Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3398451

Timestamp:

11/19/2025 02:46:30 AM (5 months ago)

Author:

TCattd

Message:

1.7.5

Location:

fuerte-wp/trunk

Files:

: 8 edited

CHANGELOG.md (modified) (1 diff)
README.md (modified) (3 diffs)
README.txt (modified) (1 diff)
SECURITY.md (modified) (1 diff)
fuerte-wp.php (modified) (3 diffs)
includes/class-fuerte-wp-config.php (modified) (1 diff)
includes/class-fuerte-wp-login-url-hider.php (modified) (39 diffs)
includes/class-fuerte-wp.php (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed

fuerte-wp/trunk/CHANGELOG.md

r3395732	r3398451
1	1	# Changelog
	2
	3	# 1.7.5 / 2025-11-18
	4	- Prevent Carbon Fields from booting in Elementor editor to avoid JS conflicts.
2	5
3	6	# 1.7.4 / 2025-11-13

fuerte-wp/trunk/README.md

-                      r3395361
+                      r3398451
 </p>
 Stronger WP. Limit access to critical WordPress areas, even for other admins.
+Take control of your WordPress security & maintenance. Automate plugin updates, manage administrator access, and prevent broken functionality from outdated plugins without proper oversight.
 Fuerte-WP is a WordPress Plugin to enforce certain limits for users with wp-admin administrator access, and to force some other security related tweaks into WordPress.
+Fuerte-WP is the ultimate WordPress security & maintenance solution that combines automated updates with administrator oversight to prevent plugin conflicts before they break your site.
 Available at the official [WordPress.org plugins repository](https://wordpress.org/plugins/fuerte-wp/).
 …
 ## Why?
 Because even if you choose to set an user only as Editor, some plugins require users to be an Administrator. And so many Administrators without limits could become an issue, security-wise.
+Is your WordPress site suffering from plugin neglect? Every day, thousands of sites break due to outdated plugins, untested updates, and lack of proper maintenance oversight.
+Not only because admins can edit every single configuration inside WordPress. Administrators can also upload plugins or themes, or even edit plugins and theme files (on by default), and with those capabitilies, compromise your WordPress installation.
+**⚠️ THE REALITY:**
+- 90% of WordPress site failures are caused by outdated plugins, themes or incompatible updates
+- Most WordPress downtime happens from untested plugin updates by administrators with too much freedom
+- Your WordPress installation is only as reliable as your maintenance routine
+Fuerte-WP will limit some administrators from access critical WordPress areas that you can define.
+**🔥 WHY FUERTE-WP IS DIFFERENT:**
 Fuerte-WP auto-protect itself and cannot be disabled, unless your account is declared as super user, or you have access to the server (FTP, SFTP, SSH, cPanel/Plesk, etc.).
+Most maintenance plugins just alert you AFTER something breaks. Fuerte-WP PREVENTS issues before they happen, combining automated updates with access control that works together seamlessly.
+## Login Security Deep Dive
+Fuerte-WP auto-protects itself and cannot be disabled, unless your account is declared as super user, or you have access to the server (FTP, SFTP, SSH, cPanel/Plesk, etc.).
+Fuerte-WP's Login Security system provides comprehensive protection against brute force attacks and unauthorized access attempts:
+## Auto-Update Management System
+### 🛡️ Attack Prevention
+- **Rate Limiting**: Configurable thresholds for failed login attempts (default: 5 attempts in 15 minutes)
+- **Progressive Lockouts**: Increasing lockout durations for repeated security violations
+- **IP & Username Tracking**: Track and block based on both IP addresses and usernames
+- **Real-time Monitoring**: Live dashboard showing current login attempts and active lockouts
+🚨 **Intelligent Update Scheduling & Control**
+### 📊 Monitoring & Management
+- **Detailed Logging**: Comprehensive logs of all security events with timestamps and user agents
+- **AJAX Dashboard**: Real-time updates without page refreshes
+- **Export Functionality**: Export security data for external analysis or backup
+- **Individual Unblock**: Unblock specific IPs or usernames without clearing all data
+Fuerte-WP's Auto-Update Management System provides comprehensive control over WordPress maintenance:
+### 🇪🇺 GDPR Compliance
+- **Privacy Notices**: Customizable GDPR compliance messages on login and registration forms
+- **Default Messaging**: Built-in privacy notice template if no custom message is provided
+- **Non-Intrusive Design**: Messages displayed below forms without affecting user experience
+### 📅 Update Scheduling
+- **Intelligent Update Scheduling**: Configurable update frequency (default: every 12 hours)
+- **Selective Updates**: Choose which plugins, themes, and core components to auto-update
+- **Compatibility Monitoring**: Track which updates are safe and tested
+- **Real-Time Update Dashboard**: Live dashboard showing current update status and scheduled maintenance
+### 🔐 Optional: Login URL Obscurity
+*Security by obscurity - disabled by default for optimal security*
+### 👑 Administrator Oversight
+- **Super User Access**: Designate who has full maintenance control (YOU) while restricting others
+- **Role-Based Permissions**: Granular control over what different admin roles can modify
+- **Plugin & Theme Management**: Prevent other admins from installing unstable plugins or untested updates
+- **Menu Management**: Hide sensitive WordPress settings from inexperienced administrators
+For users who want additional obscurity layers, Fuerte-WP offers optional login URL hiding:
+### 📊 Maintenance Command Center
+- **Live Update Monitoring**: Real-time AJAX dashboard shows plugin/theme updates as they happen
+- **Detailed Maintenance Logs**: Comprehensive logging with timestamps, versions, and compatibility notes
+- **Export Maintenance Data**: Download update reports for analysis or compliance
+- **Smart Notifications**: Get alerted about available updates and maintenance tasks
+- **Hide wp-login.php**: Prevents direct access to the default WordPress login URL
 - **Custom Login Endpoints**: Use either pretty URLs (`/secure-login/`) or query parameters (`?secure-login`)
 - **WP-Admin Protection**: Automatically blocks direct `/wp-admin/` access for unauthorized users
 - **Smart Redirection**: Configure custom redirect URLs for blocked login attempts
+### 🇪🇺 Email Management
+- **Recovery Email Routing**: Route WordPress admin emails to the right maintenance team
+- **Custom Sender Configuration**: Professional email sender setup that matches your domain
+- **Email Audit Trail**: Logging that helps with maintenance communication tracking
+**Note**: This feature is disabled by default because true security comes from strong authentication and monitoring, not hiding URLs. Enable only if you understand the trade-offs.
+### 🔐 Optional: Admin Access Management
+*For organizations with multiple administrators*
+## Features
+- **Custom Login Endpoints**: Create dedicated maintenance access points
+- **Smart Redirection**: Guide users to appropriate admin areas based on permissions
+- **WP-Admin Access Control**: Restrict direct `/wp-admin/` access for specific user roles
+### 🛡️ Login Security
+- **Rate Limiting & Lockouts**: Configurable thresholds for failed login attempts with automatic IP lockouts
+- **Real-time Monitoring**: AJAX-powered dashboard for monitoring login attempts and managing lockouts
+- **GDPR Privacy Notice**: Customizable privacy compliance message displayed on login/registration forms
+- **Hidden Field Validation**: Enhanced CSRF protection with hidden form validation
+- **Invalid Login Redirect**: Configure where unauthorized login attempts are redirected (404 page or custom URL)
+- **Login URL Obscurity** (Optional): Obscure your WordPress login URL by hiding `wp-login.php` and `/wp-admin/` access (security by obscurity, disabled by default)
+**Note**: These features are optional and should be used based on your specific organizational needs.
+### 🔐 Access Control & Restrictions
+- **Super User System**: Configure users who bypass all restrictions and maintain full access
+- **Role-Based Restrictions**: Limit what different administrator roles can access and modify
+- **Plugin & Theme Protection**: Prevent installation, deletion, and editing of plugins/themes by non-super users
+- **Menu Management**: Remove or restrict access to specific WordPress admin menu items
+- **Page Access Control**: Restrict access to sensitive WordPress admin areas
+- **User Account Protection**: Prevent editing or deletion of super user accounts
+- **ACF Integration**: Restrict access to Advanced Custom Fields editor interface
+## Key Features
 ### ⚙️ WordPress Core Tweaks
 - **Auto-Update Management**: Configurable automatic updates for core, plugins, themes, and translations
 - **API Security**: Disable XML-RPC, Application Passwords, and restrict REST API access
+### ⚙️ Advanced WordPress Optimization
+- **Automated Update Management**: Background updates for core, plugins, themes, and translations
+- **API Optimization**: Disable unused XML-RPC endpoints and optimize REST API access
 - **Email Configuration**: Customize WordPress recovery and sender email addresses
+- **Security Hardening**: Disable file editors, force strong passwords, and block weak password usage
+- **Admin Bar Control**: Disable WordPress admin bar for specific user roles
+- **Customizer Restrictions**: Lock down Customizer features like CSS editor and theme modifications
+- **Performance Hardening**: Disable unused features, optimize database performance
+- **Background Processing**: Maintenance tasks that don't slow down your site
+### 🚀 Performance & Monitoring
+- **Login Logging**: Comprehensive logging of all login attempts, failed authentications, and security events
+- **Export Capabilities**: Export security data and logs for analysis
+- **Database Optimization**: Automated cleanup and maintenance of security logs
+- **Cron-Based Updates**: Background auto-updates that don't impact site performance
+### 👑 Administrator Oversight System
+- **Super User Control**: Designate who has full maintenance access while restricting others
+- **Role-Based Permissions**: Granular control over what different admin roles can modify
+- **Plugin & Theme Management**: Prevent other admins from installing unstable plugins or untested updates
+- **Menu Management**: Hide sensitive WordPress settings from inexperienced administrators
+- **User Account Protection**: Protect maintenance accounts from being modified by other admins
+### 📊 Maintenance Command Center
+- **Live Update Monitoring**: Real-time AJAX dashboard shows plugin/theme updates as they happen
+- **Detailed Maintenance Logs**: Comprehensive logging with timestamps, versions, and compatibility notes
+- **Export Maintenance Data**: Download update reports for analysis or compliance
+- **Smart Notifications**: Get alerted about available updates and maintenance tasks
+- **One-Click Management**: Instantly schedule updates, clear logs, or manage maintenance tasks
 ### 🔧 Developer Features
 …
 - **Multisite Support**: Compatible with WordPress multisite installations
+## How to install
+**🔒 WHY CHOOSE FUERTE-WP?**
+. Install Fuerte-WP from WordPress repository. Plugins > Add New > Search for: Fuerte-WP. Activate it.
+. Configure Fuerte-WP at Settings > Fuerte-WP.
+. **Setup Login Security**: Configure your custom login URL and review security settings.
+. **Configure Super Users**: Add your email address to the super users list to maintain full access.
+. **Review Restrictions**: Customize which admin areas and features to restrict for other administrators.
+. Enjoy enhanced WordPress security!
+✅ **PROACTIVE MAINTENANCE** - Prevents plugin conflicts BEFORE they break your site
+✅ **INTELLIGENT UPDATE MANAGEMENT** - Real-time update scheduling and compatibility checking
+✅ **ADMIN OVERSIGHT CONTROL** - Controls what other administrators can modify
+✅ **EMAIL MANAGEMENT** - Built-in email routing and configuration features
+✅ **PERFORMANCE OPTIMIZED** - Won't slow down your website
+✅ **MULTISITE COMPATIBLE** - Works on single sites and WordPress networks
+✅ **SELF-PROTECTING** - Cannot be disabled by non-super users
+✅ **DEVELOPER FRIENDLY** - File-based configuration for mass deployment
+✅ **SMART MAINTENANCE APPROACH** - Focuses on prevention over reactive fixes
+**🎯 PERFECT FOR:**
+- Multi-author blogs and news sites with frequent content updates
+- Client websites built by agencies that need reliable maintenance
+- E-commerce stores with critical uptime requirements
+- Educational institutions with multiple WordPress installations
+- Enterprise WordPress deployments requiring strict maintenance policies
+- Anyone serious about WordPress maintenance and reliability
+## How to Install
+**⚡ INSTALL IN SECONDS, MAINTAIN FOR YEARS**
+. Click "Install Now" or search for "Fuerte-WP" in your WordPress dashboard
+. Activate the plugin
+. Visit Settings > Fuerte-WP to configure the settings as you like. Defaults are good if you want to leave them like that
+. Congratulations! Your WordPress site is now professionally maintained.
 ### Harder configuration (optional)

fuerte-wp/trunk/README.txt

r3396386	r3398451
2	2	Contributors: tcattd
3	3	Tags: maintenance, security, admin, plugins, updates
4		Stable tag: 1.7.4
	4	Stable tag: 1.7.5
5	5	Requires at least: 6.0
6	6	Tested up to: 6.9

fuerte-wp/trunk/SECURITY.md

-                      r3395732
+                      r3398451
 | Version | Supported          |
 | ------- | ------------------ |
 | 1.7.4   | :white_check_mark: |
 | <1.7.4  | :x:                |
+| 1.7.5   | :white_check_mark: |
+| <1.7.5  | :x:                |
 ## Reporting a Vulnerability

fuerte-wp/trunk/fuerte-wp.php

-                      r3395732
+                      r3398451
  * Plugin URI:        https://github.com/EstebanForge/Fuerte-WP
  * Description:       Stronger WP. Limit access to critical WordPress areas, even other for admins.
  * Version:           1.7.4
+ * Version:           1.7.5
  * Author:            Esteban Cuevas
  * Author URI:        https://actitud.xyz
 …
  */
 define('FUERTEWP_PLUGIN_BASE', plugin_basename(__FILE__));
 define('FUERTEWP_VERSION', '1.7.4');
+define('FUERTEWP_VERSION', '1.7.5');
 define('FUERTEWP_PATH', realpath(plugin_dir_path(__FILE__)) . '/');
 define('FUERTEWP_URL', trailingslashit(plugin_dir_url(__FILE__)));
 …
     if (file_exists(FUERTEWP_PATH . 'includes/helpers.php')) {
         require_once FUERTEWP_PATH . 'includes/helpers.php';
+    }
-    // Elementor has JS issues with Carbon-Fields being loaded while in his editor.
-    if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'elementor') {
-        return;
+    }

fuerte-wp/trunk/includes/class-fuerte-wp-config.php

r3395732	r3398451
436	436	$underscored_name = '_fuertewp_login_db_version';
437	437	if (!get_option($underscored_name)) {
438		$current_version = defined('FUERTEWP_VERSION') ? FUERTEWP_VERSION : '1.~~7.4~~';
	438	$current_version = defined('FUERTEWP_VERSION') ? FUERTEWP_VERSION : '1.0.0';
439	439	update_option($underscored_name, $current_version); // Set to current plugin version
440	440	$cleanup_results['preserved_fuertewp_options']++;

fuerte-wp/trunk/includes/class-fuerte-wp-login-url-hider.php

-                      r3395361
+                      r3398451
+ *
  * @link       https://actitud.xyz
  * @since      1.8.0
+ * @since      1.7.0
+ *
  * @author     Esteban Cuevas <esteban@attitude.cl>
 …
  * Login URL Hider class for hiding wp-login.php access.
+ *
  * @since 1.8.0
+ * @since 1.7.0
  */
 class Fuerte_Wp_Login_URL_Hider
 …
      * Singleton instance.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @var Fuerte_Wp_Login_URL_Hider
      */
 …
      * WordPress database instance.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @var wpdb
      */
 …
      * Configuration cache.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @var array
      */
 …
      * WordPress request path.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @var string
      */
 …
      * Whether this is a valid login request.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @var bool
      */
 …
      * Get singleton instance.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return Fuerte_Wp_Login_URL_Hider
      */
 …
      * Initialize Login URL Hider.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      */
     private function __construct()
 …
      * Initialize WordPress hooks.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return void
      */
 …
      * Check if login URL hiding is enabled.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return bool True if enabled, false otherwise
      */
 …
      * Get invalid login redirect configuration.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return array Redirect configuration with 'type' and 'url' keys
      */
 …
      * Get custom login slug.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return string Custom login slug
      */
 …
      * Get login URL type.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return string 'query_param' or 'pretty_url'
      */
 …
      * Check if WP-Admin protection is enabled.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return bool True if protection is enabled
      */
 …
      * Check if current user should bypass restrictions.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return bool True if user should bypass, false otherwise
      */
 …
      * Generate custom login URL.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @param string $scheme URL scheme
      * @return string Custom login URL
 …
      * Filter site URLs to replace login URLs.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @param string $url The complete site URL
      * @param string $path Path relative to the site URL
 …
      * Filter network site URLs.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @param string $url The complete network site URL
      * @param string $path Path relative to the network site URL
 …
      * Filter wp redirects.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @param string $location The redirect URL
      * @param int $status HTTP status code
 …
      * Filter login URL.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @param string $login_url Login URL
      * @param string $redirect URL to redirect to after login
 …
      * Filter logout URL.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @param string $logout_url Logout URL
      * @param string $redirect URL to redirect to after logout
 …
      * Filter lost password URL.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @param string $lostpassword_url Lost password URL
      * @param string $redirect URL to redirect to after password reset
 …
      * Filter registration URL.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @param string $register_url Registration URL
      * @return string Filtered registration URL
 …
      * Add hidden field to login form.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return void
      */
 …
      * Validate hidden field during authentication.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @param WP_User|WP_Error|null $user User object or error
      * @param string $username Username
 …
      * Handle login initialization.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return void
      */
 …
      * Protect WP-Admin access.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return void
      */
 …
+    }
     /**
      * Handle custom login URL requests via parse_request.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @param WP $wp WordPress request object
      * @return void
 …
      * Display the login form directly.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return void
      */
 …
      * Check if URL is login related.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @param string $url URL to check
      * @return bool True if login related
 …
      * Replace login URL in given URL.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @param string $url Original URL
      * @param string|null $scheme URL scheme
 …
      * Check if this is a custom login URL request.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @param array $request Parsed request array
      * @return bool True if custom login URL
 …
      * Check if this is a WP-Admin request.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return bool True if WP-Admin request
      */
 …
      * Redirect invalid login attempts.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return void
      */
 …
      * Get client IP address.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return string Client IP address
      */
 …
      * Early WP-Admin access check before WordPress core redirects.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return void
      */
 …
      * Check if current request is valid.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return bool True if valid login request
      */
 …
      * Clear configuration cache.
+     *
      * @since 1.8.0
+     * @since 1.7.0
      * @return void
      */

fuerte-wp/trunk/includes/class-fuerte-wp.php

-                      r3395361
+                      r3398451
         $this->run_enforcer();
+        // Handle Elementor conflicts
+        $this->define_elementor_hooks();
+    }
 …
                 'add_action_links',
             );
+            // Fix Carbon Fields admin styles incorrectly loading in Gutenberg iframe
+            $this->loader->add_action('wp_enqueue_scripts', $this, 'fix_carbon_fields_gutenberg_styles', 1);
+            $this->loader->add_action('admin_enqueue_scripts', $this, 'fix_carbon_fields_gutenberg_styles', 1);
+            $this->loader->add_action('enqueue_block_assets', $this, 'fix_carbon_fields_gutenberg_styles', 1);
+            $this->loader->add_filter('style_loader_tag', $this, 'prevent_carbon_fields_styles', 10, 3);
+        }
+    }
 …
     /**
+     * Register all of the hooks related to Elementor compatibility
+     *
+     * @since    1.7.5
+     */
+    private function define_elementor_hooks()
+    {
+        // Handle Elementor conflicts by preventing Carbon Fields asset loading
+        $this->loader->add_action('admin_enqueue_scripts', $this, 'handle_elementor_assets', 9999);
+        $this->loader->add_action('admin_print_footer_scripts', $this, 'handle_elementor_assets', 1);
+    }
+    /**
      * Run the loader to execute all of the hooks with WordPress.
+     *
 …
         return $this->version;
+    }
+    /**
+     * Fix Carbon Fields admin styles incorrectly loading in Gutenberg iframe.
+     *
+     * @since    1.7.5
+     */
+    public function fix_carbon_fields_gutenberg_styles()
+    {
+        global $wp_styles;
+        $screen = get_current_screen();
+        $is_block_editor = ($screen && $screen->is_block_editor());
+        // Check if we're in block editor context (including iframe)
+        $is_gutenberg = ($is_block_editor || (defined('REST_REQUEST') && REST_REQUEST) || (isset($_GET['context']) && $_GET['context'] === 'edit'));
+        if ($is_gutenberg) {
+            // Prevent Carbon Fields styles from being enqueued in block editor
+            $blocked_styles = array(
+                'carbon-fields-core',
+                'carbon-fields-metaboxes',
+                'carbon-fields-blocks'
+            );
+            foreach ($blocked_styles as $style) {
+                if (isset($wp_styles->registered[$style])) {
+                    wp_dequeue_style($style);
+                    wp_deregister_style($style);
+                }
+            }
+        }
+    }
+    /**
+     * Prevent Carbon Fields styles from being registered in the first place.
+     *
+     * @since    1.7.5
+     * @param    string    $tag     The style tag.
+     * @param    string    $handle  The style handle.
+     * @param    string    $src     The style source.
+     * @return   string    Modified tag or original.
+     */
+    public function prevent_carbon_fields_styles($tag, $handle, $src)
+    {
+        $blocked_handles = array(
+            'carbon-fields-core',
+            'carbon-fields-metaboxes',
+            'carbon-fields-blocks'
+        );
+        if (in_array($handle, $blocked_handles)) {
+            $screen = get_current_screen();
+            if ($screen && $screen->is_block_editor()) {
+                return ''; // Don't output the style tag
+            }
+        }
+        return $tag;
+    }
+    /**
+     * Detect if we're in Elementor editor context.
+     *
+     * Checks for: wp-admin + post.php + action=elementor
+     * Note: get_current_screen() is not available during early bootstrap
+     *
+     * @since    1.7.5
+     * @return   bool   True if in Elementor editor context
+     */
+    private function is_elementor_editor_context()
+    {
+        // Must be in admin area
+        if (!is_admin()) {
+            return false;
+        }
+        // Must have action=elementor parameter
+        if (!isset($_GET['action']) || $_GET['action'] !== 'elementor') {
+            return false;
+        }
+        // Must be on a post/edit screen
+        global $pagenow;
+        if ($pagenow !== 'post.php') {
+            return false;
+        }
+        // Must have a post ID parameter (required for Elementor editor)
+        if (!isset($_GET['post']) || !is_numeric($_GET['post'])) {
+            return false;
+        }
+        return true;
+    }
+    /**
+     * Handle Elementor conflicts by preventing Carbon Fields assets from being enqueued
+     *
+     * @since    1.7.5
+     */
+    public function handle_elementor_assets()
+    {
+        // Only apply in Elementor editor context
+        if (!$this->is_elementor_editor_context()) {
+            return;
+        }
+        // Debug: Log when this function is called
+        error_log('[Fuerte-WP] handle_elementor_assets method triggered in Elementor context');
+        // Remove Carbon Fields asset enqueuing hooks
+        if (class_exists('\Carbon_Fields\Carbon_Fields') && \Carbon_Fields\Carbon_Fields::is_booted()) {
+            $loader = \Carbon_Fields\Carbon_Fields::resolve('loader');
+            // Remove the asset enqueue hook
+            remove_action('admin_print_footer_scripts', [$loader, 'enqueue_assets'], 9);
+            remove_action('admin_print_footer_scripts', [$loader, 'initialize_ui'], 9999);
+            // Also remove container initialization to prevent data from being generated
+            remove_action('carbon_fields_fields_registered', [$loader, 'initialize_containers']);
+        }
+        // Directly dequeue and deregister all Carbon Fields assets
+        $carbon_assets = [
+            'carbon-fields-vendor',
+            'carbon-fields-core',
+            'carbon-fields-metaboxes',
+            'carbon-fields-blocks'
+        ];
+        foreach ($carbon_assets as $asset) {
+            wp_dequeue_script($asset);
+            wp_dequeue_style($asset);
+            wp_deregister_script($asset);
+            wp_deregister_style($asset);
+        }
+    }
+}

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: