sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Widgets: Remove unnecessary `sanitize_text_field()` calls in core widget `::form()` methods. 

This sanitisation only needs to be run in `::update()` to correctly clean up the input.

Props welcher, greenshady.
Fixes #42461.



git-svn-id: https://develop.svn.wordpress.org/trunk@44589 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Gary Pendergast 2019-01-15 00:42:30 +00:00
parent 580d483105
commit e121a5e03d
4 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/wp-includes/widgets/class-wp-widget-archives.php
View File

@ -179,9 +179,8 @@ class WP_Widget_Archives extends WP_Widget {
'dropdown' => '', 'dropdown' => '',
) )
); );
$title = sanitize_text_field( $instance['title'] );
?> ?>
<p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p> <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p>
<p> <p>
<input class="checkbox" type="checkbox"<?php checked( $instance['dropdown'] ); ?> id="<?php echo $this->get_field_id( 'dropdown' ); ?>" name="<?php echo $this->get_field_name( 'dropdown' ); ?>" /> <label for="<?php echo $this->get_field_id( 'dropdown' ); ?>"><?php _e( 'Display as dropdown' ); ?></label> <input class="checkbox" type="checkbox"<?php checked( $instance['dropdown'] ); ?> id="<?php echo $this->get_field_id( 'dropdown' ); ?>" name="<?php echo $this->get_field_name( 'dropdown' ); ?>" /> <label for="<?php echo $this->get_field_id( 'dropdown' ); ?>"><?php _e( 'Display as dropdown' ); ?></label>
<br/> <br/>

3
src/wp-includes/widgets/class-wp-widget-calendar.php
View File

@ -94,10 +94,9 @@ class WP_Widget_Calendar extends WP_Widget {
*/ */
public function form( $instance ) { public function form( $instance ) {
$instance = wp_parse_args( (array) $instance, array( 'title' => '' ) ); $instance = wp_parse_args( (array) $instance, array( 'title' => '' ) );
$title = sanitize_text_field( $instance['title'] );
?> ?>
<p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label>
<input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p> <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p>
<?php <?php
} }
} }

3
src/wp-includes/widgets/class-wp-widget-categories.php
View File

@ -160,13 +160,12 @@ class WP_Widget_Categories extends WP_Widget {
public function form( $instance ) { public function form( $instance ) {
//Defaults //Defaults
$instance = wp_parse_args( (array) $instance, array( 'title' => '' ) ); $instance = wp_parse_args( (array) $instance, array( 'title' => '' ) );
$title = sanitize_text_field( $instance['title'] );
$count = isset( $instance['count'] ) ? (bool) $instance['count'] : false; $count = isset( $instance['count'] ) ? (bool) $instance['count'] : false;
$hierarchical = isset( $instance['hierarchical'] ) ? (bool) $instance['hierarchical'] : false; $hierarchical = isset( $instance['hierarchical'] ) ? (bool) $instance['hierarchical'] : false;
$dropdown = isset( $instance['dropdown'] ) ? (bool) $instance['dropdown'] : false; $dropdown = isset( $instance['dropdown'] ) ? (bool) $instance['dropdown'] : false;
?> ?>
<p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label>
<input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p> <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p>
<p><input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id( 'dropdown' ); ?>" name="<?php echo $this->get_field_name( 'dropdown' ); ?>"<?php checked( $dropdown ); ?> /> <p><input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id( 'dropdown' ); ?>" name="<?php echo $this->get_field_name( 'dropdown' ); ?>"<?php checked( $dropdown ); ?> />
<label for="<?php echo $this->get_field_id( 'dropdown' ); ?>"><?php _e( 'Display as dropdown' ); ?></label><br /> <label for="<?php echo $this->get_field_id( 'dropdown' ); ?>"><?php _e( 'Display as dropdown' ); ?></label><br />

3
src/wp-includes/widgets/class-wp-widget-meta.php
View File

@ -113,9 +113,8 @@ class WP_Widget_Meta extends WP_Widget {
*/ */
public function form( $instance ) { public function form( $instance ) {
$instance = wp_parse_args( (array) $instance, array( 'title' => '' ) ); $instance = wp_parse_args( (array) $instance, array( 'title' => '' ) );
$title = sanitize_text_field( $instance['title'] );
?> ?>
<p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p> <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p>
<?php <?php
} }
} }