Image Widget
[resolved] Image Widget esc_attr() function misplaced (3 posts)

  1. devon
    Posted 4 years ago #

    This plugin is great, but I've been working on a theme that requires a widget_title() filter, and after updating the plugin today, I noticed that the widget title wasn't displaying as intended any more.

    The widget_title() filter is currently applied in image-widget.php, on line 206:

    206: $title = apply_filters( 'widget_title', empty( $title ) ? '' : $title );

    Then, in views/widget.php, esc_attr() is applied to the $title output on line 12:

    12: if ( !empty( $title ) ) { echo $before_title . esc_attr($title) . $after_title; }

    This causes certain HTML markup added in the widget_title filter to display as encoded tags instead of as intended (see http://codex.wordpress.org/Function_Reference/esc_attr).

    It seems to me that the esc_attr() function should be applied when saving/updating the widget, instead of when the output is being displayed.

    I hope the author will take this into consideration in a future update. Until then, I've modified my local copy of the plugin as a temporary fix - otherwise I just won't be able to take advantage of plugin updates without testing them first.


  2. Peter Chester
    Modern Tribe
    Plugin Author

    Posted 4 years ago #

    Thanks @romaspit! This has been addressed in 3.3.2.

  3. devon
    Posted 4 years ago #

    Thanks! I updated this morning, and it works as expected!

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Image Widget
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic