PluginProbe ʕ •ᴥ•ʔ
Secure Custom Fields / 6.4.2
Secure Custom Fields v6.4.2
6.9.1 6.9.0 6.8.9 6.8.7 6.8.8 6.8.6 6.8.4 6.8.5 trunk 6.4.0-beta1 6.4.0-beta2 6.4.1 6.4.1-beta3 6.4.1-beta4 6.4.1-beta5 6.4.1-beta6 6.4.1-beta7 6.4.2 6.5.0 6.5.1 6.5.2 6.5.3 6.5.4 6.5.5 6.5.6 6.5.7 6.6.0 6.7.0 6.7.1 6.8.0 6.8.1 6.8.2 6.8.3
secure-custom-fields / includes / forms / form-widget.php
secure-custom-fields / includes / forms Last commit date
form-attachment.php 1 year ago form-comment.php 1 year ago form-customizer.php 1 year ago form-front.php 1 year ago form-gutenberg.php 1 year ago form-nav-menu.php 1 year ago form-post.php 1 year ago form-taxonomy.php 1 year ago form-user.php 1 year ago form-widget.php 1 year ago index.php 1 year ago
form-widget.php
298 lines
1 <?php
2
3 /**
4 * ACF Widget Form Class
5 *
6 * All the logic for adding fields to widgets
7 *
8 * @class acf_form_widget
9 * @package ACF
10 * @subpackage Forms
11 */
12 if ( ! class_exists( 'acf_form_widget' ) ) :
13 #[AllowDynamicProperties]
14 class acf_form_widget {
15
16
17 /**
18 * This function will setup the class functionality
19 *
20 * @type function
21 * @date 5/03/2014
22 * @since ACF 5.0.0
23 *
24 * @param n/a
25 * @return n/a
26 */
27 function __construct() {
28
29 // vars
30 $this->preview_values = array();
31 $this->preview_reference = array();
32 $this->preview_errors = array();
33
34 // actions
35 add_action( 'admin_enqueue_scripts', array( $this, 'admin_enqueue_scripts' ) );
36 add_action( 'in_widget_form', array( $this, 'edit_widget' ), 10, 3 );
37 add_action( 'acf/validate_save_post', array( $this, 'acf_validate_save_post' ), 5 );
38
39 // filters
40 add_filter( 'widget_update_callback', array( $this, 'save_widget' ), 10, 4 );
41 }
42
43
44 /**
45 * This action is run after post query but before any admin script / head actions.
46 * It is a good place to register all actions.
47 *
48 * @type action (admin_enqueue_scripts)
49 * @date 26/01/13
50 * @since ACF 3.6.0
51 *
52 * @param N/A
53 * @return N/A
54 */
55 function admin_enqueue_scripts() {
56
57 // validate screen
58 if ( acf_is_screen( 'widgets' ) || acf_is_screen( 'customize' ) ) {
59
60 // valid
61 } else {
62 return;
63 }
64
65 // load acf scripts
66 acf_enqueue_scripts();
67
68 // actions
69 add_action( 'acf/input/admin_footer', array( $this, 'admin_footer' ), 1 );
70 }
71
72
73 /**
74 * This function will loop over $_POST data and validate
75 *
76 * @type action 'acf/validate_save_post' 5
77 * @since ACF 5.4.0
78 */
79 public function acf_validate_save_post() {
80 // phpcs:disable WordPress.Security.NonceVerification.Missing -- Verified elsewhere.
81 // bail early if not widget
82 if ( ! isset( $_POST['_acf_widget_id'] ) ) {
83 return;
84 }
85
86 // vars
87 $id = sanitize_text_field( wp_unslash( $_POST['_acf_widget_id'] ) );
88 $number = acf_maybe_get_POST( '_acf_widget_number' );
89 $prefix = acf_maybe_get_POST( '_acf_widget_prefix' );
90 $values = ! empty( $_POST[ $id ][ $number ]['acf'] ) ? acf_sanitize_request_args( $_POST[ $id ][ $number ]['acf'] ) : ''; //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash -- unslash not required.
91
92 // validate
93 acf_validate_values( $values, $prefix );
94 // phpcs:enable WordPress.Security.NonceVerification.Missing
95 }
96
97
98 /**
99 * This function will render the fields for a widget form
100 *
101 * @type function
102 * @date 11/06/2014
103 * @since ACF 5.0.0
104 *
105 * @param $widget (object)
106 * @param $return (null)
107 * @param $instance (object)
108 * @return $post_id (int)
109 */
110 function edit_widget( $widget, $return, $instance ) {
111
112 // vars
113 $post_id = 0;
114 $prefix = 'widget-' . $widget->id_base . '[' . $widget->number . '][acf]';
115
116 // get id
117 if ( $widget->number !== '__i__' ) {
118 $post_id = "widget_{$widget->id}";
119 }
120
121 // get field groups
122 $field_groups = acf_get_field_groups(
123 array(
124 'widget' => $widget->id_base,
125 )
126 );
127
128 // render
129 if ( ! empty( $field_groups ) ) {
130
131 // render post data
132 acf_form_data(
133 array(
134 'screen' => 'widget',
135 'post_id' => $post_id,
136 'widget_id' => 'widget-' . $widget->id_base,
137 'widget_number' => $widget->number,
138 'widget_prefix' => $prefix,
139 )
140 );
141
142 // wrap
143 echo '<div class="acf-widget-fields acf-fields -clear">';
144
145 // loop
146 foreach ( $field_groups as $field_group ) {
147
148 // load fields
149 $fields = acf_get_fields( $field_group );
150
151 // bail if not fields
152 if ( empty( $fields ) ) {
153 continue;
154 }
155
156 // change prefix
157 acf_prefix_fields( $fields, $prefix );
158
159 // render
160 acf_render_fields( $fields, $post_id, 'div', $field_group['instruction_placement'] );
161 }
162
163 // wrap
164 echo '</div>';
165
166 // jQuery selector looks odd, but is necessary due to WP adding an incremental number into the ID
167 // - not possible to find number via PHP parameters
168 if ( $widget->updated ) : ?>
169 <script type="text/javascript">
170 (function($) {
171
172 acf.doAction('append', $('[id^="widget"][id$="<?php echo esc_attr( $widget->id ); ?>"]') );
173
174 })(jQuery);
175 </script>
176 <?php
177 endif;
178 }
179 }
180
181
182 /**
183 * This function will hook into the widget update filter and save ACF data
184 *
185 * @type function
186 * @date 27/05/2015
187 * @since ACF 5.2.3
188 *
189 * @param $instance (array) widget settings
190 * @param $new_instance (array) widget settings
191 * @param $old_instance (array) widget settings
192 * @param $widget (object) widget info
193 * @return $instance
194 */
195 function save_widget( $instance, $new_instance, $old_instance, $widget ) {
196
197 // validate nonce if we're not a REST API request.
198 // the $_POST object is not available to us to validate if we're in a REST API call.
199 if ( ! ( function_exists( 'wp_is_json_request' ) && wp_is_json_request() ) ) {
200 if ( ! acf_verify_nonce( 'widget' ) ) {
201 return $instance;
202 }
203 }
204
205 // bail early if not valid (!customize + acf values + nonce).
206 if ( isset( $_POST['wp_customize'] ) || ! isset( $new_instance['acf'] ) ) {
207 return $instance;
208 }
209
210 // save
211 acf_save_post( "widget_{$widget->id}", $new_instance['acf'] );
212
213 // return
214 return $instance;
215 }
216
217
218 /**
219 * This function will add some custom HTML to the footer of the edit page
220 *
221 * @type function
222 * @date 11/06/2014
223 * @since ACF 5.0.0
224 *
225 * @param n/a
226 * @return n/a
227 */
228 function admin_footer() {
229 ?>
230 <script type="text/javascript">
231 (function($) {
232
233 // vars
234 acf.set('post_id', 'widgets');
235
236 // Only initialize visible fields.
237 acf.addFilter('find_fields', function( $fields ){
238
239 // not templates
240 $fields = $fields.not('#available-widgets .acf-field');
241
242 // not widget dragging in
243 $fields = $fields.not('.widget.ui-draggable-dragging .acf-field');
244
245 // return
246 return $fields;
247 });
248
249 // on publish
250 $('#widgets-right').on('click', '.widget-control-save', function( e ){
251
252 // vars
253 var $button = $(this);
254 var $form = $button.closest('form');
255
256 // validate
257 var valid = acf.validateForm({
258 form: $form,
259 event: e,
260 reset: true
261 });
262
263 // if not valid, stop event and allow validation to continue
264 if( !valid ) {
265 e.preventDefault();
266 e.stopImmediatePropagation();
267 }
268 });
269
270 // show
271 $('#widgets-right').on('click', '.widget-top', function(){
272 var $widget = $(this).parent();
273 if( $widget.hasClass('open') ) {
274 acf.doAction('hide', $widget);
275 } else {
276 acf.doAction('show', $widget);
277 }
278 });
279
280 $(document).on('widget-added', function( e, $widget ){
281
282 // - use delay to avoid rendering issues with customizer (ensures div is visible)
283 setTimeout(function(){
284 acf.doAction('append', $widget );
285 }, 100);
286 });
287
288 })(jQuery);
289 </script>
290 <?php
291 }
292 }
293
294 new acf_form_widget();
295 endif;
296
297 ?>
298