| 1 | <?php |
| 2 | /** |
| 3 | * Widget API: WP_Widget_HTML_Code class |
| 4 | * |
| 5 | * @package WordPress |
| 6 | * @subpackage Widgets |
| 7 | * @since 4.8.1 |
| 8 | */ |
| 9 | |
| 10 | /** |
| 11 | * Core class used to implement a Text widget. |
| 12 | * |
| 13 | * @since 4.8.1 |
| 14 | * |
| 15 | * @see WP_Widget |
| 16 | */ |
| 17 | class WP_Widget_HTML_Code extends WP_Widget { |
| 18 | |
| 19 | /** |
| 20 | * Default instance. |
| 21 | * |
| 22 | * @since 4.8.1 |
| 23 | * @var array |
| 24 | */ |
| 25 | protected $default_instance = array( |
| 26 | 'title' => '', |
| 27 | 'content' => '', |
| 28 | ); |
| 29 | |
| 30 | /** |
| 31 | * Sets up a new HTML Code widget instance. |
| 32 | * |
| 33 | * @since 4.8.1 |
| 34 | */ |
| 35 | public function __construct() { |
| 36 | $widget_ops = array( |
| 37 | 'classname' => 'widget_html_code', |
| 38 | 'description' => __( 'Arbitrary HTML code.' ), |
| 39 | 'customize_selective_refresh' => true, |
| 40 | ); |
| 41 | $control_ops = array(); |
| 42 | parent::__construct( 'html_code', __( 'HTML Code' ), $widget_ops, $control_ops ); |
| 43 | } |
| 44 | |
| 45 | /** |
| 46 | * Outputs the content for the current HTML Code widget instance. |
| 47 | * |
| 48 | * @since 4.8.1 |
| 49 | * |
| 50 | * @param array $args Display arguments including 'before_title', 'after_title', |
| 51 | * 'before_widget', and 'after_widget'. |
| 52 | * @param array $instance Settings for the current Text widget instance. |
| 53 | */ |
| 54 | public function widget( $args, $instance ) { |
| 55 | |
| 56 | $instance = array_merge( $this->default_instance, $instance ); |
| 57 | |
| 58 | /** This filter is documented in wp-includes/widgets/class-wp-widget-pages.php */ |
| 59 | $title = apply_filters( 'widget_title', $instance['title'], $instance, $this->id_base ); |
| 60 | |
| 61 | $content = $instance['content']; |
| 62 | |
| 63 | /** |
| 64 | * Filters the content of the HTML Code widget. |
| 65 | * |
| 66 | * @since 4.8.1 |
| 67 | * |
| 68 | * @param string $content The widget content. |
| 69 | * @param array $instance Array of settings for the current widget. |
| 70 | * @param WP_Widget_HTML_Code $this Current Text widget instance. |
| 71 | */ |
| 72 | $content = apply_filters( 'widget_html_code_content', $content, $instance, $this ); |
| 73 | |
| 74 | echo $args['before_widget']; |
| 75 | if ( ! empty( $title ) ) { |
| 76 | echo $args['before_title'] . $title . $args['after_title']; |
| 77 | } |
| 78 | echo $content; |
| 79 | echo $args['after_widget']; |
| 80 | } |
| 81 | |
| 82 | /** |
| 83 | * Handles updating settings for the current Text widget instance. |
| 84 | * |
| 85 | * @since 4.8.1 |
| 86 | * |
| 87 | * @param array $new_instance New settings for this instance as input by the user via |
| 88 | * WP_Widget::form(). |
| 89 | * @param array $old_instance Old settings for this instance. |
| 90 | * @return array Settings to save or bool false to cancel saving. |
| 91 | */ |
| 92 | public function update( $new_instance, $old_instance ) { |
| 93 | $instance = array_merge( $this->default_instance, $old_instance ); |
| 94 | $instance['title'] = sanitize_text_field( $new_instance['title'] ); |
| 95 | if ( current_user_can( 'unfiltered_html' ) ) { |
| 96 | $instance['content'] = $new_instance['content']; |
| 97 | } else { |
| 98 | $instance['content'] = wp_kses_post( $new_instance['content'] ); |
| 99 | } |
| 100 | return $instance; |
| 101 | } |
| 102 | |
| 103 | /** |
| 104 | * Outputs the Text widget settings form. |
| 105 | * |
| 106 | * @since 4.8.1 |
| 107 | * |
| 108 | * @param array $instance Current instance. |
| 109 | * @returns void |
| 110 | */ |
| 111 | public function form( $instance ) { |
| 112 | $instance = wp_parse_args( (array) $instance, $this->default_instance ); |
| 113 | ?> |
| 114 | <p> |
| 115 | <label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> |
| 116 | <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>"/> |
| 117 | </p> |
| 118 | |
| 119 | <p> |
| 120 | <label for="<?php echo $this->get_field_id( 'content' ); ?>"><?php _e( 'Content:' ); ?></label> |
| 121 | <textarea class="widefat code" rows="16" cols="20" id="<?php echo $this->get_field_id( 'content' ); ?>" name="<?php echo $this->get_field_name( 'content' ); ?>"><?php echo esc_textarea( $instance['content'] ); ?></textarea> |
| 122 | </p> |
| 123 | |
| 124 | <?php if ( ! current_user_can( 'unfiltered_html' ) ) : ?> |
| 125 | <?php |
| 126 | $probably_unsafe_html = array( 'script', 'iframe', 'form', 'input', 'style' ); |
| 127 | $allowed_html = wp_kses_allowed_html( 'post' ); |
| 128 | $disallowed_html = array_diff( $probably_unsafe_html, array_keys( $allowed_html ) ); |
| 129 | ?> |
| 130 | <?php if ( ! empty( $disallowed_html ) ) : ?> |
| 131 | <p> |
| 132 | <?php _e( 'Some HTML tags are not permitted, including:' ); ?> |
| 133 | <code><?php echo join( '</code>, <code>', $disallowed_html ); ?></code> |
| 134 | </p> |
| 135 | <?php endif; ?> |
| 136 | <?php endif; ?> |
| 137 | <?php |
| 138 | } |
| 139 | } |