Changeset 12324 for trunk/src/bp-members/classes/class-bp-core-members-widget.php

Timestamp:

01/11/2019 02:37:16 AM (6 years ago)

Author:

boonebgorges

Message:

Widgets: Place an upper bound on item counts in widget forms.

This prevents widgets from triggering performance problems when initialized
with unreasonably high max item counts.

Use the bp_get_widget_max_count_limit filter to increase the default
ceiling of 50.

Fixes #8036.

File:

• trunk/src/bp-members/classes/class-bp-core-members-widget.php (modified) (4 diffs)

trunk/src/bp-members/classes/class-bp-core-members-widget.php

@@ -91 +91 @@
         echo $args['before_widget'] . $args['before_title'] . $title . $args['after_title'];
 
+        $max_limit   = bp_get_widget_max_count_limit( __CLASS__ );
+        $max_members = $settings['max_members'] > $max_limit ? $max_limit : (int) $settings['max_members'];
+
         // Setup args for querying members.
         $members_args = array(
             'user_id'         => 0,
             'type'            => $settings['member_default'],
-            'per_page'        => $settings['max_members'],
-            'max'             => $settings['max_members'],
+            'per_page'        => $max_members,
+            'max'             => $max_members,
             'populate_extras' => true,
             'search_terms'    => false,
@@ -178 +181 @@
         $instance = $old_instance;
 
+        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
+
         $instance['title']          = strip_tags( $new_instance['title'] );
-        $instance['max_members']    = strip_tags( $new_instance['max_members'] );
+        $instance['max_members']    = $new_instance['max_members'] > $max_limit ? $max_limit : intval( $new_instance['max_members'] );
         $instance['member_default'] = strip_tags( $new_instance['member_default'] );
         $instance['link_title']     = ! empty( $new_instance['link_title'] );
@@ -195 +200 @@
      */
     public function form( $instance ) {
+        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
 
         // Get widget settings.
         $settings       = $this->parse_settings( $instance );
         $title          = strip_tags( $settings['title'] );
-        $max_members    = strip_tags( $settings['max_members'] );
+        $max_members    = $settings['max_members'] > $max_limit ? $max_limit : intval( $settings['max_members'] );
         $member_default = strip_tags( $settings['member_default'] );
         $link_title     = (bool) $settings['link_title']; ?>
@@ -220 +226 @@
             <label for="<?php echo $this->get_field_id( 'max_members' ); ?>">
                 <?php esc_html_e( 'Max members to show:', 'buddypress' ); ?>
-                <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" />
+                <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="number" min="1" max="<?php echo esc_attr( $max_limit ); ?>" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" />
             </label>
         </p>