WordPress.org

Plugin Directory

Changeset 586307


Ignore:
Timestamp:
08/16/12 17:41:05 (20 months ago)
Author:
simonwheatley
Message:

Allow users with unfiltered_html cap to input unfiltered_html.

Location:
twitter-tracker/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • twitter-tracker/trunk/class-TwitterTracker_Profile_Widget.php

    r586272 r586307  
    5757        // Delete the cache 
    5858        delete_option( 'twitter-tracker-profile' ); 
    59         $new_instance[ 'title' ] = strip_tags( $new_instance[ 'title' ] ); 
    60         $new_instance[ 'preamble' ] = wp_kses( $new_instance[ 'preamble' ], $GLOBALS[ 'TwitterTracker' ]->allowed_html( 'preamble' ) ); 
    61         $new_instance[ 'username' ] = strip_tags( $new_instance[ 'username' ] ); 
     59        $new_instance[ 'title' ] = $GLOBALS[ 'TwitterTracker' ]->maybe_strip_tags( $new_instance[ 'title' ] ); 
     60        $new_instance[ 'preamble' ] = $GLOBALS[ 'TwitterTracker' ]->maybe_wp_kses( $new_instance[ 'preamble' ], 'preamble' ); 
     61        $new_instance[ 'username' ] = $GLOBALS[ 'TwitterTracker' ]->maybe_strip_tags( $new_instance[ 'username' ] ); 
    6262        $new_instance[ 'hide_replies' ] = isset( $new_instance[ 'hide_replies' ] ) ? (bool) $new_instance[ 'hide_replies' ] : false; 
    6363        $new_instance[ 'max_tweets' ] = absint( $new_instance[ 'max_tweets' ] ); 
    6464        $new_instance[ 'include_retweets' ] = isset( $new_instance[ 'include_retweets' ] ) ? (bool) $new_instance[ 'include_retweets' ] : false; 
    65         $new_instance[ 'mandatory_hash' ] = strip_tags( $new_instance[ 'mandatory_hash' ] ); 
    66         $new_instance[ 'html_after' ] = wp_kses( $new_instance[ 'html_after' ], $GLOBALS[ 'TwitterTracker' ]->allowed_html( 'html_after' ) ); 
     65        $new_instance[ 'mandatory_hash' ] = $GLOBALS[ 'TwitterTracker' ]->maybe_strip_tags( $new_instance[ 'mandatory_hash' ] ); 
     66        $new_instance[ 'html_after' ] = $GLOBALS[ 'TwitterTracker' ]->maybe_wp_kses( $new_instance[ 'html_after' ], 'html_after' ); 
    6767        $new_instance[ 'class' ] = $new_instance[ 'class' ]; // Escaped on output, no sanitisation needed here 
    6868        return $new_instance; 
  • twitter-tracker/trunk/class-TwitterTracker_Widget.php

    r586272 r586307  
    5757        // Delete the old widget options 
    5858        delete_option( 'widget_config_twitter-tracker-1' ); 
    59         $new_instance[ 'title' ] = strip_tags( $new_instance[ 'title' ] ); 
    60         $new_instance[ 'preamble' ] = wp_kses( $new_instance[ 'preamble' ], $GLOBALS[ 'TwitterTracker' ]->allowed_html( 'preamble' ) ); 
     59        $new_instance[ 'title' ] = $GLOBALS[ 'TwitterTracker' ]->maybe_strip_tags( $new_instance[ 'title' ] ); 
     60        $new_instance[ 'preamble' ] = $GLOBALS[ 'TwitterTracker' ]->maybe_wp_kses( $new_instance[ 'preamble' ], 'preamble' ); 
    6161        $new_instance[ 'hide_replies' ] = isset( $new_instance[ 'hide_replies' ] ) ? (bool) $new_instance[ 'hide_replies' ] : false; 
    6262        $new_instance[ 'max_tweets' ] = absint( $new_instance[ 'max_tweets' ] ); 
    63         $new_instance[ 'mandatory_hash' ] = strip_tags( $new_instance[ 'mandatory_hash' ] ); 
    64         $new_instance[ 'html_after' ] = wp_kses( $new_instance[ 'html_after' ], $GLOBALS[ 'TwitterTracker' ]->allowed_html( 'html_after' ) ); 
     63        $new_instance[ 'mandatory_hash' ] = $GLOBALS[ 'TwitterTracker' ]->maybe_strip_tags( $new_instance[ 'mandatory_hash' ] ); 
     64        $new_instance[ 'html_after' ] = $GLOBALS[ 'TwitterTracker' ]->maybe_wp_kses( $new_instance[ 'html_after' ], 'html_after' ); 
    6565        $new_instance[ 'class' ] = $new_instance[ 'class' ]; // Escaped on output, no sanitisation needed here 
    6666        return $new_instance; 
  • twitter-tracker/trunk/twitter-tracker.php

    r586299 r586307  
    213213        $vars = array(  
    214214            'tweets' => $search->tweets(),  
    215             'preamble' => wp_kses( $preamble, $this->allowed_html( 'preamble' ) ), 
    216             'html_after' => wp_kses( $html_after, $this->allowed_html( 'html_after' ) ), 
     215            'preamble' => $this->maybe_wp_kses( $preamble, $this->allowed_html( 'preamble' ) ), 
     216            'html_after' => $this->maybe_wp_kses( $html_after, $this->allowed_html( 'html_after' ) ), 
    217217        ); 
    218218        $vars[ 'datef' ] = _x( 'M j, Y @ G:i', 'Publish box date format', 'twitter-tracker' ); 
     
    230230 
    231231        return $instance; 
     232    } 
     233 
     234    function maybe_wp_kses( $value, $context ) { 
     235        if ( current_user_can( 'unfiltered_html' ) ) 
     236            return $value; 
     237        $allowed_html = apply_filters( 'tt_allowed_html', array( 
     238            'a' => array( 'href' => true, 'title' => true, 'target' => true, 'class' => true, 'id' => true ), 
     239            'em' => array( 'class' => true, 'id' => true ), 
     240            'strong' => array( 'class' => true, 'id' => true ), 
     241            'p' => array( 'class' => true, 'id' => true ), 
     242            'br' => true, 
     243        ), $context ); 
     244        return wp_kses( $value, $allowed_html ); 
     245    } 
     246 
     247    function maybe_strip_tags( $value, $context ) { 
     248        if ( current_user_can( 'unfiltered_html' ) ) 
     249            return $value; 
     250        return strip_tags( $value ); 
    232251    } 
    233252 
Note: See TracChangeset for help on using the changeset viewer.