From e121a5e03de9555679074cdd6b6bafd8d46e3149 Mon Sep 17 00:00:00 2001
From: Gary Pendergast <pento@git.wordpress.org>
Date: Tue, 15 Jan 2019 00:42:30 +0000
Subject: [PATCH] Widgets: Remove unnecessary `sanitize_text_field()` calls in
 core widget `::form()` methods.

This sanitisation only needs to be run in `::update()` to correctly clean up the input.

Props welcher, greenshady.
Fixes #42461.



git-svn-id: https://develop.svn.wordpress.org/trunk@44589 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/widgets/class-wp-widget-archives.php   | 3 +--
 src/wp-includes/widgets/class-wp-widget-calendar.php   | 3 +--
 src/wp-includes/widgets/class-wp-widget-categories.php | 3 +--
 src/wp-includes/widgets/class-wp-widget-meta.php       | 3 +--
 4 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/wp-includes/widgets/class-wp-widget-archives.php b/src/wp-includes/widgets/class-wp-widget-archives.php
index 4d0581ade6..ab6e0d9ab2 100644
--- a/src/wp-includes/widgets/class-wp-widget-archives.php
+++ b/src/wp-includes/widgets/class-wp-widget-archives.php
@@ -179,9 +179,8 @@ class WP_Widget_Archives extends WP_Widget {
 				'dropdown' => '',
 			)
 		);
-		$title    = sanitize_text_field( $instance['title'] );
 		?>
-		<p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p>
+		<p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p>
 		<p>
 			<input class="checkbox" type="checkbox"<?php checked( $instance['dropdown'] ); ?> id="<?php echo $this->get_field_id( 'dropdown' ); ?>" name="<?php echo $this->get_field_name( 'dropdown' ); ?>" /> <label for="<?php echo $this->get_field_id( 'dropdown' ); ?>"><?php _e( 'Display as dropdown' ); ?></label>
 			<br/>
diff --git a/src/wp-includes/widgets/class-wp-widget-calendar.php b/src/wp-includes/widgets/class-wp-widget-calendar.php
index 08de0775f9..572be171fc 100644
--- a/src/wp-includes/widgets/class-wp-widget-calendar.php
+++ b/src/wp-includes/widgets/class-wp-widget-calendar.php
@@ -94,10 +94,9 @@ class WP_Widget_Calendar extends WP_Widget {
 	 */
 	public function form( $instance ) {
 		$instance = wp_parse_args( (array) $instance, array( 'title' => '' ) );
-		$title    = sanitize_text_field( $instance['title'] );
 		?>
 		<p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label>
-		<input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p>
+		<input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p>
 		<?php
 	}
 }
diff --git a/src/wp-includes/widgets/class-wp-widget-categories.php b/src/wp-includes/widgets/class-wp-widget-categories.php
index 9cf7a011e3..780993e3d9 100644
--- a/src/wp-includes/widgets/class-wp-widget-categories.php
+++ b/src/wp-includes/widgets/class-wp-widget-categories.php
@@ -160,13 +160,12 @@ class WP_Widget_Categories extends WP_Widget {
 	public function form( $instance ) {
 		//Defaults
 		$instance     = wp_parse_args( (array) $instance, array( 'title' => '' ) );
-		$title        = sanitize_text_field( $instance['title'] );
 		$count        = isset( $instance['count'] ) ? (bool) $instance['count'] : false;
 		$hierarchical = isset( $instance['hierarchical'] ) ? (bool) $instance['hierarchical'] : false;
 		$dropdown     = isset( $instance['dropdown'] ) ? (bool) $instance['dropdown'] : false;
 		?>
 		<p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label>
-		<input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p>
+		<input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p>
 
 		<p><input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id( 'dropdown' ); ?>" name="<?php echo $this->get_field_name( 'dropdown' ); ?>"<?php checked( $dropdown ); ?> />
 		<label for="<?php echo $this->get_field_id( 'dropdown' ); ?>"><?php _e( 'Display as dropdown' ); ?></label><br />
diff --git a/src/wp-includes/widgets/class-wp-widget-meta.php b/src/wp-includes/widgets/class-wp-widget-meta.php
index c02fbeb41f..320ab138d4 100644
--- a/src/wp-includes/widgets/class-wp-widget-meta.php
+++ b/src/wp-includes/widgets/class-wp-widget-meta.php
@@ -113,9 +113,8 @@ class WP_Widget_Meta extends WP_Widget {
 	 */
 	public function form( $instance ) {
 		$instance = wp_parse_args( (array) $instance, array( 'title' => '' ) );
-		$title    = sanitize_text_field( $instance['title'] );
 		?>
-			<p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p>
+			<p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p>
 		<?php
 	}
 }