Changeset 12324 for trunk/src/bp-groups/classes/class-bp-groups-widget.php

Timestamp:

01/11/2019 02:37:16 AM (6 years ago)

Author:

boonebgorges

Message:

Widgets: Place an upper bound on item counts in widget forms.

This prevents widgets from triggering performance problems when initialized
with unreasonably high max item counts.

Use the bp_get_widget_max_count_limit filter to increase the default
ceiling of 50.

Fixes #8036.

File:

• trunk/src/bp-groups/classes/class-bp-groups-widget.php (modified) (4 diffs)

trunk/src/bp-groups/classes/class-bp-groups-widget.php

@@ -103 +103 @@
         echo $before_title . $title . $after_title;
 
+        $max_limit  = bp_get_widget_max_count_limit( __CLASS__ );
         $max_groups = ! empty( $instance['max_groups'] ) ? (int) $instance['max_groups'] : 5;
+
+        if ( $max_groups > $max_limit ) {
+            $max_groups = $max_limit;
+        }
 
         $group_args = array(
@@ -184 +189 @@
         $instance = $old_instance;
 
+        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
+
         $instance['title']         = strip_tags( $new_instance['title'] );
-        $instance['max_groups']    = strip_tags( $new_instance['max_groups'] );
+        $instance['max_groups']    = $new_instance['max_groups'] > $max_limit ? $max_limit : intval( $new_instance['max_groups'] );
         $instance['group_default'] = strip_tags( $new_instance['group_default'] );
         $instance['link_title']    = ! empty( $new_instance['link_title'] );
@@ -209 +216 @@
         $instance = bp_parse_args( (array) $instance, $defaults, 'groups_widget_form' );
 
+        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
+
         $title         = strip_tags( $instance['title'] );
-        $max_groups    = strip_tags( $instance['max_groups'] );
+        $max_groups    = $instance['max_groups'] > $max_limit ? $max_limit : intval( $instance['max_groups'] );
         $group_default = strip_tags( $instance['group_default'] );
         $link_title    = (bool) $instance['link_title'];
@@ -219 +228 @@
         <p><label for="<?php echo $this->get_field_id('link_title') ?>"><input type="checkbox" name="<?php echo $this->get_field_name('link_title') ?>" id="<?php echo $this->get_field_id('link_title') ?>" value="1" <?php checked( $link_title ) ?> /> <?php _e( 'Link widget title to Groups directory', 'buddypress' ) ?></label></p>
 
-        <p><label for="<?php echo $this->get_field_id( 'max_groups' ); ?>"><?php _e('Max groups to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_groups' ); ?>" name="<?php echo $this->get_field_name( 'max_groups' ); ?>" type="text" value="<?php echo esc_attr( $max_groups ); ?>" style="width: 30%" /></label></p>
+        <p><label for="<?php echo $this->get_field_id( 'max_groups' ); ?>"><?php _e( 'Max groups to show:', 'buddypress' ); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_groups' ); ?>" name="<?php echo $this->get_field_name( 'max_groups' ); ?>" type="number" min="1" max="<?php echo esc_attr( $max_limit ); ?>" value="<?php echo esc_attr( $max_groups ); ?>" style="width: 30%" /></label></p>
 
         <p>