Meta Box - Version 5.2.2

Version Description

  • 2019-10-09 =

Fixed

  • Fix sanitizing empty post field
  • Fix post thumbnail not saving in MB Frontend Submission
  • Fix undefined index for image_select field when using helper functions with no value.
  • Fix JQMIGRATE: 'ready' event is deprecated

Changed

  • Add styling for date picker, autocomplete, select2 to show in the Customizer (for MB Settings Page)
Download this release

Release Info

Developer rilwis
Plugin Icon 128x128 Meta Box
Version 5.2.2
Comparing to
See all releases

Code changes from version 5.2.1 to 5.2.2

Files changed (24) hide show
  1. css/autocomplete.css +3 -0
  2. css/{datepicker.css → date.css} +1 -1
  3. css/select-advanced.css +3 -0
  4. inc/fields/datetime.php +1 -1
  5. inc/fields/file.php +7 -5
  6. inc/fields/image-select.php +1 -1
  7. inc/fields/oembed.php +3 -2
  8. inc/fields/post.php +6 -4
  9. inc/fields/taxonomy.php +7 -5
  10. inc/fields/user.php +6 -4
  11. inc/functions.php +15 -0
  12. inc/loader.php +1 -1
  13. inc/meta-box.php +7 -7
  14. inc/request.php +109 -0
  15. inc/sanitizer.php +3 -3
  16. inc/update/checker.php +3 -2
  17. inc/update/settings.php +3 -3
  18. inc/wpml.php +3 -2
  19. js/color.js +13 -7
  20. js/notification.js +4 -4
  21. js/script.js +7 -7
  22. js/wysiwyg.js +154 -153
  23. meta-box.php +1 -1
  24. readme.txt +14 -1
css/autocomplete.css CHANGED
@@ -12,3 +12,6 @@
12
  float: right;
13
  cursor: pointer;
14
  }
 
 
 
12
  float: right;
13
  cursor: pointer;
14
  }
15
+ .ui-autocomplete {
16
+ z-index: 999999;
17
+ }
css/{datepicker.css → date.css} RENAMED
@@ -1,7 +1,7 @@
1
  /* Fix empty block below admin footer (issue #24) */
2
  #ui-datepicker-div {
3
  display: none;
4
- z-index: 99999 !important;
5
  }
6
 
7
  /* Style for multiple months */
1
  /* Fix empty block below admin footer (issue #24) */
2
  #ui-datepicker-div {
3
  display: none;
4
+ z-index: 999999 !important;
5
  }
6
 
7
  /* Style for multiple months */
css/select-advanced.css CHANGED
@@ -18,3 +18,6 @@
18
  .select2-container .select2-search--inline {
19
  margin-bottom: 0;
20
  }
 
 
 
18
  .select2-container .select2-search--inline {
19
  margin-bottom: 0;
20
  }
21
+ body > .select2-container {
22
+ z-index: 999999;
23
+ }
inc/fields/datetime.php CHANGED
@@ -58,7 +58,7 @@ class RWMB_Datetime_Field extends RWMB_Text_Field {
58
  wp_register_style( 'jquery-ui-core', "$url/jquery.ui.core.css", array(), '1.8.17' );
59
  wp_register_style( 'jquery-ui-theme', "$url/jquery.ui.theme.css", array(), '1.8.17' );
60
  wp_register_style( 'jquery-ui-datepicker', "$url/jquery.ui.datepicker.css", array( 'jquery-ui-core', 'jquery-ui-theme' ), '1.8.17' );
61
- wp_register_style( 'rwmb-date', RWMB_CSS_URL . 'datepicker.css', array( 'jquery-ui-datepicker' ), '1.8.17' );
62
 
63
  wp_register_style( 'jquery-ui-slider', "$url/jquery.ui.slider.css", array( 'jquery-ui-core', 'jquery-ui-theme' ), '1.8.17' );
64
  wp_register_style( 'jquery-ui-timepicker', "$url/jquery-ui-timepicker-addon.min.css", array( 'rwmb-date', 'jquery-ui-slider' ), '1.5.0' );
58
  wp_register_style( 'jquery-ui-core', "$url/jquery.ui.core.css", array(), '1.8.17' );
59
  wp_register_style( 'jquery-ui-theme', "$url/jquery.ui.theme.css", array(), '1.8.17' );
60
  wp_register_style( 'jquery-ui-datepicker', "$url/jquery.ui.datepicker.css", array( 'jquery-ui-core', 'jquery-ui-theme' ), '1.8.17' );
61
+ wp_register_style( 'rwmb-date', RWMB_CSS_URL . 'date.css', array( 'jquery-ui-datepicker' ), '1.8.17' );
62
 
63
  wp_register_style( 'jquery-ui-slider', "$url/jquery.ui.slider.css", array( 'jquery-ui-core', 'jquery-ui-theme' ), '1.8.17' );
64
  wp_register_style( 'jquery-ui-timepicker', "$url/jquery-ui-timepicker-addon.min.css", array( 'rwmb-date', 'jquery-ui-slider' ), '1.5.0' );
inc/fields/file.php CHANGED
@@ -47,13 +47,15 @@ class RWMB_File_Field extends RWMB_Field {
47
  * Ajax callback for deleting files.
48
  */
49
  public static function ajax_delete_file() {
50
- $field_id = filter_input( INPUT_POST, 'field_id', FILTER_SANITIZE_STRING );
 
 
51
  check_ajax_referer( "rwmb-delete-file_{$field_id}" );
52
 
53
  // Make sure the file to delete is in the custom field.
54
- $attachment = filter_input( INPUT_POST, 'attachment_id' );
55
- $object_id = filter_input( INPUT_POST, 'object_id', FILTER_SANITIZE_STRING );
56
- $object_type = filter_input( INPUT_POST, 'object_type', FILTER_SANITIZE_STRING );
57
  $field = rwmb_get_field_settings( $field_id, array( 'object_type' => $object_type ), $object_id );
58
  $field_value = self::raw_meta( $object_id, $field );
59
  $field_value = $field['clone'] ? call_user_func_array( 'array_merge', $field_value ) : $field_value;
@@ -358,7 +360,7 @@ class RWMB_File_Field extends RWMB_Field {
358
  );
359
 
360
  $field['multiple'] = true;
361
- $field['input_name'] = '_file_' . uniqid();
362
  $field['index_name'] = "_index_{$field['id']}";
363
 
364
  return $field;
47
  * Ajax callback for deleting files.
48
  */
49
  public static function ajax_delete_file() {
50
+ $request = rwmb_request();
51
+
52
+ $field_id = $request->filter_post( 'field_id', FILTER_SANITIZE_STRING );
53
  check_ajax_referer( "rwmb-delete-file_{$field_id}" );
54
 
55
  // Make sure the file to delete is in the custom field.
56
+ $attachment = $request->post( 'attachment_id' );
57
+ $object_id = $request->filter_post( 'object_id', FILTER_SANITIZE_STRING );
58
+ $object_type = $request->filter_post( 'object_type', FILTER_SANITIZE_STRING );
59
  $field = rwmb_get_field_settings( $field_id, array( 'object_type' => $object_type ), $object_id );
60
  $field_value = self::raw_meta( $object_id, $field );
61
  $field_value = $field['clone'] ? call_user_func_array( 'array_merge', $field_value ) : $field_value;
360
  );
361
 
362
  $field['multiple'] = true;
363
+ $field['input_name'] = "_file_{$field['id']}";
364
  $field['index_name'] = "_index_{$field['id']}";
365
 
366
  return $field;
inc/fields/image-select.php CHANGED
@@ -67,6 +67,6 @@ class RWMB_Image_Select_Field extends RWMB_Field {
67
  * @return string
68
  */
69
  public static function format_single_value( $field, $value, $args, $post_id ) {
70
- return sprintf( '<img src="%s">', esc_url( $field['options'][ $value ] ) );
71
  }
72
  }
67
  * @return string
68
  */
69
  public static function format_single_value( $field, $value, $args, $post_id ) {
70
+ return $value ? sprintf( '<img src="%s">', esc_url( $field['options'][ $value ] ) ) : '';
71
  }
72
  }
inc/fields/oembed.php CHANGED
@@ -53,8 +53,9 @@ class RWMB_OEmbed_Field extends RWMB_Text_Field {
53
  * Ajax callback for returning oEmbed HTML.
54
  */
55
  public static function wp_ajax_get_embed() {
56
- $url = (string) filter_input( INPUT_POST, 'url', FILTER_SANITIZE_URL );
57
- $not_available = (string) filter_input( INPUT_POST, 'not_available' );
 
58
  wp_send_json_success( self::get_embed( $url, $not_available ) );
59
  }
60
 
53
  * Ajax callback for returning oEmbed HTML.
54
  */
55
  public static function wp_ajax_get_embed() {
56
+ $request = rwmb_request();
57
+ $url = (string) $request->filter_post( 'url', FILTER_SANITIZE_URL );
58
+ $not_available = (string) $request->post( 'not_available' );
59
  wp_send_json_success( self::get_embed( $url, $not_available ) );
60
  }
61
 
inc/fields/post.php CHANGED
@@ -23,18 +23,20 @@ class RWMB_Post_Field extends RWMB_Object_Choice_Field {
23
  public static function ajax_get_posts() {
24
  check_ajax_referer( 'query' );
25
 
26
- $field = filter_input( INPUT_GET, 'field', FILTER_DEFAULT, FILTER_FORCE_ARRAY );
 
 
27
 
28
  // Required for 'choice_label' filter. See self::filter().
29
  $field['clone'] = false;
30
  $field['_original_id'] = $field['id'];
31
 
32
  // Search.
33
- $field['query_args']['s'] = filter_input( INPUT_GET, 'term', FILTER_SANITIZE_STRING );
34
 
35
  // Pagination.
36
- if ( 'query:append' === filter_input( INPUT_GET, '_type', FILTER_SANITIZE_STRING ) ) {
37
- $field['query_args']['paged'] = filter_input( INPUT_GET, 'page', FILTER_SANITIZE_NUMBER_INT );
38
  }
39
 
40
  // Query the database.
23
  public static function ajax_get_posts() {
24
  check_ajax_referer( 'query' );
25
 
26
+ $request = rwmb_request();
27
+
28
+ $field = $request->filter_get( 'field', FILTER_DEFAULT, FILTER_FORCE_ARRAY );
29
 
30
  // Required for 'choice_label' filter. See self::filter().
31
  $field['clone'] = false;
32
  $field['_original_id'] = $field['id'];
33
 
34
  // Search.
35
+ $field['query_args']['s'] = $request->filter_get( 'term', FILTER_SANITIZE_STRING );
36
 
37
  // Pagination.
38
+ if ( 'query:append' === $request->filter_get( '_type', FILTER_SANITIZE_STRING ) ) {
39
+ $field['query_args']['paged'] = $request->filter_get( 'page', FILTER_SANITIZE_NUMBER_INT );
40
  }
41
 
42
  // Query the database.
inc/fields/taxonomy.php CHANGED
@@ -23,19 +23,21 @@ class RWMB_Taxonomy_Field extends RWMB_Object_Choice_Field {
23
  public static function ajax_get_terms() {
24
  check_ajax_referer( 'query' );
25
 
26
- $field = filter_input( INPUT_GET, 'field', FILTER_DEFAULT, FILTER_FORCE_ARRAY );
 
 
27
 
28
  // Required for 'choice_label' filter. See self::filter().
29
  $field['clone'] = false;
30
  $field['_original_id'] = $field['id'];
31
 
32
  // Search.
33
- $field['query_args']['name__like'] = filter_input( INPUT_GET, 'term', FILTER_SANITIZE_STRING );
34
 
35
  // Pagination.
36
  $limit = isset( $field['query_args']['number'] ) ? (int) $field['query_args']['number'] : 0;
37
- if ( 'query:append' === filter_input( INPUT_GET, '_type', FILTER_SANITIZE_STRING ) ) {
38
- $page = filter_input( INPUT_GET, 'page', FILTER_SANITIZE_NUMBER_INT );
39
  $field['query_args']['offset'] = $limit * ( $page - 1 );
40
  }
41
 
@@ -204,7 +206,7 @@ class RWMB_Taxonomy_Field extends RWMB_Object_Choice_Field {
204
  * @return int|null Term ID if added successfully, null otherwise.
205
  */
206
  protected static function add_term( $field ) {
207
- $term = filter_input( INPUT_POST, $field['id'] . '_new' );
208
  if ( ! $field['add_new'] || ! $term || 1 !== count( $field['taxonomy'] ) ) {
209
  return null;
210
  }
23
  public static function ajax_get_terms() {
24
  check_ajax_referer( 'query' );
25
 
26
+ $request = rwmb_request();
27
+
28
+ $field = $request->filter_get( 'field', FILTER_DEFAULT, FILTER_FORCE_ARRAY );
29
 
30
  // Required for 'choice_label' filter. See self::filter().
31
  $field['clone'] = false;
32
  $field['_original_id'] = $field['id'];
33
 
34
  // Search.
35
+ $field['query_args']['name__like'] = $request->filter_get( 'term', FILTER_SANITIZE_STRING );
36
 
37
  // Pagination.
38
  $limit = isset( $field['query_args']['number'] ) ? (int) $field['query_args']['number'] : 0;
39
+ if ( 'query:append' === $request->filter_get( '_type', FILTER_SANITIZE_STRING ) ) {
40
+ $page = $request->filter_get( 'page', FILTER_SANITIZE_NUMBER_INT );
41
  $field['query_args']['offset'] = $limit * ( $page - 1 );
42
  }
43
 
206
  * @return int|null Term ID if added successfully, null otherwise.
207
  */
208
  protected static function add_term( $field ) {
209
+ $term = rwmb_request()->post( $field['id'] . '_new' );
210
  if ( ! $field['add_new'] || ! $term || 1 !== count( $field['taxonomy'] ) ) {
211
  return null;
212
  }
inc/fields/user.php CHANGED
@@ -24,22 +24,24 @@ class RWMB_User_Field extends RWMB_Object_Choice_Field {
24
  public static function ajax_get_users() {
25
  check_ajax_referer( 'query' );
26
 
27
- $field = filter_input( INPUT_GET, 'field', FILTER_DEFAULT, FILTER_FORCE_ARRAY );
 
 
28
 
29
  // Required for 'choice_label' filter. See self::filter().
30
  $field['clone'] = false;
31
  $field['_original_id'] = $field['id'];
32
 
33
  // Search.
34
- $term = filter_input( INPUT_GET, 'term', FILTER_SANITIZE_STRING );
35
  if ( $term ) {
36
  $field['query_args']['search'] = "*{$term}*";
37
  }
38
 
39
  // Pagination.
40
  $limit = isset( $field['query_args']['number'] ) ? (int) $field['query_args']['number'] : 0;
41
- if ( $limit && 'query:append' === filter_input( INPUT_GET, '_type', FILTER_SANITIZE_STRING ) ) {
42
- $field['query_args']['paged'] = filter_input( INPUT_GET, 'page', FILTER_SANITIZE_NUMBER_INT );
43
  }
44
 
45
  // Query the database.
24
  public static function ajax_get_users() {
25
  check_ajax_referer( 'query' );
26
 
27
+ $request = rwmb_request();
28
+
29
+ $field = $request->filter_get( 'field', FILTER_DEFAULT, FILTER_FORCE_ARRAY );
30
 
31
  // Required for 'choice_label' filter. See self::filter().
32
  $field['clone'] = false;
33
  $field['_original_id'] = $field['id'];
34
 
35
  // Search.
36
+ $term = $request->filter_get( 'term', FILTER_SANITIZE_STRING );
37
  if ( $term ) {
38
  $field['query_args']['search'] = "*{$term}*";
39
  }
40
 
41
  // Pagination.
42
  $limit = isset( $field['query_args']['number'] ) ? (int) $field['query_args']['number'] : 0;
43
+ if ( $limit && 'query:append' === $request->filter_get( '_type', FILTER_SANITIZE_STRING ) ) {
44
+ $field['query_args']['paged'] = $request->filter_get( 'page', FILTER_SANITIZE_NUMBER_INT );
45
  }
46
 
47
  // Query the database.
inc/functions.php CHANGED
@@ -343,3 +343,18 @@ if ( ! function_exists( 'rwmb_get_storage' ) ) {
343
  return apply_filters( 'rwmb_get_storage', $storage, $object_type, $meta_box );
344
  }
345
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
343
  return apply_filters( 'rwmb_get_storage', $storage, $object_type, $meta_box );
344
  }
345
  }
346
+
347
+ if ( ! function_exists( 'rwmb_request' ) ) {
348
+ /**
349
+ * Get request object.
350
+ *
351
+ * @return RWMB_Request
352
+ */
353
+ function rwmb_request() {
354
+ static $request;
355
+ if ( ! $request ) {
356
+ $request = new RWMB_Request();
357
+ }
358
+ return $request;
359
+ }
360
+ }
inc/loader.php CHANGED
@@ -18,7 +18,7 @@ class RWMB_Loader {
18
  */
19
  protected function constants() {
20
  // Script version, used to add version for scripts and styles.
21
- define( 'RWMB_VER', '5.2.1' );
22
 
23
  list( $path, $url ) = self::get_path( dirname( dirname( __FILE__ ) ) );
24
 
18
  */
19
  protected function constants() {
20
  // Script version, used to add version for scripts and styles.
21
+ define( 'RWMB_VER', '5.2.2' );
22
 
23
  list( $path, $url ) = self::get_path( dirname( dirname( __FILE__ ) ) );
24
 
inc/meta-box.php CHANGED
@@ -46,7 +46,7 @@ class RW_Meta_Box {
46
  *
47
  * @var int
48
  */
49
- protected $object_id = null;
50
 
51
  /**
52
  * The object type.
@@ -300,11 +300,11 @@ class RW_Meta_Box {
300
  * @param array $field Field settings.
301
  */
302
  public function save_field( $field ) {
303
- $single = $field['clone'] || ! $field['multiple'];
304
- $old = RWMB_Field::call( $field, 'raw_meta', $this->object_id );
305
- // @codingStandardsIgnoreLine
306
- $new = isset( $_POST[ $field['id'] ] ) ? $_POST[ $field['id'] ] : ( $single ? '' : array() );
307
- $new = RWMB_Field::process_value( $new, $this->object_id, $field );
308
 
309
  // Filter to allow the field to be modified.
310
  $field = RWMB_Field::filter( 'field', $field, $field, $new, $old );
@@ -324,7 +324,7 @@ class RW_Meta_Box {
324
  * @return bool
325
  */
326
  public function validate() {
327
- $nonce = filter_input( INPUT_POST, "nonce_{$this->id}", FILTER_SANITIZE_STRING );
328
 
329
  return ! $this->saved
330
  && ( ! defined( 'DOING_AUTOSAVE' ) || $this->autosave )
46
  *
47
  * @var int
48
  */
49
+ public $object_id = null;
50
 
51
  /**
52
  * The object type.
300
  * @param array $field Field settings.
301
  */
302
  public function save_field( $field ) {
303
+ $single = $field['clone'] || ! $field['multiple'];
304
+ $default = $single ? '' : array();
305
+ $old = RWMB_Field::call( $field, 'raw_meta', $this->object_id );
306
+ $new = rwmb_request()->post( $field['id'], $default );
307
+ $new = RWMB_Field::process_value( $new, $this->object_id, $field );
308
 
309
  // Filter to allow the field to be modified.
310
  $field = RWMB_Field::filter( 'field', $field, $field, $new, $old );
324
  * @return bool
325
  */
326
  public function validate() {
327
+ $nonce = rwmb_request()->filter_post( "nonce_{$this->id}", FILTER_SANITIZE_STRING );
328
 
329
  return ! $this->saved
330
  && ( ! defined( 'DOING_AUTOSAVE' ) || $this->autosave )
inc/request.php ADDED
@@ -0,0 +1,109 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * A very simple request class that handles form inputs.
4
+ * Based on the code of Symphony framework, (c) Fabien Potencier <fabien@symfony.com>
5
+ *
6
+ * @link https://github.com/laravel/framework/blob/6.x/src/Illuminate/Http/Request.php
7
+ * @link https://github.com/symfony/symfony/blob/4.4/src/Symfony/Component/HttpFoundation/ParameterBag.php
8
+ *
9
+ * @package Meta Box
10
+ */
11
+
12
+ /**
13
+ * A very simple request class that handles form inputs.
14
+ *
15
+ * @package Meta Box
16
+ */
17
+ class RWMB_Request {
18
+ /**
19
+ * GET data.
20
+ *
21
+ * @var array
22
+ */
23
+ private $get_data = array();
24
+
25
+ /**
26
+ * POST data.
27
+ *
28
+ * @var array
29
+ */
30
+ private $post_data = array();
31
+
32
+ /**
33
+ * Constructor.
34
+ */
35
+ public function __construct() {
36
+ // @codingStandardsIgnoreLine
37
+ $this->get_data = $_GET;
38
+ // @codingStandardsIgnoreLine
39
+ $this->post_data = $_POST;
40
+ }
41
+
42
+ /**
43
+ * Set GET data.
44
+ *
45
+ * @param array $get_data Data.
46
+ */
47
+ public function set_get_data( $get_data ) {
48
+ $this->get_data = array_merge( $this->get_data, $get_data );
49
+ }
50
+
51
+ /**
52
+ * Set POST data.
53
+ *
54
+ * @param array $post_data Data.
55
+ */
56
+ public function set_post_data( $post_data ) {
57
+ $this->post_data = array_merge( $this->post_data, $post_data );
58
+ }
59
+
60
+ /**
61
+ * Return a GET parameter by name.
62
+ *
63
+ * @param string $name Parameter name.
64
+ * @param mixed $default Default value.
65
+ * @return mixed
66
+ */
67
+ public function get( $name, $default = null ) {
68
+ return isset( $this->get_data[ $name ] ) ? $this->get_data[ $name ] : $default;
69
+ }
70
+
71
+ /**
72
+ * Return a POST parameter by name.
73
+ *
74
+ * @param string $name Parameter name.
75
+ * @param mixed $default Default value.
76
+ * @return mixed
77
+ */
78
+ public function post( $name, $default = null ) {
79
+ return isset( $this->post_data[ $name ] ) ? $this->post_data[ $name ] : $default;
80
+ }
81
+
82
+ /**
83
+ * Filter a GET parameter.
84
+ *
85
+ * @param string $name Parameter name.
86
+ * @param int $filter FILTER_* constant.
87
+ * @param mixed $options Filter options.
88
+ *
89
+ * @return mixed
90
+ */
91
+ public function filter_get( $name, $filter = FILTER_DEFAULT, $options = array() ) {
92
+ $value = $this->get( $name );
93
+ return filter_var( $value, $filter, $options );
94
+ }
95
+
96
+ /**
97
+ * Filter a POST parameter.
98
+ *
99
+ * @param string $name Parameter name.
100
+ * @param int $filter FILTER_* constant.
101
+ * @param mixed $options Filter options.
102
+ *
103
+ * @return mixed
104
+ */
105
+ public function filter_post( $name, $filter = FILTER_DEFAULT, $options = array() ) {
106
+ $value = $this->post( $name );
107
+ return filter_var( $value, $filter, $options );
108
+ }
109
+ }
inc/sanitizer.php CHANGED
@@ -161,7 +161,7 @@ class RWMB_Sanitizer {
161
  * @return int|array
162
  */
163
  private function sanitize_object( $value ) {
164
- return is_array( $value ) ? array_map( 'absint', $value ) : absint( $value );
165
  }
166
 
167
  /**
@@ -211,7 +211,7 @@ class RWMB_Sanitizer {
211
  * @return array
212
  */
213
  private function sanitize_file( $value, $field ) {
214
- return $field['upload_dir'] ? array_map( 'esc_url_raw', $value ) : array_map( 'absint', $value );
215
  }
216
 
217
  /**
@@ -261,7 +261,7 @@ class RWMB_Sanitizer {
261
  */
262
  private function sanitize_taxonomy_advanced( $value ) {
263
  $value = RWMB_Helpers_Array::from_csv( $value );
264
- $value = array_map( 'absint', $value );
265
 
266
  return implode( ',', $value );
267
  }
161
  * @return int|array
162
  */
163
  private function sanitize_object( $value ) {
164
+ return is_array( $value ) ? array_filter( array_map( 'absint', $value ) ) : ( $value ? absint( $value ) : '' );
165
  }
166
 
167
  /**
211
  * @return array
212
  */
213
  private function sanitize_file( $value, $field ) {
214
+ return $field['upload_dir'] ? array_map( 'esc_url_raw', $value ) : $this->sanitize_object( $value );
215
  }
216
 
217
  /**
261
  */
262
  private function sanitize_taxonomy_advanced( $value ) {
263
  $value = RWMB_Helpers_Array::from_csv( $value );
264
+ $value = array_filter( array_map( 'absint', $value ) );
265
 
266
  return implode( ',', $value );
267
  }
inc/update/checker.php CHANGED
@@ -108,9 +108,10 @@ class RWMB_Update_Checker {
108
  public function check_updates( $data ) {
109
  static $response = null;
110
 
 
 
111
  // Bypass embed plugins via TGMPA.
112
- // @codingStandardsIgnoreLine
113
- if ( isset( $_GET['tgmpa-update'] ) || ( isset( $_POST['action'] ) && 'tgmpa-bulk-update' === $_POST['action'] ) ) {
114
  return $data;
115
  }
116
 
108
  public function check_updates( $data ) {
109
  static $response = null;
110
 
111
+ $request = rwmb_request();
112
+
113
  // Bypass embed plugins via TGMPA.
114
+ if ( $request->get( 'tgmpa-update' ) || 'tgmpa-bulk-update' === $request->post( 'action' ) ) {
 
115
  return $data;
116
  }
117
 
inc/update/settings.php CHANGED
@@ -137,13 +137,13 @@ class RWMB_Update_Settings {
137
  * Save update settings.
138
  */
139
  public function save() {
140
- if ( empty( $_POST['submit'] ) ) {
 
141
  return;
142
  }
143
  check_admin_referer( 'meta-box' );
144
 
145
- // @codingStandardsIgnoreLine
146
- $option = isset( $_POST['meta_box_updater'] ) ? $_POST['meta_box_updater'] : array();
147
  $option = (array) $option;
148
  $option['status'] = 'active';
149
 
137
  * Save update settings.
138
  */
139
  public function save() {
140
+ $request = rwmb_request();
141
+ if ( ! $request->post( 'submit' ) ) {
142
  return;
143
  }
144
  check_admin_referer( 'meta-box' );
145
 
146
+ $option = $request->post( 'meta_box_updater', array() );
 
147
  $option = (array) $option;
148
  $option['status'] = 'active';
149
 
inc/wpml.php CHANGED
@@ -97,9 +97,10 @@ class RWMB_WPML {
97
  }
98
 
99
  // Get post ID.
100
- $post_id = filter_input( INPUT_GET, 'post', FILTER_SANITIZE_NUMBER_INT );
 
101
  if ( ! $post_id ) {
102
- $post_id = filter_input( INPUT_POST, 'post_ID', FILTER_SANITIZE_NUMBER_INT );
103
  }
104
 
105
  // If the post is the original one: do nothing.
97
  }
98
 
99
  // Get post ID.
100
+ $request = rwmb_request();
101
+ $post_id = $request->filter_get( 'post', FILTER_SANITIZE_NUMBER_INT );
102
  if ( ! $post_id ) {
103
+ $post_id = $request->filter_post( 'post_ID', FILTER_SANITIZE_NUMBER_INT );
104
  }
105
 
106
  // If the post is the original one: do nothing.
js/color.js CHANGED
@@ -5,15 +5,21 @@
5
  * Transform an input into a color picker.
6
  */
7
  function transform() {
8
- var $this = $( this ),
9
- $container = $this.closest( '.wp-picker-container' ),
10
- data = $.extend(
 
 
 
 
 
 
11
  {
12
  change: function () {
13
- $this.trigger( 'color:change' ).trigger( 'mb_change' );
14
  },
15
  clear: function () {
16
- $this.trigger( 'color:clear' ).trigger( 'mb_change' );
17
  }
18
  },
19
  $this.data( 'options' )
@@ -25,8 +31,8 @@
25
  $container.remove();
26
  }
27
 
28
- // Show color picker
29
- $this.wpColorPicker( data );
30
  }
31
 
32
  function init( e ) {
5
  * Transform an input into a color picker.
6
  */
7
  function transform() {
8
+ var $this = $( this );
9
+
10
+ function triggerChange() {
11
+ $this.trigger( 'color:change' ).trigger( 'mb_change' );
12
+ }
13
+
14
+ var $container = $this.closest( '.wp-picker-container' ),
15
+ // Hack: the picker needs a small delay (learn from the Kirki plugin).
16
+ options = $.extend(
17
  {
18
  change: function () {
19
+ setTimeout( triggerChange, 20 );
20
  },
21
  clear: function () {
22
+ setTimeout( triggerChange, 20 );
23
  }
24
  },
25
  $this.data( 'options' )
31
  $container.remove();
32
  }
33
 
34
+ // Show color picker.
35
+ $this.wpColorPicker( options );
36
  }
37
 
38
  function init( e ) {
js/notification.js CHANGED
@@ -1,4 +1,4 @@
1
- ( function( $, document, i18n ) {
2
  'use strict';
3
 
4
  function dismissNotification() {
@@ -7,10 +7,10 @@
7
 
8
  $.post( ajaxurl, {
9
  action: 'mb_dismiss_notification',
10
- nonce: MBNotification.nonce
11
  } );
12
  } );
13
  }
14
 
15
- $( document ).on( 'ready', dismissNotification );
16
- } )( jQuery, document, MBNotification );
1
+ ( function( $, i18n ) {
2
  'use strict';
3
 
4
  function dismissNotification() {
7
 
8
  $.post( ajaxurl, {
9
  action: 'mb_dismiss_notification',
10
+ nonce: i18n.nonce
11
  } );
12
  } );
13
  }
14
 
15
+ $( dismissNotification );
16
+ } )( jQuery, MBNotification );
js/script.js CHANGED
@@ -4,13 +4,6 @@ window.rwmb = window.rwmb || {};
4
  ( function( $, document, rwmb ) {
5
  'use strict';
6
 
7
- // Trigger a custom ready event for all scripts to hook to.
8
- // Used for static DOM and dynamic DOM (loaded in MB Blocks extension for Gutenberg).
9
- rwmb.$document = $( document );
10
- rwmb.$document.on( 'ready', function() {
11
- rwmb.$document.trigger( 'mb_ready' );
12
- } );
13
-
14
  // Selectors for all plugin inputs.
15
  rwmb.inputSelectors = 'input[class*="rwmb"], textarea[class*="rwmb"], select[class*="rwmb"], button[class*="rwmb"]';
16
 
@@ -18,4 +11,11 @@ window.rwmb = window.rwmb || {};
18
  rwmb.uniqid = function uniqid() {
19
  return Math.random().toString( 36 ).substr( 2 );
20
  }
 
 
 
 
 
 
 
21
  } )( jQuery, document, rwmb );
4
  ( function( $, document, rwmb ) {
5
  'use strict';
6
 
 
 
 
 
 
 
 
7
  // Selectors for all plugin inputs.
8
  rwmb.inputSelectors = 'input[class*="rwmb"], textarea[class*="rwmb"], select[class*="rwmb"], button[class*="rwmb"]';
9
 
11
  rwmb.uniqid = function uniqid() {
12
  return Math.random().toString( 36 ).substr( 2 );
13
  }
14
+
15
+ // Trigger a custom ready event for all scripts to hook to.
16
+ // Used for static DOM and dynamic DOM (loaded in MB Blocks extension for Gutenberg).
17
+ rwmb.$document = $( document );
18
+ $( function() {
19
+ rwmb.$document.trigger( 'mb_ready' );
20
+ } );
21
  } )( jQuery, document, rwmb );
js/wysiwyg.js CHANGED
@@ -1,153 +1,154 @@
1
- ( function ( $, wp, window, rwmb ) {
2
- 'use strict';
3
-
4
- /**
5
- * Transform textarea into wysiwyg editor.
6
- */
7
- function transform() {
8
- var $this = $( this ),
9
- $wrapper = $this.closest( '.wp-editor-wrap' ),
10
- id = $this.attr( 'id' ),
11
- isInBlock = $this.closest( '.wp-block' ).length > 0;
12
-
13
- // Ignore existing editor.
14
- if ( ! isInBlock && tinyMCEPreInit.mceInit[id] ) {
15
- return;
16
- }
17
-
18
- // Update the ID attribute if the editor is in a new block.
19
- if ( isInBlock ) {
20
- id = id + '_' + rwmb.uniqid();
21
- $this.attr( 'id', id );
22
- }
23
-
24
- // Update the DOM
25
- $this.show();
26
- updateDom( $wrapper, id );
27
-
28
- // Get id of the original editor to get its tinyMCE and quick tags settings
29
- var originalId = getOriginalId( $this ),
30
- settings = getEditorSettings( originalId );
31
-
32
- // TinyMCE
33
- if ( window.tinymce ) {
34
- var editor = new tinymce.Editor(id, settings.tinymce, tinymce.EditorManager);
35
- editor.render();
36
-
37
- editor.on( 'keyup change', function() {
38
- editor.save();
39
- $this.trigger( 'change' );
40
- } );
41
- }
42
-
43
- // Quick tags
44
- if ( window.quicktags ) {
45
- settings.quicktags.id = id;
46
- quicktags( settings.quicktags );
47
- QTags._buttonsInit();
48
- }
49
- }
50
-
51
- function getEditorSettings( id ) {
52
- var settings = getDefaultEditorSettings();
53
-
54
- if ( id && tinyMCEPreInit.mceInit.hasOwnProperty( id ) ) {
55
- settings.tinymce = tinyMCEPreInit.mceInit[id];
56
- }
57
- if ( id && window.quicktags && tinyMCEPreInit.qtInit.hasOwnProperty( id ) ) {
58
- settings.quicktags = tinyMCEPreInit.qtInit[id];
59
- }
60
-
61
- return settings;
62
- }
63
-
64
- function getDefaultEditorSettings() {
65
- var settings = wp.editor.getDefaultSettings();
66
-
67
- settings.tinymce.toolbar1 = 'formatselect,bold,italic,bullist,numlist,blockquote,alignleft,aligncenter,alignright,link,unlink,wp_more,spellchecker,fullscreen,wp_adv';
68
- settings.tinymce.toolbar2 = 'strikethrough,hr,forecolor,pastetext,removeformat,charmap,outdent,indent,undo,redo,wp_help';
69
-
70
- settings.quicktags.buttons = 'strong,em,link,block,del,ins,img,ul,ol,li,code,more,close';
71
-
72
- return settings;
73
- }
74
-
75
- /**
76
- * Get original ID of the textarea
77
- * The ID will be used to reference to tinyMCE and quick tags settings
78
- * @param $el Current cloned textarea
79
- */
80
- function getOriginalId( $el ) {
81
- var $clone = $el.closest( '.rwmb-clone' ),
82
- currentId = $clone.find( '.rwmb-wysiwyg' ).attr( 'id' );
83
-
84
- if ( /_\d+$/.test( currentId ) ) {
85
- currentId = currentId.replace( /_\d+$/, '' );
86
- }
87
- if ( tinyMCEPreInit.mceInit.hasOwnProperty( currentId ) || tinyMCEPreInit.qtInit.hasOwnProperty( currentId ) ) {
88
- return currentId;
89
- }
90
-
91
- return '';
92
- }
93
-
94
- /**
95
- * Update id, class, [data-] attributes, ... of the cloned editor.
96
- * @param $wrapper Editor wrapper element
97
- * @param id Editor ID
98
- */
99
- function updateDom( $wrapper, id ) {
100
- // Wrapper div and media buttons
101
- $wrapper.attr( 'id', 'wp-' + id + '-wrap' )
102
- .removeClass( 'html-active' ).addClass( 'tmce-active' ) // Active the visual mode by default
103
- .find( '.mce-container' ).remove().end() // Remove rendered tinyMCE editor
104
- .find( '.wp-editor-tools' ).attr( 'id', 'wp-' + id + '-editor-tools' )
105
- .find( '.wp-media-buttons' ).attr( 'id', 'wp-' + id + '-media-buttons' )
106
- .find( 'button' ).data( 'editor', id ).attr( 'data-editor', id );
107
-
108
- // Editor tabs
109
- $wrapper.find( '.switch-tmce' )
110
- .attr( 'id', id + 'tmce' )
111
- .data( 'wp-editor-id', id ).attr( 'data-wp-editor-id', id ).end()
112
- .find( '.switch-html' )
113
- .attr( 'id', id + 'html' )
114
- .data( 'wp-editor-id', id ).attr( 'data-wp-editor-id', id );
115
-
116
- // Quick tags
117
- $wrapper.find( '.wp-editor-container' ).attr( 'id', 'wp-' + id + '-editor-container' )
118
- .find( '.quicktags-toolbar' ).attr( 'id', 'qt_' + id + '_toolbar' ).html( '' );
119
- }
120
-
121
- /**
122
- * Handles updating tiny mce instances when saving a gutenberg post.
123
- * https://metabox.io/support/topic/data-are-not-saved-into-the-database/
124
- * https://github.com/WordPress/gutenberg/issues/7176
125
- */
126
- function ensureSave() {
127
- if ( ! wp.data || ! wp.data.hasOwnProperty( 'subscribe' ) || ! window.tinyMCE ) {
128
- return;
129
- }
130
- wp.data.subscribe( function() {
131
- var editor = wp.data.hasOwnProperty( 'select' ) ? wp.data.select( 'core/editor' ) : {};
132
-
133
- if ( editor && editor.isSavingPost && editor.isSavingPost() ) {
134
- window.tinyMCE.triggerSave();
135
- }
136
- } );
137
- }
138
-
139
- function init( e ) {
140
- $( e.target ).find( '.rwmb-wysiwyg' ).each( transform );
141
- }
142
-
143
- ensureSave();
144
- rwmb.$document
145
- .on( 'mb_blocks_edit', init )
146
- .on( 'clone', '.rwmb-wysiwyg', function() {
147
- /*
148
- * Transform a textarea to an editor is a heavy task.
149
- * Moving it to the end of task queue with setTimeout makes cloning faster.
150
- */
151
- setTimeout( transform.bind( this ), 0 );
152
- } );
153
- } )( jQuery, wp, window, rwmb );
 
1
+ ( function ( $, wp, window, rwmb ) {
2
+ 'use strict';
3
+
4
+ /**
5
+ * Transform textarea into wysiwyg editor.
6
+ */
7
+ function transform() {
8
+ var $this = $( this ),
9
+ $wrapper = $this.closest( '.wp-editor-wrap' ),
10
+ id = $this.attr( 'id' ),
11
+ isInBlock = $this.closest( '.wp-block' ).length > 0;
12
+
13
+ // Ignore existing editor.
14
+ if ( ! isInBlock && tinyMCEPreInit.mceInit[id] ) {
15
+ return;
16
+ }
17
+
18
+ // Update the ID attribute if the editor is in a new block.
19
+ if ( isInBlock ) {
20
+ id = id + '_' + rwmb.uniqid();
21
+ $this.attr( 'id', id );
22
+ }
23
+
24
+ // Update the DOM
25
+ $this.show();
26
+ updateDom( $wrapper, id );
27
+
28
+ // Get id of the original editor to get its tinyMCE and quick tags settings
29
+ var originalId = getOriginalId( $this ),
30
+ settings = getEditorSettings( originalId );
31
+
32
+ // TinyMCE
33
+ if ( window.tinymce ) {
34
+ var editor = new tinymce.Editor(id, settings.tinymce, tinymce.EditorManager);
35
+ editor.render();
36
+
37
+ editor.on( 'keyup change', function() {
38
+ editor.save();
39
+ $this.trigger( 'change' );
40
+ } );
41
+ }
42
+
43
+ // Quick tags
44
+ if ( window.quicktags ) {
45
+ settings.quicktags.id = id;
46
+ quicktags( settings.quicktags );
47
+ QTags._buttonsInit();
48
+ }
49
+ }
50
+
51
+ function getEditorSettings( id ) {
52
+ var settings = getDefaultEditorSettings();
53
+
54
+ if ( id && tinyMCEPreInit.mceInit.hasOwnProperty( id ) ) {
55
+ settings.tinymce = tinyMCEPreInit.mceInit[id];
56
+ }
57
+ if ( id && window.quicktags && tinyMCEPreInit.qtInit.hasOwnProperty( id ) ) {
58
+ settings.quicktags = tinyMCEPreInit.qtInit[id];
59
+ }
60
+
61
+ return settings;
62
+ }
63
+
64
+ function getDefaultEditorSettings() {
65
+ var settings = wp.editor.getDefaultSettings();
66
+
67
+ settings.tinymce.toolbar1 = 'formatselect,bold,italic,bullist,numlist,blockquote,alignleft,aligncenter,alignright,link,unlink,wp_more,spellchecker,fullscreen,wp_adv';
68
+ settings.tinymce.toolbar2 = 'strikethrough,hr,forecolor,pastetext,removeformat,charmap,outdent,indent,undo,redo,wp_help';
69
+
70
+ settings.quicktags.buttons = 'strong,em,link,block,del,ins,img,ul,ol,li,code,more,close';
71
+
72
+ return settings;
73
+ }
74
+
75
+ /**
76
+ * Get original ID of the textarea
77
+ * The ID will be used to reference to tinyMCE and quick tags settings
78
+ * @param $el Current cloned textarea
79
+ */
80
+ function getOriginalId( $el ) {
81
+ var $clone = $el.closest( '.rwmb-clone' ),
82
+ currentId = $clone.find( '.rwmb-wysiwyg' ).attr( 'id' );
83
+
84
+ if ( /_\d+$/.test( currentId ) ) {
85
+ currentId = currentId.replace( /_\d+$/, '' );
86
+ }
87
+ if ( tinyMCEPreInit.mceInit.hasOwnProperty( currentId ) || tinyMCEPreInit.qtInit.hasOwnProperty( currentId ) ) {
88
+ return currentId;
89
+ }
90
+
91
+ return '';
92
+ }
93
+
94
+ /**
95
+ * Update id, class, [data-] attributes, ... of the cloned editor.
96
+ * @param $wrapper Editor wrapper element
97
+ * @param id Editor ID
98
+ */
99
+ function updateDom( $wrapper, id ) {
100
+ // Wrapper div and media buttons
101
+ $wrapper.attr( 'id', 'wp-' + id + '-wrap' )
102
+ .removeClass( 'html-active' ).addClass( 'tmce-active' ) // Active the visual mode by default
103
+ .find( '.mce-container' ).remove().end() // Remove rendered tinyMCE editor
104
+ .find( '.wp-editor-tools' ).attr( 'id', 'wp-' + id + '-editor-tools' )
105
+ .find( '.wp-media-buttons' ).attr( 'id', 'wp-' + id + '-media-buttons' )
106
+ .find( 'button' ).data( 'editor', id ).attr( 'data-editor', id );
107
+
108
+ // Editor tabs
109
+ $wrapper.find( '.switch-tmce' )
110
+ .attr( 'id', id + 'tmce' )
111
+ .data( 'wp-editor-id', id ).attr( 'data-wp-editor-id', id ).end()
112
+ .find( '.switch-html' )
113
+ .attr( 'id', id + 'html' )
114
+ .data( 'wp-editor-id', id ).attr( 'data-wp-editor-id', id );
115
+
116
+ // Quick tags
117
+ $wrapper.find( '.wp-editor-container' ).attr( 'id', 'wp-' + id + '-editor-container' )
118
+ .find( '.quicktags-toolbar' ).attr( 'id', 'qt_' + id + '_toolbar' ).html( '' );
119
+ }
120
+
121
+ /**
122
+ * Handles updating tiny mce instances when saving a gutenberg post.
123
+ * https://metabox.io/support/topic/data-are-not-saved-into-the-database/
124
+ * https://github.com/WordPress/gutenberg/issues/7176
125
+ */
126
+ function ensureSave() {
127
+ if ( ! wp.data || ! wp.data.hasOwnProperty( 'subscribe' ) || ! window.tinyMCE ) {
128
+ return;
129
+ }
130
+ wp.data.subscribe( function() {
131
+ var editor = wp.data.hasOwnProperty( 'select' ) ? wp.data.select( 'core/editor' ) : {};
132
+
133
+ if ( editor && editor.isSavingPost && editor.isSavingPost() ) {
134
+ window.tinyMCE.triggerSave();
135
+ }
136
+ } );
137
+ }
138
+
139
+ function init( e ) {
140
+ $( e.target ).find( '.rwmb-wysiwyg' ).each( transform );
141
+ }
142
+
143
+ ensureSave();
144
+ rwmb.$document
145
+ .on( 'mb_blocks_edit', init )
146
+ .on( 'mb_init_editors', init )
147
+ .on( 'clone', '.rwmb-wysiwyg', function() {
148
+ /*
149
+ * Transform a textarea to an editor is a heavy task.
150
+ * Moving it to the end of task queue with setTimeout makes cloning faster.
151
+ */
152
+ setTimeout( transform.bind( this ), 0 );
153
+ } );
154
+ } )( jQuery, wp, window, rwmb );
meta-box.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: Meta Box
4
  * Plugin URI: https://metabox.io
5
  * Description: Create custom meta boxes and custom fields in WordPress.
6
- * Version: 5.2.1
7
  * Author: MetaBox.io
8
  * Author URI: https://metabox.io
9
  * License: GPL2+
3
  * Plugin Name: Meta Box
4
  * Plugin URI: https://metabox.io
5
  * Description: Create custom meta boxes and custom fields in WordPress.
6
+ * Version: 5.2.2
7
  * Author: MetaBox.io
8
  * Author URI: https://metabox.io
9
  * License: GPL2+
readme.txt CHANGED
@@ -5,7 +5,7 @@ Tags: meta-box, custom fields, custom field, meta, meta-boxes, admin, advanced,
5
  Requires at least: 4.3
6
  Requires PHP: 5.3
7
  Tested up to: 5.2.3
8
- Stable tag: 5.2.1
9
  License: GPLv2 or later
10
 
11
  Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for WordPress.
@@ -167,6 +167,19 @@ To getting started with the plugin, please read the [Quick Start Guide](https://
167
 
168
  == Changelog ==
169
 
 
 
 
 
 
 
 
 
 
 
 
 
 
170
  = 5.2.1 - 2019-09-26 =
171
 
172
  **Fixed**
5
  Requires at least: 4.3
6
  Requires PHP: 5.3
7
  Tested up to: 5.2.3
8
+ Stable tag: 5.2.2
9
  License: GPLv2 or later
10
 
11
  Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for WordPress.
167
 
168
  == Changelog ==
169
 
170
+ = 5.2.2 - 2019-10-09 =
171
+
172
+ **Fixed**
173
+
174
+ - Fix sanitizing empty post field
175
+ - Fix post thumbnail not saving in MB Frontend Submission
176
+ - Fix undefined index for `image_select` field when using helper functions with no value.
177
+ - Fix JQMIGRATE: 'ready' event is deprecated
178
+
179
+ **Changed**
180
+
181
+ - Add styling for date picker, autocomplete, select2 to show in the Customizer (for MB Settings Page)
182
+
183
  = 5.2.1 - 2019-09-26 =
184
 
185
  **Fixed**