PluginProbe ʕ •ᴥ•ʔ
Secure Custom Fields / 6.6.0
Secure Custom Fields v6.6.0
6.9.0 6.8.9 6.8.7 6.8.8 6.8.6 6.8.4 6.8.5 trunk 6.4.0-beta1 6.4.0-beta2 6.4.1 6.4.1-beta3 6.4.1-beta4 6.4.1-beta5 6.4.1-beta6 6.4.1-beta7 6.4.2 6.5.0 6.5.1 6.5.2 6.5.3 6.5.4 6.5.5 6.5.6 6.5.7 6.6.0 6.7.0 6.7.1 6.8.0 6.8.1 6.8.2 6.8.3
secure-custom-fields / includes / admin / admin.php
secure-custom-fields / includes / admin Last commit date
beta-features 7 months ago post-types 10 months ago tools 7 months ago views 7 months ago admin-commands.php 1 year ago admin-internal-post-type-list.php 10 months ago admin-internal-post-type.php 1 year ago admin-notices.php 1 year ago admin-tools.php 10 months ago admin-upgrade.php 1 year ago admin.php 10 months ago beta-features.php 7 months ago class-acf-admin-options-page.php 7 months ago index.php 1 year ago
admin.php
328 lines
1 <?php
2
3 if ( ! defined( 'ABSPATH' ) ) {
4 exit; // Exit if accessed directly
5 }
6
7 if ( ! class_exists( 'ACF_Admin' ) ) :
8
9 class ACF_Admin {
10
11
12 /**
13 * Constructor.
14 *
15 * @since ACF 5.0.0
16 */
17 public function __construct() {
18 add_action( 'admin_menu', array( $this, 'admin_menu' ) );
19 add_action( 'admin_enqueue_scripts', array( $this, 'admin_enqueue_scripts' ) );
20 add_filter( 'admin_body_class', array( $this, 'admin_body_class' ) );
21 add_action( 'current_screen', array( $this, 'current_screen' ) );
22 add_action( 'admin_notices', array( $this, 'maybe_show_escaped_html_notice' ) );
23 add_action( 'admin_notices', array( $this, 'maybe_show_select2_v3_deprecation_notice' ) );
24 add_action( 'admin_init', array( $this, 'dismiss_escaped_html_notice' ) );
25 add_action( 'admin_init', array( $this, 'clear_escaped_html_log' ) );
26 add_filter( 'parent_file', array( $this, 'ensure_menu_selection' ) );
27 add_filter( 'submenu_file', array( $this, 'ensure_submenu_selection' ) );
28 }
29
30 /**
31 * Adds the ACF menu item.
32 *
33 * @date 28/09/13
34 * @since ACF 5.0.0
35 */
36 public function admin_menu() {
37
38 // Bail early if SCF is hidden.
39 if ( ! acf_get_setting( 'show_admin' ) ) {
40 return;
41 }
42
43 // Vars.
44 $cap = acf_get_setting( 'capability' );
45 $parent_slug = 'edit.php?post_type=acf-field-group';
46
47 // Add menu items.
48 add_menu_page( __( 'SCF', 'secure-custom-fields' ), __( 'SCF', 'secure-custom-fields' ), $cap, $parent_slug, false, 'dashicons-welcome-widgets-menus', 80 );
49 }
50
51 /**
52 * Enqueues global admin styling.
53 *
54 * @since ACF 5.0.0
55 */
56 public function admin_enqueue_scripts() {
57 wp_enqueue_style( 'acf-global' );
58 wp_enqueue_script( 'acf-escaped-html-notice' );
59
60 wp_localize_script(
61 'acf-escaped-html-notice',
62 'acf_escaped_html_notice',
63 array(
64 'show_details' => __( 'Show&nbsp;details', 'secure-custom-fields' ),
65 'hide_details' => __( 'Hide&nbsp;details', 'secure-custom-fields' ),
66 )
67 );
68 }
69
70 /**
71 * Appends custom admin body classes.
72 *
73 * @date 5/11/19
74 * @since ACF 5.8.7
75 *
76 * @param string $classes Space-separated list of CSS classes.
77 * @return string
78 */
79 public function admin_body_class( $classes ) {
80 global $wp_version;
81
82 // Add body class.
83 $classes .= ' acf-admin-5-3';
84
85 // Add browser for specific CSS.
86 $classes .= ' acf-browser-' . esc_attr( acf_get_browser() );
87
88 // Return classes.
89 return $classes;
90 }
91
92 /**
93 * Adds custom functionality to "ACF" admin pages.
94 *
95 * @date 7/4/20
96 * @since ACF 5.9.0
97 *
98 * @return void
99 */
100 public function current_screen( $screen ) {
101 // Determine if the current page being viewed is "ACF" related.
102 if ( isset( $screen->post_type ) && in_array( $screen->post_type, acf_get_internal_post_types(), true ) ) {
103 add_action( 'in_admin_header', array( $this, 'in_admin_header' ) );
104 add_filter( 'admin_footer_text', array( $this, 'admin_footer_text' ) );
105 add_filter( 'update_footer', array( $this, 'admin_footer_version_text' ) );
106 $this->maybe_show_import_from_cptui_notice();
107 }
108 }
109
110 /**
111 * Shows a notice to import post types and taxonomies from CPTUI if that plugin is active.
112 *
113 * @since ACF 6.1
114 */
115 public function maybe_show_import_from_cptui_notice() {
116 global $plugin_page;
117
118 // Only show if CPTUI is active and post types are enabled.
119 if ( ! acf_get_setting( 'enable_post_types' ) || ! is_plugin_active( 'custom-post-type-ui/custom-post-type-ui.php' ) ) {
120 return;
121 }
122
123 // No need to show on the tools page.
124 if ( 'acf-tools' === $plugin_page ) {
125 return;
126 }
127
128 $text = sprintf(
129 /* translators: %s - URL to ACF tools page. */
130 __( 'Import Post Types and Taxonomies registered with Custom Post Type UI and manage them with SCF. <a href="%s">Get Started</a>.', 'secure-custom-fields' ),
131 acf_get_admin_tools_url()
132 );
133
134 acf_add_admin_notice( $text, 'success', true, true );
135 }
136
137 /**
138 * Notifies the user that fields rendered via shortcode or the_field() have
139 * had HTML removed/altered due to unsafe HTML being escaped.
140 *
141 * @since ACF 6.2.5
142 */
143 public function maybe_show_escaped_html_notice() {
144 // Only show to editors and above.
145 if ( ! current_user_can( 'edit_others_posts' ) ) {
146 return;
147 }
148
149 // Allow opting-out of the notice.
150 if ( apply_filters( 'acf/admin/prevent_escaped_html_notice', false ) ) {
151 return;
152 }
153
154 if ( get_option( 'acf_escaped_html_notice_dismissed' ) ) {
155 return;
156 }
157
158 $escaped = _acf_get_escaped_html_log();
159
160 // Notice for when HTML has already been escaped.
161 if ( ! empty( $escaped ) ) {
162 acf_get_view( 'escaped-html-notice', array( 'acf_escaped' => $escaped ) );
163 }
164 }
165
166 /**
167 * Dismisses the escaped unsafe HTML notice.
168 *
169 * @since ACF 6.2.5
170 */
171 public function dismiss_escaped_html_notice() {
172 if ( empty( $_GET['acf-dismiss-esc-html-notice'] ) ) {
173 return;
174 }
175
176 $nonce = sanitize_text_field( wp_unslash( $_GET['acf-dismiss-esc-html-notice'] ) );
177
178 if (
179 ! wp_verify_nonce( $nonce, 'acf/dismiss_escaped_html_notice' ) ||
180 ! current_user_can( acf_get_setting( 'capability' ) )
181 ) {
182 return;
183 }
184
185 update_option( 'acf_escaped_html_notice_dismissed', true );
186
187 _acf_delete_escaped_html_log();
188
189 wp_safe_redirect( remove_query_arg( 'acf-dismiss-esc-html-notice' ) );
190 exit;
191 }
192
193 /**
194 * Clear the escaped unsafe HTML log.
195 *
196 * @since ACF 6.2.5
197 */
198 public function clear_escaped_html_log() {
199 if ( empty( $_GET['acf-clear-esc-html-log'] ) ) {
200 return;
201 }
202
203 $nonce = sanitize_text_field( wp_unslash( $_GET['acf-clear-esc-html-log'] ) );
204
205 if (
206 ! wp_verify_nonce( $nonce, 'acf/clear_escaped_html_log' ) ||
207 ! current_user_can( acf_get_setting( 'capability' ) )
208 ) {
209 return;
210 }
211
212 _acf_delete_escaped_html_log();
213
214 wp_safe_redirect( remove_query_arg( 'acf-clear-esc-html-log' ) );
215 exit;
216 }
217
218 /**
219 * Notifies the user that Select2 v3 has been deprecated and will be removed.
220 *
221 * @since ACF 6.4.3
222 *
223 * @return void
224 */
225 public function maybe_show_select2_v3_deprecation_notice() {
226 // Only show to editors and above.
227 if ( ! current_user_can( 'edit_others_posts' ) ) {
228 return;
229 }
230
231 if ( 3 === acf_get_setting( 'select2_version' ) ) {
232 $acf_plugin_name = '<strong>SCF &mdash;</strong>';
233
234 $text = sprintf(
235 /* translators: %1$s - Plugin name, %2$s URL to documentation */
236 __( '%1$s We have detected that this website is configured to use v3 of the Select2 jQuery library, which has been deprecated in favor of v4 and will be removed in a future version of SCF. <a href="%2$s" target="_blank">Learn more</a>.', 'secure-custom-fields' ),
237 $acf_plugin_name,
238 );
239
240 acf_add_admin_notice( $text, 'warning', false );
241 }
242 }
243
244 /**
245 * Renders the admin navigation element.
246 *
247 * @date 27/3/20
248 * @since ACF 5.9.0
249 *
250 * @return void
251 */
252 function in_admin_header() {
253 acf_get_view( 'global/navigation' );
254
255 $screen = get_current_screen();
256
257 if ( isset( $screen->base ) && 'post' === $screen->base ) {
258 acf_get_view( 'global/form-top' );
259 }
260
261 do_action( 'acf/in_admin_header' );
262 }
263
264 /**
265 * Modifies the admin footer text.
266 *
267 * @date 7/4/20
268 * @since ACF 5.9.0
269 *
270 * @param string $text The current admin footer text.
271 * @return string
272 */
273 public function admin_footer_text( $text ) {
274 return '';
275 }
276
277 /**
278 * Modifies the admin footer version text.
279 *
280 * @since ACF 6.2
281 *
282 * @param string $text The current admin footer version text.
283 * @return string
284 */
285 public function admin_footer_version_text( $text ) {
286 return '';
287 }
288
289 /**
290 * Ensure the ACF parent menu is selected for add-new.php
291 *
292 * @since ACF 6.1
293 * @param string $parent_file The parent file checked against menu activation.
294 * @return string The modified parent file
295 */
296 public function ensure_menu_selection( $parent_file ) {
297 if ( ! is_string( $parent_file ) ) {
298 return $parent_file;
299 }
300 if ( strpos( $parent_file, 'edit.php?post_type=acf-' ) === 0 ) {
301 return 'edit.php?post_type=acf-field-group';
302 }
303 return $parent_file;
304 }
305
306
307 /**
308 * Ensure the correct ACF submenu item is selected when in post-new versions of edit pages
309 *
310 * @since ACF 6.1
311 * @param string $submenu_file The submenu filename.
312 * @return string The modified submenu filename
313 */
314 public function ensure_submenu_selection( $submenu_file ) {
315 if ( ! is_string( $submenu_file ) ) {
316 return $submenu_file;
317 }
318 if ( strpos( $submenu_file, 'post-new.php?post_type=acf-' ) === 0 ) {
319 return str_replace( 'post-new', 'edit', $submenu_file );
320 }
321 return $submenu_file;
322 }
323 }
324
325 // Instantiate.
326 acf_new_instance( 'ACF_Admin' );
327 endif; // class_exists check
328