--- a/wp/wp-includes/widgets/class-wp-widget-text.php Mon Oct 14 18:06:33 2019 +0200
+++ b/wp/wp-includes/widgets/class-wp-widget-text.php Mon Oct 14 18:28:13 2019 +0200
@@ -30,13 +30,13 @@
* @since 2.8.0
*/
public function __construct() {
- $widget_ops = array(
- 'classname' => 'widget_text',
- 'description' => __( 'Arbitrary text.' ),
+ $widget_ops = array(
+ 'classname' => 'widget_text',
+ 'description' => __( 'Arbitrary text.' ),
'customize_selective_refresh' => true,
);
$control_ops = array(
- 'width' => 400,
+ 'width' => 400,
'height' => 350,
);
parent::__construct( 'text', __( 'Text' ), $widget_ops, $control_ops );
@@ -99,7 +99,7 @@
return false;
}
- $wpautop = ! empty( $instance['filter'] );
+ $wpautop = ! empty( $instance['filter'] );
$has_line_breaks = ( false !== strpos( trim( $instance['text'] ), "\n" ) );
// If auto-paragraphs are not enabled and there are line breaks, then ensure legacy mode.
@@ -120,38 +120,45 @@
}
$doc = new DOMDocument();
- @$doc->loadHTML( sprintf(
- '<!DOCTYPE html><html><head><meta charset="%s"></head><body>%s</body></html>',
- esc_attr( get_bloginfo( 'charset' ) ),
- $instance['text']
- ) );
+
+ // Suppress warnings generated by loadHTML
+ $errors = libxml_use_internal_errors( true );
+ @$doc->loadHTML(
+ sprintf(
+ '<!DOCTYPE html><html><head><meta charset="%s"></head><body>%s</body></html>',
+ esc_attr( get_bloginfo( 'charset' ) ),
+ $instance['text']
+ )
+ );
+ libxml_use_internal_errors( $errors );
+
$body = $doc->getElementsByTagName( 'body' )->item( 0 );
// See $allowedposttags.
$safe_elements_attributes = array(
- 'strong' => array(),
- 'em' => array(),
- 'b' => array(),
- 'i' => array(),
- 'u' => array(),
- 's' => array(),
- 'ul' => array(),
- 'ol' => array(),
- 'li' => array(),
- 'hr' => array(),
- 'abbr' => array(),
+ 'strong' => array(),
+ 'em' => array(),
+ 'b' => array(),
+ 'i' => array(),
+ 'u' => array(),
+ 's' => array(),
+ 'ul' => array(),
+ 'ol' => array(),
+ 'li' => array(),
+ 'hr' => array(),
+ 'abbr' => array(),
'acronym' => array(),
- 'code' => array(),
- 'dfn' => array(),
- 'a' => array(
+ 'code' => array(),
+ 'dfn' => array(),
+ 'a' => array(
'href' => true,
),
- 'img' => array(
+ 'img' => array(
'src' => true,
'alt' => true,
),
);
- $safe_empty_elements = array( 'img', 'hr', 'iframe' );
+ $safe_empty_elements = array( 'img', 'hr', 'iframe' );
foreach ( $body->getElementsByTagName( '*' ) as $element ) {
/** @var DOMElement $element */
@@ -219,7 +226,7 @@
/** This filter is documented in wp-includes/widgets/class-wp-widget-pages.php */
$title = apply_filters( 'widget_title', $title, $instance, $this->id_base );
- $text = ! empty( $instance['text'] ) ? $instance['text'] : '';
+ $text = ! empty( $instance['text'] ) ? $instance['text'] : '';
$is_visual_text_widget = ( ! empty( $instance['visual'] ) && ! empty( $instance['filter'] ) );
// In 4.8.0 only, visual Text widgets get filter=content, without visual prop; upgrade instance props just-in-time.
@@ -237,7 +244,7 @@
* and it applies after wpautop() to prevent corrupting HTML output added by the shortcode. When do_shortcode() is
* added to 'widget_text_content' then do_shortcode() will be manually called when in legacy mode as well.
*/
- $widget_text_do_shortcode_priority = has_filter( 'widget_text', 'do_shortcode' );
+ $widget_text_do_shortcode_priority = has_filter( 'widget_text', 'do_shortcode' );
$should_suspend_legacy_shortcode_support = ( $is_visual_text_widget && false !== $widget_text_do_shortcode_priority );
if ( $should_suspend_legacy_shortcode_support ) {
remove_filter( 'widget_text', 'do_shortcode', $widget_text_do_shortcode_priority );
@@ -321,6 +328,9 @@
$text = preg_replace_callback( '#<(video|iframe|object|embed)\s[^>]*>#i', array( $this, 'inject_video_max_width_style' ), $text );
+ // Adds noreferrer and noopener relationships, without duplicating values, to all HTML A elements that have a target.
+ $text = wp_targeted_link_rel( $text );
+
?>
<div class="textwidget"><?php echo $text; ?></div>
<?php
@@ -355,12 +365,15 @@
* @return array Settings to save or bool false to cancel saving.
*/
public function update( $new_instance, $old_instance ) {
- $new_instance = wp_parse_args( $new_instance, array(
- 'title' => '',
- 'text' => '',
- 'filter' => false, // For back-compat.
- 'visual' => null, // Must be explicitly defined.
- ) );
+ $new_instance = wp_parse_args(
+ $new_instance,
+ array(
+ 'title' => '',
+ 'text' => '',
+ 'filter' => false, // For back-compat.
+ 'visual' => null, // Must be explicitly defined.
+ )
+ );
$instance = $old_instance;
@@ -427,7 +440,7 @@
* @since 2.8.0
* @since 4.8.0 Form only contains hidden inputs which are synced with JS template.
* @since 4.8.1 Restored original form to be displayed when in legacy mode.
- * @see WP_Widget_Visual_Text::render_control_template_scripts()
+ * @see WP_Widget_Text::render_control_template_scripts()
* @see _WP_Editors::editor()
*
* @param array $instance Current settings.
@@ -438,7 +451,7 @@
(array) $instance,
array(
'title' => '',
- 'text' => '',
+ 'text' => '',
)
);
?>
@@ -488,7 +501,7 @@
<p>
<input id="<?php echo $this->get_field_id( 'filter' ); ?>" name="<?php echo $this->get_field_name( 'filter' ); ?>" type="checkbox"<?php checked( ! empty( $instance['filter'] ) ); ?> /> <label for="<?php echo $this->get_field_id( 'filter' ); ?>"><?php _e( 'Automatically add paragraphs' ); ?></label>
</p>
- <?php
+ <?php
endif;
}