PluginProbe ʕ •ᴥ•ʔ
Secure Custom Fields / trunk
Secure Custom Fields vtrunk
6.9.1 6.9.0 6.8.9 6.8.7 6.8.8 6.8.6 6.8.4 6.8.5 trunk 6.4.0-beta1 6.4.0-beta2 6.4.1 6.4.1-beta3 6.4.1-beta4 6.4.1-beta5 6.4.1-beta6 6.4.1-beta7 6.4.2 6.5.0 6.5.1 6.5.2 6.5.3 6.5.4 6.5.5 6.5.6 6.5.7 6.6.0 6.7.0 6.7.1 6.8.0 6.8.1 6.8.2 6.8.3
secure-custom-fields / includes / admin / views / escaped-html-notice.php
secure-custom-fields / includes / admin / views Last commit date
acf-field-group 2 months ago acf-post-type 1 week ago acf-taxonomy 1 year ago acf-ui-options-page 1 year ago beta-features 1 year ago global 7 months ago tools 1 year ago upgrade 7 months ago browse-fields-modal.php 1 year ago escaped-html-notice.php 1 year ago html-options-page.php 1 year ago index.php 1 year ago
escaped-html-notice.php
66 lines
1 <?php
2
3 $acf_plugin_name = 'Secure Custom Fields';
4 $acf_plugin_name = '<strong>' . $acf_plugin_name . ' &mdash;</strong>';
5 $acf_class = 'notice-error';
6 $acf_user_can_acf = false;
7
8 if ( current_user_can( acf_get_setting( 'capability' ) ) ) {
9 $acf_user_can_acf = true;
10 $acf_dismiss_url = add_query_arg( array( 'acf-dismiss-esc-html-notice' => wp_create_nonce( 'acf/dismiss_escaped_html_notice' ) ) );
11
12 // "Show/Hide Details" is a button for accessibility purposes, because it isn't a link. But since the design shows a link, we need to make it look like a link.
13 $acf_style_button_as_link = trim(
14 'display: inline;
15 padding: 0;
16 background: none;
17 border: none;
18 color: #0073aa;
19 text-decoration: underline;
20 cursor: pointer;'
21 );
22
23 $acf_show_details = '<button style="' . esc_attr( $acf_style_button_as_link ) . '" class="acf-show-more-details">' . __( 'Show&nbsp;details', 'secure-custom-fields' ) . '</button>';
24 $acf_show_details .= ' | <a class="acf-dismiss-permanently-button" href="' . esc_url( $acf_dismiss_url ) . '">' . __( 'Dismiss permanently', 'secure-custom-fields' ) . '</a>';
25 } else {
26 $acf_show_details = __( 'Please contact your site administrator or developer for more details.', 'secure-custom-fields' );
27 }
28
29 $acf_error_msg = sprintf(
30 /* translators: %1$s - name of the SCF plugin. %2$s - Link to documentation. */
31 __( '%1$s SCF automatically escapes unsafe HTML when rendered by <code>the_field</code> or the ACF shortcode. We\'ve detected the output of some of your fields has been modified by this change, but this may not be a breaking change.', 'secure-custom-fields' ),
32 $acf_plugin_name
33 );
34
35
36 ?>
37 <div class="acf-admin-notice notice acf-escaped-html-notice <?php echo esc_attr( $acf_class ); ?>">
38 <p style="margin-bottom: 0.5em; padding-bottom: 2px;"><?php echo acf_esc_html( $acf_error_msg ); ?></p>
39 <p style="margin: 0.5em 0; padding: 2px;"><?php echo acf_esc_html( $acf_show_details ); ?></p>
40 <?php if ( $acf_user_can_acf && ! empty( $acf_escaped ) ) : ?>
41 <div class="acf-error-details" style="display: none; list-style: disc; margin-left: 14px;">
42 <ul class="acf-error-details" style="display: none; list-style: disc; margin-left: 14px;">
43 <?php
44 foreach ( $acf_escaped as $acf_field_key => $acf_data ) {
45 $acf_error = sprintf(
46 /* translators: %1$s - The selector used %2$s The field name 3%$s The parent function name */
47 __( '%1$s (%2$s) - rendered via %3$s', 'secure-custom-fields' ),
48 $acf_data['selector'],
49 $acf_data['field'],
50 $acf_data['function']
51 );
52
53 echo '<li>' . esc_html( $acf_error ) . '</li>';
54 }
55 ?>
56 </ul>
57 <p style="margin: 0.5em 0; padding: 2px;">
58 <?php
59 $acf_clear_logs_url = add_query_arg( array( 'acf-clear-esc-html-log' => wp_create_nonce( 'acf/clear_escaped_html_log' ) ) );
60 // translators: %s - The clear log button opening HTML tag. %s - The closing HTML tag.
61 echo acf_esc_html( '<i>' . sprintf( __( 'This data is logged as we detect values that have been changed during output. %1$sClear log and dismiss%2$s after escaping the values in your code. The notice will reappear if we detect changed values again.', 'secure-custom-fields' ), '<a class="acf-clear-log-button" href="' . esc_url( $acf_clear_logs_url ) . '">', '</a>' ) . '</i>' );
62 ?>
63 </p>
64 </div>
65 <?php endif; ?>
66 </div>