X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/d3b1ea255664edd2deef17f900a655613d20820d..9cd344f9b14dd8e0743c1417fdb379b1431c3988:/wp-includes/default-widgets.php

diff --git a/wp-includes/default-widgets.php b/wp-includes/default-widgets.php
index d2bebc80..e5219fec 100644
--- a/wp-includes/default-widgets.php
+++ b/wp-includes/default-widgets.php
@@ -376,8 +376,8 @@ class WP_Widget_Text extends WP_Widget {
 
 	function widget( $args, $instance ) {
 		extract($args);
-		$title = apply_filters('widget_title', empty($instance['title']) ? '' : $instance['title']);
-		$text = apply_filters( 'widget_text', $instance['text'] );
+		$title = apply_filters( 'widget_title', empty($instance['title']) ? '' : $instance['title'], $instance );
+		$text = apply_filters( 'widget_text', $instance['text'], $instance );
 		echo $before_widget;
 		if ( !empty( $title ) ) { echo $before_title . $title . $after_title; } ?>
 			<div class="textwidget"><?php echo $instance['filter'] ? wpautop($text) : $text; ?></div>
@@ -391,7 +391,7 @@ class WP_Widget_Text extends WP_Widget {
 		if ( current_user_can('unfiltered_html') )
 			$instance['text'] =  $new_instance['text'];
 		else
-			$instance['text'] = wp_filter_post_kses( $new_instance['text'] );
+			$instance['text'] = stripslashes( wp_filter_post_kses( addslashes($new_instance['text']) ) ); // wp_filter_post_kses() expects slashed
 		$instance['filter'] = isset($new_instance['filter']);
 		return $instance;
 	}
@@ -406,7 +406,7 @@ class WP_Widget_Text extends WP_Widget {
 
 		<textarea class="widefat" rows="16" cols="20" id="<?php echo $this->get_field_id('text'); ?>" name="<?php echo $this->get_field_name('text'); ?>"><?php echo $text; ?></textarea>
 
-		<p><input id="<?php echo $this->get_field_id('filter'); ?>" name="<?php echo $this->get_field_name('filter'); ?>" type="checkbox" <?php checked($instance['filter']); ?> />&nbsp;<label for="<?php echo $this->get_field_id('filter'); ?>"><?php _e('Automatically add paragraphs.'); ?></label></p>
+		<p><input id="<?php echo $this->get_field_id('filter'); ?>" name="<?php echo $this->get_field_name('filter'); ?>" type="checkbox" <?php checked(isset($instance['filter']) ? $instance['filter'] : 0); ?> />&nbsp;<label for="<?php echo $this->get_field_id('filter'); ?>"><?php _e('Automatically add paragraphs.'); ?></label></p>
 <?php
 	}
 }
@@ -483,9 +483,9 @@ class WP_Widget_Categories extends WP_Widget {
 		//Defaults
 		$instance = wp_parse_args( (array) $instance, array( 'title' => '') );
 		$title = esc_attr( $instance['title'] );
-		$count = (bool) $instance['count'];
-		$hierarchical = (bool) $instance['hierarchical'];
-		$dropdown = (bool) $instance['dropdown'];
+		$count = isset($instance['count']) ? (bool) $instance['count'] :false;
+		$hierarchical = isset( $instance['hierarchical'] ) ? (bool) $instance['hierarchical'] : false;
+		$dropdown = isset( $instance['dropdown'] ) ? (bool) $instance['dropdown'] : false;
 ?>
 		<p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e( 'Title:' ); ?></label>
 		<input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo $title; ?>" /></p>
@@ -526,8 +526,10 @@ class WP_Widget_Recent_Posts extends WP_Widget {
 		if ( !is_array($cache) )
 			$cache = array();
 
-		if ( isset($cache[$args['widget_id']]) )
-			return $cache[$args['widget_id']];
+		if ( isset($cache[$args['widget_id']]) ) {
+			echo $cache[$args['widget_id']];
+			return;
+		}
 
 		ob_start();
 		extract($args);
@@ -577,8 +579,8 @@ class WP_Widget_Recent_Posts extends WP_Widget {
 	}
 
 	function form( $instance ) {
-		$title = esc_attr($instance['title']);
-		if ( !$number = (int) $instance['number'] )
+		$title = isset($instance['title']) ? esc_attr($instance['title']) : '';
+		if ( !isset($instance['number']) || !$number = (int) $instance['number'] )
 			$number = 5;
 ?>
 		<p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label>
@@ -607,7 +609,7 @@ class WP_Widget_Recent_Comments extends WP_Widget {
 			add_action( 'wp_head', array(&$this, 'recent_comments_style') );
 
 		add_action( 'comment_post', array(&$this, 'flush_widget_cache') );
-		add_action( 'wp_set_comment_status', array(&$this, 'flush_widget_cache') );
+		add_action( 'transition_comment_status', array(&$this, 'flush_widget_cache') );
 	}
 
 	function recent_comments_style() { ?>
@@ -632,7 +634,7 @@ class WP_Widget_Recent_Comments extends WP_Widget {
 			$number = 15;
 
 		if ( !$comments = wp_cache_get( 'recent_comments', 'widget' ) ) {
-			$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 15");
+			$comments = $wpdb->get_results("SELECT $wpdb->comments.* FROM $wpdb->comments JOIN $wpdb->posts ON $wpdb->posts.ID = $wpdb->comments.comment_post_ID WHERE comment_approved = '1' AND post_status = 'publish' ORDER BY comment_date_gmt DESC LIMIT 15");
 			wp_cache_add( 'recent_comments', $comments, 'widget' );
 		}
 
@@ -710,7 +712,7 @@ class WP_Widget_RSS extends WP_Widget {
 		if ( ! is_wp_error($rss) ) {
 			$desc = esc_attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset'))));
 			if ( empty($title) )
-				$title = htmlentities(strip_tags($rss->get_title()));
+				$title = esc_html(strip_tags($rss->get_title()));
 			$link = esc_url(strip_tags($rss->get_permalink()));
 			while ( stristr($link, 'http') != $link )
 				$link = substr($link, 1);
@@ -730,6 +732,10 @@ class WP_Widget_RSS extends WP_Widget {
 			echo $before_title . $title . $after_title;
 		wp_widget_rss_output( $rss, $instance );
 		echo $after_widget;
+
+		if ( ! is_wp_error($rss) )
+			$rss->__destruct();
+		unset($rss);
 	}
 
 	function update($new_instance, $old_instance) {
@@ -768,7 +774,6 @@ function wp_widget_rss_output( $rss, $args = array() ) {
 	if ( is_wp_error($rss) ) {
 		if ( is_admin() || current_user_can('manage_options') )
 			echo '<p>' . sprintf( __('<strong>RSS Error</strong>: %s'), $rss->get_error_message() ) . '</p>';
-
 		return;
 	}
 
@@ -785,6 +790,8 @@ function wp_widget_rss_output( $rss, $args = array() ) {
 
 	if ( !$rss->get_item_quantity() ) {
 		echo '<ul><li>' . __( 'An error has occurred; the feed is probably down. Try again later.' ) . '</li></ul>';
+		$rss->__destruct(); 
+		unset($rss);
 		return;
 	}
 
@@ -836,6 +843,8 @@ function wp_widget_rss_output( $rss, $args = array() ) {
 		}
 	}
 	echo '</ul>';
+	$rss->__destruct(); 
+	unset($rss);
 }
 
 
@@ -944,6 +953,9 @@ function wp_widget_rss_process( $widget_rss, $check_feed = true ) {
 			$link = esc_url(strip_tags($rss->get_permalink()));
 			while ( stristr($link, 'http') != $link )
 				$link = substr($link, 1);
+
+			$rss->__destruct();
+			unset($rss);
 		}
 	}
 
@@ -983,7 +995,7 @@ class WP_Widget_Tag_Cloud extends WP_Widget {
 	function form( $instance ) {
 ?>
 	<p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:') ?></label>
-	<input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo esc_attr( $instance['title'] ); ?>" /></p>
+	<input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php if (isset ( $instance['title'])) {echo esc_attr( $instance['title'] );} ?>" /></p>
 <?php
 	}
 }