Skip to:
Content

BuddyPress.org

Changeset 12324


Ignore:
Timestamp:
01/11/2019 02:37:16 AM (6 years ago)
Author:
boonebgorges
Message:

Widgets: Place an upper bound on item counts in widget forms.

This prevents widgets from triggering performance problems when initialized
with unreasonably high max item counts.

Use the bp_get_widget_max_count_limit filter to increase the default
ceiling of 50.

Fixes #8036.

Location:
trunk/src
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-blogs/classes/class-bp-blogs-recent-posts-widget.php

    r12323 r12324  
    6262        echo $args['before_title'] . $title . $args['after_title'];
    6363
    64         if ( empty( $instance['max_posts'] ) || empty( $instance['max_posts'] ) ) {
     64        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
     65        if ( empty( $instance['max_posts'] ) || $instance['max_posts'] > $max_limit ) {
    6566            $instance['max_posts'] = 10;
    6667        }
     
    129130     */
    130131    public function update( $new_instance, $old_instance ) {
    131         $instance               = $old_instance;
     132        $instance = $old_instance;
     133
     134        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
     135
    132136        $instance['title']      = strip_tags( $new_instance['title'] );
    133         $instance['max_posts']  = strip_tags( $new_instance['max_posts'] );
     137        $instance['max_posts']  = $new_instance['max_posts'] > $max_limit ? $max_limit : intval( $new_instance['max_posts'] );
    134138        $instance['link_title'] = ! empty( $new_instance['link_title'] );
    135139
     
    151155        ) );
    152156
     157        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
     158
    153159        $title      = strip_tags( $instance['title'] );
    154         $max_posts  = strip_tags( $instance['max_posts'] );
     160        $max_posts  = $instance['max_posts'] > $max_limit ? $max_limit : intval( $instance['max_posts'] );
    155161        $link_title = (bool) $instance['link_title'];
    156162
     
    159165        <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _ex( 'Title:', 'Label for the Title field of the Recent Networkwide Posts widget', 'buddypress' ); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" style="width: 100%;" /></label></p>
    160166        <p><label for="<?php echo $this->get_field_id( 'link_title' ); ?>"><input type="checkbox" name="<?php echo $this->get_field_name( 'link_title' ); ?>" value="1" <?php checked( $link_title ); ?> /> <?php _e( 'Link widget title to Blogs directory', 'buddypress' ); ?></label></p>
    161         <p><label for="<?php echo $this->get_field_id( 'max_posts' ); ?>"><?php _e( 'Max posts to show:', 'buddypress' ); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_posts' ); ?>" name="<?php echo $this->get_field_name( 'max_posts' ); ?>" type="text" value="<?php echo esc_attr( $max_posts ); ?>" style="width: 30%" /></label></p>
     167        <p><label for="<?php echo $this->get_field_id( 'max_posts' ); ?>"><?php _e( 'Max posts to show:', 'buddypress' ); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_posts' ); ?>" name="<?php echo $this->get_field_name( 'max_posts' ); ?>" type="number" min="1" max="<?php echo esc_attr( $max_limit ); ?>" value="<?php echo esc_attr( $max_posts ); ?>" style="width: 30%" /></label></p>
    162168        <?php
    163169    }
  • trunk/src/bp-core/bp-core-functions.php

    r12303 r12324  
    39293929    return (bool) apply_filters( 'bp_is_large_install', $is_large );
    39303930}
     3931
     3932/**
     3933 * Returns the upper limit on the "max" item count, for widgets that support it.
     3934 *
     3935 * @since 5.0.0
     3936 *
     3937 * @param string $widget_class Optional. Class name of the calling widget.
     3938 * @return int
     3939 */
     3940function bp_get_widget_max_count_limit( $widget_class = '' ) {
     3941    /**
     3942     * Filters the upper limit on the "max" item count, for widgets that support it.
     3943     *
     3944     * @since 5.0.0
     3945     *
     3946     * @param int    $count        Defaults to 50.
     3947     * @param string $widget_class Class name of the calling widget.
     3948     */
     3949    return apply_filters( 'bp_get_widget_max_count_limit', 50, $widget_class );
     3950}
  • trunk/src/bp-groups/classes/class-bp-groups-widget.php

    r12323 r12324  
    103103        echo $before_title . $title . $after_title;
    104104
     105        $max_limit  = bp_get_widget_max_count_limit( __CLASS__ );
    105106        $max_groups = ! empty( $instance['max_groups'] ) ? (int) $instance['max_groups'] : 5;
     107
     108        if ( $max_groups > $max_limit ) {
     109            $max_groups = $max_limit;
     110        }
    106111
    107112        $group_args = array(
     
    184189        $instance = $old_instance;
    185190
     191        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
     192
    186193        $instance['title']         = strip_tags( $new_instance['title'] );
    187         $instance['max_groups']    = strip_tags( $new_instance['max_groups'] );
     194        $instance['max_groups']    = $new_instance['max_groups'] > $max_limit ? $max_limit : intval( $new_instance['max_groups'] );
    188195        $instance['group_default'] = strip_tags( $new_instance['group_default'] );
    189196        $instance['link_title']    = ! empty( $new_instance['link_title'] );
     
    209216        $instance = bp_parse_args( (array) $instance, $defaults, 'groups_widget_form' );
    210217
     218        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
     219
    211220        $title         = strip_tags( $instance['title'] );
    212         $max_groups    = strip_tags( $instance['max_groups'] );
     221        $max_groups    = $instance['max_groups'] > $max_limit ? $max_limit : intval( $instance['max_groups'] );
    213222        $group_default = strip_tags( $instance['group_default'] );
    214223        $link_title    = (bool) $instance['link_title'];
     
    219228        <p><label for="<?php echo $this->get_field_id('link_title') ?>"><input type="checkbox" name="<?php echo $this->get_field_name('link_title') ?>" id="<?php echo $this->get_field_id('link_title') ?>" value="1" <?php checked( $link_title ) ?> /> <?php _e( 'Link widget title to Groups directory', 'buddypress' ) ?></label></p>
    220229
    221         <p><label for="<?php echo $this->get_field_id( 'max_groups' ); ?>"><?php _e('Max groups to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_groups' ); ?>" name="<?php echo $this->get_field_name( 'max_groups' ); ?>" type="text" value="<?php echo esc_attr( $max_groups ); ?>" style="width: 30%" /></label></p>
     230        <p><label for="<?php echo $this->get_field_id( 'max_groups' ); ?>"><?php _e( 'Max groups to show:', 'buddypress' ); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_groups' ); ?>" name="<?php echo $this->get_field_name( 'max_groups' ); ?>" type="number" min="1" max="<?php echo esc_attr( $max_limit ); ?>" value="<?php echo esc_attr( $max_groups ); ?>" style="width: 30%" /></label></p>
    222231
    223232        <p>
  • trunk/src/bp-members/classes/class-bp-core-members-widget.php

    r12323 r12324  
    9191        echo $args['before_widget'] . $args['before_title'] . $title . $args['after_title'];
    9292
     93        $max_limit   = bp_get_widget_max_count_limit( __CLASS__ );
     94        $max_members = $settings['max_members'] > $max_limit ? $max_limit : (int) $settings['max_members'];
     95
    9396        // Setup args for querying members.
    9497        $members_args = array(
    9598            'user_id'         => 0,
    9699            'type'            => $settings['member_default'],
    97             'per_page'        => $settings['max_members'],
    98             'max'             => $settings['max_members'],
     100            'per_page'        => $max_members,
     101            'max'             => $max_members,
    99102            'populate_extras' => true,
    100103            'search_terms'    => false,
     
    178181        $instance = $old_instance;
    179182
     183        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
     184
    180185        $instance['title']          = strip_tags( $new_instance['title'] );
    181         $instance['max_members']    = strip_tags( $new_instance['max_members'] );
     186        $instance['max_members']    = $new_instance['max_members'] > $max_limit ? $max_limit : intval( $new_instance['max_members'] );
    182187        $instance['member_default'] = strip_tags( $new_instance['member_default'] );
    183188        $instance['link_title']     = ! empty( $new_instance['link_title'] );
     
    195200     */
    196201    public function form( $instance ) {
     202        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
    197203
    198204        // Get widget settings.
    199205        $settings       = $this->parse_settings( $instance );
    200206        $title          = strip_tags( $settings['title'] );
    201         $max_members    = strip_tags( $settings['max_members'] );
     207        $max_members    = $settings['max_members'] > $max_limit ? $max_limit : intval( $settings['max_members'] );
    202208        $member_default = strip_tags( $settings['member_default'] );
    203209        $link_title     = (bool) $settings['link_title']; ?>
     
    220226            <label for="<?php echo $this->get_field_id( 'max_members' ); ?>">
    221227                <?php esc_html_e( 'Max members to show:', 'buddypress' ); ?>
    222                 <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" />
     228                <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="number" min="1" max="<?php echo esc_attr( $max_limit ); ?>" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" />
    223229            </label>
    224230        </p>
  • trunk/src/bp-members/classes/class-bp-core-recently-active-widget.php

    r11564 r12324  
    6464        echo $args['before_title'] . $title . $args['after_title'];
    6565
     66        $max_limit   = bp_get_widget_max_count_limit( __CLASS__ );
     67        $max_members = $settings['max_members'] > $max_limit ? $max_limit : (int) $settings['max_members'];
     68
    6669        // Setup args for querying members.
    6770        $members_args = array(
    6871            'user_id'         => 0,
    6972            'type'            => 'active',
    70             'per_page'        => $settings['max_members'],
    71             'max'             => $settings['max_members'],
     73            'per_page'        => $max_members,
     74            'max'             => $max_members,
    7275            'populate_extras' => true,
    7376            'search_terms'    => false,
     
    117120     */
    118121    public function update( $new_instance, $old_instance ) {
    119         $instance                = $old_instance;
     122        $instance = $old_instance;
     123
     124        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
     125
    120126        $instance['title']       = strip_tags( $new_instance['title'] );
    121         $instance['max_members'] = strip_tags( $new_instance['max_members'] );
     127        $instance['max_members'] = $new_instance['max_members'] > $max_limit ? $max_limit : intval( $new_instance['max_members'] );
    122128
    123129        return $instance;
     
    133139     */
    134140    public function form( $instance ) {
     141        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
    135142
    136143        // Get widget settings.
    137144        $settings    = $this->parse_settings( $instance );
    138145        $title       = strip_tags( $settings['title'] );
    139         $max_members = strip_tags( $settings['max_members'] ); ?>
     146        $max_members = $settings['max_members'] > $max_limit ? $max_limit : intval( $settings['max_members'] );
     147        ?>
    140148
    141149        <p>
     
    149157            <label for="<?php echo $this->get_field_id( 'max_members' ); ?>">
    150158                <?php esc_html_e( 'Max members to show:', 'buddypress' ); ?>
    151                 <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" />
     159                <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="number" min="1" max="<?php echo esc_attr( $max_limit ); ?>" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" />
    152160            </label>
    153161        </p>
  • trunk/src/bp-members/classes/class-bp-core-whos-online-widget.php

    r11564 r12324  
    6363        echo $args['before_widget'] . $args['before_title'] . $title . $args['after_title'];
    6464
     65        $max_limit   = bp_get_widget_max_count_limit( __CLASS__ );
     66        $max_members = $settings['max_members'] > $max_limit ? $max_limit : (int) $settings['max_members'];
     67
    6568        // Setup args for querying members.
    6669        $members_args = array(
    6770            'user_id'         => 0,
    6871            'type'            => 'online',
    69             'per_page'        => $settings['max_members'],
    70             'max'             => $settings['max_members'],
     72            'per_page'        => $max_members,
     73            'max'             => $max_members,
    7174            'populate_extras' => true,
    7275            'search_terms'    => false,
     
    116119     */
    117120    public function update( $new_instance, $old_instance ) {
    118         $instance                = $old_instance;
     121        $instance = $old_instance;
     122
     123        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
     124
    119125        $instance['title']       = strip_tags( $new_instance['title'] );
    120         $instance['max_members'] = strip_tags( $new_instance['max_members'] );
     126        $instance['max_members'] = $new_instance['max_members'] > $max_limit ? $max_limit : intval( $new_instance['max_members'] );
    121127
    122128        return $instance;
     
    132138     */
    133139    public function form( $instance ) {
     140        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
    134141
    135142        // Get widget settings.
    136143        $settings    = $this->parse_settings( $instance );
    137144        $title       = strip_tags( $settings['title'] );
    138         $max_members = strip_tags( $settings['max_members'] ); ?>
     145        $max_members = $settings['max_members'] > $max_limit ? $max_limit : intval( $settings['max_members'] );
     146        ?>
    139147
    140148        <p>
     
    148156            <label for="<?php echo $this->get_field_id( 'max_members' ); ?>">
    149157                <?php esc_html_e( 'Max members to show:', 'buddypress' ); ?>
    150                 <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" />
     158                <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="number" min="1" max="<?php echo esc_attr( $max_limit ); ?>" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" />
    151159            </label>
    152160        </p>
Note: See TracChangeset for help on using the changeset viewer.