PluginProbe ʕ •ᴥ•ʔ
Secure Custom Fields / 6.9.1
Secure Custom Fields v6.9.1
6.9.1 6.9.0 6.8.9 6.8.7 6.8.8 6.8.6 6.8.4 6.8.5 trunk 6.4.0-beta1 6.4.0-beta2 6.4.1 6.4.1-beta3 6.4.1-beta4 6.4.1-beta5 6.4.1-beta6 6.4.1-beta7 6.4.2 6.5.0 6.5.1 6.5.2 6.5.3 6.5.4 6.5.5 6.5.6 6.5.7 6.6.0 6.7.0 6.7.1 6.8.0 6.8.1 6.8.2 6.8.3
secure-custom-fields / includes / admin / post-types / admin-field-group.php
secure-custom-fields / includes / admin / post-types Last commit date
admin-field-group.php 2 months ago admin-field-groups.php 10 months ago admin-post-type.php 1 year ago admin-post-types.php 10 months ago admin-taxonomies.php 10 months ago admin-taxonomy.php 1 year ago class-acf-admin-ui-options-page.php 1 year ago class-acf-admin-ui-options-pages.php 10 months ago index.php 1 year ago
admin-field-group.php
596 lines
1 <?php
2 /**
3 * ACF Admin Field Group Class
4 *
5 * @class acf_admin_field_group
6 *
7 * @package ACF
8 * @subpackage Admin
9 */
10
11 if ( ! class_exists( 'acf_admin_field_group' ) ) :
12
13 /**
14 * ACF Admin Field Group Class
15 *
16 * All the logic for editing a field group
17 */
18 class acf_admin_field_group extends ACF_Admin_Internal_Post_Type {
19
20 /**
21 * The slug for the internal post type.
22 *
23 * @since ACF 6.1
24 * @var string
25 */
26 public $post_type = 'acf-field-group';
27
28 /**
29 * The admin body class used for the post type.
30 *
31 * @since ACF 6.1
32 * @var string
33 */
34 public $admin_body_class = 'acf-admin-single-field-group';
35
36 /**
37 * Constructs the class.
38 *
39 * @since ACF 5.0.0
40 */
41 public function __construct() {
42 parent::__construct();
43
44 add_action( 'wp_ajax_acf/field_group/render_field_settings', array( $this, 'ajax_render_field_settings' ) );
45 add_action( 'wp_ajax_acf/field_group/render_location_rule', array( $this, 'ajax_render_location_rule' ) );
46 add_action( 'wp_ajax_acf/field_group/move_field', array( $this, 'ajax_move_field' ) );
47 }
48
49 /**
50 * Customizes the messages shown when editing a field group.
51 *
52 * @since ACF 5.0.0
53 *
54 * @param array $messages Post type messages.
55 * @return array
56 */
57 public function post_updated_messages( $messages ) {
58 $messages['acf-field-group'] = array(
59 0 => '', // Unused. Messages start at index 1.
60 1 => __( 'Field group updated.', 'secure-custom-fields' ),
61 2 => __( 'Field group updated.', 'secure-custom-fields' ),
62 3 => __( 'Field group deleted.', 'secure-custom-fields' ),
63 4 => __( 'Field group updated.', 'secure-custom-fields' ),
64 5 => false, // field group does not support revisions.
65 6 => __( 'Field group published.', 'secure-custom-fields' ),
66 7 => __( 'Field group saved.', 'secure-custom-fields' ),
67 8 => __( 'Field group submitted.', 'secure-custom-fields' ),
68 9 => __( 'Field group scheduled for.', 'secure-custom-fields' ),
69 10 => __( 'Field group draft updated.', 'secure-custom-fields' ),
70 );
71
72 return $messages;
73 }
74
75 /**
76 * Enqueues any scripts necessary for internal post type.
77 *
78 * @since ACF 5.0.0
79 */
80 public function admin_enqueue_scripts() {
81 parent::admin_enqueue_scripts();
82
83 acf_localize_text(
84 array(
85 'The string "field_" may not be used at the start of a field name' => esc_html__( 'The string "field_" may not be used at the start of a field name', 'secure-custom-fields' ),
86 'This field cannot be moved until its changes have been saved' => esc_html__( 'This field cannot be moved until its changes have been saved', 'secure-custom-fields' ),
87 'Field group title is required' => esc_html__( 'Field group title is required', 'secure-custom-fields' ),
88 'Move field group to trash?' => esc_html__( 'Move field group to trash?', 'secure-custom-fields' ),
89 'No toggle fields available' => esc_html__( 'No toggle fields available', 'secure-custom-fields' ),
90 'Move Custom Field' => esc_html__( 'Move Custom Field', 'secure-custom-fields' ),
91 'Field moved to other group' => esc_html__( 'Field moved to other group', 'secure-custom-fields' ),
92 'Field groups linked successfully.' => esc_html__( 'Field groups linked successfully.', 'secure-custom-fields' ),
93 'Checked' => esc_html__( 'Checked', 'secure-custom-fields' ),
94 '(no label)' => esc_html__( '(no label)', 'secure-custom-fields' ),
95 '(this field)' => esc_html__( '(this field)', 'secure-custom-fields' ),
96 'copy' => esc_html__( 'copy', 'secure-custom-fields' ),
97 'or' => esc_html__( 'or', 'secure-custom-fields' ),
98 'Show this field group if' => esc_html__( 'Show this field group if', 'secure-custom-fields' ),
99 'Null' => esc_html__( 'Null', 'secure-custom-fields' ),
100 'PRO Only' => esc_html__( 'PRO Only', 'secure-custom-fields' ),
101
102 // Conditions.
103 'Has any value' => esc_html__( 'Has any value', 'secure-custom-fields' ),
104 'Has no value' => esc_html__( 'Has no value', 'secure-custom-fields' ),
105 'Value is equal to' => esc_html__( 'Value is equal to', 'secure-custom-fields' ),
106 'Value is not equal to' => esc_html__( 'Value is not equal to', 'secure-custom-fields' ),
107 'Value matches pattern' => esc_html__( 'Value matches pattern', 'secure-custom-fields' ),
108 'Value contains' => esc_html__( 'Value contains', 'secure-custom-fields' ),
109 'Value is greater than' => esc_html__( 'Value is greater than', 'secure-custom-fields' ),
110 'Value is less than' => esc_html__( 'Value is less than', 'secure-custom-fields' ),
111 'Selection is greater than' => esc_html__( 'Selection is greater than', 'secure-custom-fields' ),
112 'Selection is less than' => esc_html__( 'Selection is less than', 'secure-custom-fields' ),
113 'Relationship is equal to' => esc_html__( 'Relationship is equal to', 'secure-custom-fields' ),
114 'Relationship is not equal to' => esc_html__( 'Relationship is not equal to', 'secure-custom-fields' ),
115 'Relationships contain' => esc_html__( 'Relationships contain', 'secure-custom-fields' ),
116 'Relationships do not contain' => esc_html__( 'Relationships do not contain', 'secure-custom-fields' ),
117 'Post is equal to' => esc_html__( 'Post is equal to', 'secure-custom-fields' ),
118 'Post is not equal to' => esc_html__( 'Post is not equal to', 'secure-custom-fields' ),
119 'Posts contain' => esc_html__( 'Posts contain', 'secure-custom-fields' ),
120 'Posts do not contain' => esc_html__( 'Posts do not contain', 'secure-custom-fields' ),
121 'Has any post selected' => esc_html__( 'Has any post selected', 'secure-custom-fields' ),
122 'Has no post selected' => esc_html__( 'Has no post selected', 'secure-custom-fields' ),
123 'Has any relationship selected' => esc_html__( 'Has any relationship selected', 'secure-custom-fields' ),
124 'Has no relationship selected' => esc_html__( 'Has no relationship selected', 'secure-custom-fields' ),
125 'Page is equal to' => esc_html__( 'Page is equal to', 'secure-custom-fields' ),
126 'Page is not equal to' => esc_html__( 'Page is not equal to', 'secure-custom-fields' ),
127 'Pages contain' => esc_html__( 'Pages contain', 'secure-custom-fields' ),
128 'Pages do not contain' => esc_html__( 'Pages do not contain', 'secure-custom-fields' ),
129 'Has any page selected' => esc_html__( 'Has any page selected', 'secure-custom-fields' ),
130 'Has no page selected' => esc_html__( 'Has no page selected', 'secure-custom-fields' ),
131 'User is equal to' => esc_html__( 'User is equal to', 'secure-custom-fields' ),
132 'User is not equal to' => esc_html__( 'User is not equal to', 'secure-custom-fields' ),
133 'Users contain' => esc_html__( 'Users contain', 'secure-custom-fields' ),
134 'Users do not contain' => esc_html__( 'Users do not contain', 'secure-custom-fields' ),
135 'Has any user selected' => esc_html__( 'Has any user selected', 'secure-custom-fields' ),
136 'Has no user selected' => esc_html__( 'Has no user selected', 'secure-custom-fields' ),
137 'Term is equal to' => esc_html__( 'Term is equal to', 'secure-custom-fields' ),
138 'Term is not equal to' => esc_html__( 'Term is not equal to', 'secure-custom-fields' ),
139 'Terms contain' => esc_html__( 'Terms contain', 'secure-custom-fields' ),
140 'Terms do not contain' => esc_html__( 'Terms do not contain', 'secure-custom-fields' ),
141 'Has any term selected' => esc_html__( 'Has any term selected', 'secure-custom-fields' ),
142 'Has no term selected' => esc_html__( 'Has no term selected', 'secure-custom-fields' ),
143
144 // Custom Select2 templates.
145 'Type to search...' => esc_html__( 'Type to search...', 'secure-custom-fields' ),
146 'This Field' => esc_html__( 'This Field', 'secure-custom-fields' ),
147 )
148 );
149
150 acf_localize_data(
151 array(
152 'fieldTypes' => acf_get_field_types_info(),
153 'fieldCategoriesL10n' => acf_get_field_categories_i18n(),
154 'PROFieldTypes' => acf_get_pro_field_types(),
155 'PROLocationTypes' => array(
156 'block' => esc_html__( 'Block', 'secure-custom-fields' ),
157 'options_page' => esc_html__( 'Options Page', 'secure-custom-fields' ),
158 ),
159 )
160 );
161
162 wp_enqueue_script( 'acf-pro-field-group' );
163 wp_enqueue_style( 'acf-pro-field-group' );
164
165 do_action( 'acf/field_group/admin_enqueue_scripts' );
166 }
167
168 /**
169 * Set up functionality for the field group edit page.
170 *
171 * @since ACF 3.1.8
172 */
173 public function admin_head() {
174 global $post, $field_group;
175
176 // Set global var.
177 $field_group = acf_get_field_group( $post->ID );
178
179 // metaboxes.
180 add_meta_box( 'acf-field-group-fields', __( 'Fields', 'secure-custom-fields' ), array( $this, 'mb_fields' ), 'acf-field-group', 'normal', 'high' );
181 add_meta_box( 'acf-field-group-options', __( 'Settings', 'secure-custom-fields' ), array( $this, 'mb_options' ), 'acf-field-group', 'normal', 'high' );
182
183 // actions.
184 add_action( 'post_submitbox_misc_actions', array( $this, 'post_submitbox_misc_actions' ), 10, 0 );
185 add_action( 'edit_form_after_title', array( $this, 'edit_form_after_title' ), 10, 0 );
186
187 // filters.
188 add_filter( 'screen_settings', array( $this, 'screen_settings' ), 10, 1 );
189 add_filter( 'get_user_option_screen_layout_acf-field-group', array( $this, 'screen_layout' ), 10, 1 );
190
191 // 3rd party hook.
192 do_action( 'acf/field_group/admin_head' );
193 }
194
195 /**
196 * This action will allow ACF to render metaboxes after the title.
197 */
198 public function edit_form_after_title() {
199 global $post;
200
201 // Render post data.
202 acf_form_data(
203 array(
204 'screen' => 'field_group',
205 'post_id' => $post->ID,
206 'delete_fields' => 0,
207 'validation' => 0,
208 )
209 );
210 }
211
212 /**
213 * This function will add extra HTML to the acf form data element
214 *
215 * @since ACF 5.3.8
216 *
217 * @param array $args Arguments array to pass through to action.
218 * @return void
219 */
220 public function form_data( $args ) {
221 do_action( 'acf/field_group/form_data', $args );
222 }
223
224 /**
225 * This function will append extra l10n strings to the acf JS object
226 *
227 * @since ACF 5.3.8
228 *
229 * @param array $l10n The array of translated strings.
230 * @return array $l10n
231 */
232 public function admin_l10n( $l10n ) {
233 return apply_filters( 'acf/field_group/admin_l10n', $l10n );
234 }
235
236 /**
237 * Admin footer third party hook support
238 *
239 * @since ACF 5.3.2
240 */
241 public function admin_footer() {
242 do_action( 'acf/field_group/admin_footer' );
243 }
244
245 /**
246 * Screen settings html output
247 *
248 * @since ACF 3.6.0
249 *
250 * @param string $html Current screen settings HTML.
251 * @return string $html
252 */
253 public function screen_settings( $html ) {
254 $show_field_keys = acf_get_user_setting( 'show_field_keys' ) ? 'checked="checked"' : '';
255 $show_field_settings_tabs = acf_get_user_setting( 'show_field_settings_tabs', true ) ? 'checked="checked"' : '';
256 $hide_field_settings_tabs = apply_filters( 'acf/field_group/disable_field_settings_tabs', false );
257
258 $html .= '<div id="acf-append-show-on-screen" class="acf-hidden">';
259 $html .= '<label for="acf-field-key-hide"><input id="acf-field-key-hide" type="checkbox" value="1" name="show_field_keys" ' . $show_field_keys . ' /> ' . __( 'Field Keys', 'secure-custom-fields' ) . '</label>';
260
261 if ( ! $hide_field_settings_tabs ) {
262 $html .= '<label for="acf-field-settings-tabs"><input id="acf-field-settings-tabs" type="checkbox" value="1" name="show_field_settings_tabs" ' . $show_field_settings_tabs . ' />' . __( 'Field Settings Tabs', 'secure-custom-fields' ) . '</label>';
263 }
264
265 $html .= '</div>';
266
267 return $html;
268 }
269
270 /**
271 * Sets the "Edit Field Group" screen to use a one-column layout.
272 *
273 * @param integer $columns Number of columns for layout.
274 * @return integer
275 */
276 public function screen_layout( $columns = 0 ) {
277 return 1;
278 }
279
280 /**
281 * This function will customize the publish metabox
282 *
283 * @since ACF 5.2.9
284 */
285 public function post_submitbox_misc_actions() {
286 global $field_group;
287 $status_label = $field_group['active'] ? _x( 'Active', 'post status', 'secure-custom-fields' ) : _x( 'Inactive', 'post status', 'secure-custom-fields' );
288
289 ?>
290 <script type="text/javascript">
291 (function($) {
292 $('#post-status-display').html( '<?php echo esc_html( $status_label ); ?>' );
293 })(jQuery);
294 </script>
295 <?php
296 }
297
298 /**
299 * Saves field group data.
300 *
301 * @since ACF 1.0.0
302 *
303 * @param integer $post_id The post ID.
304 * @param WP_Post $post The post object.
305 * @return integer $post_id
306 */
307 public function save_post( $post_id, $post ) {
308 if ( ! $this->verify_save_post( $post_id, $post ) ) {
309 return $post_id;
310 }
311
312 // disable filters to ensure ACF loads raw data from DB.
313 acf_disable_filters();
314
315 // save fields.
316 // phpcs:disable WordPress.Security.NonceVerification.Missing -- Validated by WordPress.
317 if ( ! empty( $_POST['acf_fields'] ) ) {
318
319 // loop.
320 foreach ( $_POST['acf_fields'] as $field ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Sanitized when saved.
321
322 if ( ! isset( $field['key'] ) ) {
323 continue;
324 }
325
326 // vars.
327 $specific = false;
328 $save = acf_extract_var( $field, 'save' );
329
330 // only saved field if has changed.
331 if ( $save == 'meta' ) {
332 $specific = array(
333 'menu_order',
334 'post_parent',
335 );
336 }
337
338 // set parent.
339 if ( ! $field['parent'] ) {
340 $field['parent'] = $post_id;
341 }
342
343 // save field.
344 acf_update_field( $field, $specific );
345 }
346 }
347
348 // delete fields.
349 if ( acf_maybe_get_POST( '_acf_delete_fields', false ) ) { // phpcs:ignore -- Sanitized below, unslash not needed
350
351 // clean.
352 $ids = explode( '|', $_POST['_acf_delete_fields'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- Sanitized below, unslash not required.
353 $ids = array_map( 'intval', $ids );
354
355 // loop.
356 foreach ( $ids as $id ) {
357
358 // bai early if no id.
359 if ( ! $id ) {
360 continue;
361 }
362
363 // delete.
364 acf_delete_field( $id );
365 }
366 }
367
368 $_POST['acf_field_group']['ID'] = $post_id;
369 // phpcs:disable WordPress.Security.ValidatedSanitizedInput
370 $_POST['acf_field_group']['title'] = isset( $_POST['post_title'] ) ? $_POST['post_title'] : ''; // Post title is stored unsafe like WordPress, escaped on output.
371
372 // save field group.
373 acf_update_field_group( $_POST['acf_field_group'] );
374 // phpcs:enable WordPress.Security.ValidatedSanitizedInput
375 // phpcs:enable WordPress.Security.NonceVerification.Missing
376
377 return $post_id;
378 }
379
380 /**
381 * This function will render the HTML for the metabox 'acf-field-group-fields'
382 *
383 * @since ACF 5.0.0
384 */
385 public function mb_fields() {
386 global $field_group;
387
388 $view = array(
389 'fields' => acf_get_fields( $field_group ),
390 'parent' => 0,
391 );
392
393 acf_get_view( $this->post_type . '/fields', $view );
394 }
395
396 /**
397 * This function will render the HTML for the metabox 'acf-field-group-options'
398 *
399 * @since ACF 5.0.0
400 */
401 public function mb_options() {
402 global $field_group;
403
404 // Field group key (leave in for compatibility).
405 if ( ! acf_is_field_group_key( $field_group['key'] ) ) {
406 $field_group['key'] = uniqid( 'group_' );
407 }
408
409 acf_get_view( $this->post_type . '/options' );
410 }
411
412 /**
413 * This function can be accessed via an AJAX action and will return the result from the render_location_value function
414 *
415 * @since ACF 5.0.0
416 */
417 public function ajax_render_location_rule() {
418 // validate.
419 if ( ! acf_verify_ajax() ) {
420 die();
421 }
422
423 // verify user capability.
424 if ( ! acf_current_user_can_admin() ) {
425 die();
426 }
427
428 if ( empty( $_POST['rule'] ) ) {
429 die();
430 }
431
432 // validate rule.
433 $rule = acf_validate_location_rule( acf_sanitize_request_args( $_POST['rule'] ) ); //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash -- values not saved.
434
435 acf_get_view(
436 'acf-field-group/location-rule',
437 array(
438 'rule' => $rule,
439 )
440 );
441
442 die();
443 }
444
445 /**
446 * This function will return HTML containing the field's settings based on it's new type
447 *
448 * @since ACF 5.0.0
449 */
450 public function ajax_render_field_settings() {
451 // Verify the current request.
452 if ( ! acf_verify_ajax() || ! acf_current_user_can_admin() ) {
453 wp_send_json_error();
454 }
455
456 // Make sure we have a field.
457 $field = acf_maybe_get_POST( 'field' );
458 if ( ! $field ) {
459 wp_send_json_error();
460 }
461
462 $field['prefix'] = acf_maybe_get_POST( 'prefix' );
463 $field = acf_get_valid_field( $field );
464 $tabs = acf_get_combined_field_type_settings_tabs();
465 $tab_keys = array_keys( $tabs );
466 $sections = array();
467
468 foreach ( $tab_keys as $tab ) {
469 ob_start();
470
471 if ( 'general' === $tab ) {
472 // Back-compat for fields not using tab-specific hooks.
473 do_action( "acf/render_field_settings/type={$field['type']}", $field );
474 }
475
476 do_action( "acf/field_group/render_field_settings_tab/{$tab}/type={$field['type']}", $field );
477 do_action( "acf/render_field_{$tab}_settings/type={$field['type']}", $field );
478 do_action( "acf/render_field_{$tab}_settings", $field );
479
480 $sections[ $tab ] = ob_get_clean();
481 }
482
483 wp_send_json_success( $sections );
484 }
485
486 /**
487 * Moves fields between field groups via AJAX.
488 *
489 * @since ACF 5.0.0
490 *
491 * @return void
492 */
493 public function ajax_move_field() {
494 // Disable filters to ensure ACF loads raw data from DB.
495 acf_disable_filters();
496
497 // phpcs:disable WordPress.Security.NonceVerification.Missing
498 $args = acf_parse_args(
499 $_POST,
500 array(
501 'nonce' => '',
502 'post_id' => 0,
503 'field_id' => 0,
504 'field_group_id' => 0,
505 )
506 );
507 // phpcs:enable WordPress.Security.NonceVerification.Missing
508
509 // Verify nonce.
510 if ( ! wp_verify_nonce( $args['nonce'], 'acf_nonce' ) ) {
511 die();
512 }
513
514 // Verify user capability.
515 if ( ! acf_current_user_can_admin() ) {
516 die();
517 }
518
519 // Move the field if the user has confirmed.
520 if ( $args['field_id'] && $args['field_group_id'] ) {
521 $field = acf_get_field( $args['field_id'] );
522 $old_field_group = acf_get_field_group( $args['post_id'] );
523 $new_field_group = acf_get_field_group( $args['field_group_id'] );
524
525 // Update the field parent and remove conditional logic.
526 $field['parent'] = $new_field_group['ID'];
527 $field['conditional_logic'] = 0;
528
529 // Update the field in the database.
530 acf_update_field( $field );
531
532 // Fire `acf/update_field_group` action hook so JSON can sync if necessary.
533 do_action( 'acf/update_field_group', $old_field_group );
534 do_action( 'acf/update_field_group', $new_field_group );
535
536 // Output HTML.
537 $link = '<a href="' . admin_url( 'post.php?post=' . $new_field_group['ID'] . '&action=edit' ) . '" target="_blank">' . esc_html( $new_field_group['title'] ) . '</a>';
538
539 echo '' .
540 '<p><strong>' . esc_html__( 'Move Complete.', 'secure-custom-fields' ) . '</strong></p>' .
541 '<p>' . sprintf(
542 /* translators: Confirmation message once a field has been moved to a different field group. */
543 acf_punctify( __( 'The %1$s field can now be found in the %2$s field group', 'secure-custom-fields' ) ),
544 esc_html( $field['label'] ),
545 $link //phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
546 ) . '</p>' .
547 '<a href="#" class="button button-primary acf-close-popup">' . esc_html__( 'Close Modal', 'secure-custom-fields' ) . '</a>';
548 die();
549 }
550
551 // Get all field groups.
552 $field_groups = acf_get_field_groups();
553 $choices = array();
554
555 if ( ! empty( $field_groups ) ) {
556 foreach ( $field_groups as $field_group ) {
557 // Bail early if no ID.
558 if ( ! $field_group['ID'] ) {
559 continue;
560 }
561
562 // Bail early if is current.
563 if ( $field_group['ID'] == $args['post_id'] ) {
564 continue;
565 }
566
567 $choices[ $field_group['ID'] ] = $field_group['title'];
568 }
569 }
570
571 // Render options.
572 $field = acf_get_valid_field(
573 array(
574 'type' => 'select',
575 'name' => 'acf_field_group',
576 'choices' => $choices,
577 'aria-label' => __( 'Please select the destination for this field', 'secure-custom-fields' ),
578 )
579 );
580
581 echo '<p>' . esc_html__( 'Please select the destination for this field', 'secure-custom-fields' ) . '</p>';
582 echo '<form id="acf-move-field-form">';
583 acf_render_field_wrap( $field );
584 echo '<button type="submit" class="acf-btn">' . esc_html__( 'Move Field', 'secure-custom-fields' ) . '</button>';
585 echo '</form>';
586
587 die();
588 }
589 }
590
591 // initialize.
592 new acf_admin_field_group();
593 endif; // Class exists check.
594
595 ?>
596