Changeset 44589

Timestamp:

01/15/2019 12:42:30 AM (6 years ago)

Author:

pento

Message:

Widgets: Remove unnecessary sanitize_text_field() calls in core widget ::form() methods.

This sanitisation only needs to be run in ::update() to correctly clean up the input.

Props welcher, greenshady.
Fixes #42461.

Location:

trunk/src/wp-includes/widgets

Files:

• class-wp-widget-archives.php (modified) (1 diff)
• class-wp-widget-calendar.php (modified) (1 diff)
• class-wp-widget-categories.php (modified) (2 diffs)
• class-wp-widget-meta.php (modified) (1 diff)

trunk/src/wp-includes/widgets/class-wp-widget-archives.php

@@ -180 +180 @@
             )
         );
-        $title    = sanitize_text_field( $instance['title'] );
         ?>
-        <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p>
+        <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p>
         <p>
             <input class="checkbox" type="checkbox"<?php checked( $instance['dropdown'] ); ?> id="<?php echo $this->get_field_id( 'dropdown' ); ?>" name="<?php echo $this->get_field_name( 'dropdown' ); ?>" /> <label for="<?php echo $this->get_field_id( 'dropdown' ); ?>"><?php _e( 'Display as dropdown' ); ?></label>

trunk/src/wp-includes/widgets/class-wp-widget-calendar.php

@@ -95 +95 @@
     public function form( $instance ) {
         $instance = wp_parse_args( (array) $instance, array( 'title' => '' ) );
-        $title    = sanitize_text_field( $instance['title'] );
         ?>
         <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label>
-        <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p>
+        <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p>
         <?php
     }

trunk/src/wp-includes/widgets/class-wp-widget-categories.php

@@ -161 +161 @@
         //Defaults
         $instance     = wp_parse_args( (array) $instance, array( 'title' => '' ) );
-        $title        = sanitize_text_field( $instance['title'] );
         $count        = isset( $instance['count'] ) ? (bool) $instance['count'] : false;
         $hierarchical = isset( $instance['hierarchical'] ) ? (bool) $instance['hierarchical'] : false;
@@ -167 +166 @@
         ?>
         <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label>
-        <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p>
+        <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p>
 
         <p><input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id( 'dropdown' ); ?>" name="<?php echo $this->get_field_name( 'dropdown' ); ?>"<?php checked( $dropdown ); ?> />

trunk/src/wp-includes/widgets/class-wp-widget-meta.php

@@ -114 +114 @@
     public function form( $instance ) {
         $instance = wp_parse_args( (array) $instance, array( 'title' => '' ) );
-        $title    = sanitize_text_field( $instance['title'] );
         ?>
-            <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p>
+            <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p>
         <?php
     }