Ticket #41596: 41596.1.diff
File 41596.1.diff, 8.1 KB (added by , 7 years ago) |
---|
-
src/wp-admin/js/widgets/text-widgets.js
diff --git src/wp-admin/js/widgets/text-widgets.js src/wp-admin/js/widgets/text-widgets.js index 692a0642c9..899677c584 100644
wp.textWidgets = ( function( $ ) { 80 80 // Sync input fields to hidden sync fields which actually get sent to the server. 81 81 _.each( control.fields, function( fieldInput, fieldName ) { 82 82 fieldInput.on( 'input change', function updateSyncField() { 83 var syncInput = control.syncContainer.find( ' input[type=hidden].' + fieldName );83 var syncInput = control.syncContainer.find( '.sync-input.' + fieldName ); 84 84 if ( syncInput.val() !== fieldInput.val() ) { 85 85 syncInput.val( fieldInput.val() ); 86 86 syncInput.trigger( 'change' ); … … wp.textWidgets = ( function( $ ) { 88 88 }); 89 89 90 90 // Note that syncInput cannot be re-used because it will be destroyed with each widget-updated event. 91 fieldInput.val( control.syncContainer.find( ' input[type=hidden].' + fieldName ).val() );91 fieldInput.val( control.syncContainer.find( '.sync-input.' + fieldName ).val() ); 92 92 }); 93 93 }, 94 94 … … wp.textWidgets = ( function( $ ) { 144 144 var control = this, syncInput; 145 145 146 146 if ( ! control.fields.title.is( document.activeElement ) ) { 147 syncInput = control.syncContainer.find( ' input[type=hidden].title' );147 syncInput = control.syncContainer.find( '.sync-input.title' ); 148 148 control.fields.title.val( syncInput.val() ); 149 149 } 150 150 151 syncInput = control.syncContainer.find( ' input[type=hidden].text' );151 syncInput = control.syncContainer.find( '.sync-input.text' ); 152 152 if ( control.fields.text.is( ':visible' ) ) { 153 153 if ( ! control.fields.text.is( document.activeElement ) ) { 154 154 control.fields.text.val( syncInput.val() ); -
src/wp-includes/widgets/class-wp-widget-text.php
diff --git src/wp-includes/widgets/class-wp-widget-text.php src/wp-includes/widgets/class-wp-widget-text.php index c28ed1f317..27e3b1d58f 100644
class WP_Widget_Text extends WP_Widget { 330 330 * @since 4.8.0 Form only contains hidden inputs which are synced with JS template. 331 331 * @since 4.8.1 Restored original form to be displayed when in legacy mode. 332 332 * @see WP_Widget_Visual_Text::render_control_template_scripts() 333 * @see _WP_Editors::editor() 333 334 * 334 335 * @param array $instance Current settings. 335 336 * @return void … … class WP_Widget_Text extends WP_Widget { 344 345 ); 345 346 ?> 346 347 <?php if ( ! $this->is_legacy_instance( $instance ) ) : ?> 347 <input id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" class="title" type="hidden" value="<?php echo esc_attr( $instance['title'] ); ?>"> 348 <input id="<?php echo $this->get_field_id( 'text' ); ?>" name="<?php echo $this->get_field_name( 'text' ); ?>" class="text" type="hidden" value="<?php echo esc_attr( $instance['text'] ); ?>"> 349 <input id="<?php echo $this->get_field_id( 'filter' ); ?>" name="<?php echo $this->get_field_name( 'filter' ); ?>" class="filter" type="hidden" value="on"> 350 <input id="<?php echo $this->get_field_id( 'visual' ); ?>" name="<?php echo $this->get_field_name( 'visual' ); ?>" class="visual" type="hidden" value="on"> 348 <?php 349 350 if ( user_can_richedit() ) { 351 add_filter( 'the_editor_content', 'format_for_editor', 10, 2 ); 352 $default_editor = 'tinymce'; 353 } else { 354 $default_editor = 'html'; 355 } 356 357 /** This filter is documented in wp-includes/class-wp-editor.php */ 358 $text = apply_filters( 'the_editor_content', $instance['text'], $default_editor ); 359 360 // Reset filter addition. 361 if ( user_can_richedit() ) { 362 remove_filter( 'the_editor_content', 'format_for_editor' ); 363 } 364 365 // Prevent premature closing of textarea in case format_for_editor() didn't apply or the_editor_content filter did a wrong thing. 366 $escaped_text = preg_replace( '#</textarea#i', '</textarea', $text ); 367 368 ?> 369 <input id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" class="title sync-input" type="hidden" value="<?php echo esc_attr( $instance['title'] ); ?>"> 370 <textarea id="<?php echo $this->get_field_id( 'text' ); ?>" name="<?php echo $this->get_field_name( 'text' ); ?>" class="text sync-input" hidden><?php echo $escaped_text; ?></textarea> 371 <input id="<?php echo $this->get_field_id( 'filter' ); ?>" name="<?php echo $this->get_field_name( 'filter' ); ?>" class="filter sync-input" type="hidden" value="on"> 372 <input id="<?php echo $this->get_field_id( 'visual' ); ?>" name="<?php echo $this->get_field_name( 'visual' ); ?>" class="visual sync-input" type="hidden" value="on"> 351 373 <?php else : ?> 352 374 <input id="<?php echo $this->get_field_id( 'visual' ); ?>" name="<?php echo $this->get_field_name( 'visual' ); ?>" class="visual" type="hidden" value=""> 353 375 <p> -
tests/phpunit/tests/widgets/text-widget.php
diff --git tests/phpunit/tests/widgets/text-widget.php tests/phpunit/tests/widgets/text-widget.php index 41aadb6af7..640b69d846 100644
class Test_WP_Widget_Text extends WP_UnitTestCase { 445 445 * @covers WP_Widget_Text::form 446 446 */ 447 447 function test_form() { 448 add_filter( 'user_can_richedit', '__return_true' ); 448 449 $widget = new WP_Widget_Text(); 450 $widget->_set( 2 ); 449 451 $instance = array( 450 452 'title' => 'Title', 451 453 'text' => 'Text', … … class Test_WP_Widget_Text extends WP_UnitTestCase { 457 459 $widget->form( $instance ); 458 460 $form = ob_get_clean(); 459 461 $this->assertContains( 'class="visual" type="hidden" value=""', $form ); 460 $this->assertNotContains( 'class="visual " type="hidden" value="on"', $form );462 $this->assertNotContains( 'class="visual sync-input" type="hidden" value="on"', $form ); 461 463 462 464 $instance = array( 463 465 'title' => 'Title', … … class Test_WP_Widget_Text extends WP_UnitTestCase { 468 470 ob_start(); 469 471 $widget->form( $instance ); 470 472 $form = ob_get_clean(); 471 $this->assertContains( 'class="visual " type="hidden" value="on"', $form );472 $this->assertNotContains( 'class="visual " type="hidden" value=""', $form );473 $this->assertContains( 'class="visual sync-input" type="hidden" value="on"', $form ); 474 $this->assertNotContains( 'class="visual sync-input" type="hidden" value=""', $form ); 473 475 474 476 $instance = array( 475 477 'title' => 'Title', … … class Test_WP_Widget_Text extends WP_UnitTestCase { 480 482 ob_start(); 481 483 $widget->form( $instance ); 482 484 $form = ob_get_clean(); 483 $this->assertContains( 'class="visual " type="hidden" value="on"', $form );484 $this->assertNotContains( 'class="visual " type="hidden" value=""', $form );485 $this->assertContains( 'class="visual sync-input" type="hidden" value="on"', $form ); 486 $this->assertNotContains( 'class="visual sync-input" type="hidden" value=""', $form ); 485 487 486 488 $instance = array( 487 489 'title' => 'Title', 488 'text' => 'Text', 490 'text' => 'This is some HTML Code: <code><strong>BOLD!</strong></code>', 491 'filter' => true, 492 'visual' => true, 493 ); 494 $this->assertFalse( $widget->is_legacy_instance( $instance ) ); 495 ob_start(); 496 $widget->form( $instance ); 497 $form = ob_get_clean(); 498 $this->assertContains( 'class="visual sync-input" type="hidden" value="on"', $form ); 499 $this->assertContains( '<code>&lt;strong&gt;BOLD!', $form ); 500 $this->assertNotContains( 'class="visual sync-input" type="hidden" value=""', $form ); 501 502 remove_filter( 'user_can_richedit', '__return_true' ); 503 add_filter( 'user_can_richedit', '__return_false' ); 504 $instance = array( 505 'title' => 'Title', 506 'text' => 'Evil:</textarea><script>alert("XSS")</script>', 489 507 'filter' => true, 490 508 'visual' => true, 491 509 ); … … class Test_WP_Widget_Text extends WP_UnitTestCase { 493 511 ob_start(); 494 512 $widget->form( $instance ); 495 513 $form = ob_get_clean(); 496 $this->assert Contains( 'class="visual" type="hidden" value="on"', $form );497 $this->assert NotContains( 'class="visual" type="hidden" value=""', $form );514 $this->assertNotContains( 'Evil:</textarea>', $form ); 515 $this->assertContains( 'Evil:</textarea>', $form ); 498 516 } 499 517 500 518 /**