Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pods 3.1.2 #7264

Merged
merged 19 commits into from
Feb 27, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions changelog.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,22 @@ Found a bug? Have a great feature idea? Get on GitHub and tell us about it and w

Our GitHub has the full list of all prior releases of Pods: https://github.com/pods-framework/pods/releases

= 3.1.2 - February 27th, 2024 =

* Added: Now you can set Content Visibility when creating a new pod. (@sc0ttkclark)
* Added: More help text to better explain things on the Access Rights Review screen for extended content types. (@sc0ttkclark)
* Added: New option to specify whether to Sanitize Output for a field in the Additional Field Options of Heading, Paragraph, WYSIWYG, Code, and Text fields. (@sc0ttkclark)
* Added: Pod Reference metabox on the Pods Templates editor screen now has more help text and will now allow clicking to copy any magic tag to clipboard. (@sc0ttkclark)
* Added: Better explain Public vs Publicly Queryable for Post Types and Taxonomies along with showing the current Content Visibility below. (@sc0ttkclark)
* Changed: Updated CodeMirror to 5.65.16 so we can start moving towards CodeMirror 6 for the Pods Template editor. (@sc0ttkclark)
* Fixed: Resolved issues with Access Rights Review screen when making content type public or private causing it not to be fully set (only public was set on, it left out publicly_queryable). (@sc0ttkclark)

= 3.1.1 - February 22nd, 2024 =

This is just a release to retrigger the zip generation on WordPress.org that missed a fix put into the initial 3.1 release tag in SVN.

Pods 3.1 is a security focused release, see below for the changelog information.

= 3.1 - February 21st, 2024 =

*Security Release*
Expand Down
37 changes: 23 additions & 14 deletions classes/PodsAPI.php
Original file line number Diff line number Diff line change
Expand Up @@ -1444,6 +1444,8 @@ public function get_wp_object_fields( $object = 'post_type', $pod = null, $refre
* $params['create_label_plural'] string Plural Label (for Creating)
* $params['create_label_singular'] string Singular Label (for Creating)
* $params['create_storage'] string Storage Type (for Creating)
* $params['create_public'] int Whether the pod will be public (for Creating Post Types and Taxonomies)
* $params['create_publicly_queryable'] int Whether the pod will be publicly queryable (for Creating Post Types and Taxonomies)
* $params['create_rest_api'] int Whether REST API will be enabled (for Creating Post Types and Taxonomies)
* $params['extend_pod_type'] string Pod Type (for Extending)
* $params['extend_post_type'] string Post Type (for Extending Post Types)
Expand All @@ -1460,11 +1462,13 @@ public function add_pod( $params ) {
'create_extend' => 'create',
'create_pod_type' => 'post_type',

'create_name' => '',
'create_label_singular' => '',
'create_label_plural' => '',
'create_storage' => 'meta',
'create_rest_api' => 1,
'create_name' => '',
'create_label_singular' => '',
'create_label_plural' => '',
'create_storage' => 'meta',
'create_public' => 1,
'create_publicly_queryable' => 0,
'create_rest_api' => 1,

'create_setting_name' => '',
'create_label_title' => '',
Expand Down Expand Up @@ -1506,7 +1510,7 @@ public function add_pod( $params ) {
$pod_params['label'] = ( ! empty( $params->create_label_plural ) ? $params->create_label_plural : $label );
$pod_params['type'] = $params->create_pod_type;
$pod_params['label_singular'] = ( ! empty( $params->create_label_singular ) ? $params->create_label_singular : $pod_params['label'] );
$pod_params['public'] = 1;
$pod_params['public'] = 1 === (int) $params->create_public ? 1 : 0;
$pod_params['show_ui'] = 1;

// Auto-generate name if not provided
Expand All @@ -1519,9 +1523,10 @@ public function add_pod( $params ) {
return pods_error( __( 'Please enter a Name for this Pod', 'pods' ), $this );
}

$pod_params['storage'] = pods_tableless() ? 'meta' : $params->create_storage;

$pod_params['rest_enable'] = 1 === (int) $params->create_rest_api ? 1 : 0;
$pod_params['storage'] = pods_tableless() ? 'meta' : $params->create_storage;
$pod_params['publicly_queryable'] = 1 === (int) $params->create_publicly_queryable ? 1 : 0;
$pod_params['dynamic_features_allow'] = 'inherit';
$pod_params['rest_enable'] = 1 === (int) $params->create_rest_api ? 1 : 0;
} elseif ( 'taxonomy' === $pod_params['type'] ) {
if ( empty( $pod_params['name'] ) ) {
return pods_error( __( 'Please enter a Name for this Pod', 'pods' ), $this );
Expand All @@ -1532,11 +1537,11 @@ public function add_pod( $params ) {
$params->create_storage = $params->create_storage_taxonomy;
}

$pod_params['storage'] = pods_tableless() ? 'meta' : $params->create_storage;

$pod_params['hierarchical'] = 1;

$pod_params['rest_enable'] = 1 === (int) $params->create_rest_api ? 1 : 0;
$pod_params['storage'] = pods_tableless() ? 'meta' : $params->create_storage;
$pod_params['hierarchical'] = 1;
$pod_params['publicly_queryable'] = 1 === (int) $params->create_publicly_queryable ? 1 : 0;
$pod_params['dynamic_features_allow'] = 'inherit';
$pod_params['rest_enable'] = 1 === (int) $params->create_rest_api ? 1 : 0;
} elseif ( 'pod' === $pod_params['type'] ) {
if ( empty( $pod_params['name'] ) ) {
return pods_error( __( 'Please enter a Name for this Pod', 'pod' ), $this );
Expand All @@ -1546,6 +1551,10 @@ public function add_pod( $params ) {
$pod_params['type'] = 'post_type';
$pod_params['storage'] = 'meta';
}

if ( $pod_params['public'] ) {
$pod_params['public'] = 1 === (int) $params->create_publicly_queryable ? 1 : 0;
}
} elseif ( 'settings' === $pod_params['type'] ) {
$pod_params['name'] = $params->create_setting_name;
$pod_params['label'] = ( ! empty( $params->create_label_title ) ? $params->create_label_title : ucwords( str_replace( '_', ' ', $params->create_setting_name ) ) );
Expand Down
84 changes: 57 additions & 27 deletions classes/PodsAdmin.php
Original file line number Diff line number Diff line change
Expand Up @@ -1494,9 +1494,11 @@ public function admin_access_rights_review() {
],
'public' => [
'label' => __( 'Content Privacy', 'pods' ),
'type' => 'raw',
],
'dynamic_features_allow' => [
'label' => __( 'Allow Dynamic Features', 'pods' ),
'type' => 'raw',
],
'restricted_dynamic_features' => [
'label' => __( 'Restricted Dynamic Features', 'pods' ),
Expand Down Expand Up @@ -1592,19 +1594,16 @@ public function admin_access_rights_review() {
$file_source = str_replace( ABSPATH, '', $file_source );
}

ob_start();

pods_help(
$source .= ' ' . pods_help(
sprintf(
'<strong>%s:</strong> %s',
esc_html__( 'File source', 'pods' ),
esc_html( $file_source )
),
null,
'.pods-admin-container'
'.pods-admin-container',
true
);

$source .= ' ' . ob_get_clean();
}
} elseif ( 'collection' === $object_storage_type ) {
$code_source = $pod->get_arg( '_pods_code_source' );
Expand All @@ -1614,19 +1613,16 @@ public function admin_access_rights_review() {
$code_source = str_replace( ABSPATH, '', $code_source );
}

ob_start();

pods_help(
$source .= ' ' . pods_help(
sprintf(
'<strong>%s:</strong> %s',
esc_html__( 'Code source', 'pods' ),
esc_html( $code_source )
),
null,
'.pods-admin-container'
'.pods-admin-container',
true
);

$source .= ' ' . ob_get_clean();
}
}
}
Expand Down Expand Up @@ -1655,7 +1651,7 @@ public function admin_access_rights_review() {
$dynamic_features_allow_label .= ' - ' . ( $is_public ? $dynamic_features_allow_options['1'] : $dynamic_features_allow_options['0'] );
}

$pod = [
$pod_row = [
'id' => $pod['id'],
'label' => $pod['label'],
'name' => $pod['name'],
Expand All @@ -1676,20 +1672,35 @@ public function admin_access_rights_review() {
] ),
];

$other_view_groups['public']['views'][ (string) $pod['real_public'] ]['count'] ++;
if ( $pod->is_extended() ) {
$extended_help_text = pods_help(
__( 'This is an extended content type. The Content Privacy cannot be changed by Pods. You can choose to enable Dynamic Features separately anyway if it has "WP Default" used.', 'pods' ),
null,
'.pods-admin-container',
true
);

$pod_row['public'] .= $extended_help_text;

if ( empty( $pod['restricted_dynamic_features'] ) ) {
$pod['restricted_dynamic_features'] = __( 'Unrestricted', 'pods' );
$pod['real_restricted_dynamic_features'] = 'unrestricted';
if ( 'inherit' === $dynamic_features_allow ) {
$pod_row['dynamic_features_allow'] .= $extended_help_text;
}
}

$other_view_groups['public']['views'][ (string) $pod_row['real_public'] ]['count'] ++;

if ( empty( $pod_row['restricted_dynamic_features'] ) ) {
$pod_row['restricted_dynamic_features'] = __( 'Unrestricted', 'pods' );
$pod_row['real_restricted_dynamic_features'] = 'unrestricted';
} else {
foreach ( $pod['restricted_dynamic_features'] as $fk => $feature ) {
$pod['restricted_dynamic_features'][ $fk ] = pods_v( $feature, $restricted_dynamic_features_options, ucwords( $feature ) );
foreach ( $pod_row['restricted_dynamic_features'] as $fk => $feature ) {
$pod_row['restricted_dynamic_features'][ $fk ] = pods_v( $feature, $restricted_dynamic_features_options, ucwords( $feature ) );
}

$pod['real_restricted_dynamic_features'] = 'restricted';
$pod_row['real_restricted_dynamic_features'] = 'restricted';
}

$other_view_groups['restricted_dynamic_features']['views'][ $pod['real_restricted_dynamic_features'] ]['count'] ++;
$other_view_groups['restricted_dynamic_features']['views'][ $pod_row['real_restricted_dynamic_features'] ]['count'] ++;

// @codingStandardsIgnoreLine
if ( 'manage' !== pods_v( 'action' ) ) {
Expand All @@ -1699,18 +1710,18 @@ public function admin_access_rights_review() {
if (
(
$found_id
&& $pod['id'] === $found_id
&& $pod_row['id'] === $found_id
)
|| (
$found_name
&& $pod['name'] === $found_name
&& $pod_row['name'] === $found_name
)
) {
$row = $pod;
$row = $pod_row;
}
}

$pod_list[] = $pod;
$pod_list[] = $pod_row;
}//end foreach

if ( ! $has_source ) {
Expand Down Expand Up @@ -2816,7 +2827,16 @@ public function admin_access_rights_review_make_public( $obj, $id, $mode = 'sing
return 'bulk' !== $mode ? $obj->error( __( 'Pod cannot be modified.', 'pods' ) ) : false;
}

pods_api()->save_pod( [ 'id' => $id, 'public' => 1 ] );
$params = [
'id' => $id,
'public' => 1,
];

if ( in_array( $pod->get_type(), [ 'post_type', 'taxonomy' ], true ) ) {
$params['publicly_queryable'] = 1;
}

pods_api()->save_pod( $params );

foreach ( $obj->data as $key => $data_pod ) {
if ( (int) $id === (int) $data_pod['id'] ) {
Expand Down Expand Up @@ -2882,7 +2902,17 @@ public function admin_access_rights_review_make_private( $obj, $id, $mode = 'sin
return 'bulk' !== $mode ? $obj->error( __( 'Pod cannot be modified.', 'pods' ) ) : false;
}

pods_api()->save_pod( [ 'id' => $id, 'public' => 0 ] );
$params = [
'id' => $id,
];

if ( in_array( $pod->get_type(), [ 'post_type', 'taxonomy' ], true ) ) {
$params['publicly_queryable'] = 0;
} else {
$params['public'] = 0;
}

pods_api()->save_pod( $params );

foreach ( $obj->data as $key => $data_pod ) {
if ( (int) $id === (int) $data_pod['id'] ) {
Expand Down
2 changes: 1 addition & 1 deletion classes/PodsField.php
Original file line number Diff line number Diff line change
Expand Up @@ -937,7 +937,7 @@ public function strip_html( $value, $options = null ) {
*/
public function maybe_sanitize_output( $value, $options = null ) {
// Maybe check for a sanitize output option.
$should_sanitize = null === $options || 1 === (int) pods_v( 'sanitize_output', $options, 1 );
$should_sanitize = null === $options || 1 === (int) pods_v( static::$type . '_output', $options, 1 );

/**
* Allow filtering whether to sanitize the field value before output.
Expand Down
16 changes: 9 additions & 7 deletions classes/PodsInit.php
Original file line number Diff line number Diff line change
Expand Up @@ -604,13 +604,15 @@ public function register_assets() {

wp_register_script( 'pods-cleditor', PODS_URL . "ui/js/cleditor/jquery.cleditor{$suffix_min}.js", array( 'jquery' ), '1.4.5', true );

wp_register_script( 'pods-codemirror', PODS_URL . 'ui/js/codemirror/codemirror.js', array(), '4.8', true );
wp_register_script( 'pods-codemirror-loadmode', PODS_URL . 'ui/js/codemirror/addon/mode/loadmode.js', array( 'pods-codemirror' ), '4.8', true );
wp_register_script( 'pods-codemirror-overlay', PODS_URL . 'ui/js/codemirror/addon/mode/overlay.js', array( 'pods-codemirror' ), '4.8', true );
wp_register_script( 'pods-codemirror-hints', PODS_URL . 'ui/js/codemirror/addon/mode/show-hint.js', array( 'pods-codemirror' ), '4.8', true );
wp_register_script( 'pods-codemirror-mode-xml', PODS_URL . 'ui/js/codemirror/mode/xml/xml.js', array( 'pods-codemirror' ), '4.8', true );
wp_register_script( 'pods-codemirror-mode-html', PODS_URL . 'ui/js/codemirror/mode/htmlmixed/htmlmixed.js', array( 'pods-codemirror' ), '4.8', true );
wp_register_script( 'pods-codemirror-mode-css', PODS_URL . 'ui/js/codemirror/mode/css/css.js', array( 'pods-codemirror' ), '4.8', true );
wp_register_script( 'pods-codemirror', PODS_URL . 'ui/js/codemirror/lib/codemirror.js', [], '5.65.16', true );
wp_register_script( 'pods-codemirror-hints', PODS_URL . 'ui/js/codemirror/addon/hint/show-hint.js', [ 'pods-codemirror' ], '5.65.16', true );
wp_register_script( 'pods-codemirror-loadmode', PODS_URL . 'ui/js/codemirror/addon/mode/loadmode.js', [ 'pods-codemirror' ], '5.65.16', true );
wp_register_script( 'pods-codemirror-overlay', PODS_URL . 'ui/js/codemirror/addon/mode/overlay.js', [ 'pods-codemirror' ], '5.65.16', true );
wp_register_script( 'pods-codemirror-mode-css', PODS_URL . 'ui/js/codemirror/mode/css/css.js', [ 'pods-codemirror' ], '5.65.16', true );
wp_register_script( 'pods-codemirror-mode-html', PODS_URL . 'ui/js/codemirror/mode/htmlmixed/htmlmixed.js', [ 'pods-codemirror' ], '5.65.16', true );
wp_register_script( 'pods-codemirror-mode-xml', PODS_URL . 'ui/js/codemirror/mode/xml/xml.js', [ 'pods-codemirror' ], '5.65.16', true );
wp_register_style( 'pods-codemirror', PODS_URL . 'ui/js/codemirror/lib/codemirror.css', [], '5.65.16' );
wp_register_style( 'pods-codemirror-hints', PODS_URL . 'ui/js/codemirror/addon/hint/show-hint.css', [ 'pods-codemirror' ], '5.65.16' );

// jQuery Timepicker.
if ( ! wp_script_is( 'jquery-ui-slideraccess', 'registered' ) ) {
Expand Down
7 changes: 7 additions & 0 deletions classes/fields/code.php
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,13 @@ public function options() {
'default' => 0,
'type' => 'boolean',
],
static::$type . '_output' => [
'label' => __( 'Sanitize HTML', 'pods' ),
'default' => 1,
'help' => __( 'This sanitizes things like script tags and other content not normally allowed in WordPress content. Disable this only if you trust users who will have access to enter content into this field.', 'pods' ),
'type' => 'boolean',
'dependency' => true,
],
static::$type . '_allow_shortcode' => [
'label' => __( 'Allow Shortcodes', 'pods' ),
'default' => 0,
Expand Down
7 changes: 7 additions & 0 deletions classes/fields/heading.php
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,13 @@ public function options() {
'type' => 'boolean',
'dependency' => true,
],
static::$type . '_output' => [
'label' => __( 'Sanitize HTML', 'pods' ),
'default' => 1,
'help' => __( 'This sanitizes things like script tags and other content not normally allowed in WordPress content. Disable this only if you trust users who will have access to enter content into this field.', 'pods' ),
'type' => 'boolean',
'dependency' => true,
],
static::$type . '_wptexturize' => [
'label' => __( 'Enable wptexturize', 'pods' ),
'default' => 1,
Expand Down
7 changes: 7 additions & 0 deletions classes/fields/paragraph.php
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,13 @@ public function options() {
'type' => 'boolean',
'dependency' => true,
],
static::$type . '_output' => [
'label' => __( 'Sanitize HTML', 'pods' ),
'default' => 1,
'help' => __( 'This sanitizes things like script tags and other content not normally allowed in WordPress content. Disable this only if you trust users who will have access to enter content into this field.', 'pods' ),
'type' => 'boolean',
'dependency' => true,
],
static::$type . '_oembed' => [
'label' => __( 'Enable oEmbed', 'pods' ),
'default' => 0,
Expand Down
7 changes: 7 additions & 0 deletions classes/fields/text.php
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,13 @@ public function options() {
'type' => 'boolean',
'dependency' => true,
],
static::$type . '_output' => [
'label' => __( 'Sanitize HTML', 'pods' ),
'default' => 1,
'help' => __( 'This sanitizes things like script tags and other content not normally allowed in WordPress content. Disable this only if you trust users who will have access to enter content into this field.', 'pods' ),
'type' => 'boolean',
'dependency' => true,
],
static::$type . '_allow_shortcode' => [
'label' => __( 'Allow Shortcodes', 'pods' ),
'default' => 0,
Expand Down
7 changes: 7 additions & 0 deletions classes/fields/wysiwyg.php
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,13 @@ public function options() {
'default' => 0,
'type' => 'boolean',
],
static::$type . '_output' => [
'label' => __( 'Sanitize HTML', 'pods' ),
'default' => 1,
'help' => __( 'This sanitizes things like script tags and other content not normally allowed in WordPress content. Disable this only if you trust users who will have access to enter content into this field.', 'pods' ),
'type' => 'boolean',
'dependency' => true,
],
static::$type . '_oembed' => [
'label' => __( 'Enable oEmbed', 'pods' ),
'default' => 0,
Expand Down
Loading
Loading