Ticket #5770: default-widgets.php_11411-5770.diff
File default-widgets.php_11411-5770.diff, 8.6 KB (added by , 15 years ago) |
---|
-
wp-includes/default-widgets.php
555 555 else if ( $number > 15 ) 556 556 $number = 15; 557 557 558 $r = new WP_Query(array('showposts' => $number, ' nopaging' => 0, 'post_status' => 'publish', 'caller_get_posts' => 1));558 $r = new WP_Query(array('showposts' => $number, 'what_to_show' => 'posts', 'nopaging' => 0, 'post_status' => 'publish', 'caller_get_posts' => 1)); 559 559 if ($r->have_posts()) : 560 560 ?> 561 561 <?php echo $before_widget; ?> 562 562 <?php if ( $title ) echo $before_title . $title . $after_title; ?> 563 563 <ul> 564 564 <?php while ($r->have_posts()) : $r->the_post(); ?> 565 <li><a href="<?php the_permalink() ?>" title="<?php echo esc_attr(get_the_title() ? get_the_title() : get_the_ID()); ?>"><?php if ( get_the_title() ) the_title(); else the_ID(); ?> </a></li>565 <li><a href="<?php the_permalink() ?>"><?php if ( get_the_title() ) the_title(); else the_ID(); ?> </a></li> 566 566 <?php endwhile; ?> 567 567 </ul> 568 568 <?php echo $after_widget; ?> … … 659 659 <?php if ( $title ) echo $before_title . $title . $after_title; ?> 660 660 <ul id="recentcomments"><?php 661 661 if ( $comments ) : foreach ( (array) $comments as $comment) : 662 echo '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . esc_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>';662 echo '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . clean_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>'; 663 663 endforeach; endif;?></ul> 664 664 <?php echo $after_widget; ?> 665 665 <?php … … 730 730 $desc = esc_attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset')))); 731 731 if ( empty($title) ) 732 732 $title = htmlentities(strip_tags($rss->get_title())); 733 $link = esc_url(strip_tags($rss->get_permalink()));733 $link = clean_url(strip_tags($rss->get_permalink())); 734 734 while ( stristr($link, 'http') != $link ) 735 735 $link = substr($link, 1); 736 736 } … … 739 739 $title = empty($desc) ? __('Unknown Feed') : $desc; 740 740 741 741 $title = apply_filters('widget_title', $title ); 742 $url = esc_url(strip_tags($url));742 $url = clean_url(strip_tags($url)); 743 743 $icon = includes_url('images/rss.png'); 744 744 if ( $title ) 745 745 $title = "<a class='rsswidget' href='$url' title='" . esc_attr(__('Syndicate this content')) ."'><img style='background:orange;color:white;border:none;' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link' title='$desc'>$title</a>"; … … 813 813 $link = $item->get_link(); 814 814 while ( stristr($link, 'http') != $link ) 815 815 $link = substr($link, 1); 816 $link = esc_url(strip_tags($link));816 $link = clean_url(strip_tags($link)); 817 817 $title = esc_attr(strip_tags($item->get_title())); 818 818 if ( empty($title) ) 819 819 $title = __('Untitled'); 820 820 821 821 $desc = str_replace(array("\n", "\r"), ' ', esc_attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset'))))); 822 822 $desc = wp_html_excerpt( $desc, 360 ) . ' […]'; 823 $desc = esc_html( $desc );823 $desc = wp_specialchars( $desc ); 824 824 825 825 if ( $show_summary ) { 826 826 $summary = "<div class='rssSummary'>$desc</div>"; … … 844 844 if ( $show_author ) { 845 845 $author = $item->get_author(); 846 846 $author = $author->get_name(); 847 $author = ' <cite>' . esc_html( strip_tags( $author ) ) . '</cite>';847 $author = ' <cite>' . wp_specialchars( strip_tags( $author ) ) . '</cite>'; 848 848 } 849 849 850 850 if ( $link == '' ) { … … 879 879 880 880 $number = esc_attr( $number ); 881 881 $title = esc_attr( $title ); 882 $url = esc_url( $url );882 $url = clean_url( $url ); 883 883 $items = (int) $items; 884 884 if ( $items < 1 || 20 < $items ) 885 885 $items = 10; … … 958 958 $items = (int) $widget_rss['items']; 959 959 if ( $items < 1 || 20 < $items ) 960 960 $items = 10; 961 $url = esc_url_raw(strip_tags( $widget_rss['url'] ));961 $url = sanitize_url(strip_tags( $widget_rss['url'] )); 962 962 $title = trim(strip_tags( $widget_rss['title'] )); 963 963 $show_summary = (int) $widget_rss['show_summary']; 964 964 $show_author = (int) $widget_rss['show_author']; … … 971 971 if ( is_wp_error($rss) ) { 972 972 $error = $rss->get_error_message(); 973 973 } else { 974 $link = esc_url(strip_tags($rss->get_permalink()));974 $link = clean_url(strip_tags($rss->get_permalink())); 975 975 while ( stristr($link, 'http') != $link ) 976 976 $link = substr($link, 1); 977 977 } … … 995 995 function widget( $args, $instance ) { 996 996 extract($args); 997 997 $title = apply_filters('widget_title', empty($instance['title']) ? __('Tags') : $instance['title']); 998 999 $largest = isset($instance['largest']) ? $instance['largest'] : 22; 1000 $smallest = isset($instance['smallest']) ? $instance['smallest'] : 6; 1001 $unit = isset($instance['unit']) ? $instance['unit'] : 'px'; 1002 $number = isset($instance['number']) ? $instance['number'] : 45; 1003 $format = isset($instance['format']) ? $instance['format'] : 'flat'; 1004 $orderby = isset($instance['orderby']) ? $instance['orderby'] : 'name'; 1005 $order = isset($instance['order']) ? $instance['order'] : 'ASC'; 998 1006 999 1007 echo $before_widget; 1000 1008 if ( $title ) 1001 1009 echo $before_title . $title . $after_title; 1002 1010 echo '<div>'; 1003 wp_tag_cloud(apply_filters('widget_tag_cloud_args', array( )));1011 wp_tag_cloud(apply_filters('widget_tag_cloud_args', array('largest' => $largest, 'number' => $number, 'format' => $format, 'orderby' => $orderby, 'order' => $order ))); 1004 1012 echo "</div>\n"; 1005 1013 echo $after_widget; 1006 1014 } 1007 1015 1008 1016 function update( $new_instance, $old_instance ) { 1009 1017 $instance['title'] = strip_tags(stripslashes($new_instance['title'])); 1018 $instance['largest'] = $new_instance['largest']; 1019 $instance['smallest'] = $new_instance['smallest']; 1020 $instance['format'] = strip_tags(stripslashes($new_instance['format'])); 1021 $instance['orderby'] = strip_tags(stripslashes($new_instance['orderby'])); 1022 $instance['order'] = strip_tags(stripslashes($new_instance['order'])); 1010 1023 return $instance; 1011 1024 } 1012 1025 1013 1026 function form( $instance ) { 1014 1027 ?> 1015 1028 <p><label for="<?php echo $this->get_field_id('title'); ?>"> 1016 <?php _e('Title:') ?>1029 <?php _e('Title:'); ?> 1017 1030 <input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo esc_attr( $instance['title'] ); ?>" /> 1018 1031 </label></p> 1032 <p><label for="<?php echo $this->get_field_id('largest'); ?>"> 1033 <?php _e('Maximum Font Size:'); ?> 1034 <input type="text" class="widefat" id="<?php echo $this->get_field_id('largest'); ?>" name="<?php echo $this->get_field_name('largest'); ?>" value="<?php echo esc_attr($instance['largest']); ?>" size="4" /> 1035 </label></p> 1036 <p><label for="<?php echo $this->get_field_id('number'); ?>"> 1037 <?php _e('Number to show:'); ?> 1038 <input type="text" class="widefat" id="<?php echo $this->get_field_id('number'); ?>" name="<?php echo $this->get_field_name('number'); ?>" value="<?php echo esc_attr($instance['number']); ?>" size="4" /> 1039 </label></p> 1040 <p><label for="<?php echo $this->get_field_id('format'); ?>"> 1041 <?php _e('Display Format:'); ?> 1042 <select class="widefat" size="1" id="<?php echo $this->get_field_id('format'); ?>" name="<?php echo $this->get_field_name('format'); ?>"> 1043 <option value="flat" <?php selected($format, 'flat') ?>><?php _e('Flat'); ?></option> 1044 <option value="list" <?php selected($format, 'list') ?>><?php _e('List'); ?></option> 1045 </select></label></p> 1046 <p><label for="<?php echo $this->get_field_id('orderby'); ?>"> 1047 <?php _e('Order By:'); ?> 1048 <select class="widefat" size="1" id="<?php echo $this->get_field_id('orderby'); ?>" name="<?php echo $this->get_field_name('orderby'); ?>"> 1049 <option value="name" <?php selected($orderby, 'name') ?>><?php _e('Name'); ?></option> 1050 <option value="count" <?php selected($orderby, 'count') ?>><?php _e('Count'); ?></option> 1051 </select></label></p> 1052 <p><label for="<?php echo $this->get_field_id('order'); ?>"> 1053 <?php _e('Order:'); ?> 1054 <select class="widefat" size="1" id="<?php echo $this->get_field_id('order'); ?>" name="<?php echo $this->get_field_name('order'); ?>"> 1055 <option value="ASC" <?php selected($order, 'ASC' )?>><?php _e('Ascending'); ?></option> 1056 <option value="DESC" <?php selected($order, 'DESC') ?>><?php _e('Descending'); ?></option> 1057 </select></label></p> 1058 1019 1059 <?php 1020 1060 } 1021 1061 }