PluginProbe ʕ •ᴥ•ʔ
Secure Custom Fields / 6.5.5
Secure Custom Fields v6.5.5
6.9.0 6.8.9 6.8.7 6.8.8 6.8.6 6.8.4 6.8.5 trunk 6.4.0-beta1 6.4.0-beta2 6.4.1 6.4.1-beta3 6.4.1-beta4 6.4.1-beta5 6.4.1-beta6 6.4.1-beta7 6.4.2 6.5.0 6.5.1 6.5.2 6.5.3 6.5.4 6.5.5 6.5.6 6.5.7 6.6.0 6.7.0 6.7.1 6.8.0 6.8.1 6.8.2 6.8.3
secure-custom-fields / includes / admin / admin.php
secure-custom-fields / includes / admin Last commit date
beta-features 11 months ago post-types 1 year ago tools 1 year ago views 11 months ago admin-commands.php 1 year ago admin-internal-post-type-list.php 1 year ago admin-internal-post-type.php 1 year ago admin-notices.php 1 year ago admin-tools.php 1 year ago admin-upgrade.php 1 year ago admin.php 1 year ago beta-features.php 11 months ago class-acf-admin-options-page.php 1 year ago index.php 1 year ago
admin.php
306 lines
1 <?php
2
3 if ( ! defined( 'ABSPATH' ) ) {
4 exit; // Exit if accessed directly
5 }
6
7 if ( ! class_exists( 'ACF_Admin' ) ) :
8
9 class ACF_Admin {
10
11
12 /**
13 * Constructor.
14 *
15 * @since ACF 5.0.0
16 */
17 public function __construct() {
18 add_action( 'admin_menu', array( $this, 'admin_menu' ) );
19 add_action( 'admin_enqueue_scripts', array( $this, 'admin_enqueue_scripts' ) );
20 add_filter( 'admin_body_class', array( $this, 'admin_body_class' ) );
21 add_action( 'current_screen', array( $this, 'current_screen' ) );
22 add_action( 'admin_notices', array( $this, 'maybe_show_escaped_html_notice' ) );
23 add_action( 'admin_init', array( $this, 'dismiss_escaped_html_notice' ) );
24 add_action( 'admin_init', array( $this, 'clear_escaped_html_log' ) );
25 add_filter( 'parent_file', array( $this, 'ensure_menu_selection' ) );
26 add_filter( 'submenu_file', array( $this, 'ensure_submenu_selection' ) );
27 }
28
29 /**
30 * Adds the ACF menu item.
31 *
32 * @date 28/09/13
33 * @since ACF 5.0.0
34 */
35 public function admin_menu() {
36
37 // Bail early if SCF is hidden.
38 if ( ! acf_get_setting( 'show_admin' ) ) {
39 return;
40 }
41
42 // Vars.
43 $cap = acf_get_setting( 'capability' );
44 $parent_slug = 'edit.php?post_type=acf-field-group';
45
46 // Add menu items.
47 add_menu_page( __( 'SCF', 'secure-custom-fields' ), __( 'SCF', 'secure-custom-fields' ), $cap, $parent_slug, false, 'dashicons-welcome-widgets-menus', 80 );
48 }
49
50 /**
51 * Enqueues global admin styling.
52 *
53 * @since ACF 5.0.0
54 */
55 public function admin_enqueue_scripts() {
56 wp_enqueue_style( 'acf-global' );
57 wp_enqueue_script( 'acf-escaped-html-notice' );
58
59 wp_localize_script(
60 'acf-escaped-html-notice',
61 'acf_escaped_html_notice',
62 array(
63 'show_details' => __( 'Show&nbsp;details', 'secure-custom-fields' ),
64 'hide_details' => __( 'Hide&nbsp;details', 'secure-custom-fields' ),
65 )
66 );
67 }
68
69 /**
70 * Appends custom admin body classes.
71 *
72 * @date 5/11/19
73 * @since ACF 5.8.7
74 *
75 * @param string $classes Space-separated list of CSS classes.
76 * @return string
77 */
78 public function admin_body_class( $classes ) {
79 global $wp_version;
80
81 // Determine body class version.
82 $wp_minor_version = floatval( $wp_version );
83 if ( $wp_minor_version >= 5.3 ) {
84 $classes .= ' acf-admin-5-3';
85 } else {
86 $classes .= ' acf-admin-3-8';
87 }
88
89 // Add browser for specific CSS.
90 $classes .= ' acf-browser-' . esc_attr( acf_get_browser() );
91
92 // Return classes.
93 return $classes;
94 }
95
96 /**
97 * Adds custom functionality to "ACF" admin pages.
98 *
99 * @date 7/4/20
100 * @since ACF 5.9.0
101 *
102 * @return void
103 */
104 public function current_screen( $screen ) {
105 // Determine if the current page being viewed is "ACF" related.
106 if ( isset( $screen->post_type ) && in_array( $screen->post_type, acf_get_internal_post_types(), true ) ) {
107 add_action( 'in_admin_header', array( $this, 'in_admin_header' ) );
108 add_filter( 'admin_footer_text', array( $this, 'admin_footer_text' ) );
109 add_filter( 'update_footer', array( $this, 'admin_footer_version_text' ) );
110 $this->maybe_show_import_from_cptui_notice();
111 }
112 }
113
114 /**
115 * Shows a notice to import post types and taxonomies from CPTUI if that plugin is active.
116 *
117 * @since ACF 6.1
118 */
119 public function maybe_show_import_from_cptui_notice() {
120 global $plugin_page;
121
122 // Only show if CPTUI is active and post types are enabled.
123 if ( ! acf_get_setting( 'enable_post_types' ) || ! is_plugin_active( 'custom-post-type-ui/custom-post-type-ui.php' ) ) {
124 return;
125 }
126
127 // No need to show on the tools page.
128 if ( 'acf-tools' === $plugin_page ) {
129 return;
130 }
131
132 $text = sprintf(
133 /* translators: %s - URL to ACF tools page. */
134 __( 'Import Post Types and Taxonomies registered with Custom Post Type UI and manage them with SCF. <a href="%s">Get Started</a>.', 'secure-custom-fields' ),
135 acf_get_admin_tools_url()
136 );
137
138 acf_add_admin_notice( $text, 'success', true, true );
139 }
140
141 /**
142 * Notifies the user that fields rendered via shortcode or the_field() have
143 * had HTML removed/altered due to unsafe HTML being escaped.
144 *
145 * @since ACF 6.2.5
146 */
147 public function maybe_show_escaped_html_notice() {
148 // Only show to editors and above.
149 if ( ! current_user_can( 'edit_others_posts' ) ) {
150 return;
151 }
152
153 // Allow opting-out of the notice.
154 if ( apply_filters( 'acf/admin/prevent_escaped_html_notice', false ) ) {
155 return;
156 }
157
158 if ( get_option( 'acf_escaped_html_notice_dismissed' ) ) {
159 return;
160 }
161
162 $escaped = _acf_get_escaped_html_log();
163
164 // Notice for when HTML has already been escaped.
165 if ( ! empty( $escaped ) ) {
166 acf_get_view( 'escaped-html-notice', array( 'acf_escaped' => $escaped ) );
167 }
168 }
169
170 /**
171 * Dismisses the escaped unsafe HTML notice.
172 *
173 * @since ACF 6.2.5
174 */
175 public function dismiss_escaped_html_notice() {
176 if ( empty( $_GET['acf-dismiss-esc-html-notice'] ) ) {
177 return;
178 }
179
180 $nonce = sanitize_text_field( wp_unslash( $_GET['acf-dismiss-esc-html-notice'] ) );
181
182 if (
183 ! wp_verify_nonce( $nonce, 'acf/dismiss_escaped_html_notice' ) ||
184 ! current_user_can( acf_get_setting( 'capability' ) )
185 ) {
186 return;
187 }
188
189 update_option( 'acf_escaped_html_notice_dismissed', true );
190
191 _acf_delete_escaped_html_log();
192
193 wp_safe_redirect( remove_query_arg( 'acf-dismiss-esc-html-notice' ) );
194 exit;
195 }
196
197 /**
198 * Clear the escaped unsafe HTML log.
199 *
200 * @since ACF 6.2.5
201 */
202 public function clear_escaped_html_log() {
203 if ( empty( $_GET['acf-clear-esc-html-log'] ) ) {
204 return;
205 }
206
207 $nonce = sanitize_text_field( wp_unslash( $_GET['acf-clear-esc-html-log'] ) );
208
209 if (
210 ! wp_verify_nonce( $nonce, 'acf/clear_escaped_html_log' ) ||
211 ! current_user_can( acf_get_setting( 'capability' ) )
212 ) {
213 return;
214 }
215
216 _acf_delete_escaped_html_log();
217
218 wp_safe_redirect( remove_query_arg( 'acf-clear-esc-html-log' ) );
219 exit;
220 }
221
222 /**
223 * Renders the admin navigation element.
224 *
225 * @date 27/3/20
226 * @since ACF 5.9.0
227 *
228 * @return void
229 */
230 function in_admin_header() {
231 acf_get_view( 'global/navigation' );
232
233 $screen = get_current_screen();
234
235 if ( isset( $screen->base ) && 'post' === $screen->base ) {
236 acf_get_view( 'global/form-top' );
237 }
238
239 do_action( 'acf/in_admin_header' );
240 }
241
242 /**
243 * Modifies the admin footer text.
244 *
245 * @date 7/4/20
246 * @since ACF 5.9.0
247 *
248 * @param string $text The current admin footer text.
249 * @return string
250 */
251 public function admin_footer_text( $text ) {
252 return '';
253 }
254
255 /**
256 * Modifies the admin footer version text.
257 *
258 * @since ACF 6.2
259 *
260 * @param string $text The current admin footer version text.
261 * @return string
262 */
263 public function admin_footer_version_text( $text ) {
264 return '';
265 }
266
267 /**
268 * Ensure the ACF parent menu is selected for add-new.php
269 *
270 * @since ACF 6.1
271 * @param string $parent_file The parent file checked against menu activation.
272 * @return string The modified parent file
273 */
274 public function ensure_menu_selection( $parent_file ) {
275 if ( ! is_string( $parent_file ) ) {
276 return $parent_file;
277 }
278 if ( strpos( $parent_file, 'edit.php?post_type=acf-' ) === 0 ) {
279 return 'edit.php?post_type=acf-field-group';
280 }
281 return $parent_file;
282 }
283
284
285 /**
286 * Ensure the correct ACF submenu item is selected when in post-new versions of edit pages
287 *
288 * @since ACF 6.1
289 * @param string $submenu_file The submenu filename.
290 * @return string The modified submenu filename
291 */
292 public function ensure_submenu_selection( $submenu_file ) {
293 if ( ! is_string( $submenu_file ) ) {
294 return $submenu_file;
295 }
296 if ( strpos( $submenu_file, 'post-new.php?post_type=acf-' ) === 0 ) {
297 return str_replace( 'post-new', 'edit', $submenu_file );
298 }
299 return $submenu_file;
300 }
301 }
302
303 // Instantiate.
304 acf_new_instance( 'ACF_Admin' );
305 endif; // class_exists check
306