WordPress.org
Get WordPress

Plugin Directory

Changeset 3042177


Ignore:
Timestamp:
02/27/2024 07:11:53 PM (2 years ago)
Author:
mgibbs189
Message:

CFS 2.6.5

Location:
custom-field-suite/trunk
Files:
10 edited

Legend:

Unmodified
Added
Removed

  • custom-field-suite/trunk/cfs.php

    r2931047 r3042177  
    33Plugin Name: Custom Field Suite
    44Description: Visually add custom fields to your WordPress edit pages.
    5 Version: 2.6.4
     5Version: 2.6.5
    66Author: Matt Gibbs
    77Text Domain: cfs
     
    2222
    2323        // setup variables
    24         define( 'CFS_VERSION', '2.6.4' );
     24        define( 'CFS_VERSION', '2.6.5' );
    2525        define( 'CFS_DIR', dirname( __FILE__ ) );
    2626        define( 'CFS_URL', plugins_url( '', __FILE__ ) );

  • custom-field-suite/trunk/includes/field.php

    r2287953 r3042177  
    99    /**
    1010     * Constructor
    11      * @param object $parent 
     11     * @param object $parent
    1212     * @since 1.0.5
    1313     */
     
    2020    /**
    2121     * Generate the field HTML
    22      * @param object $field 
     22     * @param object $field
    2323     * @since 1.0.5
    2424     */
    2525    function html( $field ) {
    2626    ?>
    27         <input type="text" name="<?php echo $field->input_name; ?>" class="<?php echo $field->input_class; ?>" value="<?php echo $field->value; ?>" />
     27        <input type="text" name="<?php echo esc_attr( $field->input_name ); ?>" class="<?php echo esc_attr( $field->input_class ); ?>" value="<?php echo esc_attr( $field->value ); ?>" />
    2828    <?php
    2929    }
     
    3333     * Generate settings HTML for the field group edit screen
    3434     * @param int $key The unique field identifier
    35      * @param object $field 
     35     * @param object $field
    3636     * @since 1.0.5
    3737     */
     
    7070    /**
    7171     * Format the value directly after database load
    72      * 
     72     *
    7373     * Values are retrieved from the database as an array, even for field types that
    7474     * don't expect arrays. For field types that should return array values, make
    7575     * sure to override this method and return $value.
    76      * 
    77      * @param mixed $value 
     76     *
     77     * @param mixed $value
    7878     * @param mixed $field The field object (optional)
    7979     * @return mixed The field value
     
    8787    /**
    8888     * Format the value for use with $cfs->get
    89      * @param mixed $value 
     89     * @param mixed $value
    9090     * @param mixed $field The field object (optional)
    9191     * @return mixed
     
    9999    /**
    100100     * Format the value for use with HTML input elements
    101      * @param mixed $value 
     101     * @param mixed $value
    102102     * @param mixed $field The field object (optional)
    103103     * @return mixed
     
    111111    /**
    112112     * Format the value before saving to DB
    113      * @param mixed $value 
     113     * @param mixed $value
    114114     * @param mixed $field The field object (optional)
    115115     * @return mixed
     
    134134    /**
    135135     * Helper method to retrieve a field setting
    136      * @param object $field 
    137      * @param string $option_name 
    138      * @param mixed $default_value 
     136     * @param object $field
     137     * @param string $option_name
     138     * @param mixed $default_value
    139139     * @return mixed
    140140     * @since 1.4.3

  • custom-field-suite/trunk/includes/fields/file.php

    r2287953 r3042177  
    3232        <input type="button" class="media button add<?php echo $css[0]; ?>" value="<?php _e( 'Add File', 'cfs' ); ?>" />
    3333        <input type="button" class="media button remove<?php echo $css[1]; ?>" value="<?php _e( 'Remove', 'cfs' ); ?>" />
    34         <input type="hidden" name="<?php echo $field->input_name; ?>" class="file_value" value="<?php echo $field->value; ?>" />
     34        <input type="hidden" name="<?php echo esc_attr( $field->input_name ); ?>" class="file_value" value="<?php echo esc_attr( $field->value ); ?>" />
    3535    <?php
    3636    }
     
    110110            display: none;
    111111        }
    112        
     112
    113113        .cfs_frame .media-frame-title,
    114114        .cfs_frame .media-frame-router,

  • custom-field-suite/trunk/includes/fields/loop.php

    r2931047 r3042177  
    126126            <div class="cfs_loop_body open">
    127127            <?php foreach ( $results as $field ) : ?>
    128                 <label><?php echo $field->label; ?></label>
     128                <label><?php echo esc_html( $field->label ); ?></label>
    129129
    130130                <?php if ( ! empty( $field->notes ) ) : ?>
    131                 <p class="notes"><?php echo $field->notes; ?></p>
     131                <p class="notes"><?php echo esc_html( $field->notes ); ?></p>
    132132                <?php endif; ?>
    133133
    134                 <div class="field field-<?php echo $field->name; ?> cfs_<?php echo $field->type; ?>">
     134                <div class="field field-<?php echo esc_attr( $field->name ); ?> cfs_<?php echo esc_attr( $field->type ); ?>">
    135135                <?php
    136136                if ( 'loop' == $field->type ) :
     
    214214            <div class="cfs_loop_body<?php echo $css_class; ?>">
    215215            <?php foreach ( $results as $field ) : ?>
    216                 <label><?php echo $field->label; ?></label>
     216                <label><?php echo esc_html( $field->label ); ?></label>
    217217
    218218                <?php if ( ! empty( $field->notes ) ) : ?>
    219                 <p class="notes"><?php echo $field->notes; ?></p>
     219                <p class="notes"><?php echo esc_html( $field->notes ); ?></p>
    220220                <?php endif; ?>
    221221
    222                 <div class="field field-<?php echo $field->name; ?> cfs_<?php echo $field->type; ?>">
     222                <div class="field field-<?php echo esc_attr( $field->name ); ?> cfs_<?php echo esc_attr( $field->type ); ?>">
    223223                <?php if ( 'loop' == $field->type ) : ?>
    224224                    <?php $this->recursive_html( $group_id, $field->id, "{$parent_tag}[$i][$field->id]", $i ); ?>
     
    250250
    251251        <div class="table_footer">
    252             <input type="button" class="button-primary cfs_add_field" value="<?php echo esc_attr( $button_label ); ?>" data-loop-tag="<?php echo $parent_tag; ?>" data-rows="<?php echo ( $row_offset + 1 ); ?>" />
     252            <input type="button" class="button-primary cfs_add_field" value="<?php echo esc_attr( $button_label ); ?>" data-loop-tag="<?php echo esc_attr( $parent_tag ); ?>" data-rows="<?php echo ( $row_offset + 1 ); ?>" />
    253253        </div>
    254254    <?php

  • custom-field-suite/trunk/includes/fields/relationship.php

    r2287953 r3042177  
    6262        <?php foreach ( $available_posts as $post ) : ?>
    6363            <?php $class = ( isset( $selected_posts[ $post->ID ] ) ) ? ' class="used"' : ''; ?>
    64             <div rel="<?php echo $post->ID; ?>"<?php echo $class; ?> title="<?php echo $post->post_type; ?>"><?php echo apply_filters( 'cfs_relationship_display', $post->post_title, $post->ID, $field ); ?></div>
     64            <div rel="<?php echo $post->ID; ?>"<?php echo $class; ?> title="<?php echo esc_attr( $post->post_type ); ?>"><?php echo apply_filters( 'cfs_relationship_display', $post->post_title, $post->ID, $field ); ?></div>
    6565        <?php endforeach; ?>
    6666        </div>
     
    7272        </div>
    7373        <div class="clear"></div>
    74         <input type="hidden" name="<?php echo $field->input_name; ?>" class="<?php echo $field->input_class; ?>" value="<?php echo $field->value; ?>" />
     74        <input type="hidden" name="<?php echo esc_attr( $field->input_name ); ?>" class="<?php echo esc_attr( $field->input_class ); ?>" value="<?php echo esc_attr( $field->value ); ?>" />
    7575    <?php
    7676    }

  • custom-field-suite/trunk/includes/fields/select.php

    r2931047 r3042177  
    3333        }
    3434    ?>
    35         <select name="<?php echo $field->input_name; ?>" class="<?php echo trim( $field->input_class ); ?>"<?php echo $multiple; ?>>
     35        <select name="<?php echo esc_attr( $field->input_name ); ?>" class="<?php echo esc_attr( $field->input_class ); ?>"<?php echo $multiple; ?>>
    3636        <?php foreach ( $field->options['choices'] as $val => $label ) : ?>
    3737            <?php $val = ( '{empty}' == $val ) ? '' : $val; ?>

  • custom-field-suite/trunk/includes/fields/textarea.php

    r2287953 r3042177  
    1212    function html( $field ) {
    1313    ?>
    14         <textarea name="<?php echo $field->input_name; ?>" class="<?php echo $field->input_class; ?>" rows="4"><?php echo $field->value; ?></textarea>
     14        <textarea name="<?php echo esc_attr( $field->input_name ); ?>" class="<?php echo esc_attr( $field->input_class ); ?>" rows="4"><?php echo $field->value; ?></textarea>
    1515    <?php
    1616    }

  • custom-field-suite/trunk/includes/fields/true_false.php

    r2287953 r3042177  
    1818            <input type="checkbox" <?php echo $field->value ? ' checked' : ''; ?>>
    1919            <span><?php echo $field->options['message']; ?></span>
    20             <input type="hidden" name="<?php echo $field->input_name; ?>" class="<?php echo $field->input_class; ?>" value="<?php echo $field->value; ?>" />
     20            <input type="hidden" name="<?php echo esc_attr( $field->input_name ); ?>" class="<?php echo esc_attr( $field->input_class ); ?>" value="<?php echo esc_attr( $field->value ); ?>" />
    2121        </label>
    2222    <?php

  • custom-field-suite/trunk/includes/fields/wysiwyg.php

    r2910695 r3042177  
    2020            </div>
    2121            <div class="wp-editor-container">
    22                 <textarea name="<?php echo $field->input_name; ?>" class="wp-editor-area <?php echo $field->input_class; ?>" style="height:300px"><?php echo $field->value; ?></textarea>
     22                <textarea name="<?php echo esc_attr( $field->input_name ); ?>" class="wp-editor-area <?php echo esc_attr( $field->input_class ); ?>" style="height:300px"><?php echo $field->value; ?></textarea>
    2323            </div>
    2424        </div>
     
    111111                    $(this).find('.wysiwyg').attr('id', input_id);
    112112                    $(this).find('a.add_media').attr('data-editor', input_id);
    113                    
     113
    114114                    // if all editors on page are in 'text' tab, tinyMCE.settings will not be set
    115                     if ('undefined' == typeof tinyMCE.settings) {
     115                    if ('undefined' === typeof tinyMCE.settings || Object.keys(tinyMCE.settings).length === 0) {
    116116
    117117                        // let's pull from tinyMCEPreInit for main content area (if it's set)
    118                         if ('undefined' != typeof tinyMCEPreInit && 'undefined' != typeof tinyMCEPreInit.mceInit.content) {
     118                        if ('undefined' !== typeof tinyMCEPreInit && 'undefined' !== typeof tinyMCEPreInit.mceInit.content) {
    119119                            tinyMCE.settings = tinyMCEPreInit.mceInit.content;
    120120                        }
     
    125125                                resize : 'vertical',
    126126                                toolbar2 : 'code'
    127                             }; 
     127                            };
    128128                        }
    129129                    }
    130                    
     130
    131131                    // add the "code" button
    132132                    if ('undefined' !== typeof tinyMCE.settings.toolbar2) {
     
    139139                    wpautop = tinyMCE.settings.wpautop;
    140140                    resize = tinyMCE.settings.resize;
    141                    
    142                     tinyMCE.settings.plugins = 'code,link';
     141
     142                    if (tinyMCE.settings.plugins){
     143                        if ( tinyMCE.settings.plugins.indexOf('code,link') === -1 ){
     144                            tinyMCE.settings.plugins = tinyMCE.settings.plugins + ',code,link';
     145                        }
     146                    } else {
     147                        tinyMCE.settings.plugins = 'code,link';
     148                    }
    143149
    144150                    tinyMCE.settings.wpautop = false;

  • custom-field-suite/trunk/readme.txt

    r2931047 r3042177  
    33Tags: custom fields, fields, postmeta, relationship, repeater, file upload
    44Requires at least: 5.0
    5 Tested up to: 6.2.2
     5Tested up to: 6.4.3
    66Stable tag: trunk
    77License: GPLv2
     
    4747== Changelog ==
    4848
     49= 2.6.5 =
     50* Extra sanitization to prevent XSS via admin-imported field groups (props WordFence)
     51
    4952= 2.6.4 =
    5053* Fixed: cleared PHP8 deprecation notices
Note: See TracChangeset for help on using the changeset viewer.