public function widget( $args, $instance ) { // Merge with defaults. $instance = wp_parse_args( (array) $instance, $this->defaults ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped echo $args['before_widget']; if ( ! empty( $instance['title'] ) ) { // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped echo $args['before_title'] . apply_filters( 'widget_title', $instance['title'], $instance, $this->id_base ) . $args['after_title']; } $text = ''; if ( ! empty( $instance['alignment'] ) ) { $text .= '<span class="align' . esc_attr( $instance['alignment'] ) . '">'; } $text .= get_avatar( $instance['user'], $instance['size'] ); if ( ! empty( $instance['alignment'] ) ) { $text .= '</span>'; } if ( 'text' === $instance['author_info'] ) { $text .= $instance['bio_text']; // We run KSES on update. } else { $text .= get_the_author_meta( 'description', $instance['user'] ); } $text .= $instance['page'] ? sprintf( ' <a class="pagelink" href="%s">%s</a>', get_page_link( $instance['page'] ), $instance['page_link_text'] ) : ''; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped echo wpautop( $text ); // If posts link option checked, add posts link to output. $display_name = esc_html( get_the_author_meta( 'display_name', $instance['user'] ) ); $user_name = ( ! empty( $display_name ) && genesis_a11y( 'screen-reader-text' ) ) ? '<span class="screen-reader-text">' . $display_name . ': </span>' : ''; if ( $instance['posts_link'] ) { printf( '<div class="posts_link posts-link"><a href="%s">%s%s</a></div>', esc_url( get_author_posts_url( $instance['user'] ) ), $user_name, esc_html__( 'View My Blog Posts', 'genesis' ) ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- $user_name escaped above } echo $args['after_widget']; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Need to build the widget HTML. }