Changeset 12324 for trunk/src/bp-members/classes/class-bp-core-recently-active-widget.php

Timestamp:

01/11/2019 02:37:16 AM (6 years ago)

Author:

boonebgorges

Message:

Widgets: Place an upper bound on item counts in widget forms.

This prevents widgets from triggering performance problems when initialized
with unreasonably high max item counts.

Use the bp_get_widget_max_count_limit filter to increase the default
ceiling of 50.

Fixes #8036.

File:

• trunk/src/bp-members/classes/class-bp-core-recently-active-widget.php (modified) (4 diffs)

trunk/src/bp-members/classes/class-bp-core-recently-active-widget.php

@@ -64 +64 @@
         echo $args['before_title'] . $title . $args['after_title'];
 
+        $max_limit   = bp_get_widget_max_count_limit( __CLASS__ );
+        $max_members = $settings['max_members'] > $max_limit ? $max_limit : (int) $settings['max_members'];
+
         // Setup args for querying members.
         $members_args = array(
             'user_id'         => 0,
             'type'            => 'active',
-            'per_page'        => $settings['max_members'],
-            'max'             => $settings['max_members'],
+            'per_page'        => $max_members,
+            'max'             => $max_members,
             'populate_extras' => true,
             'search_terms'    => false,
@@ -117 +120 @@
      */
     public function update( $new_instance, $old_instance ) {
-        $instance                = $old_instance;
+        $instance = $old_instance;
+
+        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
+
         $instance['title']       = strip_tags( $new_instance['title'] );
-        $instance['max_members'] = strip_tags( $new_instance['max_members'] );
+        $instance['max_members'] = $new_instance['max_members'] > $max_limit ? $max_limit : intval( $new_instance['max_members'] );
 
         return $instance;
@@ -133 +139 @@
      */
     public function form( $instance ) {
+        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
 
         // Get widget settings.
         $settings    = $this->parse_settings( $instance );
         $title       = strip_tags( $settings['title'] );
-        $max_members = strip_tags( $settings['max_members'] ); ?>
+        $max_members = $settings['max_members'] > $max_limit ? $max_limit : intval( $settings['max_members'] );
+        ?>
 
         <p>
@@ -149 +157 @@
             <label for="<?php echo $this->get_field_id( 'max_members' ); ?>">
                 <?php esc_html_e( 'Max members to show:', 'buddypress' ); ?>
-                <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" />
+                <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="number" min="1" max="<?php echo esc_attr( $max_limit ); ?>" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" />
             </label>
         </p>