PluginProbe ʕ •ᴥ•ʔ
Secure Custom Fields / 6.5.7
Secure Custom Fields v6.5.7
6.9.1 6.9.0 6.8.9 6.8.7 6.8.8 6.8.6 6.8.4 6.8.5 trunk 6.4.0-beta1 6.4.0-beta2 6.4.1 6.4.1-beta3 6.4.1-beta4 6.4.1-beta5 6.4.1-beta6 6.4.1-beta7 6.4.2 6.5.0 6.5.1 6.5.2 6.5.3 6.5.4 6.5.5 6.5.6 6.5.7 6.6.0 6.7.0 6.7.1 6.8.0 6.8.1 6.8.2 6.8.3
secure-custom-fields / includes / forms / form-post.php
secure-custom-fields / includes / forms Last commit date
WC_Order.php 10 months ago form-attachment.php 1 year ago form-comment.php 1 year ago form-customizer.php 10 months ago form-front.php 10 months ago form-gutenberg.php 1 year ago form-nav-menu.php 1 year ago form-post.php 10 months ago form-taxonomy.php 1 year ago form-user.php 1 year ago form-widget.php 10 months ago index.php 1 year ago
form-post.php
330 lines
1 <?php
2
3 if ( ! defined( 'ABSPATH' ) ) {
4 exit; // Exit if accessed directly
5 }
6
7 if ( ! class_exists( 'ACF_Form_Post' ) ) :
8
9 /**
10 * Class ACF_Form_Post
11 *
12 * Handles the functionality for adding custom fields to post edit screens.
13 *
14 * @package ACF
15 * @since ACF 5.0.0
16 */
17 class ACF_Form_Post {
18
19 /**
20 * Style.
21 *
22 * @var string The first field groups style CSS.
23 */
24 public $style = '';
25
26 /**
27 * __construct
28 *
29 * Sets up the class functionality.
30 *
31 * @date 5/03/2014
32 * @since ACF 5.0.0.0.0
33 *
34 * @return void
35 */
36 public function __construct() {
37
38 // initialize on post edit screens
39 add_action( 'load-post.php', array( $this, 'initialize' ) );
40 add_action( 'load-post-new.php', array( $this, 'initialize' ) );
41
42 // save
43 add_filter( 'wp_insert_post_empty_content', array( $this, 'wp_insert_post_empty_content' ), 10, 1 );
44 add_action( 'save_post', array( $this, 'save_post' ), 10, 2 );
45 }
46
47
48 /**
49 * Initialize.
50 *
51 * Sets up Form functionality.
52 *
53 * @date 19/9/18
54 * @since ACF 5.7.6.7.6
55 *
56 * @return void
57 */
58 public function initialize() {
59
60 // globals
61 global $typenow;
62
63 $acf_post_types = acf_get_internal_post_types();
64
65 foreach ( $acf_post_types as $post_type ) {
66 remove_meta_box( 'submitdiv', $post_type, 'side' );
67 }
68
69 // restrict specific post types
70 $restricted = array_merge( $acf_post_types, array( 'acf-taxonomy', 'attachment' ) );
71 if ( in_array( $typenow, $restricted ) ) {
72 return;
73 }
74
75 // enqueue scripts
76 acf_enqueue_scripts(
77 array(
78 'uploader' => true,
79 )
80 );
81
82 // actions
83 add_action( 'add_meta_boxes', array( $this, 'add_meta_boxes' ), 10, 2 );
84 }
85
86 /**
87 *
88 * Adds ACF metaboxes for the given $post_type and $post.
89 *
90 * @date 19/9/18
91 * @since ACF 5.7.6.7.6
92 *
93 * @param string $post_type The post type.
94 * @param WP_Post $post The post being edited.
95 * @return void
96 */
97 public function add_meta_boxes( $post_type, $post ) {
98
99 // Storage for localized postboxes.
100 $postboxes = array();
101
102 // Get field groups for this screen.
103 $field_groups = acf_get_field_groups(
104 array(
105 'post_id' => $post->ID,
106 'post_type' => $post_type,
107 )
108 );
109
110 // Loop over field groups.
111 if ( $field_groups ) {
112 foreach ( $field_groups as $field_group ) {
113
114 // vars
115 $id = esc_attr( "acf-{$field_group['key']}" );
116 $title = esc_html( $field_group['title'] );
117 $context = esc_attr( $field_group['position'] );
118 $priority = 'high';
119
120 // Reduce priority for sidebar metaboxes for best position.
121 if ( 'side' === $context ) {
122 $priority = 'core';
123 }
124
125 /**
126 * Filters the metabox priority.
127 *
128 * @date 23/06/12
129 * @since ACF 3.1.8.1.8
130 *
131 * @param string $priority The metabox priority (high, core, default, low).
132 * @param array $field_group The field group array.
133 */
134 $priority = apply_filters( 'acf/input/meta_box_priority', $priority, $field_group );
135
136 // Localize data
137 $postboxes[] = array(
138 'id' => $id,
139 'key' => esc_attr( $field_group['key'] ),
140 'style' => esc_attr( $field_group['style'] ),
141 'label' => esc_attr( $field_group['label_placement'] ),
142 'edit' => esc_url( acf_get_field_group_edit_link( $field_group['ID'] ) ),
143 );
144
145 // Add the meta box.
146 add_meta_box( $id, $title, array( $this, 'render_meta_box' ), $post_type, $context, $priority, array( 'field_group' => $field_group ) );
147 }
148
149 // Set style from first field group.
150 $this->style = acf_get_field_group_style( $field_groups[0] );
151
152 // Localize postboxes.
153 acf_localize_data(
154 array(
155 'postboxes' => $postboxes,
156 )
157 );
158 }
159
160 // remove postcustom metabox (removes expensive SQL query)
161 if ( acf_get_setting( 'remove_wp_meta_box' ) ) {
162 remove_meta_box( 'postcustom', false, 'normal' );
163 }
164
165 // Add hidden input fields.
166 add_action( 'edit_form_after_title', array( $this, 'edit_form_after_title' ) );
167
168 /**
169 * Fires after metaboxes have been added.
170 *
171 * @date 13/12/18
172 * @since ACF 5.8.0.8.0
173 *
174 * @param string $post_type The post type.
175 * @param WP_Post $post The post being edited.
176 * @param array $field_groups The field groups added.
177 */
178 do_action( 'acf/add_meta_boxes', $post_type, $post, $field_groups );
179 }
180
181 /**
182 * Called after the title and before the content editor to render the after title metaboxes.
183 * Also renders the CSS required to hide the "hide-on-screen" elements on the page based on the field group settings.
184 *
185 * @since ACF 5.7.6.7.6
186 */
187 public function edit_form_after_title() {
188
189 // globals
190 global $post;
191
192 // render post data
193 acf_form_data(
194 array(
195 'screen' => 'post',
196 'post_id' => $post->ID,
197 )
198 );
199
200 // render 'acf_after_title' metaboxes
201 do_meta_boxes( get_current_screen(), 'acf_after_title', $post );
202
203 $style = '';
204 if ( is_string( $this->style ) ) {
205 $style = $this->style;
206 }
207
208 // Render dynamic field group style, using wp_strip_all_tags as this is filterable, but should only contain valid styles and no html.
209 echo '<style type="text/css" id="acf-style">' . wp_strip_all_tags( $style ) . '</style>'; //phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- CSS only, escaped by wp_strip_all_tags.
210 }
211
212 /**
213 * Renders the ACF metabox HTML.
214 *
215 * @date 19/9/18
216 * @since ACF 5.7.6.7.6
217 *
218 * @param WP_Post $post The post being edited.
219 * @param array $metabox The add_meta_box() args.
220 * @return void
221 */
222 public function render_meta_box( $post, $metabox ) {
223
224 // vars
225 $id = $metabox['id'];
226 $field_group = $metabox['args']['field_group'];
227
228 // Render fields.
229 $fields = acf_get_fields( $field_group );
230 acf_render_fields( $fields, $post->ID, 'div', $field_group['instruction_placement'] );
231 }
232
233 /**
234 *
235 * Allows WP to insert a new post without title or post_content if ACF data exists.
236 *
237 * @date 16/07/2014
238 * @since ACF 5.0.1.0.1
239 *
240 * @param boolean $maybe_empty Whether the post should be considered "empty".
241 * @return boolean
242 */
243 public function wp_insert_post_empty_content( $maybe_empty ) {
244
245 // Return false and allow insert if '_acf_changed' exists.
246 if ( $maybe_empty && acf_maybe_get_POST( '_acf_changed' ) ) {
247 return false;
248 }
249 return $maybe_empty;
250 }
251
252 /**
253 * Checks if the $post is allowed to be saved.
254 * Used to avoid triggering "acf/save_post" on dynamically created posts during save.
255 *
256 * @type function
257 * @date 26/06/2016
258 * @since ACF 5.3.8.3.8
259 *
260 * @param WP_Post $post The post to check.
261 * @return boolean
262 */
263 public function allow_save_post( $post ) {
264
265 $allow = true;
266
267 // Restricted post types.
268 $restrict = array( 'auto-draft', 'revision', 'acf-field', 'acf-field-group' );
269 if ( in_array( $post->post_type, $restrict, true ) ) {
270 $allow = false;
271 }
272
273 // Disallow if the $_POST ID value does not match the $post->ID.
274 $form_post_id = (int) acf_maybe_get_POST( 'post_ID' );
275 if ( $form_post_id && $form_post_id !== $post->ID ) {
276 $allow = false;
277 }
278
279 // Revision (preview).
280 if ( 'revision' === $post->post_type ) {
281
282 // allow if doing preview and this $post is a child of the $_POST ID
283 if ( 'dopreview' === acf_maybe_get_POST( 'wp-preview' ) && $form_post_id === $post->post_parent ) {
284 $allow = true;
285 }
286 }
287
288 return $allow;
289 }
290
291 /**
292 * Triggers during the 'save_post' action to save the $_POST data.
293 *
294 * @since ACF 1.0.0.0.0
295 *
296 * @param integer $post_id The post ID.
297 * @param WP_Post $post The post object.
298 * @return void
299 */
300 public function save_post( $post_id, $post ) {
301 // Bail early if not allowed to save this post type.
302 if ( ! $this->allow_save_post( $post ) ) {
303 return;
304 }
305
306 // Verify nonce.
307 if ( ! acf_verify_nonce( 'post' ) ) {
308 return;
309 }
310
311 // Validate for published post (allow draft to save without validation).
312 if ( 'publish' === $post->post_status ) {
313 // Bail early if validation fails.
314 if ( ! acf_validate_save_post() ) {
315 return;
316 }
317 }
318
319 acf_save_post( $post_id );
320
321 // We handle revisions differently on WP 6.4+.
322 if ( version_compare( get_bloginfo( 'version' ), '6.4', '<' ) && post_type_supports( $post->post_type, 'revisions' ) ) {
323 acf_save_post_revision( $post_id );
324 }
325 }
326 }
327
328 acf_new_instance( 'ACF_Form_Post' );
329 endif;
330