PluginProbe ʕ •ᴥ•ʔ
Secure Custom Fields / 6.4.2
Secure Custom Fields v6.4.2
6.9.1 6.9.0 6.8.9 6.8.7 6.8.8 6.8.6 6.8.4 6.8.5 trunk 6.4.0-beta1 6.4.0-beta2 6.4.1 6.4.1-beta3 6.4.1-beta4 6.4.1-beta5 6.4.1-beta6 6.4.1-beta7 6.4.2 6.5.0 6.5.1 6.5.2 6.5.3 6.5.4 6.5.5 6.5.6 6.5.7 6.6.0 6.7.0 6.7.1 6.8.0 6.8.1 6.8.2 6.8.3
secure-custom-fields / includes / admin / post-types / admin-field-group.php
secure-custom-fields / includes / admin / post-types Last commit date
admin-field-group.php 1 year ago admin-field-groups.php 1 year ago admin-post-type.php 1 year ago admin-post-types.php 1 year ago admin-taxonomies.php 1 year ago admin-taxonomy.php 1 year ago class-acf-admin-ui-options-page.php 1 year ago class-acf-admin-ui-options-pages.php 1 year ago index.php 1 year ago
admin-field-group.php
596 lines
1 <?php
2 /**
3 * ACF Admin Field Group Class
4 *
5 * @class acf_admin_field_group
6 *
7 * @package ACF
8 * @subpackage Admin
9 */
10
11 if ( ! class_exists( 'acf_admin_field_group' ) ) :
12
13 /**
14 * ACF Admin Field Group Class
15 *
16 * All the logic for editing a field group
17 */
18 class acf_admin_field_group extends ACF_Admin_Internal_Post_Type {
19
20 /**
21 * The slug for the internal post type.
22 *
23 * @since ACF 6.1
24 * @var string
25 */
26 public $post_type = 'acf-field-group';
27
28 /**
29 * The admin body class used for the post type.
30 *
31 * @since ACF 6.1
32 * @var string
33 */
34 public $admin_body_class = 'acf-admin-single-field-group';
35
36 /**
37 * Constructs the class.
38 *
39 * @since ACF 5.0.0
40 */
41 public function __construct() {
42 parent::__construct();
43
44 add_action( 'wp_ajax_acf/field_group/render_field_settings', array( $this, 'ajax_render_field_settings' ) );
45 add_action( 'wp_ajax_acf/field_group/render_location_rule', array( $this, 'ajax_render_location_rule' ) );
46 add_action( 'wp_ajax_acf/field_group/move_field', array( $this, 'ajax_move_field' ) );
47 }
48
49 /**
50 * Customizes the messages shown when editing a field group.
51 *
52 * @since ACF 5.0.0
53 *
54 * @param array $messages Post type messages.
55 * @return array
56 */
57 public function post_updated_messages( $messages ) {
58 $messages['acf-field-group'] = array(
59 0 => '', // Unused. Messages start at index 1.
60 1 => __( 'Field group updated.', 'secure-custom-fields' ),
61 2 => __( 'Field group updated.', 'secure-custom-fields' ),
62 3 => __( 'Field group deleted.', 'secure-custom-fields' ),
63 4 => __( 'Field group updated.', 'secure-custom-fields' ),
64 5 => false, // field group does not support revisions.
65 6 => __( 'Field group published.', 'secure-custom-fields' ),
66 7 => __( 'Field group saved.', 'secure-custom-fields' ),
67 8 => __( 'Field group submitted.', 'secure-custom-fields' ),
68 9 => __( 'Field group scheduled for.', 'secure-custom-fields' ),
69 10 => __( 'Field group draft updated.', 'secure-custom-fields' ),
70 );
71
72 return $messages;
73 }
74
75 /**
76 * Enqueues any scripts necessary for internal post type.
77 *
78 * @since ACF 5.0.0
79 */
80 public function admin_enqueue_scripts() {
81 parent::admin_enqueue_scripts();
82
83 acf_localize_text(
84 array(
85 'The string "field_" may not be used at the start of a field name' => esc_html__( 'The string "field_" may not be used at the start of a field name', 'secure-custom-fields' ),
86 'This field cannot be moved until its changes have been saved' => esc_html__( 'This field cannot be moved until its changes have been saved', 'secure-custom-fields' ),
87 'Field group title is required' => esc_html__( 'Field group title is required', 'secure-custom-fields' ),
88 'Move field group to trash?' => esc_html__( 'Move field group to trash?', 'secure-custom-fields' ),
89 'No toggle fields available' => esc_html__( 'No toggle fields available', 'secure-custom-fields' ),
90 'Move Custom Field' => esc_html__( 'Move Custom Field', 'secure-custom-fields' ),
91 'Close modal' => esc_html__( 'Close modal', 'secure-custom-fields' ),
92 'Field moved to other group' => esc_html__( 'Field moved to other group', 'secure-custom-fields' ),
93 'Field groups linked successfully.' => esc_html__( 'Field groups linked successfully.', 'secure-custom-fields' ),
94 'Checked' => esc_html__( 'Checked', 'secure-custom-fields' ),
95 '(no label)' => esc_html__( '(no label)', 'secure-custom-fields' ),
96 '(this field)' => esc_html__( '(this field)', 'secure-custom-fields' ),
97 'copy' => esc_html__( 'copy', 'secure-custom-fields' ),
98 'or' => esc_html__( 'or', 'secure-custom-fields' ),
99 'Show this field group if' => esc_html__( 'Show this field group if', 'secure-custom-fields' ),
100 'Null' => esc_html__( 'Null', 'secure-custom-fields' ),
101 'PRO Only' => esc_html__( 'PRO Only', 'secure-custom-fields' ),
102
103 // Conditions.
104 'Has any value' => esc_html__( 'Has any value', 'secure-custom-fields' ),
105 'Has no value' => esc_html__( 'Has no value', 'secure-custom-fields' ),
106 'Value is equal to' => esc_html__( 'Value is equal to', 'secure-custom-fields' ),
107 'Value is not equal to' => esc_html__( 'Value is not equal to', 'secure-custom-fields' ),
108 'Value matches pattern' => esc_html__( 'Value matches pattern', 'secure-custom-fields' ),
109 'Value contains' => esc_html__( 'Value contains', 'secure-custom-fields' ),
110 'Value is greater than' => esc_html__( 'Value is greater than', 'secure-custom-fields' ),
111 'Value is less than' => esc_html__( 'Value is less than', 'secure-custom-fields' ),
112 'Selection is greater than' => esc_html__( 'Selection is greater than', 'secure-custom-fields' ),
113 'Selection is less than' => esc_html__( 'Selection is less than', 'secure-custom-fields' ),
114 'Relationship is equal to' => esc_html__( 'Relationship is equal to', 'secure-custom-fields' ),
115 'Relationship is not equal to' => esc_html__( 'Relationship is not equal to', 'secure-custom-fields' ),
116 'Relationships contain' => esc_html__( 'Relationships contain', 'secure-custom-fields' ),
117 'Relationships do not contain' => esc_html__( 'Relationships do not contain', 'secure-custom-fields' ),
118 'Post is equal to' => esc_html__( 'Post is equal to', 'secure-custom-fields' ),
119 'Post is not equal to' => esc_html__( 'Post is not equal to', 'secure-custom-fields' ),
120 'Posts contain' => esc_html__( 'Posts contain', 'secure-custom-fields' ),
121 'Posts do not contain' => esc_html__( 'Posts do not contain', 'secure-custom-fields' ),
122 'Has any post selected' => esc_html__( 'Has any post selected', 'secure-custom-fields' ),
123 'Has no post selected' => esc_html__( 'Has no post selected', 'secure-custom-fields' ),
124 'Has any relationship selected' => esc_html__( 'Has any relationship selected', 'secure-custom-fields' ),
125 'Has no relationship selected' => esc_html__( 'Has no relationship selected', 'secure-custom-fields' ),
126 'Page is equal to' => esc_html__( 'Page is equal to', 'secure-custom-fields' ),
127 'Page is not equal to' => esc_html__( 'Page is not equal to', 'secure-custom-fields' ),
128 'Pages contain' => esc_html__( 'Pages contain', 'secure-custom-fields' ),
129 'Pages do not contain' => esc_html__( 'Pages do not contain', 'secure-custom-fields' ),
130 'Has any page selected' => esc_html__( 'Has any page selected', 'secure-custom-fields' ),
131 'Has no page selected' => esc_html__( 'Has no page selected', 'secure-custom-fields' ),
132 'User is equal to' => esc_html__( 'User is equal to', 'secure-custom-fields' ),
133 'User is not equal to' => esc_html__( 'User is not equal to', 'secure-custom-fields' ),
134 'Users contain' => esc_html__( 'Users contain', 'secure-custom-fields' ),
135 'Users do not contain' => esc_html__( 'Users do not contain', 'secure-custom-fields' ),
136 'Has any user selected' => esc_html__( 'Has any user selected', 'secure-custom-fields' ),
137 'Has no user selected' => esc_html__( 'Has no user selected', 'secure-custom-fields' ),
138 'Term is equal to' => esc_html__( 'Term is equal to', 'secure-custom-fields' ),
139 'Term is not equal to' => esc_html__( 'Term is not equal to', 'secure-custom-fields' ),
140 'Terms contain' => esc_html__( 'Terms contain', 'secure-custom-fields' ),
141 'Terms do not contain' => esc_html__( 'Terms do not contain', 'secure-custom-fields' ),
142 'Has any term selected' => esc_html__( 'Has any term selected', 'secure-custom-fields' ),
143 'Has no term selected' => esc_html__( 'Has no term selected', 'secure-custom-fields' ),
144
145 // Custom Select2 templates.
146 'Type to search...' => esc_html__( 'Type to search...', 'secure-custom-fields' ),
147 'This Field' => esc_html__( 'This Field', 'secure-custom-fields' ),
148 )
149 );
150
151 acf_localize_data(
152 array(
153 'fieldTypes' => acf_get_field_types_info(),
154 'fieldCategoriesL10n' => acf_get_field_categories_i18n(),
155 'PROFieldTypes' => acf_get_pro_field_types(),
156 'PROLocationTypes' => array(
157 'block' => esc_html__( 'Block', 'secure-custom-fields' ),
158 'options_page' => esc_html__( 'Options Page', 'secure-custom-fields' ),
159 ),
160 )
161 );
162
163 wp_enqueue_script( 'acf-pro-field-group' );
164 wp_enqueue_style( 'acf-pro-field-group' );
165
166 do_action( 'acf/field_group/admin_enqueue_scripts' );
167 }
168
169 /**
170 * Set up functionality for the field group edit page.
171 *
172 * @since ACF 3.1.8
173 */
174 public function admin_head() {
175 global $post, $field_group;
176
177 // Set global var.
178 $field_group = acf_get_field_group( $post->ID );
179
180 // metaboxes.
181 add_meta_box( 'acf-field-group-fields', __( 'Fields', 'secure-custom-fields' ), array( $this, 'mb_fields' ), 'acf-field-group', 'normal', 'high' );
182 add_meta_box( 'acf-field-group-options', __( 'Settings', 'secure-custom-fields' ), array( $this, 'mb_options' ), 'acf-field-group', 'normal', 'high' );
183
184 // actions.
185 add_action( 'post_submitbox_misc_actions', array( $this, 'post_submitbox_misc_actions' ), 10, 0 );
186 add_action( 'edit_form_after_title', array( $this, 'edit_form_after_title' ), 10, 0 );
187
188 // filters.
189 add_filter( 'screen_settings', array( $this, 'screen_settings' ), 10, 1 );
190 add_filter( 'get_user_option_screen_layout_acf-field-group', array( $this, 'screen_layout' ), 10, 1 );
191
192 // 3rd party hook.
193 do_action( 'acf/field_group/admin_head' );
194 }
195
196 /**
197 * This action will allow ACF to render metaboxes after the title.
198 */
199 public function edit_form_after_title() {
200 global $post;
201
202 // Render post data.
203 acf_form_data(
204 array(
205 'screen' => 'field_group',
206 'post_id' => $post->ID,
207 'delete_fields' => 0,
208 'validation' => 0,
209 )
210 );
211 }
212
213 /**
214 * This function will add extra HTML to the acf form data element
215 *
216 * @since ACF 5.3.8
217 *
218 * @param array $args Arguments array to pass through to action.
219 * @return void
220 */
221 public function form_data( $args ) {
222 do_action( 'acf/field_group/form_data', $args );
223 }
224
225 /**
226 * This function will append extra l10n strings to the acf JS object
227 *
228 * @since ACF 5.3.8
229 *
230 * @param array $l10n The array of translated strings.
231 * @return array $l10n
232 */
233 public function admin_l10n( $l10n ) {
234 return apply_filters( 'acf/field_group/admin_l10n', $l10n );
235 }
236
237 /**
238 * Admin footer third party hook support
239 *
240 * @since ACF 5.3.2
241 */
242 public function admin_footer() {
243 do_action( 'acf/field_group/admin_footer' );
244 }
245
246 /**
247 * Screen settings html output
248 *
249 * @since ACF 3.6.0
250 *
251 * @param string $html Current screen settings HTML.
252 * @return string $html
253 */
254 public function screen_settings( $html ) {
255 $show_field_keys = acf_get_user_setting( 'show_field_keys' ) ? 'checked="checked"' : '';
256 $show_field_settings_tabs = acf_get_user_setting( 'show_field_settings_tabs', true ) ? 'checked="checked"' : '';
257 $hide_field_settings_tabs = apply_filters( 'acf/field_group/disable_field_settings_tabs', false );
258
259 $html .= '<div id="acf-append-show-on-screen" class="acf-hidden">';
260 $html .= '<label for="acf-field-key-hide"><input id="acf-field-key-hide" type="checkbox" value="1" name="show_field_keys" ' . $show_field_keys . ' /> ' . __( 'Field Keys', 'secure-custom-fields' ) . '</label>';
261
262 if ( ! $hide_field_settings_tabs ) {
263 $html .= '<label for="acf-field-settings-tabs"><input id="acf-field-settings-tabs" type="checkbox" value="1" name="show_field_settings_tabs" ' . $show_field_settings_tabs . ' />' . __( 'Field Settings Tabs', 'secure-custom-fields' ) . '</label>';
264 }
265
266 $html .= '</div>';
267
268 return $html;
269 }
270
271 /**
272 * Sets the "Edit Field Group" screen to use a one-column layout.
273 *
274 * @param integer $columns Number of columns for layout.
275 * @return integer
276 */
277 public function screen_layout( $columns = 0 ) {
278 return 1;
279 }
280
281 /**
282 * This function will customize the publish metabox
283 *
284 * @since ACF 5.2.9
285 */
286 public function post_submitbox_misc_actions() {
287 global $field_group;
288 $status_label = $field_group['active'] ? _x( 'Active', 'post status', 'secure-custom-fields' ) : _x( 'Inactive', 'post status', 'secure-custom-fields' );
289
290 ?>
291 <script type="text/javascript">
292 (function($) {
293 $('#post-status-display').html( '<?php echo esc_html( $status_label ); ?>' );
294 })(jQuery);
295 </script>
296 <?php
297 }
298
299 /**
300 * Saves field group data.
301 *
302 * @since ACF 1.0.0
303 *
304 * @param integer $post_id The post ID.
305 * @param WP_Post $post The post object.
306 * @return integer $post_id
307 */
308 public function save_post( $post_id, $post ) {
309 if ( ! $this->verify_save_post( $post_id, $post ) ) {
310 return $post_id;
311 }
312
313 // disable filters to ensure ACF loads raw data from DB.
314 acf_disable_filters();
315
316 // save fields.
317 // phpcs:disable WordPress.Security.NonceVerification.Missing -- Validated by WordPress.
318 if ( ! empty( $_POST['acf_fields'] ) ) {
319
320 // loop.
321 foreach ( $_POST['acf_fields'] as $field ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Sanitized when saved.
322
323 if ( ! isset( $field['key'] ) ) {
324 continue;
325 }
326
327 // vars.
328 $specific = false;
329 $save = acf_extract_var( $field, 'save' );
330
331 // only saved field if has changed.
332 if ( $save == 'meta' ) {
333 $specific = array(
334 'menu_order',
335 'post_parent',
336 );
337 }
338
339 // set parent.
340 if ( ! $field['parent'] ) {
341 $field['parent'] = $post_id;
342 }
343
344 // save field.
345 acf_update_field( $field, $specific );
346 }
347 }
348
349 // delete fields.
350 if ( acf_maybe_get_POST( '_acf_delete_fields', false ) ) { // phpcs:ignore -- Sanitized below, unslash not needed
351
352 // clean.
353 $ids = explode( '|', $_POST['_acf_delete_fields'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- Sanitized below, unslash not required.
354 $ids = array_map( 'intval', $ids );
355
356 // loop.
357 foreach ( $ids as $id ) {
358
359 // bai early if no id.
360 if ( ! $id ) {
361 continue;
362 }
363
364 // delete.
365 acf_delete_field( $id );
366 }
367 }
368
369 $_POST['acf_field_group']['ID'] = $post_id;
370 // phpcs:disable WordPress.Security.ValidatedSanitizedInput
371 $_POST['acf_field_group']['title'] = isset( $_POST['post_title'] ) ? $_POST['post_title'] : ''; // Post title is stored unsafe like WordPress, escaped on output.
372
373 // save field group.
374 acf_update_field_group( $_POST['acf_field_group'] );
375 // phpcs:enable WordPress.Security.ValidatedSanitizedInput
376 // phpcs:enable WordPress.Security.NonceVerification.Missing
377
378 return $post_id;
379 }
380
381 /**
382 * This function will render the HTML for the metabox 'acf-field-group-fields'
383 *
384 * @since ACF 5.0.0
385 */
386 public function mb_fields() {
387 global $field_group;
388
389 $view = array(
390 'fields' => acf_get_fields( $field_group ),
391 'parent' => 0,
392 );
393
394 acf_get_view( $this->post_type . '/fields', $view );
395 }
396
397 /**
398 * This function will render the HTML for the metabox 'acf-field-group-options'
399 *
400 * @since ACF 5.0.0
401 */
402 public function mb_options() {
403 global $field_group;
404
405 // Field group key (leave in for compatibility).
406 if ( ! acf_is_field_group_key( $field_group['key'] ) ) {
407 $field_group['key'] = uniqid( 'group_' );
408 }
409
410 acf_get_view( $this->post_type . '/options' );
411 }
412
413 /**
414 * This function can be accessed via an AJAX action and will return the result from the render_location_value function
415 *
416 * @since ACF 5.0.0
417 */
418 public function ajax_render_location_rule() {
419 // validate.
420 if ( ! acf_verify_ajax() ) {
421 die();
422 }
423
424 // verify user capability.
425 if ( ! acf_current_user_can_admin() ) {
426 die();
427 }
428
429 if ( empty( $_POST['rule'] ) ) {
430 die();
431 }
432
433 // validate rule.
434 $rule = acf_validate_location_rule( acf_sanitize_request_args( $_POST['rule'] ) ); //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash -- values not saved.
435
436 acf_get_view(
437 'acf-field-group/location-rule',
438 array(
439 'rule' => $rule,
440 )
441 );
442
443 die();
444 }
445
446 /**
447 * This function will return HTML containing the field's settings based on it's new type
448 *
449 * @since ACF 5.0.0
450 */
451 public function ajax_render_field_settings() {
452 // Verify the current request.
453 if ( ! acf_verify_ajax() || ! acf_current_user_can_admin() ) {
454 wp_send_json_error();
455 }
456
457 // Make sure we have a field.
458 $field = acf_maybe_get_POST( 'field' );
459 if ( ! $field ) {
460 wp_send_json_error();
461 }
462
463 $field['prefix'] = acf_maybe_get_POST( 'prefix' );
464 $field = acf_get_valid_field( $field );
465 $tabs = acf_get_combined_field_type_settings_tabs();
466 $tab_keys = array_keys( $tabs );
467 $sections = array();
468
469 foreach ( $tab_keys as $tab ) {
470 ob_start();
471
472 if ( 'general' === $tab ) {
473 // Back-compat for fields not using tab-specific hooks.
474 do_action( "acf/render_field_settings/type={$field['type']}", $field );
475 }
476
477 do_action( "acf/field_group/render_field_settings_tab/{$tab}/type={$field['type']}", $field );
478 do_action( "acf/render_field_{$tab}_settings/type={$field['type']}", $field );
479
480 $sections[ $tab ] = ob_get_clean();
481 }
482
483 wp_send_json_success( $sections );
484 }
485
486 /**
487 * Moves fields between field groups via AJAX.
488 *
489 * @since ACF 5.0.0
490 *
491 * @return void
492 */
493 public function ajax_move_field() {
494 // Disable filters to ensure ACF loads raw data from DB.
495 acf_disable_filters();
496
497 // phpcs:disable WordPress.Security.NonceVerification.Missing
498 $args = acf_parse_args(
499 $_POST,
500 array(
501 'nonce' => '',
502 'post_id' => 0,
503 'field_id' => 0,
504 'field_group_id' => 0,
505 )
506 );
507 // phpcs:enable WordPress.Security.NonceVerification.Missing
508
509 // Verify nonce.
510 if ( ! wp_verify_nonce( $args['nonce'], 'acf_nonce' ) ) {
511 die();
512 }
513
514 // Verify user capability.
515 if ( ! acf_current_user_can_admin() ) {
516 die();
517 }
518
519 // Move the field if the user has confirmed.
520 if ( $args['field_id'] && $args['field_group_id'] ) {
521 $field = acf_get_field( $args['field_id'] );
522 $old_field_group = acf_get_field_group( $args['post_id'] );
523 $new_field_group = acf_get_field_group( $args['field_group_id'] );
524
525 // Update the field parent and remove conditional logic.
526 $field['parent'] = $new_field_group['ID'];
527 $field['conditional_logic'] = 0;
528
529 // Update the field in the database.
530 acf_update_field( $field );
531
532 // Fire `acf/update_field_group` action hook so JSON can sync if necessary.
533 do_action( 'acf/update_field_group', $old_field_group );
534 do_action( 'acf/update_field_group', $new_field_group );
535
536 // Output HTML.
537 $link = '<a href="' . admin_url( 'post.php?post=' . $new_field_group['ID'] . '&action=edit' ) . '" target="_blank">' . esc_html( $new_field_group['title'] ) . '</a>';
538
539 echo '' .
540 '<p><strong>' . esc_html__( 'Move Complete.', 'secure-custom-fields' ) . '</strong></p>' .
541 '<p>' . sprintf(
542 /* translators: Confirmation message once a field has been moved to a different field group. */
543 acf_punctify( __( 'The %1$s field can now be found in the %2$s field group', 'secure-custom-fields' ) ),
544 esc_html( $field['label'] ),
545 $link //phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
546 ) . '</p>' .
547 '<a href="#" class="button button-primary acf-close-popup">' . esc_html__( 'Close Modal', 'secure-custom-fields' ) . '</a>';
548 die();
549 }
550
551 // Get all field groups.
552 $field_groups = acf_get_field_groups();
553 $choices = array();
554
555 if ( ! empty( $field_groups ) ) {
556 foreach ( $field_groups as $field_group ) {
557 // Bail early if no ID.
558 if ( ! $field_group['ID'] ) {
559 continue;
560 }
561
562 // Bail early if is current.
563 if ( $field_group['ID'] == $args['post_id'] ) {
564 continue;
565 }
566
567 $choices[ $field_group['ID'] ] = $field_group['title'];
568 }
569 }
570
571 // Render options.
572 $field = acf_get_valid_field(
573 array(
574 'type' => 'select',
575 'name' => 'acf_field_group',
576 'choices' => $choices,
577 'aria-label' => __( 'Please select the destination for this field', 'secure-custom-fields' ),
578 )
579 );
580
581 echo '<p>' . esc_html__( 'Please select the destination for this field', 'secure-custom-fields' ) . '</p>';
582 echo '<form id="acf-move-field-form">';
583 acf_render_field_wrap( $field );
584 echo '<button type="submit" class="acf-btn">' . esc_html__( 'Move Field', 'secure-custom-fields' ) . '</button>';
585 echo '</form>';
586
587 die();
588 }
589 }
590
591 // initialize.
592 new acf_admin_field_group();
593 endif; // Class exists check.
594
595 ?>
596