Skip to content

Commit

Permalink
Merge pull request #7264 from pods-framework/release/3.1.2
Browse files Browse the repository at this point in the history
  • Loading branch information
sc0ttkclark authored Feb 27, 2024
2 parents 566d706 + bc7639b commit c44dc64
Show file tree
Hide file tree
Showing 53 changed files with 12,967 additions and 10,289 deletions.
16 changes: 16 additions & 0 deletions changelog.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,22 @@ Found a bug? Have a great feature idea? Get on GitHub and tell us about it and w

Our GitHub has the full list of all prior releases of Pods: https://github.com/pods-framework/pods/releases

= 3.1.2 - February 27th, 2024 =

* Added: Now you can set Content Visibility when creating a new pod. (@sc0ttkclark)
* Added: More help text to better explain things on the Access Rights Review screen for extended content types. (@sc0ttkclark)
* Added: New option to specify whether to Sanitize Output for a field in the Additional Field Options of Heading, Paragraph, WYSIWYG, Code, and Text fields. (@sc0ttkclark)
* Added: Pod Reference metabox on the Pods Templates editor screen now has more help text and will now allow clicking to copy any magic tag to clipboard. (@sc0ttkclark)
* Added: Better explain Public vs Publicly Queryable for Post Types and Taxonomies along with showing the current Content Visibility below. (@sc0ttkclark)
* Changed: Updated CodeMirror to 5.65.16 so we can start moving towards CodeMirror 6 for the Pods Template editor. (@sc0ttkclark)
* Fixed: Resolved issues with Access Rights Review screen when making content type public or private causing it not to be fully set (only public was set on, it left out publicly_queryable). (@sc0ttkclark)

= 3.1.1 - February 22nd, 2024 =

This is just a release to retrigger the zip generation on WordPress.org that missed a fix put into the initial 3.1 release tag in SVN.

Pods 3.1 is a security focused release, see below for the changelog information.

= 3.1 - February 21st, 2024 =

*Security Release*
Expand Down
37 changes: 23 additions & 14 deletions classes/PodsAPI.php
Original file line number Diff line number Diff line change
Expand Up @@ -1444,6 +1444,8 @@ public function get_wp_object_fields( $object = 'post_type', $pod = null, $refre
* $params['create_label_plural'] string Plural Label (for Creating)
* $params['create_label_singular'] string Singular Label (for Creating)
* $params['create_storage'] string Storage Type (for Creating)
* $params['create_public'] int Whether the pod will be public (for Creating Post Types and Taxonomies)
* $params['create_publicly_queryable'] int Whether the pod will be publicly queryable (for Creating Post Types and Taxonomies)
* $params['create_rest_api'] int Whether REST API will be enabled (for Creating Post Types and Taxonomies)
* $params['extend_pod_type'] string Pod Type (for Extending)
* $params['extend_post_type'] string Post Type (for Extending Post Types)
Expand All @@ -1460,11 +1462,13 @@ public function add_pod( $params ) {
'create_extend' => 'create',
'create_pod_type' => 'post_type',

'create_name' => '',
'create_label_singular' => '',
'create_label_plural' => '',
'create_storage' => 'meta',
'create_rest_api' => 1,
'create_name' => '',
'create_label_singular' => '',
'create_label_plural' => '',
'create_storage' => 'meta',
'create_public' => 1,
'create_publicly_queryable' => 0,
'create_rest_api' => 1,

'create_setting_name' => '',
'create_label_title' => '',
Expand Down Expand Up @@ -1506,7 +1510,7 @@ public function add_pod( $params ) {
$pod_params['label'] = ( ! empty( $params->create_label_plural ) ? $params->create_label_plural : $label );
$pod_params['type'] = $params->create_pod_type;
$pod_params['label_singular'] = ( ! empty( $params->create_label_singular ) ? $params->create_label_singular : $pod_params['label'] );
$pod_params['public'] = 1;
$pod_params['public'] = 1 === (int) $params->create_public ? 1 : 0;
$pod_params['show_ui'] = 1;

// Auto-generate name if not provided
Expand All @@ -1519,9 +1523,10 @@ public function add_pod( $params ) {
return pods_error( __( 'Please enter a Name for this Pod', 'pods' ), $this );
}

$pod_params['storage'] = pods_tableless() ? 'meta' : $params->create_storage;

$pod_params['rest_enable'] = 1 === (int) $params->create_rest_api ? 1 : 0;
$pod_params['storage'] = pods_tableless() ? 'meta' : $params->create_storage;
$pod_params['publicly_queryable'] = 1 === (int) $params->create_publicly_queryable ? 1 : 0;
$pod_params['dynamic_features_allow'] = 'inherit';
$pod_params['rest_enable'] = 1 === (int) $params->create_rest_api ? 1 : 0;
} elseif ( 'taxonomy' === $pod_params['type'] ) {
if ( empty( $pod_params['name'] ) ) {
return pods_error( __( 'Please enter a Name for this Pod', 'pods' ), $this );
Expand All @@ -1532,11 +1537,11 @@ public function add_pod( $params ) {
$params->create_storage = $params->create_storage_taxonomy;
}

$pod_params['storage'] = pods_tableless() ? 'meta' : $params->create_storage;

$pod_params['hierarchical'] = 1;

$pod_params['rest_enable'] = 1 === (int) $params->create_rest_api ? 1 : 0;
$pod_params['storage'] = pods_tableless() ? 'meta' : $params->create_storage;
$pod_params['hierarchical'] = 1;
$pod_params['publicly_queryable'] = 1 === (int) $params->create_publicly_queryable ? 1 : 0;
$pod_params['dynamic_features_allow'] = 'inherit';
$pod_params['rest_enable'] = 1 === (int) $params->create_rest_api ? 1 : 0;
} elseif ( 'pod' === $pod_params['type'] ) {
if ( empty( $pod_params['name'] ) ) {
return pods_error( __( 'Please enter a Name for this Pod', 'pod' ), $this );
Expand All @@ -1546,6 +1551,10 @@ public function add_pod( $params ) {
$pod_params['type'] = 'post_type';
$pod_params['storage'] = 'meta';
}

if ( $pod_params['public'] ) {
$pod_params['public'] = 1 === (int) $params->create_publicly_queryable ? 1 : 0;
}
} elseif ( 'settings' === $pod_params['type'] ) {
$pod_params['name'] = $params->create_setting_name;
$pod_params['label'] = ( ! empty( $params->create_label_title ) ? $params->create_label_title : ucwords( str_replace( '_', ' ', $params->create_setting_name ) ) );
Expand Down
84 changes: 57 additions & 27 deletions classes/PodsAdmin.php
Original file line number Diff line number Diff line change
Expand Up @@ -1494,9 +1494,11 @@ public function admin_access_rights_review() {
],
'public' => [
'label' => __( 'Content Privacy', 'pods' ),
'type' => 'raw',
],
'dynamic_features_allow' => [
'label' => __( 'Allow Dynamic Features', 'pods' ),
'type' => 'raw',
],
'restricted_dynamic_features' => [
'label' => __( 'Restricted Dynamic Features', 'pods' ),
Expand Down Expand Up @@ -1592,19 +1594,16 @@ public function admin_access_rights_review() {
$file_source = str_replace( ABSPATH, '', $file_source );
}

ob_start();

pods_help(
$source .= ' ' . pods_help(
sprintf(
'<strong>%s:</strong> %s',
esc_html__( 'File source', 'pods' ),
esc_html( $file_source )
),
null,
'.pods-admin-container'
'.pods-admin-container',
true
);

$source .= ' ' . ob_get_clean();
}
} elseif ( 'collection' === $object_storage_type ) {
$code_source = $pod->get_arg( '_pods_code_source' );
Expand All @@ -1614,19 +1613,16 @@ public function admin_access_rights_review() {
$code_source = str_replace( ABSPATH, '', $code_source );
}

ob_start();

pods_help(
$source .= ' ' . pods_help(
sprintf(
'<strong>%s:</strong> %s',
esc_html__( 'Code source', 'pods' ),
esc_html( $code_source )
),
null,
'.pods-admin-container'
'.pods-admin-container',
true
);

$source .= ' ' . ob_get_clean();
}
}
}
Expand Down Expand Up @@ -1655,7 +1651,7 @@ public function admin_access_rights_review() {
$dynamic_features_allow_label .= ' - ' . ( $is_public ? $dynamic_features_allow_options['1'] : $dynamic_features_allow_options['0'] );
}

$pod = [
$pod_row = [
'id' => $pod['id'],
'label' => $pod['label'],
'name' => $pod['name'],
Expand All @@ -1676,20 +1672,35 @@ public function admin_access_rights_review() {
] ),
];

$other_view_groups['public']['views'][ (string) $pod['real_public'] ]['count'] ++;
if ( $pod->is_extended() ) {
$extended_help_text = pods_help(
__( 'This is an extended content type. The Content Privacy cannot be changed by Pods. You can choose to enable Dynamic Features separately anyway if it has "WP Default" used.', 'pods' ),
null,
'.pods-admin-container',
true
);

$pod_row['public'] .= $extended_help_text;

if ( empty( $pod['restricted_dynamic_features'] ) ) {
$pod['restricted_dynamic_features'] = __( 'Unrestricted', 'pods' );
$pod['real_restricted_dynamic_features'] = 'unrestricted';
if ( 'inherit' === $dynamic_features_allow ) {
$pod_row['dynamic_features_allow'] .= $extended_help_text;
}
}

$other_view_groups['public']['views'][ (string) $pod_row['real_public'] ]['count'] ++;

if ( empty( $pod_row['restricted_dynamic_features'] ) ) {
$pod_row['restricted_dynamic_features'] = __( 'Unrestricted', 'pods' );
$pod_row['real_restricted_dynamic_features'] = 'unrestricted';
} else {
foreach ( $pod['restricted_dynamic_features'] as $fk => $feature ) {
$pod['restricted_dynamic_features'][ $fk ] = pods_v( $feature, $restricted_dynamic_features_options, ucwords( $feature ) );
foreach ( $pod_row['restricted_dynamic_features'] as $fk => $feature ) {
$pod_row['restricted_dynamic_features'][ $fk ] = pods_v( $feature, $restricted_dynamic_features_options, ucwords( $feature ) );
}

$pod['real_restricted_dynamic_features'] = 'restricted';
$pod_row['real_restricted_dynamic_features'] = 'restricted';
}

$other_view_groups['restricted_dynamic_features']['views'][ $pod['real_restricted_dynamic_features'] ]['count'] ++;
$other_view_groups['restricted_dynamic_features']['views'][ $pod_row['real_restricted_dynamic_features'] ]['count'] ++;

// @codingStandardsIgnoreLine
if ( 'manage' !== pods_v( 'action' ) ) {
Expand All @@ -1699,18 +1710,18 @@ public function admin_access_rights_review() {
if (
(
$found_id
&& $pod['id'] === $found_id
&& $pod_row['id'] === $found_id
)
|| (
$found_name
&& $pod['name'] === $found_name
&& $pod_row['name'] === $found_name
)
) {
$row = $pod;
$row = $pod_row;
}
}

$pod_list[] = $pod;
$pod_list[] = $pod_row;
}//end foreach

if ( ! $has_source ) {
Expand Down Expand Up @@ -2816,7 +2827,16 @@ public function admin_access_rights_review_make_public( $obj, $id, $mode = 'sing
return 'bulk' !== $mode ? $obj->error( __( 'Pod cannot be modified.', 'pods' ) ) : false;
}

pods_api()->save_pod( [ 'id' => $id, 'public' => 1 ] );
$params = [
'id' => $id,
'public' => 1,
];

if ( in_array( $pod->get_type(), [ 'post_type', 'taxonomy' ], true ) ) {
$params['publicly_queryable'] = 1;
}

pods_api()->save_pod( $params );

foreach ( $obj->data as $key => $data_pod ) {
if ( (int) $id === (int) $data_pod['id'] ) {
Expand Down Expand Up @@ -2882,7 +2902,17 @@ public function admin_access_rights_review_make_private( $obj, $id, $mode = 'sin
return 'bulk' !== $mode ? $obj->error( __( 'Pod cannot be modified.', 'pods' ) ) : false;
}

pods_api()->save_pod( [ 'id' => $id, 'public' => 0 ] );
$params = [
'id' => $id,
];

if ( in_array( $pod->get_type(), [ 'post_type', 'taxonomy' ], true ) ) {
$params['publicly_queryable'] = 0;
} else {
$params['public'] = 0;
}

pods_api()->save_pod( $params );

foreach ( $obj->data as $key => $data_pod ) {
if ( (int) $id === (int) $data_pod['id'] ) {
Expand Down
2 changes: 1 addition & 1 deletion classes/PodsField.php
Original file line number Diff line number Diff line change
Expand Up @@ -937,7 +937,7 @@ public function strip_html( $value, $options = null ) {
*/
public function maybe_sanitize_output( $value, $options = null ) {
// Maybe check for a sanitize output option.
$should_sanitize = null === $options || 1 === (int) pods_v( 'sanitize_output', $options, 1 );
$should_sanitize = null === $options || 1 === (int) pods_v( static::$type . '_output', $options, 1 );

/**
* Allow filtering whether to sanitize the field value before output.
Expand Down
16 changes: 9 additions & 7 deletions classes/PodsInit.php
Original file line number Diff line number Diff line change
Expand Up @@ -604,13 +604,15 @@ public function register_assets() {

wp_register_script( 'pods-cleditor', PODS_URL . "ui/js/cleditor/jquery.cleditor{$suffix_min}.js", array( 'jquery' ), '1.4.5', true );

wp_register_script( 'pods-codemirror', PODS_URL . 'ui/js/codemirror/codemirror.js', array(), '4.8', true );
wp_register_script( 'pods-codemirror-loadmode', PODS_URL . 'ui/js/codemirror/addon/mode/loadmode.js', array( 'pods-codemirror' ), '4.8', true );
wp_register_script( 'pods-codemirror-overlay', PODS_URL . 'ui/js/codemirror/addon/mode/overlay.js', array( 'pods-codemirror' ), '4.8', true );
wp_register_script( 'pods-codemirror-hints', PODS_URL . 'ui/js/codemirror/addon/mode/show-hint.js', array( 'pods-codemirror' ), '4.8', true );
wp_register_script( 'pods-codemirror-mode-xml', PODS_URL . 'ui/js/codemirror/mode/xml/xml.js', array( 'pods-codemirror' ), '4.8', true );
wp_register_script( 'pods-codemirror-mode-html', PODS_URL . 'ui/js/codemirror/mode/htmlmixed/htmlmixed.js', array( 'pods-codemirror' ), '4.8', true );
wp_register_script( 'pods-codemirror-mode-css', PODS_URL . 'ui/js/codemirror/mode/css/css.js', array( 'pods-codemirror' ), '4.8', true );
wp_register_script( 'pods-codemirror', PODS_URL . 'ui/js/codemirror/lib/codemirror.js', [], '5.65.16', true );
wp_register_script( 'pods-codemirror-hints', PODS_URL . 'ui/js/codemirror/addon/hint/show-hint.js', [ 'pods-codemirror' ], '5.65.16', true );
wp_register_script( 'pods-codemirror-loadmode', PODS_URL . 'ui/js/codemirror/addon/mode/loadmode.js', [ 'pods-codemirror' ], '5.65.16', true );
wp_register_script( 'pods-codemirror-overlay', PODS_URL . 'ui/js/codemirror/addon/mode/overlay.js', [ 'pods-codemirror' ], '5.65.16', true );
wp_register_script( 'pods-codemirror-mode-css', PODS_URL . 'ui/js/codemirror/mode/css/css.js', [ 'pods-codemirror' ], '5.65.16', true );
wp_register_script( 'pods-codemirror-mode-html', PODS_URL . 'ui/js/codemirror/mode/htmlmixed/htmlmixed.js', [ 'pods-codemirror' ], '5.65.16', true );
wp_register_script( 'pods-codemirror-mode-xml', PODS_URL . 'ui/js/codemirror/mode/xml/xml.js', [ 'pods-codemirror' ], '5.65.16', true );
wp_register_style( 'pods-codemirror', PODS_URL . 'ui/js/codemirror/lib/codemirror.css', [], '5.65.16' );
wp_register_style( 'pods-codemirror-hints', PODS_URL . 'ui/js/codemirror/addon/hint/show-hint.css', [ 'pods-codemirror' ], '5.65.16' );

// jQuery Timepicker.
if ( ! wp_script_is( 'jquery-ui-slideraccess', 'registered' ) ) {
Expand Down
7 changes: 7 additions & 0 deletions classes/fields/code.php
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,13 @@ public function options() {
'default' => 0,
'type' => 'boolean',
],
static::$type . '_output' => [
'label' => __( 'Sanitize HTML', 'pods' ),
'default' => 1,
'help' => __( 'This sanitizes things like script tags and other content not normally allowed in WordPress content. Disable this only if you trust users who will have access to enter content into this field.', 'pods' ),
'type' => 'boolean',
'dependency' => true,
],
static::$type . '_allow_shortcode' => [
'label' => __( 'Allow Shortcodes', 'pods' ),
'default' => 0,
Expand Down
7 changes: 7 additions & 0 deletions classes/fields/heading.php
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,13 @@ public function options() {
'type' => 'boolean',
'dependency' => true,
],
static::$type . '_output' => [
'label' => __( 'Sanitize HTML', 'pods' ),
'default' => 1,
'help' => __( 'This sanitizes things like script tags and other content not normally allowed in WordPress content. Disable this only if you trust users who will have access to enter content into this field.', 'pods' ),
'type' => 'boolean',
'dependency' => true,
],
static::$type . '_wptexturize' => [
'label' => __( 'Enable wptexturize', 'pods' ),
'default' => 1,
Expand Down
7 changes: 7 additions & 0 deletions classes/fields/paragraph.php
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,13 @@ public function options() {
'type' => 'boolean',
'dependency' => true,
],
static::$type . '_output' => [
'label' => __( 'Sanitize HTML', 'pods' ),
'default' => 1,
'help' => __( 'This sanitizes things like script tags and other content not normally allowed in WordPress content. Disable this only if you trust users who will have access to enter content into this field.', 'pods' ),
'type' => 'boolean',
'dependency' => true,
],
static::$type . '_oembed' => [
'label' => __( 'Enable oEmbed', 'pods' ),
'default' => 0,
Expand Down
7 changes: 7 additions & 0 deletions classes/fields/text.php
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,13 @@ public function options() {
'type' => 'boolean',
'dependency' => true,
],
static::$type . '_output' => [
'label' => __( 'Sanitize HTML', 'pods' ),
'default' => 1,
'help' => __( 'This sanitizes things like script tags and other content not normally allowed in WordPress content. Disable this only if you trust users who will have access to enter content into this field.', 'pods' ),
'type' => 'boolean',
'dependency' => true,
],
static::$type . '_allow_shortcode' => [
'label' => __( 'Allow Shortcodes', 'pods' ),
'default' => 0,
Expand Down
7 changes: 7 additions & 0 deletions classes/fields/wysiwyg.php
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,13 @@ public function options() {
'default' => 0,
'type' => 'boolean',
],
static::$type . '_output' => [
'label' => __( 'Sanitize HTML', 'pods' ),
'default' => 1,
'help' => __( 'This sanitizes things like script tags and other content not normally allowed in WordPress content. Disable this only if you trust users who will have access to enter content into this field.', 'pods' ),
'type' => 'boolean',
'dependency' => true,
],
static::$type . '_oembed' => [
'label' => __( 'Enable oEmbed', 'pods' ),
'default' => 0,
Expand Down
Loading

0 comments on commit c44dc64

Please sign in to comment.