Skip to content

Commit

Permalink
Deploying version 6.3.4
Browse files Browse the repository at this point in the history
  • Loading branch information
lgladdy committed Jul 18, 2024
1 parent 53b8bb6 commit 51ae1ff
Show file tree
Hide file tree
Showing 135 changed files with 32,468 additions and 21,238 deletions.
4 changes: 2 additions & 2 deletions acf.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
* Plugin Name: Advanced Custom Fields
* Plugin URI: https://www.advancedcustomfields.com
* Description: Customize WordPress with powerful, professional and intuitive fields.
* Version: 6.3.3
* Version: 6.3.4
* Author: WP Engine
* Author URI: https://wpengine.com/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=plugin_directory&utm_content=advanced_custom_fields
* Text Domain: acf
Expand All @@ -35,7 +35,7 @@ class ACF {
*
* @var string
*/
public $version = '6.3.3';
public $version = '6.3.4';

/**
* The plugin settings array.
Expand Down
5 changes: 5 additions & 0 deletions includes/acf-input-functions.php
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,11 @@ function acf_esc_attrs( $attrs ) {
* @return string
*/
function acf_esc_html( $string = '' ) {

if ( ! is_scalar( $string ) ) {
return false;
}

return wp_kses( (string) $string, 'acf' );
}

Expand Down
10 changes: 4 additions & 6 deletions includes/ajax/class-acf-ajax-check-screen.php
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,6 @@ class ACF_Ajax_Check_Screen extends ACF_Ajax {
* @return array|WP_Error The response data or WP_Error.
*/
public function get_response( $request ) {
if ( ! current_user_can( 'edit_posts' ) ) {
return new WP_Error( 'acf_invalid_permissions', __( 'Sorry, you do not have permission to do that.', 'acf' ) );
}

// vars
$args = wp_parse_args(
$this->request,
array(
Expand All @@ -38,7 +33,10 @@ public function get_response( $request ) {
)
);

// vars
if ( ! acf_current_user_can_edit_post( (int) $args['post_id'] ) ) {
return new WP_Error( 'acf_invalid_permissions', __( 'Sorry, you do not have permission to do that.', 'acf' ) );
}

$response = array(
'results' => array(),
'style' => '',
Expand Down
25 changes: 25 additions & 0 deletions includes/api/api-helpers.php
Original file line number Diff line number Diff line change
Expand Up @@ -2715,6 +2715,31 @@ function acf_current_user_can_admin() {
return false;
}

/**
* Wrapper function for current_user_can( 'edit_post', $post_id ).
*
* @since 6.3.4
*
* @param integer $post_id The post ID to check.
* @return boolean
*/
function acf_current_user_can_edit_post( int $post_id ): bool {
/**
* The `edit_post` capability is a meta capability, which
* gets converted to the correct post type object `edit_post`
* equivalent.
*
* If the post type does not have `map_meta_cap` enabled and the user is
* not manually mapping the `edit_post` capability, this will fail
* unless the role has the `edit_post` capability added to a user/role.
*
* However, more (core) stuff will likely break in this scenario.
*/
$user_can_edit = current_user_can( 'edit_post', $post_id );

return (bool) apply_filters( 'acf/current_user_can_edit_post', $user_can_edit, $post_id );
}

/**
* acf_get_filesize
*
Expand Down
51 changes: 35 additions & 16 deletions includes/api/api-template.php
Original file line number Diff line number Diff line change
Expand Up @@ -115,10 +115,14 @@ function the_field( $selector, $post_id = false, $format_value = true ) {
$unescaped_value = implode( ', ', $unescaped_value );
}

if ( ! is_scalar( $unescaped_value ) ) {
$unescaped_value = false;
}

$field_type = is_array( $field ) && isset( $field['type'] ) ? $field['type'] : 'text';
if ( apply_filters( 'acf/the_field/allow_unsafe_html', false, $selector, $post_id, $field_type, $field ) ) {
$value = $unescaped_value;
} elseif ( (string) $value !== (string) $unescaped_value ) {
} elseif ( $unescaped_value !== false && (string) $value !== (string) $unescaped_value ) {
do_action( 'acf/removed_unsafe_html', __FUNCTION__, $selector, $field, $post_id );
}

Expand Down Expand Up @@ -889,10 +893,14 @@ function the_sub_field( $field_name, $format_value = true ) {
$unescaped_value = implode( ', ', $unescaped_value );
}

if ( ! is_scalar( $unescaped_value ) ) {
$unescaped_value = false;
}

$field_type = is_array( $field ) && isset( $field['type'] ) ? $field['type'] : 'text';
if ( apply_filters( 'acf/the_field/allow_unsafe_html', false, $field_name, 'sub_field', $field_type, $field ) ) {
$value = $unescaped_value;
} elseif ( (string) $value !== (string) $unescaped_value ) {
} elseif ( $unescaped_value !== false && (string) $value !== (string) $unescaped_value ) {
do_action( 'acf/removed_unsafe_html', __FUNCTION__, $field_name, $field, false );
}

Expand Down Expand Up @@ -999,7 +1007,11 @@ function get_row_layout() {
function acf_shortcode( $atts ) {
// Return if the ACF shortcode is disabled.
if ( ! acf_get_setting( 'enable_shortcode' ) ) {
return;
if ( is_preview() ) {
return apply_filters( 'acf/shortcode/disabled_message', __( '[The ACF shortcode is disabled on this site]', 'acf' ) );
} else {
return;
}
}

if ( function_exists( 'wp_is_block_theme' ) && wp_is_block_theme() ) {
Expand Down Expand Up @@ -1031,6 +1043,21 @@ function acf_shortcode( $atts ) {
'acf'
);

// Decode the post ID for filtering.
$post_id = acf_get_valid_post_id( $atts['post_id'] );
$decoded_post_id = acf_decode_post_id( $post_id );

// If we've decoded to a post, ensure the post is publicly visible.
if ( $decoded_post_id['type'] === 'post' ) {
if ( $atts['post_id'] !== false && ( (int) $atts['post_id'] !== (int) acf_get_valid_post_id() ) && ( ! is_post_publicly_viewable( $decoded_post_id['id'] ) ) && apply_filters( 'acf/shortcode/prevent_access_to_fields_on_non_public_posts', true ) ) {
if ( is_preview() ) {
return apply_filters( 'acf/shortcode/post_not_public_message', __( '[The ACF shortcode cannot display fields from non-public posts]', 'acf' ) );
} else {
return;
}
}
}

$access_already_prevented = apply_filters( 'acf/prevent_access_to_unknown_fields', false );
$filter_applied = false;

Expand All @@ -1039,10 +1066,6 @@ function acf_shortcode( $atts ) {
add_filter( 'acf/prevent_access_to_unknown_fields', '__return_true' );
}

// Decode the post ID for filtering.
$post_id = acf_get_valid_post_id( $atts['post_id'] );
$decoded_post_id = acf_decode_post_id( $post_id );

// Try to get the field value, ensuring any non-safe HTML is stripped from wysiwyg fields via `acf_the_content`
$field = get_field_object( $atts['field'], $post_id, $atts['format_value'], true, true );
$value = $field ? $field['value'] : get_field( $atts['field'], $post_id, $atts['format_value'], true );
Expand All @@ -1053,17 +1076,9 @@ function acf_shortcode( $atts ) {
return;
}

if ( is_array( $value ) ) {
$value = implode( ', ', $value );
}

// Temporarily always get the unescaped version for action comparison.
$unescaped_value = get_field( $atts['field'], $post_id, $atts['format_value'], false );

if ( $filter_applied ) {
remove_filter( 'acf/prevent_access_to_unknown_fields', '__return_true' );
}

// Remove the filter preventing access to unknown filters now we've got all the values.
if ( $filter_applied ) {
remove_filter( 'acf/prevent_access_to_unknown_fields', '__return_true' );
Expand All @@ -1073,10 +1088,14 @@ function acf_shortcode( $atts ) {
$unescaped_value = implode( ', ', $unescaped_value );
}

if ( ! is_scalar( $unescaped_value ) ) {
$unescaped_value = false;
}

// Handle getting the unescaped version if we're allowed unsafe html.
if ( apply_filters( 'acf/shortcode/allow_unsafe_html', false, $atts, $field_type, $field ) ) {
$value = $unescaped_value;
} elseif ( (string) $value !== (string) $unescaped_value ) {
} elseif ( $unescaped_value !== false && (string) $value !== (string) $unescaped_value ) {
do_action( 'acf/removed_unsafe_html', __FUNCTION__, $atts['field'], $field, $post_id );
}

Expand Down
2 changes: 1 addition & 1 deletion lang/acf-ar.l10n.php

Large diffs are not rendered by default.

Binary file modified lang/acf-ar.mo
Binary file not shown.
2 changes: 1 addition & 1 deletion lang/acf-ar.po
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# This file is distributed under the same license as Advanced Custom Fields.
msgid ""
msgstr ""
"PO-Revision-Date: 2024-06-27T14:24:00+00:00\n"
"PO-Revision-Date: 2024-07-18T08:39:03+00:00\n"
"Report-Msgid-Bugs-To: http://support.advancedcustomfields.com\n"
"Language: ar\n"
"MIME-Version: 1.0\n"
Expand Down
2 changes: 1 addition & 1 deletion lang/acf-bg_BG.l10n.php

Large diffs are not rendered by default.

Binary file modified lang/acf-bg_BG.mo
Binary file not shown.
2 changes: 1 addition & 1 deletion lang/acf-bg_BG.po
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# This file is distributed under the same license as Advanced Custom Fields.
msgid ""
msgstr ""
"PO-Revision-Date: 2024-06-27T14:24:00+00:00\n"
"PO-Revision-Date: 2024-07-18T08:39:03+00:00\n"
"Report-Msgid-Bugs-To: http://support.advancedcustomfields.com\n"
"Language: bg_BG\n"
"MIME-Version: 1.0\n"
Expand Down
2 changes: 1 addition & 1 deletion lang/acf-ca.l10n.php

Large diffs are not rendered by default.

Binary file modified lang/acf-ca.mo
Binary file not shown.
Loading

0 comments on commit 51ae1ff

Please sign in to comment.