ?>" name="<?php echo $this->get_field_name( 'number' ); ?>" type="text" value="<?php echo $number; ?>" size="3" /></p> … … 1123 1121 if ( ! is_wp_error($rss) ) { 1124 1122 $desc = esc_attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset')))); 1125 1123 if ( empty($title) ) 1126 $title = esc_html(strip_tags($rss->get_title()));1127 $link = esc_url(strip_tags($rss->get_permalink()));1124 $title = strip_tags( $rss->get_title() ); 1125 $link = strip_tags( $rss->get_permalink() ); 1128 1126 while ( stristr($link, 'http') != $link ) 1129 1127 $link = substr($link, 1); 1130 1128 } … … 1135 1133 /** This filter is documented in wp-includes/default-widgets.php */ 1136 1134 $title = apply_filters( 'widget_title', $title, $instance, $this->id_base ); 1137 1135 1138 $url = esc_url(strip_tags($url));1139 $icon = includes_url( 'images/rss.png');1136 $url = strip_tags( $url ); 1137 $icon = includes_url( 'images/rss.png' ); 1140 1138 if ( $title ) 1141 $title = "<a class='rsswidget' href='$url'><img style='border:0' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link'>$title</a>";1139 $title = '<a class="rsswidget" href="' . esc_url( $url ) . '"><img style="border:0" width="14" height="14" src="' . esc_url( $icon ) . '" alt="RSS" /></a> <a class="rsswidget" href="' . esc_url( $link ) . '">"'. esc_html( $title ) .'"</a>'; 1142 1140 1143 1141 echo $args['before_widget']; 1144 1142 if ( $title ) { … … 1291 1289 $default_inputs = array( 'url' => true, 'title' => true, 'items' => true, 'show_summary' => true, 'show_author' => true, 'show_date' => true ); 1292 1290 $inputs = wp_parse_args( $inputs, $default_inputs ); 1293 1291 1294 $args['number'] = esc_attr( $args['number'] ); 1295 $args['title'] = isset( $args['title'] ) ? esc_attr( $args['title'] ) : ''; 1296 $args['url'] = isset( $args['url'] ) ? esc_url( $args['url'] ) : ''; 1292 $args['title'] = isset( $args['title'] ) ? $args['title'] : ''; 1293 $args['url'] = isset( $args['url'] ) ? $args['url'] : ''; 1297 1294 $args['items'] = isset( $args['items'] ) ? (int) $args['items'] : 0; 1298 1295 1299 1296 if ( $args['items'] < 1 || 20 < $args['items'] ) { … … 1308 1305 echo '<p class="widget-error"><strong>' . sprintf( __( 'RSS Error: %s' ), $args['error'] ) . '</strong></p>'; 1309 1306 } 1310 1307 1308 $esc_number = esc_attr( $args['number'] ); 1311 1309 if ( $inputs['url'] ) : 1312 1310 ?> 1313 <p><label for="rss-url-<?php echo $ args['number']; ?>"><?php _e( 'Enter the RSS feed URL here:' ); ?></label>1314 <input class="widefat" id="rss-url-<?php echo $ args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][url]" type="text" value="<?php echo $args['url']; ?>" /></p>1311 <p><label for="rss-url-<?php echo $esc_number; ?>"><?php _e( 'Enter the RSS feed URL here:' ); ?></label> 1312 <input class="widefat" id="rss-url-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][url]" type="text" value="<?php echo esc_url( $args['url'] ); ?>" /></p> 1315 1313 <?php endif; if ( $inputs['title'] ) : ?> 1316 <p><label for="rss-title-<?php echo $ args['number']; ?>"><?php _e( 'Give the feed a title (optional):' ); ?></label>1317 <input class="widefat" id="rss-title-<?php echo $ args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][title]" type="text" value="<?php echo $args['title']; ?>" /></p>1314 <p><label for="rss-title-<?php echo $esc_number; ?>"><?php _e( 'Give the feed a title (optional):' ); ?></label> 1315 <input class="widefat" id="rss-title-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][title]" type="text" value="<?php echo esc_attr( $args['title'] ); ?>" /></p> 1318 1316 <?php endif; if ( $inputs['items'] ) : ?> 1319 <p><label for="rss-items-<?php echo $ args['number']; ?>"><?php _e( 'How many items would you like to display?' ); ?></label>1320 <select id="rss-items-<?php echo $ args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][items]">1321 <?php1322 1323 1324 1325 ?>1317 <p><label for="rss-items-<?php echo $esc_number; ?>"><?php _e( 'How many items would you like to display?' ); ?></label> 1318 <select id="rss-items-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][items]"> 1319 <?php 1320 for ( $i = 1; $i <= 20; ++$i ) { 1321 echo "<option value='$i' " . selected( $args['items'], $i, false ) . ">$i</option>"; 1322 } 1323 ?> 1326 1324 </select></p> 1327 1325 <?php endif; if ( $inputs['show_summary'] ) : ?> 1328 <p><input id="rss-show-summary-<?php echo $ args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][show_summary]" type="checkbox" value="1" <?php checked( $args['show_summary'] ); ?> />1329 <label for="rss-show-summary-<?php echo $ args['number']; ?>"><?php _e( 'Display item content?' ); ?></label></p>1326 <p><input id="rss-show-summary-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_summary]" type="checkbox" value="1" <?php checked( $args['show_summary'] ); ?> /> 1327 <label for="rss-show-summary-<?php echo $esc_number; ?>"><?php _e( 'Display item content?' ); ?></label></p> 1330 1328 <?php endif; if ( $inputs['show_author'] ) : ?> 1331 <p><input id="rss-show-author-<?php echo $ args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][show_author]" type="checkbox" value="1" <?php checked( $args['show_author'] ); ?> />1332 <label for="rss-show-author-<?php echo $ args['number']; ?>"><?php _e( 'Display item author if available?' ); ?></label></p>1329 <p><input id="rss-show-author-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_author]" type="checkbox" value="1" <?php checked( $args['show_author'] ); ?> /> 1330 <label for="rss-show-author-<?php echo $esc_number; ?>"><?php _e( 'Display item author if available?' ); ?></label></p> 1333 1331 <?php endif; if ( $inputs['show_date'] ) : ?> 1334 <p><input id="rss-show-date-<?php echo $ args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][show_date]" type="checkbox" value="1" <?php checked( $args['show_date'] ); ?>/>1335 <label for="rss-show-date-<?php echo $ args['number']; ?>"><?php _e( 'Display item date?' ); ?></label></p>1332 <p><input id="rss-show-date-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_date]" type="checkbox" value="1" <?php checked( $args['show_date'] ); ?>/> 1333 <label for="rss-show-date-<?php echo $esc_number; ?>"><?php _e( 'Display item date?' ); ?></label></p> 1336 1334 <?php 1337 1335 endif; 1338 1336 foreach ( array_keys($default_inputs) as $input ) : … … 1339 1337 if ( 'hidden' === $inputs[$input] ) : 1340 1338 $id = str_replace( '_', '-', $input ); 1341 1339 ?> 1342 <input type="hidden" id="rss-<?php echo $id; ?>-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][<?php echo $input; ?>]" value="<?php echo $args[ $input ]; ?>" />1340 <input type="hidden" id="rss-<?php echo esc_attr( $id ); ?>-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][<?php echo esc_attr( $input ); ?>]" value="<?php echo esc_attr( $args[ $input ] ); ?>" /> 1343 1341 <?php 1344 1342 endif; 1345 1343 endforeach; … … 1453 1451 */ 1454 1452 public function update( $new_instance, $old_instance ) { 1455 1453 $instance = array(); 1456 $instance['title'] = s trip_tags(stripslashes($new_instance['title']));1454 $instance['title'] = sanitize_text_field( stripslashes( $new_instance['title'] ) ); 1457 1455 $instance['taxonomy'] = stripslashes($new_instance['taxonomy']); 1458 1456 return $instance; 1459 1457 } … … 1463 1461 */ 1464 1462 public function form( $instance ) { 1465 1463 $current_taxonomy = $this->_get_current_taxonomy($instance); 1464 $title = isset( $instance['title'] ) ? $instance['title'] : ''; 1466 1465 ?> 1467 1466 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:') ?></label> 1468 <input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php if (isset ( $instance['title'])) {echo esc_attr( $instance['title'] );}?>" /></p>1467 <input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo esc_attr( $title ); ?>" /></p> 1469 1468 <p><label for="<?php echo $this->get_field_id('taxonomy'); ?>"><?php _e('Taxonomy:') ?></label> 1470 1469 <select class="widefat" id="<?php echo $this->get_field_id('taxonomy'); ?>" name="<?php echo $this->get_field_name('taxonomy'); ?>"> 1471 1470 <?php foreach ( get_taxonomies() as $taxonomy ) : 1472 1473 1474 1471 $tax = get_taxonomy($taxonomy); 1472 if ( !$tax->show_tagcloud || empty($tax->labels->name) ) 1473 continue; 1475 1474 ?> 1476 <option value="<?php echo esc_attr($taxonomy) ?>" <?php selected($taxonomy, $current_taxonomy) ?>><?php echo $tax->labels->name; ?></option>1475 <option value="<?php echo esc_attr($taxonomy) ?>" <?php selected($taxonomy, $current_taxonomy) ?>><?php echo esc_attr( $tax->labels->name ); ?></option> 1477 1476 <?php endforeach; ?> 1478 1477 </select></p><?php 1479 1478 } … … 1553 1552 public function update( $new_instance, $old_instance ) { 1554 1553 $instance = array(); 1555 1554 if ( ! empty( $new_instance['title'] ) ) { 1556 $instance['title'] = s trip_tags( stripslashes($new_instance['title']) );1555 $instance['title'] = sanitize_text_field( stripslashes( $new_instance['title'] ) ); 1557 1556 } 1558 1557 if ( ! empty( $new_instance['nav_menu'] ) ) { 1559 1558 $instance['nav_menu'] = (int) $new_instance['nav_menu'];