acf-field-group
2 months ago
acf-post-type
1 week ago
acf-taxonomy
1 year ago
acf-ui-options-page
1 year ago
beta-features
1 year ago
global
7 months ago
tools
1 year ago
upgrade
7 months ago
browse-fields-modal.php
1 year ago
escaped-html-notice.php
1 year ago
html-options-page.php
1 year ago
index.php
1 year ago
escaped-html-notice.php
66 lines
| 1 | <?php |
| 2 | |
| 3 | $acf_plugin_name = 'Secure Custom Fields'; |
| 4 | $acf_plugin_name = '<strong>' . $acf_plugin_name . ' —</strong>'; |
| 5 | $acf_class = 'notice-error'; |
| 6 | $acf_user_can_acf = false; |
| 7 | |
| 8 | if ( current_user_can( acf_get_setting( 'capability' ) ) ) { |
| 9 | $acf_user_can_acf = true; |
| 10 | $acf_dismiss_url = add_query_arg( array( 'acf-dismiss-esc-html-notice' => wp_create_nonce( 'acf/dismiss_escaped_html_notice' ) ) ); |
| 11 | |
| 12 | // "Show/Hide Details" is a button for accessibility purposes, because it isn't a link. But since the design shows a link, we need to make it look like a link. |
| 13 | $acf_style_button_as_link = trim( |
| 14 | 'display: inline; |
| 15 | padding: 0; |
| 16 | background: none; |
| 17 | border: none; |
| 18 | color: #0073aa; |
| 19 | text-decoration: underline; |
| 20 | cursor: pointer;' |
| 21 | ); |
| 22 | |
| 23 | $acf_show_details = '<button style="' . esc_attr( $acf_style_button_as_link ) . '" class="acf-show-more-details">' . __( 'Show details', 'secure-custom-fields' ) . '</button>'; |
| 24 | $acf_show_details .= ' | <a class="acf-dismiss-permanently-button" href="' . esc_url( $acf_dismiss_url ) . '">' . __( 'Dismiss permanently', 'secure-custom-fields' ) . '</a>'; |
| 25 | } else { |
| 26 | $acf_show_details = __( 'Please contact your site administrator or developer for more details.', 'secure-custom-fields' ); |
| 27 | } |
| 28 | |
| 29 | $acf_error_msg = sprintf( |
| 30 | /* translators: %1$s - name of the SCF plugin. %2$s - Link to documentation. */ |
| 31 | __( '%1$s SCF automatically escapes unsafe HTML when rendered by <code>the_field</code> or the ACF shortcode. We\'ve detected the output of some of your fields has been modified by this change, but this may not be a breaking change.', 'secure-custom-fields' ), |
| 32 | $acf_plugin_name |
| 33 | ); |
| 34 | |
| 35 | |
| 36 | ?> |
| 37 | <div class="acf-admin-notice notice acf-escaped-html-notice <?php echo esc_attr( $acf_class ); ?>"> |
| 38 | <p style="margin-bottom: 0.5em; padding-bottom: 2px;"><?php echo acf_esc_html( $acf_error_msg ); ?></p> |
| 39 | <p style="margin: 0.5em 0; padding: 2px;"><?php echo acf_esc_html( $acf_show_details ); ?></p> |
| 40 | <?php if ( $acf_user_can_acf && ! empty( $acf_escaped ) ) : ?> |
| 41 | <div class="acf-error-details" style="display: none; list-style: disc; margin-left: 14px;"> |
| 42 | <ul class="acf-error-details" style="display: none; list-style: disc; margin-left: 14px;"> |
| 43 | <?php |
| 44 | foreach ( $acf_escaped as $acf_field_key => $acf_data ) { |
| 45 | $acf_error = sprintf( |
| 46 | /* translators: %1$s - The selector used %2$s The field name 3%$s The parent function name */ |
| 47 | __( '%1$s (%2$s) - rendered via %3$s', 'secure-custom-fields' ), |
| 48 | $acf_data['selector'], |
| 49 | $acf_data['field'], |
| 50 | $acf_data['function'] |
| 51 | ); |
| 52 | |
| 53 | echo '<li>' . esc_html( $acf_error ) . '</li>'; |
| 54 | } |
| 55 | ?> |
| 56 | </ul> |
| 57 | <p style="margin: 0.5em 0; padding: 2px;"> |
| 58 | <?php |
| 59 | $acf_clear_logs_url = add_query_arg( array( 'acf-clear-esc-html-log' => wp_create_nonce( 'acf/clear_escaped_html_log' ) ) ); |
| 60 | // translators: %s - The clear log button opening HTML tag. %s - The closing HTML tag. |
| 61 | echo acf_esc_html( '<i>' . sprintf( __( 'This data is logged as we detect values that have been changed during output. %1$sClear log and dismiss%2$s after escaping the values in your code. The notice will reappear if we detect changed values again.', 'secure-custom-fields' ), '<a class="acf-clear-log-button" href="' . esc_url( $acf_clear_logs_url ) . '">', '</a>' ) . '</i>' ); |
| 62 | ?> |
| 63 | </p> |
| 64 | </div> |
| 65 | <?php endif; ?> |
| 66 | </div> |