Custom Post Types and Custom Fields creator – WCK - Version 1.3.1

Version Description

  • Fixed preview draft not showing the correct custom fields in certain conditions
  • Fixed a fatal error that was happening in certain conditions when adding a new Custom Fields Creator Meta Box
Download this release

Release Info

Developer madalin.ungureanu
Plugin Icon 128x128 Custom Post Types and Custom Fields creator – WCK
Version 1.3.1
Comparing to
See all releases

Code changes from version 1.2.9 to 1.3.1

Files changed (5) hide show
  1. readme.txt +10 -1
  2. wck-cfc.php +4 -2
  3. wck.php +1 -1
  4. wordpress-creation-kit-api/assets/map/map.php +3 -0
  5. wordpress-creation-kit-api/wordpress-creation-kit.php +67 -3
readme.txt CHANGED
@@ -6,7 +6,9 @@ Tags: custom fields, custom field, wordpress custom fields, custom post type, cu
6
 
7
  Requires at least: 3.1
8
  Tested up to: 4.5.3
9
- Stable tag: 1.2.9
 
 
10
 
11
  A must have tool for creating custom fields, custom post types and taxonomies, fast and without any programming knowledge.
12
 
@@ -143,6 +145,13 @@ Creating a taxonomy generally automatically creates a special query variable usi
143
  10. Taxonomy listing
144
 
145
  == Changelog ==
 
 
 
 
 
 
 
146
  = 1.2.9 =
147
  * Added Lables field in Custom Fields Creator next to Options for checkboxes, selects and radios
148
 
6
 
7
  Requires at least: 3.1
8
  Tested up to: 4.5.3
9
+ Stable tag: 1.3.1
10
+ License: GPLv2 or later
11
+ License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
13
  A must have tool for creating custom fields, custom post types and taxonomies, fast and without any programming knowledge.
14
 
145
  10. Taxonomy listing
146
 
147
  == Changelog ==
148
+ = 1.3.1 =
149
+ * Fixed preview draft not showing the correct custom fields in certain conditions
150
+ * Fixed a fatal error that was happening in certain conditions when adding a new Custom Fields Creator Meta Box
151
+
152
+ = 1.3.0 =
153
+ * Security Fixes
154
+
155
  = 1.2.9 =
156
  * Added Lables field in Custom Fields Creator next to Options for checkboxes, selects and radios
157
 
wck-cfc.php CHANGED
@@ -494,8 +494,10 @@ function wck_cfc_change_meta_key( $meta, $id, $values, $element_id ){
494
  }
495
 
496
  // Page Template
497
- if ($wck_cfc_args[0]['page-template'] != $values['page-template']) {
498
- update_post_meta($id, 'wck_cfc_page_template_arg', $values['page-template']);
 
 
499
  }
500
  }
501
  }
494
  }
495
 
496
  // Page Template
497
+ if( isset( $wck_cfc_args[0]['page-template'] ) && $values['page-template'] ) {
498
+ if ($wck_cfc_args[0]['page-template'] != $values['page-template']) {
499
+ update_post_meta($id, 'wck_cfc_page_template_arg', $values['page-template']);
500
+ }
501
  }
502
  }
503
  }
wck.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: WCK - Custom Fields and Custom Post Types Creator
4
  Description: WordPress Creation Kit consists of three tools that can help you create and maintain custom post types, custom taxonomies and most importantly, custom fields and metaboxes for your posts, pages or CPT's.
5
  Author: Cozmoslabs, Madalin Ungureanu, Cristian Antohe
6
- Version: 1.2.9
7
  Author URI: http://www.cozmoslabs.com
8
 
9
  License: GPL2
3
  Plugin Name: WCK - Custom Fields and Custom Post Types Creator
4
  Description: WordPress Creation Kit consists of three tools that can help you create and maintain custom post types, custom taxonomies and most importantly, custom fields and metaboxes for your posts, pages or CPT's.
5
  Author: Cozmoslabs, Madalin Ungureanu, Cristian Antohe
6
+ Version: 1.3.1
7
  Author URI: http://www.cozmoslabs.com
8
 
9
  License: GPL2
wordpress-creation-kit-api/assets/map/map.php CHANGED
@@ -30,6 +30,9 @@ function wck_map_field_add_meta( $meta, $id, $values, $element_id = '' ) {
30
 
31
  $args = get_post_meta( $field_set->ID, 'wck_' . ( !empty( $id ) ? 'cfc' : 'opc_field' ) . '_args', true );
32
 
 
 
 
33
  if( $args[0][ $meta_context . '-name' ] !== $meta )
34
  continue;
35
 
30
 
31
  $args = get_post_meta( $field_set->ID, 'wck_' . ( !empty( $id ) ? 'cfc' : 'opc_field' ) . '_args', true );
32
 
33
+ if( empty( $args[0][ $meta_context . '-name' ] ) )
34
+ continue;
35
+
36
  if( $args[0][ $meta_context . '-name' ] !== $meta )
37
  continue;
38
 
wordpress-creation-kit-api/wordpress-creation-kit.php CHANGED
@@ -102,8 +102,9 @@ class Wordpress_Creation_Kit{
102
  add_action("wp_ajax_wck_remove_meta".$this->args['meta_name'], array( &$this, 'wck_remove_meta') );
103
  add_action("wp_ajax_wck_reorder_meta".$this->args['meta_name'], array( &$this, 'wck_reorder_meta') );
104
 
105
- if( file_exists( dirname(__FILE__).'/wck-fep.php' ) && ( !isset( $wck_fep ) || $wck_fep == 'enabled' ) ){
106
- add_action("wp_ajax_nopriv_wck_add_meta".$this->args['meta_name'], array( &$this, 'wck_add_meta') );
 
107
  add_action("wp_ajax_nopriv_wck_update_meta".$this->args['meta_name'], array( &$this, 'wck_update_meta') );
108
  add_action("wp_ajax_nopriv_wck_show_update".$this->args['meta_name'], array( &$this, 'wck_show_update_form') );
109
  add_action("wp_ajax_nopriv_wck_refresh_list".$this->args['meta_name'], array( &$this, 'wck_refresh_list') );
@@ -798,7 +799,42 @@ class Wordpress_Creation_Kit{
798
  }
799
 
800
 
 
 
801
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
802
 
803
 
804
  /* ajax add a reccord to the meta */
@@ -816,6 +852,13 @@ class Wordpress_Creation_Kit{
816
  $values = $_POST['values'];
817
  else
818
  $values = array();
 
 
 
 
 
 
 
819
 
820
  $values = apply_filters( "wck_add_meta_filter_values_{$meta}", $values );
821
 
@@ -876,7 +919,14 @@ class Wordpress_Creation_Kit{
876
  $element_id = 0;
877
  if( !empty( $_POST['values'] ) )
878
  $values = $_POST['values'];
879
-
 
 
 
 
 
 
 
880
 
881
  $values = apply_filters( "wck_update_meta_filter_values_{$meta}", $values, $element_id );
882
 
@@ -1007,6 +1057,14 @@ class Wordpress_Creation_Kit{
1007
  $element_id = absint( $_POST['element_id'] );
1008
  else
1009
  $element_id = '';
 
 
 
 
 
 
 
 
1010
 
1011
  if( $this->args['context'] == 'post_meta' )
1012
  $results = get_post_meta($id, $meta, true);
@@ -1073,6 +1131,12 @@ class Wordpress_Creation_Kit{
1073
  $elements_id = $_POST['values'];
1074
  else
1075
  $elements_id = array();
 
 
 
 
 
 
1076
 
1077
  do_action( 'wck_before_reorder_meta', $meta, $id, $elements_id );
1078
 
102
  add_action("wp_ajax_wck_remove_meta".$this->args['meta_name'], array( &$this, 'wck_remove_meta') );
103
  add_action("wp_ajax_wck_reorder_meta".$this->args['meta_name'], array( &$this, 'wck_reorder_meta') );
104
 
105
+ $wck_tools = get_option('wck_tools');
106
+ if( file_exists( dirname(__FILE__).'/wck-fep/wck-fep.php' ) && ( empty( $wck_tools ) || ( !empty( $wck_tools[0]["frontend-posting"] ) && $wck_tools[0]["frontend-posting"] == 'enabled' ) ) ){
107
+ add_action("wp_ajax_nopriv_wck_add_meta".$this->args['meta_name'], array( &$this, 'wck_add_meta') );
108
  add_action("wp_ajax_nopriv_wck_update_meta".$this->args['meta_name'], array( &$this, 'wck_update_meta') );
109
  add_action("wp_ajax_nopriv_wck_show_update".$this->args['meta_name'], array( &$this, 'wck_show_update_form') );
110
  add_action("wp_ajax_nopriv_wck_refresh_list".$this->args['meta_name'], array( &$this, 'wck_refresh_list') );
799
  }
800
 
801
 
802
+ /* Checks to see wether the current user can modify data */
803
+ function wck_verify_user_capabilities( $context, $meta = '', $id = 0 ) {
804
 
805
+ $return = true;
806
+
807
+ // Meta is an option
808
+ if( $context == 'option' && !current_user_can( 'manage_options' ) )
809
+ $return = false;
810
+
811
+ // Meta is post related
812
+ if( $context == 'post_meta' && is_user_logged_in() ) {
813
+
814
+ // Current user must be able to edit posts
815
+ if( !current_user_can( 'edit_posts' ) )
816
+ $return = false;
817
+
818
+ // If the user can't edit others posts the current post must be his/hers
819
+ elseif( !current_user_can( 'edit_others_posts' ) ) {
820
+
821
+ $current_post = get_post( $id );
822
+ $current_user = wp_get_current_user();
823
+
824
+ if( $current_user->ID != $current_post->post_author )
825
+ $return = false;
826
+
827
+ }
828
+
829
+ }
830
+
831
+ // Return
832
+ if( $return )
833
+ return $return;
834
+ else
835
+ return array( 'error' => __( 'You are not allowed to do this.', 'wck' ), 'errorfields' => '' );
836
+
837
+ }
838
 
839
 
840
  /* ajax add a reccord to the meta */
852
  $values = $_POST['values'];
853
  else
854
  $values = array();
855
+
856
+
857
+ // Security checks
858
+ if( true !== ( $error = self::wck_verify_user_capabilities( $this->args['context'], $meta, $id ) ) ) {
859
+ header( 'Content-type: application/json' );
860
+ die( json_encode( $error ) );
861
+ }
862
 
863
  $values = apply_filters( "wck_add_meta_filter_values_{$meta}", $values );
864
 
919
  $element_id = 0;
920
  if( !empty( $_POST['values'] ) )
921
  $values = $_POST['values'];
922
+
923
+
924
+ // Security checks
925
+ if( true !== ( $error = self::wck_verify_user_capabilities( $this->args['context'], $meta, $id ) ) ) {
926
+ header( 'Content-type: application/json' );
927
+ die( json_encode( $error ) );
928
+ }
929
+
930
 
931
  $values = apply_filters( "wck_update_meta_filter_values_{$meta}", $values, $element_id );
932
 
1057
  $element_id = absint( $_POST['element_id'] );
1058
  else
1059
  $element_id = '';
1060
+
1061
+
1062
+ // Security checks
1063
+ if( true !== ( $error = self::wck_verify_user_capabilities( $this->args['context'], $meta, $id ) ) ) {
1064
+ header( 'Content-type: application/json' );
1065
+ die( json_encode( $error ) );
1066
+ }
1067
+
1068
 
1069
  if( $this->args['context'] == 'post_meta' )
1070
  $results = get_post_meta($id, $meta, true);
1131
  $elements_id = $_POST['values'];
1132
  else
1133
  $elements_id = array();
1134
+
1135
+ // Security checks
1136
+ if( true !== ( $error = self::wck_verify_user_capabilities( $this->args['context'], $meta, $id ) ) ) {
1137
+ header( 'Content-type: application/json' );
1138
+ die( json_encode( $error ) );
1139
+ }
1140
 
1141
  do_action( 'wck_before_reorder_meta', $meta, $id, $elements_id );
1142