Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
01/11/2019 02:37:16 AM (6 years ago)
Author:
boonebgorges
Message:

Widgets: Place an upper bound on item counts in widget forms.

This prevents widgets from triggering performance problems when initialized
with unreasonably high max item counts.

Use the bp_get_widget_max_count_limit filter to increase the default
ceiling of 50.

Fixes #8036.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/bp-blogs/classes/class-bp-blogs-recent-posts-widget.php

    r12323 r12324  
    6262        echo $args['before_title'] . $title . $args['after_title'];
    6363
    64         if ( empty( $instance['max_posts'] ) || empty( $instance['max_posts'] ) ) {
     64        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
     65        if ( empty( $instance['max_posts'] ) || $instance['max_posts'] > $max_limit ) {
    6566            $instance['max_posts'] = 10;
    6667        }
     
    129130     */
    130131    public function update( $new_instance, $old_instance ) {
    131         $instance               = $old_instance;
     132        $instance = $old_instance;
     133
     134        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
     135
    132136        $instance['title']      = strip_tags( $new_instance['title'] );
    133         $instance['max_posts']  = strip_tags( $new_instance['max_posts'] );
     137        $instance['max_posts']  = $new_instance['max_posts'] > $max_limit ? $max_limit : intval( $new_instance['max_posts'] );
    134138        $instance['link_title'] = ! empty( $new_instance['link_title'] );
    135139
     
    151155        ) );
    152156
     157        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
     158
    153159        $title      = strip_tags( $instance['title'] );
    154         $max_posts  = strip_tags( $instance['max_posts'] );
     160        $max_posts  = $instance['max_posts'] > $max_limit ? $max_limit : intval( $instance['max_posts'] );
    155161        $link_title = (bool) $instance['link_title'];
    156162
     
    159165        <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _ex( 'Title:', 'Label for the Title field of the Recent Networkwide Posts widget', 'buddypress' ); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" style="width: 100%;" /></label></p>
    160166        <p><label for="<?php echo $this->get_field_id( 'link_title' ); ?>"><input type="checkbox" name="<?php echo $this->get_field_name( 'link_title' ); ?>" value="1" <?php checked( $link_title ); ?> /> <?php _e( 'Link widget title to Blogs directory', 'buddypress' ); ?></label></p>
    161         <p><label for="<?php echo $this->get_field_id( 'max_posts' ); ?>"><?php _e( 'Max posts to show:', 'buddypress' ); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_posts' ); ?>" name="<?php echo $this->get_field_name( 'max_posts' ); ?>" type="text" value="<?php echo esc_attr( $max_posts ); ?>" style="width: 30%" /></label></p>
     167        <p><label for="<?php echo $this->get_field_id( 'max_posts' ); ?>"><?php _e( 'Max posts to show:', 'buddypress' ); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_posts' ); ?>" name="<?php echo $this->get_field_name( 'max_posts' ); ?>" type="number" min="1" max="<?php echo esc_attr( $max_limit ); ?>" value="<?php echo esc_attr( $max_posts ); ?>" style="width: 30%" /></label></p>
    162168        <?php
    163169    }
Note: See TracChangeset for help on using the changeset viewer.