WordPress/wp-includes/widgets/class-wp-widget-categories.php
Gary Pendergast 2f288c306c Widgets: Remove unnecessary sanitize_text_field() calls in core widget ::form() methods.
This sanitisation only needs to be run in `::update()` to correctly clean up the input.

Props welcher, greenshady.
Fixes #42461.


Built from https://develop.svn.wordpress.org/trunk@44589


git-svn-id: http://core.svn.wordpress.org/trunk@44420 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-15 00:43:49 +00:00

182 lines
5.9 KiB
PHP

<?php
/**
* Widget API: WP_Widget_Categories class
*
* @package WordPress
* @subpackage Widgets
* @since 4.4.0
*/
/**
* Core class used to implement a Categories widget.
*
* @since 2.8.0
*
* @see WP_Widget
*/
class WP_Widget_Categories extends WP_Widget {
/**
* Sets up a new Categories widget instance.
*
* @since 2.8.0
*/
public function __construct() {
$widget_ops = array(
'classname' => 'widget_categories',
'description' => __( 'A list or dropdown of categories.' ),
'customize_selective_refresh' => true,
);
parent::__construct( 'categories', __( 'Categories' ), $widget_ops );
}
/**
* Outputs the content for the current Categories widget instance.
*
* @since 2.8.0
*
* @staticvar bool $first_dropdown
*
* @param array $args Display arguments including 'before_title', 'after_title',
* 'before_widget', and 'after_widget'.
* @param array $instance Settings for the current Categories widget instance.
*/
public function widget( $args, $instance ) {
static $first_dropdown = true;
$title = ! empty( $instance['title'] ) ? $instance['title'] : __( 'Categories' );
/** This filter is documented in wp-includes/widgets/class-wp-widget-pages.php */
$title = apply_filters( 'widget_title', $title, $instance, $this->id_base );
$c = ! empty( $instance['count'] ) ? '1' : '0';
$h = ! empty( $instance['hierarchical'] ) ? '1' : '0';
$d = ! empty( $instance['dropdown'] ) ? '1' : '0';
echo $args['before_widget'];
if ( $title ) {
echo $args['before_title'] . $title . $args['after_title'];
}
$cat_args = array(
'orderby' => 'name',
'show_count' => $c,
'hierarchical' => $h,
);
if ( $d ) {
echo sprintf( '<form action="%s" method="get">', esc_url( home_url() ) );
$dropdown_id = ( $first_dropdown ) ? 'cat' : "{$this->id_base}-dropdown-{$this->number}";
$first_dropdown = false;
echo '<label class="screen-reader-text" for="' . esc_attr( $dropdown_id ) . '">' . $title . '</label>';
$cat_args['show_option_none'] = __( 'Select Category' );
$cat_args['id'] = $dropdown_id;
/**
* Filters the arguments for the Categories widget drop-down.
*
* @since 2.8.0
* @since 4.9.0 Added the `$instance` parameter.
*
* @see wp_dropdown_categories()
*
* @param array $cat_args An array of Categories widget drop-down arguments.
* @param array $instance Array of settings for the current widget.
*/
wp_dropdown_categories( apply_filters( 'widget_categories_dropdown_args', $cat_args, $instance ) );
echo '</form>';
?>
<script type='text/javascript'>
/* <![CDATA[ */
(function() {
var dropdown = document.getElementById( "<?php echo esc_js( $dropdown_id ); ?>" );
function onCatChange() {
if ( dropdown.options[ dropdown.selectedIndex ].value > 0 ) {
dropdown.parentNode.submit();
}
}
dropdown.onchange = onCatChange;
})();
/* ]]> */
</script>
<?php
} else {
?>
<ul>
<?php
$cat_args['title_li'] = '';
/**
* Filters the arguments for the Categories widget.
*
* @since 2.8.0
* @since 4.9.0 Added the `$instance` parameter.
*
* @param array $cat_args An array of Categories widget options.
* @param array $instance Array of settings for the current widget.
*/
wp_list_categories( apply_filters( 'widget_categories_args', $cat_args, $instance ) );
?>
</ul>
<?php
}
echo $args['after_widget'];
}
/**
* Handles updating settings for the current Categories widget instance.
*
* @since 2.8.0
*
* @param array $new_instance New settings for this instance as input by the user via
* WP_Widget::form().
* @param array $old_instance Old settings for this instance.
* @return array Updated settings to save.
*/
public function update( $new_instance, $old_instance ) {
$instance = $old_instance;
$instance['title'] = sanitize_text_field( $new_instance['title'] );
$instance['count'] = ! empty( $new_instance['count'] ) ? 1 : 0;
$instance['hierarchical'] = ! empty( $new_instance['hierarchical'] ) ? 1 : 0;
$instance['dropdown'] = ! empty( $new_instance['dropdown'] ) ? 1 : 0;
return $instance;
}
/**
* Outputs the settings form for the Categories widget.
*
* @since 2.8.0
*
* @param array $instance Current settings.
*/
public function form( $instance ) {
//Defaults
$instance = wp_parse_args( (array) $instance, array( 'title' => '' ) );
$count = isset( $instance['count'] ) ? (bool) $instance['count'] : false;
$hierarchical = isset( $instance['hierarchical'] ) ? (bool) $instance['hierarchical'] : false;
$dropdown = isset( $instance['dropdown'] ) ? (bool) $instance['dropdown'] : false;
?>
<p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label>
<input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p>
<p><input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id( 'dropdown' ); ?>" name="<?php echo $this->get_field_name( 'dropdown' ); ?>"<?php checked( $dropdown ); ?> />
<label for="<?php echo $this->get_field_id( 'dropdown' ); ?>"><?php _e( 'Display as dropdown' ); ?></label><br />
<input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id( 'count' ); ?>" name="<?php echo $this->get_field_name( 'count' ); ?>"<?php checked( $count ); ?> />
<label for="<?php echo $this->get_field_id( 'count' ); ?>"><?php _e( 'Show post counts' ); ?></label><br />
<input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id( 'hierarchical' ); ?>" name="<?php echo $this->get_field_name( 'hierarchical' ); ?>"<?php checked( $hierarchical ); ?> />
<label for="<?php echo $this->get_field_id( 'hierarchical' ); ?>"><?php _e( 'Show hierarchy' ); ?></label></p>
<?php
}
}