Changeset 41392
- Timestamp:
- 09/19/2017 07:43:34 AM (7 years ago)
- Location:
- branches/4.8
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.8
-
branches/4.8/src/wp-admin/js/widgets/text-widgets.js
r41133 r41392 81 81 _.each( control.fields, function( fieldInput, fieldName ) { 82 82 fieldInput.on( 'input change', function updateSyncField() { 83 var syncInput = control.syncContainer.find( ' input[type=hidden].' + fieldName );83 var syncInput = control.syncContainer.find( '.sync-input.' + fieldName ); 84 84 if ( syncInput.val() !== fieldInput.val() ) { 85 85 syncInput.val( fieldInput.val() ); … … 89 89 90 90 // Note that syncInput cannot be re-used because it will be destroyed with each widget-updated event. 91 fieldInput.val( control.syncContainer.find( ' input[type=hidden].' + fieldName ).val() );91 fieldInput.val( control.syncContainer.find( '.sync-input.' + fieldName ).val() ); 92 92 }); 93 93 }, … … 145 145 146 146 if ( ! control.fields.title.is( document.activeElement ) ) { 147 syncInput = control.syncContainer.find( ' input[type=hidden].title' );147 syncInput = control.syncContainer.find( '.sync-input.title' ); 148 148 control.fields.title.val( syncInput.val() ); 149 149 } 150 150 151 syncInput = control.syncContainer.find( ' input[type=hidden].text' );151 syncInput = control.syncContainer.find( '.sync-input.text' ); 152 152 if ( control.fields.text.is( ':visible' ) ) { 153 153 if ( ! control.fields.text.is( document.activeElement ) ) { -
branches/4.8/src/wp-includes/widgets/class-wp-widget-text.php
r41391 r41392 336 336 * @access public 337 337 * @see WP_Widget_Visual_Text::render_control_template_scripts() 338 * @see _WP_Editors::editor() 338 339 * 339 340 * @param array $instance Current settings. … … 350 351 ?> 351 352 <?php if ( ! $this->is_legacy_instance( $instance ) ) : ?> 352 <input id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" class="title" type="hidden" value="<?php echo esc_attr( $instance['title'] ); ?>"> 353 <input id="<?php echo $this->get_field_id( 'text' ); ?>" name="<?php echo $this->get_field_name( 'text' ); ?>" class="text" type="hidden" value="<?php echo esc_attr( $instance['text'] ); ?>"> 354 <input id="<?php echo $this->get_field_id( 'filter' ); ?>" name="<?php echo $this->get_field_name( 'filter' ); ?>" class="filter" type="hidden" value="on"> 355 <input id="<?php echo $this->get_field_id( 'visual' ); ?>" name="<?php echo $this->get_field_name( 'visual' ); ?>" class="visual" type="hidden" value="on"> 353 <?php 354 355 if ( user_can_richedit() ) { 356 add_filter( 'the_editor_content', 'format_for_editor', 10, 2 ); 357 $default_editor = 'tinymce'; 358 } else { 359 $default_editor = 'html'; 360 } 361 362 /** This filter is documented in wp-includes/class-wp-editor.php */ 363 $text = apply_filters( 'the_editor_content', $instance['text'], $default_editor ); 364 365 // Reset filter addition. 366 if ( user_can_richedit() ) { 367 remove_filter( 'the_editor_content', 'format_for_editor' ); 368 } 369 370 // Prevent premature closing of textarea in case format_for_editor() didn't apply or the_editor_content filter did a wrong thing. 371 $escaped_text = preg_replace( '#</textarea#i', '</textarea', $text ); 372 373 ?> 374 <input id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" class="title sync-input" type="hidden" value="<?php echo esc_attr( $instance['title'] ); ?>"> 375 <textarea id="<?php echo $this->get_field_id( 'text' ); ?>" name="<?php echo $this->get_field_name( 'text' ); ?>" class="text sync-input" hidden><?php echo $escaped_text; ?></textarea> 376 <input id="<?php echo $this->get_field_id( 'filter' ); ?>" name="<?php echo $this->get_field_name( 'filter' ); ?>" class="filter sync-input" type="hidden" value="on"> 377 <input id="<?php echo $this->get_field_id( 'visual' ); ?>" name="<?php echo $this->get_field_name( 'visual' ); ?>" class="visual sync-input" type="hidden" value="on"> 356 378 <?php else : ?> 357 379 <input id="<?php echo $this->get_field_id( 'visual' ); ?>" name="<?php echo $this->get_field_name( 'visual' ); ?>" class="visual" type="hidden" value=""> -
branches/4.8/tests/phpunit/tests/widgets/text-widget.php
r41391 r41392 447 447 */ 448 448 function test_form() { 449 $widget = new WP_Widget_Text(); 449 add_filter( 'user_can_richedit', '__return_true' ); 450 $widget = new WP_Widget_Text(); 451 $widget->_set( 2 ); 450 452 $instance = array( 451 453 'title' => 'Title', … … 459 461 $form = ob_get_clean(); 460 462 $this->assertContains( 'class="visual" type="hidden" value=""', $form ); 461 $this->assertNotContains( 'class="visual " type="hidden" value="on"', $form );463 $this->assertNotContains( 'class="visual sync-input" type="hidden" value="on"', $form ); 462 464 463 465 $instance = array( … … 470 472 $widget->form( $instance ); 471 473 $form = ob_get_clean(); 472 $this->assertContains( 'class="visual " type="hidden" value="on"', $form );473 $this->assertNotContains( 'class="visual " type="hidden" value=""', $form );474 $this->assertContains( 'class="visual sync-input" type="hidden" value="on"', $form ); 475 $this->assertNotContains( 'class="visual sync-input" type="hidden" value=""', $form ); 474 476 475 477 $instance = array( … … 482 484 $widget->form( $instance ); 483 485 $form = ob_get_clean(); 484 $this->assertContains( 'class="visual " type="hidden" value="on"', $form );485 $this->assertNotContains( 'class="visual " type="hidden" value=""', $form );486 487 $instance = array( 488 'title' => 'Title', 489 'text' => 'T ext',486 $this->assertContains( 'class="visual sync-input" type="hidden" value="on"', $form ); 487 $this->assertNotContains( 'class="visual sync-input" type="hidden" value=""', $form ); 488 489 $instance = array( 490 'title' => 'Title', 491 'text' => 'This is some HTML Code: <code><strong>BOLD!</strong></code>', 490 492 'filter' => true, 491 493 'visual' => true, … … 495 497 $widget->form( $instance ); 496 498 $form = ob_get_clean(); 497 $this->assertContains( 'class="visual" type="hidden" value="on"', $form ); 498 $this->assertNotContains( 'class="visual" type="hidden" value=""', $form ); 499 $this->assertContains( 'class="visual sync-input" type="hidden" value="on"', $form ); 500 $this->assertContains( '<code>&lt;strong&gt;BOLD!', $form ); 501 $this->assertNotContains( 'class="visual sync-input" type="hidden" value=""', $form ); 502 503 remove_filter( 'user_can_richedit', '__return_true' ); 504 add_filter( 'user_can_richedit', '__return_false' ); 505 $instance = array( 506 'title' => 'Title', 507 'text' => 'Evil:</textarea><script>alert("XSS")</script>', 508 'filter' => true, 509 'visual' => true, 510 ); 511 $this->assertFalse( $widget->is_legacy_instance( $instance ) ); 512 ob_start(); 513 $widget->form( $instance ); 514 $form = ob_get_clean(); 515 $this->assertNotContains( 'Evil:</textarea>', $form ); 516 $this->assertContains( 'Evil:</textarea>', $form ); 499 517 } 500 518
Note: See TracChangeset
for help on using the changeset viewer.