WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Cleanup `wp_widget_rss_form()` after [28734]. "$$input used sanitized variables which contained actual values, unlike $inputs[$input] which in that context contains data about which input fields are hidden." 

Props kovshenin.
Fixes #27881.

Built from https://develop.svn.wordpress.org/trunk@28787


git-svn-id: http://core.svn.wordpress.org/trunk@28600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Scott Taylor 2014-06-20 17:29:14 +00:00
parent 5357fecf1a
commit b930c3a6fe
1 changed files with 27 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
wp-includes/default-widgets.php
View File

@ -1108,16 +1108,18 @@ function wp_widget_rss_form( $args, $inputs = null ) {
$default_inputs = array( 'url' => true, 'title' => true, 'items' => true, 'show_summary' => true, 'show_author' => true, 'show_date' => true ); $default_inputs = array( 'url' => true, 'title' => true, 'items' => true, 'show_summary' => true, 'show_author' => true, 'show_date' => true );
$inputs = wp_parse_args( $inputs, $default_inputs ); $inputs = wp_parse_args( $inputs, $default_inputs );
$number = esc_attr( $args['number'] ); $args['number'] = esc_attr( $args['number'] );
$title = isset( $args['title'] ) ? esc_attr( $args['title'] ) : ''; $args['title'] = isset( $args['title'] ) ? esc_attr( $args['title'] ) : '';
$url = isset( $args['url'] ) ? esc_url( $args['url'] ) : ''; $args['url'] = isset( $args['url'] ) ? esc_url( $args['url'] ) : '';
$items = isset( $args['items'] ) ? (int) $args['items'] : 0; $args['items'] = isset( $args['items'] ) ? (int) $args['items'] : 0;
if ( $items < 1 || 20 < $items ) {
$items = 10; if ( $args['items'] < 1 || 20 < $args['items'] ) {
$args['items'] = 10;
} }
$show_summary = isset( $args['show_summary'] ) ? (int) $args['show_summary'] : (int) $inputs['show_summary'];
$show_author = isset( $args['show_author'] ) ? (int) $args['show_author'] : (int) $inputs['show_author']; $args['show_summary'] = isset( $args['show_summary'] ) ? (int) $args['show_summary'] : (int) $inputs['show_summary'];
$show_date = isset( $args['show_date'] ) ? (int) $args['show_date'] : (int) $inputs['show_date']; $args['show_author'] = isset( $args['show_author'] ) ? (int) $args['show_author'] : (int) $inputs['show_author'];
$args['show_date'] = isset( $args['show_date'] ) ? (int) $args['show_date'] : (int) $inputs['show_date'];
if ( ! empty( $args['error'] ) ) { if ( ! empty( $args['error'] ) ) {
echo '<p class="widget-error"><strong>' . sprintf( __( 'RSS Error: %s' ), $args['error'] ) . '</strong></p>'; echo '<p class="widget-error"><strong>' . sprintf( __( 'RSS Error: %s' ), $args['error'] ) . '</strong></p>';
@ -1125,35 +1127,36 @@ function wp_widget_rss_form( $args, $inputs = null ) {
if ( $inputs['url'] ) : if ( $inputs['url'] ) :
?> ?>
<p><label for="rss-url-<?php echo $number; ?>"><?php _e('Enter the RSS feed URL here:'); ?></label> <p><label for="rss-url-<?php echo $args['number']; ?>"><?php _e( 'Enter the RSS feed URL here:' ); ?></label>
<input class="widefat" id="rss-url-<?php echo $number; ?>" name="widget-rss[<?php echo $number; ?>][url]" type="text" value="<?php echo $url; ?>" /></p> <input class="widefat" id="rss-url-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][url]" type="text" value="<?php echo $args['url']; ?>" /></p>
<?php endif; if ( $inputs['title'] ) : ?> <?php endif; if ( $inputs['title'] ) : ?>
<p><label for="rss-title-<?php echo $number; ?>"><?php _e('Give the feed a title (optional):'); ?></label> <p><label for="rss-title-<?php echo $args['number']; ?>"><?php _e( 'Give the feed a title (optional):' ); ?></label>
<input class="widefat" id="rss-title-<?php echo $number; ?>" name="widget-rss[<?php echo $number; ?>][title]" type="text" value="<?php echo $title; ?>" /></p> <input class="widefat" id="rss-title-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][title]" type="text" value="<?php echo $args['title']; ?>" /></p>
<?php endif; if ( $inputs['items'] ) : ?> <?php endif; if ( $inputs['items'] ) : ?>
<p><label for="rss-items-<?php echo $number; ?>"><?php _e('How many items would you like to display?'); ?></label> <p><label for="rss-items-<?php echo $args['number']; ?>"><?php _e( 'How many items would you like to display?' ); ?></label>
<select id="rss-items-<?php echo $number; ?>" name="widget-rss[<?php echo $number; ?>][items]"> <select id="rss-items-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][items]">
<?php <?php
for ( $i = 1; $i <= 20; ++$i ) for ( $i = 1; $i <= 20; ++$i ) {
echo "<option value='$i' " . selected( $items, $i, false ) . ">$i</option>"; echo "<option value='$i' " . selected( $args['items'], $i, false ) . ">$i</option>";
}
?> ?>
</select></p> </select></p>
<?php endif; if ( $inputs['show_summary'] ) : ?> <?php endif; if ( $inputs['show_summary'] ) : ?>
<p><input id="rss-show-summary-<?php echo $number; ?>" name="widget-rss[<?php echo $number; ?>][show_summary]" type="checkbox" value="1" <?php if ( $show_summary ) echo 'checked="checked"'; ?>/> <p><input id="rss-show-summary-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][show_summary]" type="checkbox" value="1" <?php checked( $args['show_summary'] ); ?> />
<label for="rss-show-summary-<?php echo $number; ?>"><?php _e('Display item content?'); ?></label></p> <label for="rss-show-summary-<?php echo $args['number']; ?>"><?php _e( 'Display item content?' ); ?></label></p>
<?php endif; if ( $inputs['show_author'] ) : ?> <?php endif; if ( $inputs['show_author'] ) : ?>
<p><input id="rss-show-author-<?php echo $number; ?>" name="widget-rss[<?php echo $number; ?>][show_author]" type="checkbox" value="1" <?php if ( $show_author ) echo 'checked="checked"'; ?>/> <p><input id="rss-show-author-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][show_author]" type="checkbox" value="1" <?php checked( $args['show_author'] ); ?> />
<label for="rss-show-author-<?php echo $number; ?>"><?php _e('Display item author if available?'); ?></label></p> <label for="rss-show-author-<?php echo $args['number']; ?>"><?php _e( 'Display item author if available?' ); ?></label></p>
<?php endif; if ( $inputs['show_date'] ) : ?> <?php endif; if ( $inputs['show_date'] ) : ?>
<p><input id="rss-show-date-<?php echo $number; ?>" name="widget-rss[<?php echo $number; ?>][show_date]" type="checkbox" value="1" <?php if ( $show_date ) echo 'checked="checked"'; ?>/> <p><input id="rss-show-date-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][show_date]" type="checkbox" value="1" <?php checked( $args['show_date'] ); ?>/>
<label for="rss-show-date-<?php echo $number; ?>"><?php _e('Display item date?'); ?></label></p> <label for="rss-show-date-<?php echo $args['number']; ?>"><?php _e( 'Display item date?' ); ?></label></p>
<?php <?php
endif; endif;
foreach ( array_keys($default_inputs) as $input ) : foreach ( array_keys($default_inputs) as $input ) :
if ( 'hidden' === $inputs[$input] ) : if ( 'hidden' === $inputs[$input] ) :
$id = str_replace( '_', '-', $input ); $id = str_replace( '_', '-', $input );
?> ?>
<input type="hidden" id="rss-<?php echo $id; ?>-<?php echo $number; ?>" name="widget-rss[<?php echo $number; ?>][<?php echo $input; ?>]" value="<?php echo $inputs[ $input ]; ?>" /> <input type="hidden" id="rss-<?php echo $id; ?>-<?php echo $args['number']; ?>" name="widget-rss[<?php echo $args['number']; ?>][<?php echo $input; ?>]" value="<?php echo $args[ $input ]; ?>" />
<?php <?php
endif; endif;
endforeach; endforeach;