| | 1 | <?php |
| | 2 | /** |
| | 3 | * Widget API: WP_Widget_HTML_Code class |
| | 4 | * |
| | 5 | * @package WordPress |
| | 6 | * @subpackage Widgets |
| | 7 | * @since 4.8.1 |
| | 8 | */ |
| | 9 | |
| | 10 | /** |
| | 11 | * Core class used to implement a Text widget. |
| | 12 | * |
| | 13 | * @since 4.8.1 |
| | 14 | * |
| | 15 | * @see WP_Widget |
| | 16 | */ |
| | 17 | class WP_Widget_HTML_Code extends WP_Widget { |
| | 18 | |
| | 19 | /** |
| | 20 | * Default instance. |
| | 21 | * |
| | 22 | * @since 4.8.1 |
| | 23 | * @var array |
| | 24 | */ |
| | 25 | protected $default_instance = array( |
| | 26 | 'title' => '', |
| | 27 | 'content' => '', |
| | 28 | ); |
| | 29 | |
| | 30 | /** |
| | 31 | * Sets up a new HTML Code widget instance. |
| | 32 | * |
| | 33 | * @since 4.8.1 |
| | 34 | */ |
| | 35 | public function __construct() { |
| | 36 | $widget_ops = array( |
| | 37 | 'classname' => 'widget_html_code', |
| | 38 | 'description' => __( 'Arbitrary HTML code.' ), |
| | 39 | 'customize_selective_refresh' => true, |
| | 40 | ); |
| | 41 | $control_ops = array(); |
| | 42 | parent::__construct( 'html_code', __( 'HTML Code' ), $widget_ops, $control_ops ); |
| | 43 | } |
| | 44 | |
| | 45 | /** |
| | 46 | * Outputs the content for the current HTML Code widget instance. |
| | 47 | * |
| | 48 | * @since 4.8.1 |
| | 49 | * |
| | 50 | * @param array $args Display arguments including 'before_title', 'after_title', |
| | 51 | * 'before_widget', and 'after_widget'. |
| | 52 | * @param array $instance Settings for the current Text widget instance. |
| | 53 | */ |
| | 54 | public function widget( $args, $instance ) { |
| | 55 | |
| | 56 | $instance = array_merge( $this->default_instance, $instance ); |
| | 57 | |
| | 58 | /** This filter is documented in wp-includes/widgets/class-wp-widget-pages.php */ |
| | 59 | $title = apply_filters( 'widget_title', $instance['title'], $instance, $this->id_base ); |
| | 60 | |
| | 61 | $content = $instance['content']; |
| | 62 | |
| | 63 | /** |
| | 64 | * Filters the content of the HTML Code widget. |
| | 65 | * |
| | 66 | * @since 4.8.1 |
| | 67 | * |
| | 68 | * @param string $content The widget content. |
| | 69 | * @param array $instance Array of settings for the current widget. |
| | 70 | * @param WP_Widget_HTML_Code $this Current Text widget instance. |
| | 71 | */ |
| | 72 | $content = apply_filters( 'widget_html_code_content', $content, $instance, $this ); |
| | 73 | |
| | 74 | echo $args['before_widget']; |
| | 75 | if ( ! empty( $title ) ) { |
| | 76 | echo $args['before_title'] . $title . $args['after_title']; |
| | 77 | } |
| | 78 | echo $content; |
| | 79 | echo $args['after_widget']; |
| | 80 | } |
| | 81 | |
| | 82 | /** |
| | 83 | * Handles updating settings for the current Text widget instance. |
| | 84 | * |
| | 85 | * @since 4.8.1 |
| | 86 | * |
| | 87 | * @param array $new_instance New settings for this instance as input by the user via |
| | 88 | * WP_Widget::form(). |
| | 89 | * @param array $old_instance Old settings for this instance. |
| | 90 | * @return array Settings to save or bool false to cancel saving. |
| | 91 | */ |
| | 92 | public function update( $new_instance, $old_instance ) { |
| | 93 | $instance = array_merge( $this->default_instance, $old_instance ); |
| | 94 | $instance['title'] = sanitize_text_field( $new_instance['title'] ); |
| | 95 | if ( current_user_can( 'unfiltered_html' ) ) { |
| | 96 | $instance['content'] = $new_instance['content']; |
| | 97 | } else { |
| | 98 | $instance['content'] = wp_kses_post( $new_instance['content'] ); |
| | 99 | } |
| | 100 | return $instance; |
| | 101 | } |
| | 102 | |
| | 103 | /** |
| | 104 | * Outputs the Text widget settings form. |
| | 105 | * |
| | 106 | * @since 4.8.1 |
| | 107 | * |
| | 108 | * @param array $instance Current instance. |
| | 109 | * @returns void |
| | 110 | */ |
| | 111 | public function form( $instance ) { |
| | 112 | $instance = wp_parse_args( (array) $instance, $this->default_instance ); |
| | 113 | ?> |
| | 114 | <p> |
| | 115 | <label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> |
| | 116 | <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>"/> |
| | 117 | </p> |
| | 118 | |
| | 119 | <p> |
| | 120 | <label for="<?php echo $this->get_field_id( 'content' ); ?>"><?php _e( 'Content:' ); ?></label> |
| | 121 | <textarea class="widefat code" rows="16" cols="20" id="<?php echo $this->get_field_id( 'content' ); ?>" name="<?php echo $this->get_field_name( 'content' ); ?>"><?php echo esc_textarea( $instance['content'] ); ?></textarea> |
| | 122 | </p> |
| | 123 | |
| | 124 | <?php if ( ! current_user_can( 'unfiltered_html' ) ) : ?> |
| | 125 | <?php |
| | 126 | $probably_unsafe_html = array( 'script', 'iframe', 'form', 'input', 'style' ); |
| | 127 | $allowed_html = wp_kses_allowed_html( 'post' ); |
| | 128 | $disallowed_html = array_diff( $probably_unsafe_html, array_keys( $allowed_html ) ); |
| | 129 | ?> |
| | 130 | <?php if ( ! empty( $disallowed_html ) ) : ?> |
| | 131 | <p> |
| | 132 | <?php _e( 'Some HTML tags are not permitted, including:' ); ?> |
| | 133 | <code><?php echo join( '</code>, <code>', $disallowed_html ); ?></code> |
| | 134 | </p> |
| | 135 | <?php endif; ?> |
| | 136 | <?php endif; ?> |
| | 137 | <?php |
| | 138 | } |
| | 139 | } |