CVE-2023-5085: class-advanced-menu-widget.php in advanced-menu-widget/trunk – WordPress Plugin Repository

1<?php2/**3 * Advanced Menu Widget class4 */5class Advanced_Menu_Widget extends WP_Widget {67 function __construct() {8 $widget_ops = array( ‘description’ => ‘Use this widget to add one of your custom menus as a widget.’ );9 parent::__construct( 'advanced_menu’, 'Advanced Menu’, $widget_ops );10 }1112 function widget($args, $instance) {1314 $items_wrap = !empty( $instance[‘dropdown’] ) ? '<select id="amw-‘.$this->number.’" class="%2$s amw" onchange="onNavChange(this)"><option value="">Select</option>%3$s</select>’ : '<ul id="%1$s" class="%2$s">%3$s</ul>’;15 $only_related_walker = ( $instance[‘only_related’] == 2 || $instance[‘only_related’] == 3 || 1 == 1 )? new AMW_Related_Sub_Items_Walker : new Walker_Nav_Menu;16 $strict_sub = $instance[‘only_related’] == 3 ? 1 : 0;17 $only_related = $instance[‘only_related’] == 2 || $instance[‘only_related’] == 3 ? 1 : 0;18 $depth = $instance[‘depth’] ? $instance[‘depth’] : 0;19 $container = isset( $instance[‘container’] ) ? $instance[‘container’] : 'div’;20 $container_id = isset( $instance[‘container_id’] ) ? $instance[‘container_id’] : '’;21 $menu_class = isset( $instance[‘menu_class’] ) ? $instance[‘menu_class’] : 'menu’;22 $before = isset( $instance[‘before’] ) ? $instance[‘before’] : '’;23 $after = isset( $instance[‘after’] ) ? $instance[‘after’] : '’;24 $link_before = isset( $instance[‘link_before’] ) ? $instance[‘link_before’] : '’;25 $link_after = isset( $instance[‘link_after’] ) ? $instance[‘link_after’] : '’;26 $filter = ! empty( $instance[‘filter’] ) ? $instance[‘filter’] : 0;27 $filter_selection = $instance[‘filter_selection’] ? $instance[‘filter_selection’] : 0;28 $custom_widget_class = isset( $instance[‘custom_widget_class’] ) ? trim($instance[‘custom_widget_class’]) : '’;29 $include_parent = ! empty( $instance[‘include_parent’] ) ? 1 : 0;30 $post_parent = ! empty( $instance[‘post_parent’] ) ? 1 : 0;31 $description = ! empty( $instance[‘description’] ) ? 1 : 0;32 $start_depth = ! empty($instance[‘start_depth’]) ? absint($instance[‘start_depth’]) : 0;33 $hide_title = ! empty( $instance[‘hide_title’] ) ? 1 : 0;34 $parent_title = ! empty( $instance[‘parent_title’] ) ? 1 : 0;35 $container_class =’’;3637 // Get menu38 $menu = wp_get_nav_menu_object( $instance[‘nav_menu’] );3940 if ( ! $menu || is_wp_error($menu) )41 return;4243 $menu_args = array(44 ‘echo’ => false,45 ‘items_wrap’ => '%3$s’,46 ‘fallback_cb’ => '’,47 ‘menu’ => $menu,48 ‘walker’ => $only_related_walker,49 ‘depth’ => $depth,50 ‘only_related’ => $only_related,51 ‘strict_sub’ => $strict_sub,52 ‘filter_selection’ => $filter_selection,53 ‘container’ => false,54 ‘container_id’ => $container_id,55 ‘menu_class’ => $menu_class,56 ‘before’ => $before, ‘after’ => $after,57 ‘link_before’ => $link_before,58 ‘link_after’ => $link_after,59 ‘filter’ => $filter,60 ‘include_parent’ => $include_parent,61 ‘post_parent’ => $post_parent,62 ‘description’ => $description,63 ‘start_depth’ => $start_depth,64 ‘dropdown’ => $instance[‘dropdown’],65 ‘parent_title’ => $parent_title,66 );6768 $wp_nav_menu = wp_nav_menu( $menu_args );6970 if ( !$wp_nav_menu && $hide_title )71 return;7273 if ( $custom_widget_class ) {74 echo str_replace (‘class="’, ‘class="’ . “$custom_widget_class “, $args[‘before_widget’]);75 } else {76 echo $args[‘before_widget’];77 }7879 if ( $parent_title && $cached_parent_title = wp_cache_get( ‘parent_title_’ . $menu->slug ) ) {80 $instance[‘title’] = $cached_parent_title;81 }8283 $instance[‘title’] = apply_filters('widget_title’, $instance[‘title’], $instance, $this->id_base);8485 if ( !empty($instance[‘title’]) )86 echo $args[‘before_title’] . $instance[‘title’] . $args[‘after_title’];8788 if ( $wp_nav_menu ) {8990 static $menu_id_slugs = array();9192 $nav_menu =’’;9394 $show_container = false;95 if ( $container ) {96 $allowed_tags = apply_filters( ‘wp_nav_menu_container_allowedtags’, array( ‘div’, ‘nav’ ) );97 if ( in_array( $container, $allowed_tags ) ) {98 $show_container = true;99 $class = $container_class ? ' class="’ . esc_attr( $container_class ) . ‘"’ : ' class="menu-‘. $menu->slug .’-container"’;100 $id = $container_id ? ' id="’ . esc_attr( $container_id ) . ‘"’ : '’;101 $nav_menu .= '<’. $container . $id . $class . '>’;102 }103 }104105 // Attributes106 if ( ! empty( $menu_id ) ) {107 $wrap_id = $menu_id;108 } else {109 $wrap_id = 'menu-' . $menu->slug;110 while ( in_array( $wrap_id, $menu_id_slugs ) ) {111 if ( preg_match( '#-(\d+)$#’, $wrap_id, $matches ) )112 $wrap_id = preg_replace('#-(\d+)$#’, '-' . ++$matches[1], $wrap_id );113 else114 $wrap_id = $wrap_id . '-1’;115 }116 }117 $menu_id_slugs[] = $wrap_id;118119 $wrap_class = $menu_class ? $menu_class : '’;120121 $nav_menu .= sprintf( $items_wrap, esc_attr( $wrap_id ), esc_attr( $wrap_class ), $wp_nav_menu );122123 if ( $show_container )124 $nav_menu .= ‘</’ . $container . '>’;125126 echo $nav_menu;127128 if ( $instance[‘dropdown’] ) : ?>129 <script type=’text/javascript’>130 /* <![CDATA[ */131 function onNavChange(dropdown) {132 if ( dropdown.options[dropdown.selectedIndex].value ) {133 location.href = dropdown.options[dropdown.selectedIndex].value;134 }135 }136 /* ]]> */137 </script>138 <?php endif;139 }140141 echo $args[‘after_widget’];142 }143144 function update( $new_instance, $old_instance ) {145 $instance = $old_instance;146 $instance[‘title’] = strip_tags( stripslashes($new_instance[‘title’]) );147 $instance[‘nav_menu’] = (int) $new_instance[‘nav_menu’];148 $instance[‘depth’] = (int) $new_instance[‘depth’];149 $instance[‘only_related’] = ! $new_instance[‘filter_selection’] ? (int) $new_instance[‘only_related’] : 0;150 $instance[‘filter_selection’] = (int) $new_instance[‘filter_selection’];151 $instance[‘container’] = $new_instance[‘container’];152 $instance[‘container_id’] = $new_instance[‘container_id’];153 $instance[‘menu_class’] = $new_instance[‘menu_class’];154 $instance[‘before’] = $new_instance[‘before’];155 $instance[‘after’] = $new_instance[‘after’];156 $instance[‘link_before’] = $new_instance[‘link_before’];157 $instance[‘link_after’] = $new_instance[‘link_after’];158 $instance[‘filter’] = ! empty( $new_instance[‘filter’] ) ? (int) $new_instance[‘filter’] : 0;159 $instance[‘include_parent’] = ! empty( $new_instance[‘include_parent’] ) ? 1 : 0;160 $instance[‘post_parent’] = ! empty( $new_instance[‘post_parent’] ) ? 1 : 0;161 $instance[‘description’] = ! empty( $new_instance[‘description’] ) ? 1 : 0;162 $instance[‘dropdown’] = ! empty( $new_instance[‘dropdown’] ) ? 1 : 0;163 $instance[‘custom_widget_class’] = $new_instance[‘custom_widget_class’];164 $instance[‘start_depth’] = absint( $new_instance[‘start_depth’] );165 $instance[‘hide_title’] = ! empty( $new_instance[‘hide_title’] ) ? 1 : 0;166 $instance[‘parent_title’] = ! empty( $new_instance[‘parent_title’] ) ? 1 : 0;167168 if ( $instance[‘filter’] == 1 ) {169 $instance[‘only_related’] = 3;170 }171172 return $instance;173 }174175 function form( $instance ) {176 $title = isset( $instance[‘title’] ) ? $instance[‘title’] : '’;177 $nav_menu = isset( $instance[‘nav_menu’] ) ? $instance[‘nav_menu’] : '’;178 $only_related = isset( $instance[‘only_related’] ) ? (int) $instance[‘only_related’] : 1;179 $depth = isset( $instance[‘depth’] ) ? (int) $instance[‘depth’] : 0;180 $container = isset( $instance[‘container’] ) ? $instance[‘container’] : 'div’;181 $container_id = isset( $instance[‘container_id’] ) ? $instance[‘container_id’] : '’;182 $menu_class = isset( $instance[‘menu_class’] ) ? $instance[‘menu_class’] : 'menu’;183 $before = isset( $instance[‘before’] ) ? $instance[‘before’] : '’;184 $after = isset( $instance[‘after’] ) ? $instance[‘after’] : '’;185 $link_before = isset( $instance[‘link_before’] ) ? $instance[‘link_before’] : '’;186 $link_after = isset( $instance[‘link_after’] ) ? $instance[‘link_after’] : '’;187 $filter_selection = isset( $instance[‘filter_selection’] ) ? (int) $instance[‘filter_selection’] : 0;188 $custom_widget_class = isset( $instance[‘custom_widget_class’] ) ? $instance[‘custom_widget_class’] : '’;189 $start_depth = isset($instance[‘start_depth’]) ? absint($instance[‘start_depth’]) : 0;190 $filter = isset($instance[‘filter’]) ? absint($instance[‘filter’]) : 0;191192 // Get menus193 $menus = get_terms( 'nav_menu’, array( ‘hide_empty’ => false ) );194195 // If no menus exists, direct the user to go and create some.196 if ( !$menus ) {197 echo '<p>’. sprintf( __(‘No menus have been created yet. <a href="%s">Create some</a>.’), admin_url(‘nav-menus.php’) ) .’</p>’;198 return;199 }200 ?>201 <p>202 <label for="<?php echo $this->get_field_id(‘title’); ?>"><?php _e(‘Title:’) ?></label>203 <input type="text” class="widefat” id="<?php echo $this->get_field_id(‘title’); ?>" name="<?php echo $this->get_field_name(‘title’); ?>" value="<?php echo $title; ?>" />204 </p>205 <p><input id="<?php echo $this->get_field_id(‘hide_title’); ?>" name="<?php echo $this->get_field_name(‘hide_title’); ?>" type="checkbox" <?php checked(isset($instance[‘hide_title’]) ? $instance[‘hide_title’] : 0); ?> /> <label for="<?php echo $this->get_field_id(‘hide_title’); ?>"><?php _e(‘Hide title if menu is empty’); ?></label>206 </p>207 <p><input id="<?php echo $this->get_field_id(‘parent_title’); ?>" name="<?php echo $this->get_field_name(‘parent_title’); ?>" type="checkbox" <?php checked(isset($instance[‘parent_title’]) ? $instance[‘parent_title’] : 0); ?> /> <label for="<?php echo $this->get_field_id(‘parent_title’); ?>"><?php _e(‘Use first parent as title’); ?></label>208 </p>209 <p>210 <label for="<?php echo $this->get_field_id(‘custom_widget_class’); ?>"><?php _e(‘Custom Widget Class:’) ?></label>211 <input type="text" class="widefat" id="<?php echo $this->get_field_id(‘custom_widget_class’); ?>" name="<?php echo $this->get_field_name(‘custom_widget_class’); ?>" value="<?php echo $custom_widget_class; ?>" />212 </p>213 <p>214 <label for="<?php echo $this->get_field_id(‘nav_menu’); ?>"><?php _e(‘Select Menu:’); ?></label>215 <select id="<?php echo $this->get_field_id(‘nav_menu’); ?>" name="<?php echo $this->get_field_name(‘nav_menu’); ?>">216 <?php217 foreach ( $menus as $menu ) {218 $selected = $nav_menu == $menu->term_id ? ' selected="selected"’ : '’;219 echo ‘<option’. $selected .’ value="’. $menu->term_id .’">’. $menu->name .’</option>’;220 }221 ?>222 </select>223 </p>224 <p><input id="<?php echo $this->get_field_id(‘dropdown’); ?>" name="<?php echo $this->get_field_name(‘dropdown’); ?>" type="checkbox" <?php checked(isset($instance[‘dropdown’]) ? $instance[‘dropdown’] : 0); ?> /> <label for="<?php echo $this->get_field_id(‘dropdown’); ?>"><?php _e(‘Show as dropdown’); ?></label>225 </p>226 <p>227 <p><label for="<?php echo $this->get_field_id(‘only_related’); ?>"><?php _e(‘Show hierarchy:’); ?></label>228 <select name="<?php echo $this->get_field_name(‘only_related’); ?>" id="<?php echo $this->get_field_id(‘only_related’); ?>" class="widefat">229 <option value="1"<?php selected( $only_related, 1 ); ?>><?php _e(‘Display all’); ?></option>230 <option value="2"<?php selected( $only_related, 2 ); ?>><?php _e(‘Only related sub-items’); ?></option>231 <option value="3"<?php selected( $only_related, 3 ); ?>><?php _e( ‘Only strictly related sub-items’ ); ?></option>232 </select>233 </p>234 <p><label for="<?php echo $this->get_field_id(‘start_depth’); ?>"><?php _e(‘Starting depth:’); ?></label>235 <input id="<?php echo $this->get_field_id(‘start_depth’); ?>" name="<?php echo $this->get_field_name(‘start_depth’); ?>" type="text" value="<?php echo $start_depth; ?>" size="3" />236 </p>237 <p><label for="<?php echo $this->get_field_id(‘depth’); ?>"><?php _e(‘How many levels to display:’); ?></label>238 <select name="<?php echo $this->get_field_name(‘depth’); ?>" id="<?php echo $this->get_field_id(‘depth’); ?>" class="widefat">239 <option value="0"<?php selected( $depth, 0 ); ?>><?php _e(‘Unlimited depth’); ?></option>240 <option value="1"<?php selected( $depth, 1 ); ?>><?php _e( ‘1 level deep’ ); ?></option>241 <option value="2"<?php selected( $depth, 2 ); ?>><?php _e( ‘2 levels deep’ ); ?></option>242 <option value="3"<?php selected( $depth, 3 ); ?>><?php _e( ‘3 levels deep’ ); ?></option>243 <option value="4"<?php selected( $depth, 4 ); ?>><?php _e( ‘4 levels deep’ ); ?></option>244 <option value="5"<?php selected( $depth, 5 ); ?>><?php _e( ‘5 levels deep’ ); ?></option>245 <option value="-1"<?php selected( $depth, -1 ); ?>><?php _e( ‘Flat display’ ); ?></option>246 </select>247 <p>248 <p><label for="<?php echo $this->get_field_id(‘filter_selection’); ?>"><?php _e(‘Filter selection from:’); ?></label>249 <select name="<?php echo $this->get_field_name(‘filter_selection’); ?>" id="<?php echo $this->get_field_id(‘filter_selection’); ?>" class="widefat">250 <option value="0"<?php selected( $only_related, 0 ); ?>><?php _e(‘Display all’); ?></option>251 <?php252 $menu_id = ( $nav_menu ) ? $nav_menu : $menus[0]->term_id;253 $menu_items = wp_get_nav_menu_items($menu_id);254 foreach ( $menu_items as $menu_item ) {255 echo '<option value="’.$menu_item->ID.’"’.selected( $filter_selection, $menu_item->ID ).’>’.$menu_item->title.’</option>’;256 }257 ?>258 </select>259 </p>260 <p>Select the filter:</p>261 <p>262 <label for="<?php echo $this->get_field_id(‘filter’); ?>_0">263 <input id="<?php echo $this->get_field_id(‘filter’); ?>_0" name="<?php echo $this->get_field_name(‘filter’); ?>" type="radio" value="0" <?php checked( $filter || empty($filter) ); ?> /> None264 </label><br />265 <label for="<?php echo $this->get_field_id(‘filter’); ?>_1">266 <input id="<?php echo $this->get_field_id(‘filter’); ?>_1" name="<?php echo $this->get_field_name(‘filter’); ?>" type="radio" value="1" <?php checked(“1” , $filter); ?> /> Display direct path267 </label><br />268 <label for="<?php echo $this->get_field_id(‘filter’); ?>_2">269 <input id="<?php echo $this->get_field_id(‘filter’); ?>_2" name="<?php echo $this->get_field_name(‘filter’); ?>" type="radio" value="2" <?php checked(“2” , $filter); ?> /> Display only children of selected item270 </label>271 </p>272 <p><input id="<?php echo $this->get_field_id(‘include_parent’); ?>" name="<?php echo $this->get_field_name(‘include_parent’); ?>" type="checkbox" <?php checked(isset($instance[‘include_parent’]) ? $instance[‘include_parent’] : 0); ?> /> <label for="<?php echo $this->get_field_id(‘include_parent’); ?>"><?php _e(‘Include parents’); ?></label>273 </p>274 <p><input id="<?php echo $this->get_field_id(‘post_parent’); ?>" name="<?php echo $this->get_field_name(‘post_parent’); ?>" type="checkbox" <?php checked(isset($instance[‘post_parent’]) ? $instance[‘post_parent’] : 0); ?> /> <label for="<?php echo $this->get_field_id(‘post_parent’); ?>"><?php _e(‘Post related parents’); ?></label>275 </p>276 <p><input id="<?php echo $this->get_field_id(‘description’); ?>" name="<?php echo $this->get_field_name(‘description’); ?>" type="checkbox" <?php checked(isset($instance[‘description’]) ? $instance[‘description’] : 0); ?> /> <label for="<?php echo $this->get_field_id(‘description’); ?>"><?php _e(‘Include descriptions’); ?></label>277 </p>278 <p>279 <label for="<?php echo $this->get_field_id(‘container’); ?>"><?php _e(‘Container:’) ?></label>280 <input type="text" class="widefat" id="<?php echo $this->get_field_id(‘container’); ?>" name="<?php echo $this->get_field_name(‘container’); ?>" value="<?php echo $container; ?>" />281 <small><?php _e( ‘Whether to wrap the ul, and what to wrap it with.’ ); ?></small>282 </p>283 <p>284 <label for="<?php echo $this->get_field_id(‘container_id’); ?>"><?php _e(‘Container ID:’) ?></label>285 <input type="text" class="widefat" id="<?php echo $this->get_field_id(‘container_id’); ?>" name="<?php echo $this->get_field_name(‘container_id’); ?>" value="<?php echo $container_id; ?>" />286 <small><?php _e( ‘The ID that is applied to the container.’ ); ?></small>287 </p>288 <p>289 <label for="<?php echo $this->get_field_id(‘menu_class’); ?>"><?php _e(‘Menu Class:’) ?></label>290 <input type="text" class="widefat" id="<?php echo $this->get_field_id(‘menu_class’); ?>" name="<?php echo $this->get_field_name(‘menu_class’); ?>" value="<?php echo $menu_class; ?>" />291 <small><?php _e( ‘CSS class to use for the ul element which forms the menu.’ ); ?></small>292 </p>293 <p>294 <label for="<?php echo $this->get_field_id(‘before’); ?>"><?php _e(‘Before the link:’) ?></label>295 <input type="text" class="widefat" id="<?php echo $this->get_field_id(‘before’); ?>" name="<?php echo $this->get_field_name(‘before’); ?>" value="<?php echo $before; ?>" />296 <small><?php _e( htmlspecialchars(‘Output text before the <a> of the link.’) ); ?></small>297 </p>298 <p>299 <label for="<?php echo $this->get_field_id(‘after’); ?>"><?php _e(‘After the link:’) ?></label>300 <input type="text" class="widefat" id="<?php echo $this->get_field_id(‘after’); ?>" name="<?php echo $this->get_field_name(‘after’); ?>" value="<?php echo $after; ?>" />301 <small><?php _e( htmlspecialchars(‘Output text after the <a> of the link.’) ); ?></small>302 </p>303 <p>304 <label for="<?php echo $this->get_field_id(‘link_before’); ?>"><?php _e(‘Before the link text:’) ?></label>305 <input type="text" class="widefat" id="<?php echo $this->get_field_id(‘link_before’); ?>" name="<?php echo $this->get_field_name(‘link_before’); ?>" value="<?php echo $link_before; ?>" />306 <small><?php _e( ‘Output text before the link text.’ ); ?></small>307 </p>308 <p>309 <label for="<?php echo $this->get_field_id(‘link_after’); ?>"><?php _e(‘After the link text:’) ?></label>310 <input type="text" class="widefat" id="<?php echo $this->get_field_id(‘link_after’); ?>" name="<?php echo $this->get_field_name(‘link_after’); ?>" value="<?php echo $link_after; ?>" />311 <small><?php _e( ‘Output text after the link text.’ ); ?></small>312 </p>313 <?php314 }315}