Relocating title field in widget admin, escaping title text, includin…

…g same approach for Twitter widget in issue WPBuddy#1740
seanchayes · Oct 18, 2019 · 9c13f7e · 9c13f7e
1 parent 34ba1e3
commit 9c13f7e
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 10 deletions.
diff --git a/inc/widgets.php b/inc/widgets.php
@@ -210,7 +210,7 @@ function largo_widget_update_extend ( $instance, $new_instance ) {
  */
 function largo_add_link_to_widget_title( $title, $instance = null ) {
   if (!empty($title) && !empty($instance['title_link'])) {
-    $title = '<a href="' . esc_url( $instance['title_link'] ) . '">' . $title . '</a>';
+    $title = '<a href="' . esc_url( $instance['title_link'] ) . '">' . esc_attr( $title ) . '</a>';
   }
   return $title;
 }

diff --git a/inc/widgets/largo-facebook.php b/inc/widgets/largo-facebook.php
@@ -21,9 +21,9 @@ function __construct() {
 
 	function widget( $args, $instance ) {
 
-		$instance['title'] = apply_filters( 'widget_title', ( empty( $instance['title'] ) ? '' : $instance['title'] ), $instance ) ;
 		echo $args['before_widget'];
 
+		$instance['title'] = apply_filters( 'widget_title', ( empty( $instance['title'] ) ? '' : $instance['title'] ), $instance ) ;
 		if ( !empty( $instance['title'] ) ) { echo $args['before_title'] . $instance['title'] . $args['after_title']; }
 		$page_url = esc_url( $instance['fb_page_url'] );
 		$height = isset( $instance['widget_height'] ) ? $instance['widget_height'] : 350;
@@ -64,6 +64,10 @@ function form( $instance ) {
 		$show_faces = ! empty( $instance['show_faces'] ) ? 'checked="checked"' : '';
 		$show_stream = ! empty( $instance['show_stream'] ) ? 'checked="checked"' : '';
 		?>
+		<p>
+			<label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title', 'largo'); ?>:</label>
+			<input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr(strip_tags($instance['title'])); ?>" />
+		</p>
 
 		<p>
 			<label for="<?php echo $this->get_field_id( 'fb_page_url' ); ?>"><?php _e( 'Facebook Page URL:', 'largo' ); ?></label>
@@ -80,10 +84,6 @@ function form( $instance ) {
 			<br />
 			<input class="checkbox" type="checkbox" <?php echo $show_stream; ?> id="<?php echo $this->get_field_id( 'show_stream' ); ?>" name="<?php echo $this->get_field_name( 'show_stream' ); ?>" /> <label for="<?php echo $this->get_field_id( 'show_stream' ); ?>"><?php _e( 'Show Stream?', 'largo' ); ?></label>
 		</p>
-		<p>
-			<label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title', 'largo'); ?>:</label>
-			<input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr(strip_tags($instance['title'])); ?>" />
-		</p>
 
 	<?php
 	}

diff --git a/inc/widgets/largo-twitter.php b/inc/widgets/largo-twitter.php
@@ -22,7 +22,9 @@ function __construct() {
 	function widget( $args, $instance ) {
 
 		echo $args['before_widget'];
-
+		$instance['title'] = apply_filters( 'widget_title', ( empty( $instance['title'] ) ? '' : $instance['title'] ), $instance ) ;
+		if ( !empty( $instance['title'] ) ) { echo $args['before_title'] . $instance['title'] . $args['after_title']; }
+
 		// Build the placeholder URLs used by various widget types
 		// Note that these are not strictly necessary (widget will render as long as the data-widget-id attribute is correct
 		// The URL and text are just used as a fallback if the JS doesn't load
@@ -49,7 +51,7 @@ function widget( $args, $instance ) {
 				/* translators: Tweets by @username */
 				$widget_text = __( 'Tweets by @' . $instance['twitter_username'], 'largo' );
 		}
-			
+
 		$widget_embed = sprintf( '<a class="twitter-timeline" href="%1$s">%2$s</a>',
 			esc_url( $widget_href ),
 			esc_attr( $widget_text )
@@ -74,6 +76,7 @@ function widget( $args, $instance ) {
 
 	function update( $new_instance, $old_instance ) {
 		$instance = $old_instance;
+		$instance['title'] = sanitize_text_field( $new_instance['title'] );
 		$instance['twitter_username'] = sanitize_text_field( $new_instance['twitter_username'] );
 		$instance['twitter_list_slug'] = sanitize_text_field( $new_instance['twitter_list_slug'] );
 		$instance['widget_ID'] = sanitize_text_field( $new_instance['widget_ID'] );
@@ -93,6 +96,10 @@ function form( $instance ) {
 		$instance = wp_parse_args( (array) $instance, $defaults );
 
 		?>
+		<p>
+			<label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title', 'largo'); ?>:</label>
+			<input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr(strip_tags($instance['title'])); ?>" />
+		</p>
 
 		<p>
 			<label for="<?php echo $this->get_field_id( 'widget_type' ); ?>"><?php _e('Widget Type', 'largo'); ?></label>
@@ -128,13 +135,12 @@ function form( $instance ) {
 			<label for="<?php echo $this->get_field_id( 'twitter_collection_title' ); ?>"><?php _e( 'Collection Title (for collection widget):', 'largo' ); ?></label>
 			<input id="<?php echo $this->get_field_id( 'twitter_collection_title' ); ?>" name="<?php echo $this->get_field_name( 'twitter_collection_title' ); ?>" value="<?php echo esc_attr( $instance['twitter_collection_title'] ); ?>" style="width:90%;" />
 		</p>
-
 	<?php
 	}
 
 	/**
 	 * Returns true if this widget has been rendered one or more times.
-	 * 
+	 *
 	 * @since 0.5
 	 */
 	static function is_rendered() {