Widgets: Set global $post to current queried object instead of nullifying when is_singular() while applying filters (and shortcodes) in Text widget and (via plugin) Custom HTML widget.

Also prevent `[gallery]` shortcode from dumping out every attachment on the site when a containing Text widget is shown on an archive template.

Props westonruter, bobbingwide, joemcgill for testing.
See #10457.
Fixes #42548, #42547 for trunk.


git-svn-id: https://develop.svn.wordpress.org/trunk@42185 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Weston Ruter 2017-11-15 02:26:56 +00:00
parent c9b825d5f5
commit 672eb9206b
2 changed files with 67 additions and 7 deletions

View File

@ -80,16 +80,49 @@ class WP_Widget_Custom_HTML extends WP_Widget {
add_action( 'admin_head-widgets.php', array( 'WP_Widget_Custom_HTML', 'add_help_text' ) );
}
/**
* Filter gallery shortcode attributes.
*
* Prevents all of a site's attachments from being shown in a gallery displayed on a
* non-singular template where a $post context is not available.
*
* @since 4.9.0
*
* @param array $attrs Attributes.
* @return array Attributes.
*/
public function _filter_gallery_shortcode_attrs( $attrs ) {
if ( ! is_singular() && empty( $attrs['id'] ) && empty( $attrs['include'] ) ) {
$attrs['id'] = -1;
}
return $attrs;
}
/**
* Outputs the content for the current Custom HTML widget instance.
*
* @since 4.8.1
*
* @global WP_Post $post
* @param array $args Display arguments including 'before_title', 'after_title',
* 'before_widget', and 'after_widget'.
* @param array $instance Settings for the current Custom HTML widget instance.
*/
public function widget( $args, $instance ) {
global $post;
// Override global $post so filters (and shortcodes) apply in a consistent context.
$original_post = $post;
if ( is_singular() ) {
// Make sure post is always the queried object on singular queries (not from another sub-query that failed to clean up the global $post).
$post = get_queried_object();
} else {
// Nullify the $post global during widget rendering to prevent shortcodes from running with the unexpected context on archive queries.
$post = null;
}
// Prevent dumping out all attachments from the media library.
add_filter( 'shortcode_atts_gallery', array( $this, '_filter_gallery_shortcode_attrs' ) );
$instance = array_merge( $this->default_instance, $instance );
@ -118,6 +151,10 @@ class WP_Widget_Custom_HTML extends WP_Widget {
*/
$content = apply_filters( 'widget_custom_html_content', $content, $instance, $this );
// Restore post global.
$post = $original_post;
remove_filter( 'shortcode_atts_gallery', array( $this, '_filter_gallery_shortcode_attrs' ) );
// Inject the Text widget's container class name alongside this widget's class name for theme styling compatibility.
$args['before_widget'] = preg_replace( '/(?<=\sclass=["\'])/', 'widget_text ', $args['before_widget'] );

View File

@ -178,6 +178,24 @@ class WP_Widget_Text extends WP_Widget {
return false;
}
/**
* Filter gallery shortcode attributes.
*
* Prevents all of a site's attachments from being shown in a gallery displayed on a
* non-singular template where a $post context is not available.
*
* @since 4.9.0
*
* @param array $attrs Attributes.
* @return array Attributes.
*/
public function _filter_gallery_shortcode_attrs( $attrs ) {
if ( ! is_singular() && empty( $attrs['id'] ) && empty( $attrs['include'] ) ) {
$attrs['id'] = -1;
}
return $attrs;
}
/**
* Outputs the content for the current Text widget instance.
*
@ -221,13 +239,19 @@ class WP_Widget_Text extends WP_Widget {
remove_filter( 'widget_text', 'do_shortcode', $widget_text_do_shortcode_priority );
}
// Nullify the $post global during widget rendering to prevent shortcodes from running with the unexpected context.
$suspended_post = null;
if ( isset( $post ) ) {
$suspended_post = $post;
// Override global $post so filters (and shortcodes) apply in a consistent context.
$original_post = $post;
if ( is_singular() ) {
// Make sure post is always the queried object on singular queries (not from another sub-query that failed to clean up the global $post).
$post = get_queried_object();
} else {
// Nullify the $post global during widget rendering to prevent shortcodes from running with the unexpected context on archive queries.
$post = null;
}
// Prevent dumping out all attachments from the media library.
add_filter( 'shortcode_atts_gallery', array( $this, '_filter_gallery_shortcode_attrs' ) );
/**
* Filters the content of the Text widget.
*
@ -278,9 +302,8 @@ class WP_Widget_Text extends WP_Widget {
}
// Restore post global.
if ( isset( $suspended_post ) ) {
$post = $suspended_post;
}
$post = $original_post;
remove_filter( 'shortcode_atts_gallery', array( $this, '_filter_gallery_shortcode_attrs' ) );
// Undo suspension of legacy plugin-supplied shortcode handling.
if ( $should_suspend_legacy_shortcode_support ) {