Version Description
Download this release
Release Info
| Developer | rilwis |
| Plugin |  Meta Box |
| Version | 4.16.3 |
| Comparing to | |
| See all releases | |
Code changes from version 4.16.2 to 4.16.3
- inc/fields/file.php +20 -2
- inc/loader.php +1 -1
- inc/meta-box.php +3 -2
- js/file.js +4 -1
- meta-box.php +1 -1
- readme.txt +1 -1
inc/fields/file.php
CHANGED
|
@@ -50,11 +50,22 @@ class RWMB_File_Field extends RWMB_Field {
|
|
| 50 |
$field_id = filter_input( INPUT_POST, 'field_id', FILTER_SANITIZE_STRING );
|
| 51 |
check_ajax_referer( "rwmb-delete-file_{$field_id}" );
|
| 52 |
|
| 53 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 54 |
if ( is_numeric( $attachment ) ) {
|
| 55 |
$result = wp_delete_attachment( $attachment );
|
| 56 |
} else {
|
| 57 |
-
$path
|
| 58 |
$result = unlink( $path );
|
| 59 |
}
|
| 60 |
|
|
@@ -458,6 +469,13 @@ class RWMB_File_Field extends RWMB_Field {
|
|
| 458 |
return $uploads;
|
| 459 |
};
|
| 460 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 461 |
// Let WordPress handle upload to the custom directory.
|
| 462 |
add_filter( 'upload_dir', $filter_upload_dir );
|
| 463 |
$file_info = wp_handle_upload( $file, array( 'test_form' => false ) );
|
| 50 |
$field_id = filter_input( INPUT_POST, 'field_id', FILTER_SANITIZE_STRING );
|
| 51 |
check_ajax_referer( "rwmb-delete-file_{$field_id}" );
|
| 52 |
|
| 53 |
+
// Make sure the file to delete is in the custom field.
|
| 54 |
+
$attachment = filter_input( INPUT_POST, 'attachment_id' );
|
| 55 |
+
$object_id = filter_input( INPUT_POST, 'object_id', FILTER_SANITIZE_STRING );
|
| 56 |
+
$object_type = filter_input( INPUT_POST, 'object_type', FILTER_SANITIZE_STRING );
|
| 57 |
+
$field = rwmb_get_field_settings( $field_id, array( 'object_type' => $object_type ), $object_id );
|
| 58 |
+
$field_value = self::raw_meta( $object_id, $field );
|
| 59 |
+
$field_value = $field['clone'] ? call_user_func_array( 'array_merge', $field_value ) : $field_value;
|
| 60 |
+
if ( ! in_array( $attachment, $field_value ) ) {
|
| 61 |
+
wp_send_json_error( __( 'Error: Invalid file', 'meta-box' ) );
|
| 62 |
+
}
|
| 63 |
+
|
| 64 |
+
// Delete the file.
|
| 65 |
if ( is_numeric( $attachment ) ) {
|
| 66 |
$result = wp_delete_attachment( $attachment );
|
| 67 |
} else {
|
| 68 |
+
$path = str_replace( home_url( '/' ), trailingslashit( ABSPATH ), $attachment );
|
| 69 |
$result = unlink( $path );
|
| 70 |
}
|
| 71 |
|
| 469 |
return $uploads;
|
| 470 |
};
|
| 471 |
|
| 472 |
+
// Make sure upload dir is inside WordPress.
|
| 473 |
+
$upload_dir = wp_normalize_path( untrailingslashit( $field['upload_dir'] ) );
|
| 474 |
+
$root = wp_normalize_path( untrailingslashit( ABSPATH ) );
|
| 475 |
+
if ( 0 !== strpos( $upload_dir, $root ) ) {
|
| 476 |
+
return;
|
| 477 |
+
}
|
| 478 |
+
|
| 479 |
// Let WordPress handle upload to the custom directory.
|
| 480 |
add_filter( 'upload_dir', $filter_upload_dir );
|
| 481 |
$file_info = wp_handle_upload( $file, array( 'test_form' => false ) );
|
inc/loader.php
CHANGED
|
@@ -18,7 +18,7 @@ class RWMB_Loader {
|
|
| 18 |
*/
|
| 19 |
protected function constants() {
|
| 20 |
// Script version, used to add version for scripts and styles.
|
| 21 |
-
define( 'RWMB_VER', '4.16.
|
| 22 |
|
| 23 |
list( $path, $url ) = self::get_path( dirname( dirname( __FILE__ ) ) );
|
| 24 |
|
| 18 |
*/
|
| 19 |
protected function constants() {
|
| 20 |
// Script version, used to add version for scripts and styles.
|
| 21 |
+
define( 'RWMB_VER', '4.16.3' );
|
| 22 |
|
| 23 |
list( $path, $url ) = self::get_path( dirname( dirname( __FILE__ ) ) );
|
| 24 |
|
inc/meta-box.php
CHANGED
|
@@ -233,9 +233,10 @@ class RW_Meta_Box {
|
|
| 233 |
|
| 234 |
// Container.
|
| 235 |
printf(
|
| 236 |
-
'<div class="rwmb-meta-box" data-autosave="%s" data-object-type="%s">',
|
| 237 |
esc_attr( $this->autosave ? 'true' : 'false' ),
|
| 238 |
-
esc_attr( $this->object_type )
|
|
|
|
| 239 |
);
|
| 240 |
|
| 241 |
wp_nonce_field( "rwmb-save-{$this->id}", "nonce_{$this->id}" );
|
| 233 |
|
| 234 |
// Container.
|
| 235 |
printf(
|
| 236 |
+
'<div class="rwmb-meta-box" data-autosave="%s" data-object-type="%s" data-object-id="%s">',
|
| 237 |
esc_attr( $this->autosave ? 'true' : 'false' ),
|
| 238 |
+
esc_attr( $this->object_type ),
|
| 239 |
+
esc_attr( $this->object_id )
|
| 240 |
);
|
| 241 |
|
| 242 |
wp_nonce_field( "rwmb-save-{$this->id}", "nonce_{$this->id}" );
|
js/file.js
CHANGED
|
@@ -31,7 +31,8 @@
|
|
| 31 |
|
| 32 |
var $this = $( this ),
|
| 33 |
$item = $this.closest( 'li' ),
|
| 34 |
-
$uploaded = $this.closest( '.rwmb-uploaded' )
|
|
|
|
| 35 |
|
| 36 |
$item.remove();
|
| 37 |
file.updateVisibility.call( $uploaded );
|
|
@@ -44,6 +45,8 @@
|
|
| 44 |
action: 'rwmb_delete_file',
|
| 45 |
_ajax_nonce: $uploaded.data( 'delete_nonce' ),
|
| 46 |
field_id: $uploaded.data( 'field_id' ),
|
|
|
|
|
|
|
| 47 |
attachment_id: $this.data( 'attachment_id' )
|
| 48 |
}, function ( response ) {
|
| 49 |
if ( ! response.success ) {
|
| 31 |
|
| 32 |
var $this = $( this ),
|
| 33 |
$item = $this.closest( 'li' ),
|
| 34 |
+
$uploaded = $this.closest( '.rwmb-uploaded' ),
|
| 35 |
+
$metaBox = $uploaded.closest( '.rwmb-meta-box' );
|
| 36 |
|
| 37 |
$item.remove();
|
| 38 |
file.updateVisibility.call( $uploaded );
|
| 45 |
action: 'rwmb_delete_file',
|
| 46 |
_ajax_nonce: $uploaded.data( 'delete_nonce' ),
|
| 47 |
field_id: $uploaded.data( 'field_id' ),
|
| 48 |
+
object_type: $metaBox.data( 'object-type' ),
|
| 49 |
+
object_id: $metaBox.data( 'object-id' ),
|
| 50 |
attachment_id: $this.data( 'attachment_id' )
|
| 51 |
}, function ( response ) {
|
| 52 |
if ( ! response.success ) {
|
meta-box.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: Meta Box
|
| 4 |
* Plugin URI: https://metabox.io
|
| 5 |
* Description: Create custom meta boxes and custom fields in WordPress.
|
| 6 |
-
* Version: 4.16.
|
| 7 |
* Author: MetaBox.io
|
| 8 |
* Author URI: https://metabox.io
|
| 9 |
* License: GPL2+
|
| 3 |
* Plugin Name: Meta Box
|
| 4 |
* Plugin URI: https://metabox.io
|
| 5 |
* Description: Create custom meta boxes and custom fields in WordPress.
|
| 6 |
+
* Version: 4.16.3
|
| 7 |
* Author: MetaBox.io
|
| 8 |
* Author URI: https://metabox.io
|
| 9 |
* License: GPL2+
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: https://metabox.io/pricing/
|
|
| 4 |
Tags: meta-box, custom fields, custom field, meta, meta-boxes, admin, advanced, custom, edit, field, file, image, magic fields, matrix, more fields, Post, repeater, simple fields, text, textarea, type, cms, fields post
|
| 5 |
Requires at least: 4.3
|
| 6 |
Tested up to: 5.0.3
|
| 7 |
-
Stable tag: 4.16.
|
| 8 |
License: GPLv2 or later
|
| 9 |
|
| 10 |
Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for WordPress.
|
| 4 |
Tags: meta-box, custom fields, custom field, meta, meta-boxes, admin, advanced, custom, edit, field, file, image, magic fields, matrix, more fields, Post, repeater, simple fields, text, textarea, type, cms, fields post
|
| 5 |
Requires at least: 4.3
|
| 6 |
Tested up to: 5.0.3
|
| 7 |
+
Stable tag: 4.16.3
|
| 8 |
License: GPLv2 or later
|
| 9 |
|
| 10 |
Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for WordPress.
|
