PluginProbe ʕ •ᴥ•ʔ
Secure Custom Fields / 6.4.2
Secure Custom Fields v6.4.2
6.9.1 6.9.0 6.8.9 6.8.7 6.8.8 6.8.6 6.8.4 6.8.5 trunk 6.4.0-beta1 6.4.0-beta2 6.4.1 6.4.1-beta3 6.4.1-beta4 6.4.1-beta5 6.4.1-beta6 6.4.1-beta7 6.4.2 6.5.0 6.5.1 6.5.2 6.5.3 6.5.4 6.5.5 6.5.6 6.5.7 6.6.0 6.7.0 6.7.1 6.8.0 6.8.1 6.8.2 6.8.3
secure-custom-fields / includes / forms / form-post.php
secure-custom-fields / includes / forms Last commit date
form-attachment.php 1 year ago form-comment.php 1 year ago form-customizer.php 1 year ago form-front.php 1 year ago form-gutenberg.php 1 year ago form-nav-menu.php 1 year ago form-post.php 1 year ago form-taxonomy.php 1 year ago form-user.php 1 year ago form-widget.php 1 year ago index.php 1 year ago
form-post.php
329 lines
1 <?php
2
3 if ( ! defined( 'ABSPATH' ) ) {
4 exit; // Exit if accessed directly
5 }
6
7 if ( ! class_exists( 'ACF_Form_Post' ) ) :
8
9 class ACF_Form_Post {
10
11 /** @var string The first field groups style CSS. */
12 var $style = '';
13
14 /**
15 * __construct
16 *
17 * Sets up the class functionality.
18 *
19 * @date 5/03/2014
20 * @since ACF 5.0.0.0.0
21 *
22 * @return void
23 */
24 function __construct() {
25
26 // initialize on post edit screens
27 add_action( 'load-post.php', array( $this, 'initialize' ) );
28 add_action( 'load-post-new.php', array( $this, 'initialize' ) );
29
30 // save
31 add_filter( 'wp_insert_post_empty_content', array( $this, 'wp_insert_post_empty_content' ), 10, 2 );
32 add_action( 'save_post', array( $this, 'save_post' ), 10, 2 );
33 }
34
35
36 /**
37 * initialize
38 *
39 * Sets up Form functionality.
40 *
41 * @date 19/9/18
42 * @since ACF 5.7.6.7.6
43 *
44 * @return void
45 */
46 function initialize() {
47
48 // globals
49 global $typenow;
50
51 $acf_post_types = acf_get_internal_post_types();
52
53 foreach ( $acf_post_types as $post_type ) {
54 remove_meta_box( 'submitdiv', $post_type, 'side' );
55 }
56
57 // restrict specific post types
58 $restricted = array_merge( $acf_post_types, array( 'acf-taxonomy', 'attachment' ) );
59 if ( in_array( $typenow, $restricted ) ) {
60 return;
61 }
62
63 // enqueue scripts
64 acf_enqueue_scripts(
65 array(
66 'uploader' => true,
67 )
68 );
69
70 // actions
71 add_action( 'add_meta_boxes', array( $this, 'add_meta_boxes' ), 10, 2 );
72 }
73
74 /**
75 * add_meta_boxes
76 *
77 * Adds ACF metaboxes for the given $post_type and $post.
78 *
79 * @date 19/9/18
80 * @since ACF 5.7.6.7.6
81 *
82 * @param string $post_type The post type.
83 * @param WP_Post $post The post being edited.
84 * @return void
85 */
86 function add_meta_boxes( $post_type, $post ) {
87
88 // Storage for localized postboxes.
89 $postboxes = array();
90
91 // Get field groups for this screen.
92 $field_groups = acf_get_field_groups(
93 array(
94 'post_id' => $post->ID,
95 'post_type' => $post_type,
96 )
97 );
98
99 // Loop over field groups.
100 if ( $field_groups ) {
101 foreach ( $field_groups as $field_group ) {
102
103 // vars
104 $id = "acf-{$field_group['key']}"; // acf-group_123
105 $title = $field_group['title']; // Group 1
106 $context = $field_group['position']; // normal, side, acf_after_title
107 $priority = 'high'; // high, core, default, low
108
109 // Reduce priority for sidebar metaboxes for best position.
110 if ( $context == 'side' ) {
111 $priority = 'core';
112 }
113
114 /**
115 * Filters the metabox priority.
116 *
117 * @date 23/06/12
118 * @since ACF 3.1.8.1.8
119 *
120 * @param string $priority The metabox priority (high, core, default, low).
121 * @param array $field_group The field group array.
122 */
123 $priority = apply_filters( 'acf/input/meta_box_priority', $priority, $field_group );
124
125 // Localize data
126 $postboxes[] = array(
127 'id' => $id,
128 'key' => $field_group['key'],
129 'style' => $field_group['style'],
130 'label' => $field_group['label_placement'],
131 'edit' => acf_get_field_group_edit_link( $field_group['ID'] ),
132 );
133
134 // Add the meta box.
135 add_meta_box( $id, acf_esc_html( $title ), array( $this, 'render_meta_box' ), $post_type, $context, $priority, array( 'field_group' => $field_group ) );
136 }
137
138 // Set style from first field group.
139 $this->style = acf_get_field_group_style( $field_groups[0] );
140
141 // Localize postboxes.
142 acf_localize_data(
143 array(
144 'postboxes' => $postboxes,
145 )
146 );
147 }
148
149 // remove postcustom metabox (removes expensive SQL query)
150 if ( acf_get_setting( 'remove_wp_meta_box' ) ) {
151 remove_meta_box( 'postcustom', false, 'normal' );
152 }
153
154 // Add hidden input fields.
155 add_action( 'edit_form_after_title', array( $this, 'edit_form_after_title' ) );
156
157 /**
158 * Fires after metaboxes have been added.
159 *
160 * @date 13/12/18
161 * @since ACF 5.8.0.8.0
162 *
163 * @param string $post_type The post type.
164 * @param WP_Post $post The post being edited.
165 * @param array $field_groups The field groups added.
166 */
167 do_action( 'acf/add_meta_boxes', $post_type, $post, $field_groups );
168 }
169
170 /**
171 * Called after the title and before the content editor to render the after title metaboxes.
172 * Also renders the CSS required to hide the "hide-on-screen" elements on the page based on the field group settings.
173 *
174 * @since ACF 5.7.6.7.6
175 */
176 public function edit_form_after_title() {
177
178 // globals
179 global $post, $wp_meta_boxes;
180
181 // render post data
182 acf_form_data(
183 array(
184 'screen' => 'post',
185 'post_id' => $post->ID,
186 )
187 );
188
189 // render 'acf_after_title' metaboxes
190 do_meta_boxes( get_current_screen(), 'acf_after_title', $post );
191
192 $style = '';
193 if ( is_string( $this->style ) ) {
194 $style = $this->style;
195 }
196
197 // Render dynamic field group style, using wp_strip_all_tags as this is filterable, but should only contain valid styles and no html.
198 echo '<style type="text/css" id="acf-style">' . wp_strip_all_tags( $style ) . '</style>'; //phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- CSS only, escaped by wp_strip_all_tags.
199 }
200
201 /**
202 * render_meta_box
203 *
204 * Renders the ACF metabox HTML.
205 *
206 * @date 19/9/18
207 * @since ACF 5.7.6.7.6
208 *
209 * @param WP_Post $post The post being edited.
210 * @param array metabox The add_meta_box() args.
211 * @return void
212 */
213 function render_meta_box( $post, $metabox ) {
214
215 // vars
216 $id = $metabox['id'];
217 $field_group = $metabox['args']['field_group'];
218
219 // Render fields.
220 $fields = acf_get_fields( $field_group );
221 acf_render_fields( $fields, $post->ID, 'div', $field_group['instruction_placement'] );
222 }
223
224 /**
225 * wp_insert_post_empty_content
226 *
227 * Allows WP to insert a new post without title or post_content if ACF data exists.
228 *
229 * @date 16/07/2014
230 * @since ACF 5.0.1.0.1
231 *
232 * @param boolean $maybe_empty Whether the post should be considered "empty".
233 * @param array $postarr Array of post data.
234 * @return boolean
235 */
236 function wp_insert_post_empty_content( $maybe_empty, $postarr ) {
237
238 // return false and allow insert if '_acf_changed' exists
239 if ( $maybe_empty && acf_maybe_get_POST( '_acf_changed' ) ) {
240 return false;
241 }
242
243 // return
244 return $maybe_empty;
245 }
246
247 /**
248 * Checks if the $post is allowed to be saved.
249 * Used to avoid triggering "acf/save_post" on dynamically created posts during save.
250 *
251 * @type function
252 * @date 26/06/2016
253 * @since ACF 5.3.8.3.8
254 *
255 * @param WP_Post $post The post to check.
256 * @return boolean
257 */
258 function allow_save_post( $post ) {
259
260 // vars
261 $allow = true;
262
263 // restrict post types
264 $restrict = array( 'auto-draft', 'revision', 'acf-field', 'acf-field-group' );
265 if ( in_array( $post->post_type, $restrict ) ) {
266 $allow = false;
267 }
268
269 // disallow if the $_POST ID value does not match the $post->ID
270 $form_post_id = (int) acf_maybe_get_POST( 'post_ID' );
271 if ( $form_post_id && $form_post_id !== $post->ID ) {
272 $allow = false;
273 }
274
275 // revision (preview)
276 if ( $post->post_type == 'revision' ) {
277
278 // allow if doing preview and this $post is a child of the $_POST ID
279 if ( acf_maybe_get_POST( 'wp-preview' ) == 'dopreview' && $form_post_id === $post->post_parent ) {
280 $allow = true;
281 }
282 }
283
284 // return
285 return $allow;
286 }
287
288 /**
289 * Triggers during the 'save_post' action to save the $_POST data.
290 *
291 * @since ACF 1.0.0.0.0
292 *
293 * @param integer $post_id The post ID.
294 * @param WP_Post $post The post object.
295 * @return integer
296 */
297 public function save_post( $post_id, $post ) {
298 // Bail early if not allowed to save this post type.
299 if ( ! $this->allow_save_post( $post ) ) {
300 return $post_id;
301 }
302
303 // Verify nonce.
304 if ( ! acf_verify_nonce( 'post' ) ) {
305 return $post_id;
306 }
307
308 // Validate for published post (allow draft to save without validation).
309 if ( $post->post_status === 'publish' ) {
310 // Bail early if validation fails.
311 if ( ! acf_validate_save_post() ) {
312 return;
313 }
314 }
315
316 acf_save_post( $post_id );
317
318 // We handle revisions differently on WP 6.4+.
319 if ( version_compare( get_bloginfo( 'version' ), '6.4', '<' ) && post_type_supports( $post->post_type, 'revisions' ) ) {
320 acf_save_post_revision( $post_id );
321 }
322
323 return $post_id;
324 }
325 }
326
327 acf_new_instance( 'ACF_Form_Post' );
328 endif;
329