1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
|
<?php
/**
* Widget API: WP_Widget_Custom_HTML class
*
* @package WordPress
* @subpackage Widgets
* @since 4.8.1
*/
/**
* Core class used to implement a Custom HTML widget.
*
* @since 4.8.1
*
* @see WP_Widget
*/
class WP_Widget_Custom_HTML extends WP_Widget {
/**
* Whether or not the widget has been registered yet.
*
* @since 4.9.0
* @var bool
*/
protected $registered = false;
/**
* Default instance.
*
* @since 4.8.1
* @var array
*/
protected $default_instance = array(
'title' => '',
'content' => '',
);
/**
* Sets up a new Custom HTML widget instance.
*
* @since 4.8.1
*/
public function __construct() {
$widget_ops = array(
'classname' => 'widget_custom_html',
'description' => __( 'Arbitrary HTML code.' ),
'customize_selective_refresh' => true,
'show_instance_in_rest' => true,
);
$control_ops = array(
'width' => 400,
'height' => 350,
);
parent::__construct( 'custom_html', __( 'Custom HTML' ), $widget_ops, $control_ops );
}
/**
* Add hooks for enqueueing assets when registering all widget instances of this widget class.
*
* @since 4.9.0
*
* @param int $number Optional. The unique order number of this widget instance
* compared to other instances of the same class. Default -1.
*/
public function _register_one( $number = -1 ) {
parent::_register_one( $number );
if ( $this->registered ) {
return;
}
$this->registered = true;
/*
* Note that the widgets component in the customizer will also do
* the 'admin_print_scripts-widgets.php' action in WP_Customize_Widgets::print_scripts().
*/
add_action( 'admin_print_scripts-widgets.php', array( $this, 'enqueue_admin_scripts' ) );
/*
* Note that the widgets component in the customizer will also do
* the 'admin_footer-widgets.php' action in WP_Customize_Widgets::print_footer_scripts().
*/
add_action( 'admin_footer-widgets.php', array( 'WP_Widget_Custom_HTML', 'render_control_template_scripts' ) );
// Note this action is used to ensure the help text is added to the end.
add_action( 'admin_head-widgets.php', array( 'WP_Widget_Custom_HTML', 'add_help_text' ) );
}
/**
* Filters gallery shortcode attributes.
*
* Prevents all of a site's attachments from being shown in a gallery displayed on a
* non-singular template where a $post context is not available.
*
* @since 4.9.0
*
* @param array $attrs Attributes.
* @return array Attributes.
*/
public function _filter_gallery_shortcode_attrs( $attrs ) {
if ( ! is_singular() && empty( $attrs['id'] ) && empty( $attrs['include'] ) ) {
$attrs['id'] = -1;
}
return $attrs;
}
/**
* Outputs the content for the current Custom HTML widget instance.
*
* @since 4.8.1
*
* @global WP_Post $post Global post object.
*
* @param array $args Display arguments including 'before_title', 'after_title',
* 'before_widget', and 'after_widget'.
* @param array $instance Settings for the current Custom HTML widget instance.
*/
public function widget( $args, $instance ) {
global $post;
// Override global $post so filters (and shortcodes) apply in a consistent context.
$original_post = $post;
if ( is_singular() ) {
// Make sure post is always the queried object on singular queries (not from another sub-query that failed to clean up the global $post).
$post = get_queried_object();
} else {
// Nullify the $post global during widget rendering to prevent shortcodes from running with the unexpected context on archive queries.
$post = null;
}
// Prevent dumping out all attachments from the media library.
add_filter( 'shortcode_atts_gallery', array( $this, '_filter_gallery_shortcode_attrs' ) );
$instance = array_merge( $this->default_instance, $instance );
/** This filter is documented in wp-includes/widgets/class-wp-widget-pages.php */
$title = apply_filters( 'widget_title', $instance['title'], $instance, $this->id_base );
// Prepare instance data that looks like a normal Text widget.
$simulated_text_widget_instance = array_merge(
$instance,
array(
'text' => isset( $instance['content'] ) ? $instance['content'] : '',
'filter' => false, // Because wpautop is not applied.
'visual' => false, // Because it wasn't created in TinyMCE.
)
);
unset( $simulated_text_widget_instance['content'] ); // Was moved to 'text' prop.
/** This filter is documented in wp-includes/widgets/class-wp-widget-text.php */
$content = apply_filters( 'widget_text', $instance['content'], $simulated_text_widget_instance, $this );
// Adds 'noopener' relationship, without duplicating values, to all HTML A elements that have a target.
$content = wp_targeted_link_rel( $content );
/**
* Filters the content of the Custom HTML widget.
*
* @since 4.8.1
*
* @param string $content The widget content.
* @param array $instance Array of settings for the current widget.
* @param WP_Widget_Custom_HTML $widget Current Custom HTML widget instance.
*/
$content = apply_filters( 'widget_custom_html_content', $content, $instance, $this );
// Restore post global.
$post = $original_post;
remove_filter( 'shortcode_atts_gallery', array( $this, '_filter_gallery_shortcode_attrs' ) );
// Inject the Text widget's container class name alongside this widget's class name for theme styling compatibility.
$args['before_widget'] = preg_replace( '/(?<=\sclass=["\'])/', 'widget_text ', $args['before_widget'] );
echo $args['before_widget'];
if ( ! empty( $title ) ) {
echo $args['before_title'] . $title . $args['after_title'];
}
echo '<div class="textwidget custom-html-widget">'; // The textwidget class is for theme styling compatibility.
echo $content;
echo '</div>';
echo $args['after_widget'];
}
/**
* Handles updating settings for the current Custom HTML widget instance.
*
* @since 4.8.1
*
* @param array $new_instance New settings for this instance as input by the user via
* WP_Widget::form().
* @param array $old_instance Old settings for this instance.
* @return array Settings to save or bool false to cancel saving.
*/
public function update( $new_instance, $old_instance ) {
$instance = array_merge( $this->default_instance, $old_instance );
$instance['title'] = sanitize_text_field( $new_instance['title'] );
if ( current_user_can( 'unfiltered_html' ) ) {
$instance['content'] = $new_instance['content'];
} else {
$instance['content'] = wp_kses_post( $new_instance['content'] );
}
return $instance;
}
/**
* Loads the required scripts and styles for the widget control.
*
* @since 4.9.0
*/
public function enqueue_admin_scripts() {
$settings = wp_enqueue_code_editor(
array(
'type' => 'text/html',
'codemirror' => array(
'indentUnit' => 2,
'tabSize' => 2,
),
)
);
wp_enqueue_script( 'custom-html-widgets' );
wp_add_inline_script( 'custom-html-widgets', sprintf( 'wp.customHtmlWidgets.idBases.push( %s );', wp_json_encode( $this->id_base ) ) );
if ( empty( $settings ) ) {
$settings = array(
'disabled' => true,
);
}
wp_add_inline_script( 'custom-html-widgets', sprintf( 'wp.customHtmlWidgets.init( %s );', wp_json_encode( $settings ) ), 'after' );
$l10n = array(
'errorNotice' => array(
/* translators: %d: Error count. */
'singular' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 1 ),
/* translators: %d: Error count. */
'plural' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 2 ),
// @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491.
),
);
wp_add_inline_script( 'custom-html-widgets', sprintf( 'jQuery.extend( wp.customHtmlWidgets.l10n, %s );', wp_json_encode( $l10n ) ), 'after' );
}
/**
* Outputs the Custom HTML widget settings form.
*
* @since 4.8.1
* @since 4.9.0 The form contains only hidden sync inputs. For the control UI, see `WP_Widget_Custom_HTML::render_control_template_scripts()`.
*
* @see WP_Widget_Custom_HTML::render_control_template_scripts()
*
* @param array $instance Current instance.
*/
public function form( $instance ) {
$instance = wp_parse_args( (array) $instance, $this->default_instance );
?>
<input id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" class="title sync-input" type="hidden" value="<?php echo esc_attr( $instance['title'] ); ?>" />
<textarea id="<?php echo $this->get_field_id( 'content' ); ?>" name="<?php echo $this->get_field_name( 'content' ); ?>" class="content sync-input" hidden><?php echo esc_textarea( $instance['content'] ); ?></textarea>
<?php
}
/**
* Render form template scripts.
*
* @since 4.9.0
*/
public static function render_control_template_scripts() {
?>
<script type="text/html" id="tmpl-widget-custom-html-control-fields">
<# var elementIdPrefix = 'el' + String( Math.random() ).replace( /\D/g, '' ) + '_' #>
<p>
<label for="{{ elementIdPrefix }}title"><?php esc_html_e( 'Title:' ); ?></label>
<input id="{{ elementIdPrefix }}title" type="text" class="widefat title">
</p>
<p>
<label for="{{ elementIdPrefix }}content" id="{{ elementIdPrefix }}content-label"><?php esc_html_e( 'Content:' ); ?></label>
<textarea id="{{ elementIdPrefix }}content" class="widefat code content" rows="16" cols="20"></textarea>
</p>
<?php if ( ! current_user_can( 'unfiltered_html' ) ) : ?>
<?php
$probably_unsafe_html = array( 'script', 'iframe', 'form', 'input', 'style' );
$allowed_html = wp_kses_allowed_html( 'post' );
$disallowed_html = array_diff( $probably_unsafe_html, array_keys( $allowed_html ) );
?>
<?php if ( ! empty( $disallowed_html ) ) : ?>
<# if ( data.codeEditorDisabled ) { #>
<p>
<?php _e( 'Some HTML tags are not permitted, including:' ); ?>
<code><?php echo implode( '</code>, <code>', $disallowed_html ); ?></code>
</p>
<# } #>
<?php endif; ?>
<?php endif; ?>
<div class="code-editor-error-container"></div>
</script>
<?php
}
/**
* Add help text to widgets admin screen.
*
* @since 4.9.0
*/
public static function add_help_text() {
$screen = get_current_screen();
$content = '<p>';
$content .= __( 'Use the Custom HTML widget to add arbitrary HTML code to your widget areas.' );
$content .= '</p>';
if ( 'false' !== wp_get_current_user()->syntax_highlighting ) {
$content .= '<p>';
$content .= sprintf(
/* translators: 1: Link to user profile, 2: Additional link attributes, 3: Accessibility text. */
__( 'The edit field automatically highlights code syntax. You can disable this in your <a href="%1$s" %2$s>user profile%3$s</a> to work in plain text mode.' ),
esc_url( get_edit_profile_url() ),
'class="external-link" target="_blank"',
sprintf(
'<span class="screen-reader-text"> %s</span>',
/* translators: Hidden accessibility text. */
__( '(opens in a new tab)' )
)
);
$content .= '</p>';
$content .= '<p id="editor-keyboard-trap-help-1">' . __( 'When using a keyboard to navigate:' ) . '</p>';
$content .= '<ul>';
$content .= '<li id="editor-keyboard-trap-help-2">' . __( 'In the editing area, the Tab key enters a tab character.' ) . '</li>';
$content .= '<li id="editor-keyboard-trap-help-3">' . __( 'To move away from this area, press the Esc key followed by the Tab key.' ) . '</li>';
$content .= '<li id="editor-keyboard-trap-help-4">' . __( 'Screen reader users: when in forms mode, you may need to press the Esc key twice.' ) . '</li>';
$content .= '</ul>';
}
$screen->add_help_tab(
array(
'id' => 'custom_html_widget',
'title' => __( 'Custom HTML Widget' ),
'content' => $content,
)
);
}
}
|
