Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
01/11/2019 02:37:16 AM (6 years ago)
Author:
boonebgorges
Message:

Widgets: Place an upper bound on item counts in widget forms.

This prevents widgets from triggering performance problems when initialized
with unreasonably high max item counts.

Use the bp_get_widget_max_count_limit filter to increase the default
ceiling of 50.

Fixes #8036.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/bp-members/classes/class-bp-core-whos-online-widget.php

    r11564 r12324  
    6363        echo $args['before_widget'] . $args['before_title'] . $title . $args['after_title'];
    6464
     65        $max_limit   = bp_get_widget_max_count_limit( __CLASS__ );
     66        $max_members = $settings['max_members'] > $max_limit ? $max_limit : (int) $settings['max_members'];
     67
    6568        // Setup args for querying members.
    6669        $members_args = array(
    6770            'user_id'         => 0,
    6871            'type'            => 'online',
    69             'per_page'        => $settings['max_members'],
    70             'max'             => $settings['max_members'],
     72            'per_page'        => $max_members,
     73            'max'             => $max_members,
    7174            'populate_extras' => true,
    7275            'search_terms'    => false,
     
    116119     */
    117120    public function update( $new_instance, $old_instance ) {
    118         $instance                = $old_instance;
     121        $instance = $old_instance;
     122
     123        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
     124
    119125        $instance['title']       = strip_tags( $new_instance['title'] );
    120         $instance['max_members'] = strip_tags( $new_instance['max_members'] );
     126        $instance['max_members'] = $new_instance['max_members'] > $max_limit ? $max_limit : intval( $new_instance['max_members'] );
    121127
    122128        return $instance;
     
    132138     */
    133139    public function form( $instance ) {
     140        $max_limit = bp_get_widget_max_count_limit( __CLASS__ );
    134141
    135142        // Get widget settings.
    136143        $settings    = $this->parse_settings( $instance );
    137144        $title       = strip_tags( $settings['title'] );
    138         $max_members = strip_tags( $settings['max_members'] ); ?>
     145        $max_members = $settings['max_members'] > $max_limit ? $max_limit : intval( $settings['max_members'] );
     146        ?>
    139147
    140148        <p>
     
    148156            <label for="<?php echo $this->get_field_id( 'max_members' ); ?>">
    149157                <?php esc_html_e( 'Max members to show:', 'buddypress' ); ?>
    150                 <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" />
     158                <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="number" min="1" max="<?php echo esc_attr( $max_limit ); ?>" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" />
    151159            </label>
    152160        </p>
Note: See TracChangeset for help on using the changeset viewer.