Widgets: Add widget dedicated for HTML Code, taking over this role of the Text widget.

Props westonruter, timmydcrawford. See #40951, #35243. Fixes #40907. git-svn-id: https://develop.svn.wordpress.org/trunk@40893 602fd350-edb4-49c9-b593-d223f7449a82
2017-06-09 23:53:27 +00:00 · 2017-06-09 23:53:27 +00:00 · 5b7fb84f03
commit 5b7fb84f03
parent d3226f6041
6 changed files with 300 additions and 1 deletions
--- a/src/wp-includes/default-filters.php
+++ b/src/wp-includes/default-filters.php
@ -170,6 +170,8 @@ add_filter( 'widget_text_content', 'wptexturize'          );
 add_filter( 'widget_text_content', 'convert_smilies',  20 );
 add_filter( 'widget_text_content', 'wpautop'              );
 add_filter( 'widget_html_code_content', 'balanceTags' );
 add_filter( 'date_i18n', 'wp_maybe_decline_date' );
 // RSS filters
--- a/src/wp-includes/default-widgets.php
+++ b/src/wp-includes/default-widgets.php
@ -60,3 +60,6 @@ require_once( ABSPATH . WPINC . '/widgets/class-wp-widget-tag-cloud.php' );
 /** WP_Nav_Menu_Widget class */
 require_once( ABSPATH . WPINC . '/widgets/class-wp-nav-menu-widget.php' );
 /** WP_Widget_HTML_Code class */
 require_once( ABSPATH . WPINC . '/widgets/class-wp-widget-html-code.php' );
--- a/src/wp-includes/widgets.php
+++ b/src/wp-includes/widgets.php
@ -1474,6 +1474,8 @@ function wp_widgets_init() {
 	register_widget( 'WP_Nav_Menu_Widget' );
 	register_widget( 'WP_Widget_HTML_Code' );
 	/**
 	 * Fires after all default WordPress widgets have been registered.
 	 *
--- a/src/wp-includes/widgets/class-wp-widget-html-code.php
+++ b/src/wp-includes/widgets/class-wp-widget-html-code.php
@ -0,0 +1,139 @@
 <?php
 /**
 * Widget API: WP_Widget_HTML_Code class
 *
 * @package WordPress
 * @subpackage Widgets
 * @since 4.8.1
 */
 /**
 * Core class used to implement a HTML Code widget.
 *
 * @since 4.8.1
 *
 * @see WP_Widget
 */
 class WP_Widget_HTML_Code extends WP_Widget {
 	/**
 	 * Default instance.
 	 *
 	 * @since 4.8.1
 	 * @var array
 	 */
 	protected $default_instance = array(
 		'title' => '',
 		'content' => '',
 	);
 	/**
 	 * Sets up a new HTML Code widget instance.
 	 *
 	 * @since 4.8.1
 	 */
 	public function __construct() {
 		$widget_ops = array(
 			'classname' => 'widget_html_code',
 			'description' => __( 'Arbitrary HTML code.' ),
 			'customize_selective_refresh' => true,
 		);
 		$control_ops = array();
 		parent::__construct( 'html_code', __( 'HTML Code' ), $widget_ops, $control_ops );
 	}
 	/**
 	 * Outputs the content for the current HTML Code widget instance.
 	 *
 	 * @since 4.8.1
 	 *
 	 * @param array $args     Display arguments including 'before_title', 'after_title',
 	 *                        'before_widget', and 'after_widget'.
 	 * @param array $instance Settings for the current HTML Code widget instance.
 	 */
 	public function widget( $args, $instance ) {
 		$instance = array_merge( $this->default_instance, $instance );
 		/** This filter is documented in wp-includes/widgets/class-wp-widget-pages.php */
 		$title = apply_filters( 'widget_title', $instance['title'], $instance, $this->id_base );
 		$content = $instance['content'];
 		/**
 		 * Filters the content of the HTML Code widget.
 		 *
 		 * @since 4.8.1
 		 *
 		 * @param string              $content  The widget content.
 		 * @param array               $instance Array of settings for the current widget.
 		 * @param WP_Widget_HTML_Code $this     Current HTML Code widget instance.
 		 */
 		$content = apply_filters( 'widget_html_code_content', $content, $instance, $this );
 		echo $args['before_widget'];
 		if ( ! empty( $title ) ) {
 			echo $args['before_title'] . $title . $args['after_title'];
 		}
 		echo $content;
 		echo $args['after_widget'];
 	}
 	/**
 	 * Handles updating settings for the current HTML Code widget instance.
 	 *
 	 * @since 4.8.1
 	 *
 	 * @param array $new_instance New settings for this instance as input by the user via
 	 *                            WP_Widget::form().
 	 * @param array $old_instance Old settings for this instance.
 	 * @return array Settings to save or bool false to cancel saving.
 	 */
 	public function update( $new_instance, $old_instance ) {
 		$instance = array_merge( $this->default_instance, $old_instance );
 		$instance['title'] = sanitize_text_field( $new_instance['title'] );
 		if ( current_user_can( 'unfiltered_html' ) ) {
 			$instance['content'] = $new_instance['content'];
 		} else {
 			$instance['content'] = wp_kses_post( $new_instance['content'] );
 		}
 		return $instance;
 	}
 	/**
 	 * Outputs the HTML Code widget settings form.
 	 *
 	 * @since 4.8.1
 	 *
 	 * @param array $instance Current instance.
 	 * @returns void
 	 */
 	public function form( $instance ) {
 		$instance = wp_parse_args( (array) $instance, $this->default_instance );
 		?>
 		<p>
 			<label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label>
 			<input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>"/>
 		</p>
 		<p>
 			<label for="<?php echo $this->get_field_id( 'content' ); ?>"><?php _e( 'Content:' ); ?></label>
 			<textarea class="widefat code" rows="16" cols="20" id="<?php echo $this->get_field_id( 'content' ); ?>" name="<?php echo $this->get_field_name( 'content' ); ?>"><?php echo esc_textarea( $instance['content'] ); ?></textarea>
 		</p>
 		<?php if ( ! current_user_can( 'unfiltered_html' ) ) : ?>
 			<?php
 			$probably_unsafe_html = array( 'script', 'iframe', 'form', 'input', 'style' );
 			$allowed_html = wp_kses_allowed_html( 'post' );
 			$disallowed_html = array_diff( $probably_unsafe_html, array_keys( $allowed_html ) );
 			?>
 			<?php if ( ! empty( $disallowed_html ) ) : ?>
 				<p>
 					<?php _e( 'Some HTML tags are not permitted, including:' ); ?>
 					<code><?php echo join( '</code>, <code>', $disallowed_html ); ?></code>
 				</p>
 			<?php endif; ?>
 		<?php endif; ?>
 		<?php
 	}
 }
--- a/src/wp-includes/widgets/class-wp-widget-text.php
+++ b/src/wp-includes/widgets/class-wp-widget-text.php
@ -25,7 +25,7 @@ class WP_Widget_Text extends WP_Widget {
 	public function __construct() {
 		$widget_ops = array(
 			'classname' => 'widget_text',
-			'description' => __( 'Arbitrary text or HTML.' ),
+			'description' => __( 'Arbitrary text.' ),
 			'customize_selective_refresh' => true,
 		);
 		$control_ops = array(
--- a/tests/phpunit/tests/widgets/html-code-widget.php
+++ b/tests/phpunit/tests/widgets/html-code-widget.php
@ -0,0 +1,153 @@
 <?php
 /**
 * Unit tests covering WP_Widget_HTML_Code functionality.
 *
 * @package    WordPress
 * @subpackage widgets
 */
 /**
 * Test wp-includes/widgets/class-wp-widget-html-code.php
 *
 * @group widgets
 */
 class Test_WP_Widget_HTML_Code extends WP_UnitTestCase {
 	/**
 	 * Args passed to the widget_html_code_content filter.
 	 *
 	 * @var array
 	 */
 	protected $widget_html_code_content_args;
 	/**
 	 * Test widget method.
 	 *
 	 * @covers WP_Widget_HTML_Code::widget
 	 */
 	function test_widget() {
 		$widget = new WP_Widget_HTML_Code();
 		$content = "<i>Custom HTML</i>\n\n<b>CODE</b>\nLast line.<u>unclosed";
 		$args = array(
 			'before_title'  => '<h2>',
 			'after_title'   => "</h2>\n",
 			'before_widget' => '<section>',
 			'after_widget'  => "</section>\n",
 		);
 		$instance = array(
 			'title'   => 'Foo',
 			'content' => $content,
 		);
 		$this->assertEquals( 10, has_filter( 'widget_html_code_content', 'balanceTags' ) );
 		update_option( 'use_balanceTags', 0 );
 		add_filter( 'widget_html_code_content', array( $this, 'filter_widget_html_code_content' ), 5, 3 );
 		ob_start();
 		$this->widget_html_code_content_args = null;
 		$widget->widget( $args, $instance );
 		$output = ob_get_clean();
 		$this->assertNotEmpty( $this->widget_html_code_content_args );
 		$this->assertContains( '[filter:widget_html_code_content]', $output );
 		$this->assertNotContains( '<p>', $output );
 		$this->assertNotContains( '<br>', $output );
 		$this->assertNotContains( '</u>', $output );
 		$this->assertEquals( $instance, $this->widget_html_code_content_args[1] );
 		$this->assertSame( $widget, $this->widget_html_code_content_args[2] );
 		remove_filter( 'widget_html_code_content', array( $this, 'filter_widget_html_code_content' ), 5, 3 );
 		update_option( 'use_balanceTags', 1 );
 		ob_start();
 		$widget->widget( $args, $instance );
 		$output = ob_get_clean();
 		$this->assertContains( '</u>', $output );
 	}
 	/**
 	 * Filters the content of the HTML Code widget.
 	 *
 	 * @param string              $widget_content The widget content.
 	 * @param array               $instance       Array of settings for the current widget.
 	 * @param WP_Widget_HTML_Code $widget         Current HTML Code widget instance.
 	 * @return string Widget content.
 	 */
 	function filter_widget_html_code_content( $widget_content, $instance, $widget ) {
 		$this->widget_html_code_content_args = func_get_args();
 		$widget_content .= '[filter:widget_html_code_content]';
 		return $widget_content;
 	}
 	/**
 	 * Test update method.
 	 *
 	 * @covers WP_Widget_HTML_Code::update
 	 */
 	function test_update() {
 		$widget = new WP_Widget_HTML_Code();
 		$instance = array(
 			'title'   => "The\n<b>Title</b>",
 			'content' => "The\n\n<b>Code</b>",
 		);
 		wp_set_current_user( $this->factory()->user->create( array(
 			'role' => 'administrator',
 		) ) );
 		// Should return valid instance.
 		$expected = array(
 			'title'   => sanitize_text_field( $instance['title'] ),
 			'content' => $instance['content'],
 		);
 		$result = $widget->update( $instance, array() );
 		$this->assertEquals( $result, $expected );
 		// Make sure KSES is applying as expected.
 		add_filter( 'map_meta_cap', array( $this, 'grant_unfiltered_html_cap' ), 10, 2 );
 		$this->assertTrue( current_user_can( 'unfiltered_html' ) );
 		$instance['content'] = '<script>alert( "Howdy!" );</script>';
 		$expected['content'] = $instance['content'];
 		$result = $widget->update( $instance, array() );
 		$this->assertEquals( $result, $expected );
 		remove_filter( 'map_meta_cap', array( $this, 'grant_unfiltered_html_cap' ) );
 		add_filter( 'map_meta_cap', array( $this, 'revoke_unfiltered_html_cap' ), 10, 2 );
 		$this->assertFalse( current_user_can( 'unfiltered_html' ) );
 		$instance['content'] = '<script>alert( "Howdy!" );</script>';
 		$expected['content'] = wp_kses_post( $instance['content'] );
 		$result = $widget->update( $instance, array() );
 		$this->assertEquals( $result, $expected );
 		remove_filter( 'map_meta_cap', array( $this, 'revoke_unfiltered_html_cap' ), 10 );
 	}
 	/**
 	 * Grant unfiltered_html cap via map_meta_cap.
 	 *
 	 * @param array  $caps    Returns the user's actual capabilities.
 	 * @param string $cap     Capability name.
 	 * @return array Caps.
 	 */
 	function grant_unfiltered_html_cap( $caps, $cap ) {
 		if ( 'unfiltered_html' === $cap ) {
 			$caps = array_diff( $caps, array( 'do_not_allow' ) );
 			$caps[] = 'unfiltered_html';
 		}
 		return $caps;
 	}
 	/**
 	 * Revoke unfiltered_html cap via map_meta_cap.
 	 *
 	 * @param array  $caps    Returns the user's actual capabilities.
 	 * @param string $cap     Capability name.
 	 * @return array Caps.
 	 */
 	function revoke_unfiltered_html_cap( $caps, $cap ) {
 		if ( 'unfiltered_html' === $cap ) {
 			$caps = array_diff( $caps, array( 'unfiltered_html' ) );
 			$caps[] = 'do_not_allow';
 		}
 		return $caps;
 	}
 }