Make WordPress Core


Ignore:
Timestamp:
11/15/2017 02:32:06 AM (7 years ago)
Author:
westonruter
Message:

Widgets: Set global $post to current queried object instead of nullifying when is_singular() while applying filters (and shortcodes) in Text widget and (via plugin) Custom HTML widget.

Also prevent [gallery] shortcode from dumping out every attachment on the site when a containing Text widget is shown on an archive template.

Props westonruter, bobbingwide, joemcgill for testing.
See #10457.
Fixes #42548, #42547 for 4.9.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-includes/widgets/class-wp-widget-custom-html.php

    r42164 r42186  
    8282
    8383    /**
     84     * Filter gallery shortcode attributes.
     85     *
     86     * Prevents all of a site's attachments from being shown in a gallery displayed on a
     87     * non-singular template where a $post context is not available.
     88     *
     89     * @since 4.9.0
     90     *
     91     * @param array $attrs Attributes.
     92     * @return array Attributes.
     93     */
     94    public function _filter_gallery_shortcode_attrs( $attrs ) {
     95        if ( ! is_singular() && empty( $attrs['id'] ) && empty( $attrs['include'] ) ) {
     96            $attrs['id'] = -1;
     97        }
     98        return $attrs;
     99    }
     100
     101    /**
    84102     * Outputs the content for the current Custom HTML widget instance.
    85103     *
    86104     * @since 4.8.1
    87105     *
     106     * @global WP_Post $post
    88107     * @param array $args     Display arguments including 'before_title', 'after_title',
    89108     *                        'before_widget', and 'after_widget'.
     
    91110     */
    92111    public function widget( $args, $instance ) {
     112        global $post;
     113
     114        // Override global $post so filters (and shortcodes) apply in a consistent context.
     115        $original_post = $post;
     116        if ( is_singular() ) {
     117            // Make sure post is always the queried object on singular queries (not from another sub-query that failed to clean up the global $post).
     118            $post = get_queried_object();
     119        } else {
     120            // Nullify the $post global during widget rendering to prevent shortcodes from running with the unexpected context on archive queries.
     121            $post = null;
     122        }
     123
     124        // Prevent dumping out all attachments from the media library.
     125        add_filter( 'shortcode_atts_gallery', array( $this, '_filter_gallery_shortcode_attrs' ) );
    93126
    94127        $instance = array_merge( $this->default_instance, $instance );
     
    118151         */
    119152        $content = apply_filters( 'widget_custom_html_content', $content, $instance, $this );
     153
     154        // Restore post global.
     155        $post = $original_post;
     156        remove_filter( 'shortcode_atts_gallery', array( $this, '_filter_gallery_shortcode_attrs' ) );
    120157
    121158        // Inject the Text widget's container class name alongside this widget's class name for theme styling compatibility.
Note: See TracChangeset for help on using the changeset viewer.