Custom Post Types and Custom Fields creator – WCK - Version 2.0.9

Version Description

  • Security improvements
  • Small css change for labels in metaboxes
  • Small PHP 7 compatibility change
Download this release

Release Info

Developer madalin.ungureanu
Plugin Icon 128x128 Custom Post Types and Custom Fields creator – WCK
Version 2.0.9
Comparing to
See all releases

Code changes from version 2.0.8 to 2.0.9

Files changed (6) hide show
  1. readme.txt +7 -2
  2. wck-cfc.php +5 -8
  3. wck.php +1 -1
  4. wordpress-creation-kit-api/wck-fep/wck-fep.php +13 -13
  5. wordpress-creation-kit-api/wordpress-creation-kit.css +4 -0
  6. wordpress-creation-kit-api/wordpress-creation-kit.php +15 -15
readme.txt CHANGED
@@ -5,8 +5,8 @@ Donate link: http://www.cozmoslabs.com/wordpress-creation-kit/
5
  Tags: custom fields, custom field, wordpress custom fields, custom post type, custom post types, post types, repeater fields, meta box, metabox, custom taxonomy, custom fields creator, post meta
6
 
7
  Requires at least: 3.1
8
- Tested up to: 4.7.2
9
- Stable tag: 2.0.8
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
@@ -139,6 +139,11 @@ Creating a taxonomy generally automatically creates a special query variable usi
139
  10. Taxonomy listing
140
 
141
  == Changelog ==
 
 
 
 
 
142
  = 2.0.8 =
143
  * We now check for reserved names on Custom Post Types and Taxonomy Creator
144
  * Added a filter to change input type: wck_text_input_type_attribute_{$meta}_{$field_slug}
5
  Tags: custom fields, custom field, wordpress custom fields, custom post type, custom post types, post types, repeater fields, meta box, metabox, custom taxonomy, custom fields creator, post meta
6
 
7
  Requires at least: 3.1
8
+ Tested up to: 4.7.3
9
+ Stable tag: 2.0.9
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
139
  10. Taxonomy listing
140
 
141
  == Changelog ==
142
+ = 2.0.9 =
143
+ * Security improvements
144
+ * Small css change for labels in metaboxes
145
+ * Small PHP 7 compatibility change
146
+
147
  = 2.0.8 =
148
  * We now check for reserved names on Custom Post Types and Taxonomy Creator
149
  * Added a filter to change input type: wck_text_input_type_attribute_{$meta}_{$field_slug}
wck-cfc.php CHANGED
@@ -6,9 +6,9 @@ add_action('admin_enqueue_scripts', 'wck_cfc_print_scripts' );
6
  function wck_cfc_print_scripts($hook){
7
  if( isset( $_GET['post_type'] ) || isset( $_GET['post'] ) ){
8
  if( isset( $_GET['post_type'] ) )
9
- $post_type = $_GET['post_type'];
10
  else if( isset( $_GET['post'] ) )
11
- $post_type = get_post_type( $_GET['post'] );
12
 
13
  if( 'wck-meta-box' == $post_type ){
14
  wp_register_style('wck-cfc-css', plugins_url('/css/wck-cfc.css', __FILE__));
@@ -61,9 +61,9 @@ add_filter( 'admin_body_class', 'wck_cfc_admin_body_class' );
61
  function wck_cfc_admin_body_class( $classes ){
62
  if( isset( $_GET['post_type'] ) || isset( $_GET['post'] ) ){
63
  if( isset( $_GET['post_type'] ) )
64
- $post_type = $_GET['post_type'];
65
  else if( isset( $_GET['post'] ) )
66
- $post_type = get_post_type( $_GET['post'] );
67
 
68
  if( 'wck-meta-box' == $post_type ){
69
  $classes .= ' wck_page_cfc-page ';
@@ -1039,10 +1039,7 @@ function wck_cfc_process_unserialized_batch() {
1039
  }
1040
 
1041
  ignore_user_abort( true );
1042
-
1043
- if (! ini_get( 'safe_mode' ) ) {
1044
- @set_time_limit( 0 );
1045
- }
1046
 
1047
  /* set number of posts that are processed in a batch !IMPORTANT IT IS ALSO SET IN THE wck_unserialized_page_callback() FUNCTION */
1048
  $per_batch = 30;
6
  function wck_cfc_print_scripts($hook){
7
  if( isset( $_GET['post_type'] ) || isset( $_GET['post'] ) ){
8
  if( isset( $_GET['post_type'] ) )
9
+ $post_type = sanitize_text_field( $_GET['post_type'] );
10
  else if( isset( $_GET['post'] ) )
11
+ $post_type = get_post_type( absint( $_GET['post'] ) );
12
 
13
  if( 'wck-meta-box' == $post_type ){
14
  wp_register_style('wck-cfc-css', plugins_url('/css/wck-cfc.css', __FILE__));
61
  function wck_cfc_admin_body_class( $classes ){
62
  if( isset( $_GET['post_type'] ) || isset( $_GET['post'] ) ){
63
  if( isset( $_GET['post_type'] ) )
64
+ $post_type = sanitize_text_field( $_GET['post_type'] );
65
  else if( isset( $_GET['post'] ) )
66
+ $post_type = get_post_type( absint( $_GET['post'] ) );
67
 
68
  if( 'wck-meta-box' == $post_type ){
69
  $classes .= ' wck_page_cfc-page ';
1039
  }
1040
 
1041
  ignore_user_abort( true );
1042
+ @set_time_limit( 0 );
 
 
 
1043
 
1044
  /* set number of posts that are processed in a batch !IMPORTANT IT IS ALSO SET IN THE wck_unserialized_page_callback() FUNCTION */
1045
  $per_batch = 30;
wck.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: WCK - Custom Fields and Custom Post Types Creator
4
  Description: WordPress Creation Kit consists of three tools that can help you create and maintain custom post types, custom taxonomies and most importantly, custom fields and metaboxes for your posts, pages or CPT's.
5
  Author: Cozmoslabs, Madalin Ungureanu, Cristian Antohe
6
- Version: 2.0.8
7
  Author URI: http://www.cozmoslabs.com
8
 
9
  License: GPL2
3
  Plugin Name: WCK - Custom Fields and Custom Post Types Creator
4
  Description: WordPress Creation Kit consists of three tools that can help you create and maintain custom post types, custom taxonomies and most importantly, custom fields and metaboxes for your posts, pages or CPT's.
5
  Author: Cozmoslabs, Madalin Ungureanu, Cristian Antohe
6
+ Version: 2.0.9
7
  Author URI: http://www.cozmoslabs.com
8
 
9
  License: GPL2
wordpress-creation-kit-api/wck-fep/wck-fep.php CHANGED
@@ -191,12 +191,12 @@ class WCK_FrontEnd_Posting extends Wordpress_Creation_Kit{
191
 
192
 
193
  if( !empty( $_GET['action'] ) )
194
- $action = $_GET['action'];
195
  else
196
  $action = '';
197
 
198
  if( !empty( $_GET['post_id'] ) )
199
- $post_id = $_GET['post_id'];
200
  else
201
  $post_id = '';
202
 
@@ -237,11 +237,11 @@ class WCK_FrontEnd_Posting extends Wordpress_Creation_Kit{
237
  }
238
 
239
  if( !empty( $_POST['action_type'] ) )
240
- $action = $_POST['action_type'];
241
  else
242
  $action = '';
243
  if( !empty( $_POST['post_id'] ) )
244
- $post_id = $_POST['post_id'];
245
  else
246
  $post_id = '';
247
 
@@ -509,14 +509,14 @@ class WCK_FrontEnd_Posting extends Wordpress_Creation_Kit{
509
  function wck_fep_add_post(){
510
  check_ajax_referer( 'wck-fep-add-post' );
511
 
512
- $meta = $_POST['meta'];
513
- $post_ID = $_POST['postid'];
514
  if( !empty( $_POST['values'] ) )
515
  $values = $_POST['values'];
516
  else
517
  $values = array();
518
  $single_cfcs = (!empty( $_POST['single_cfcs'] )) ? $_POST['single_cfcs'] : array() ;
519
- $action_type = $_POST['action_type'];
520
 
521
  /* check required fields */
522
  $errors = array();
@@ -933,7 +933,7 @@ function wck_fep_output_lilo_form(){
933
  if ( isset( $_GET['loginerror'] ) || isset( $_POST['loginerror'] ) ){
934
  $loginerror = isset( $_GET['loginerror'] ) ? $_GET['loginerror'] : $_POST['loginerror'];
935
  $lilo_form .= '<span class="wck-fep-error">';
936
- $lilo_form .= urldecode( base64_decode( $loginerror ) );
937
  $lilo_form .= '</span>';
938
  }
939
 
@@ -1031,15 +1031,15 @@ function wck_fep_handle_user_action(){
1031
  check_ajax_referer( 'wck-fep-user-action' );
1032
 
1033
  if( !empty( $_POST['action_type'] ) )
1034
- $action = $_POST['action_type'];
1035
  else
1036
  $action = '';
1037
  if( !empty( $_POST['username'] ) )
1038
- $username = $_POST['username'];
1039
  else
1040
  $username = '';
1041
  if( !empty( $_POST['email'] ) )
1042
- $email = $_POST['email'];
1043
  else
1044
  $email = '';
1045
  if( !empty( $_POST['password'] ) )
@@ -1051,7 +1051,7 @@ function wck_fep_handle_user_action(){
1051
  else
1052
  $confirm_password = '';
1053
  if( !empty( $_POST['description'] ) )
1054
- $description = $_POST['description'];
1055
  else
1056
  $description = '';
1057
 
@@ -1191,7 +1191,7 @@ add_filter('wp_handle_upload_prefilter', 'wck_upload_file_type');
1191
  function wck_upload_file_type($file) {
1192
  if (isset($_POST['allowed_type']) && !empty($_POST['allowed_type'])){
1193
  //this allows you to set multiple types seperated by a pipe "|"
1194
- $allowed = explode("|", $_POST['allowed_type']);
1195
 
1196
  $ext = substr(strrchr($file['name'],'.'),1);
1197
  //first check if the user uploaded the right type
191
 
192
 
193
  if( !empty( $_GET['action'] ) )
194
+ $action = sanitize_text_field( $_GET['action'] );
195
  else
196
  $action = '';
197
 
198
  if( !empty( $_GET['post_id'] ) )
199
+ $post_id = absint( $_GET['post_id'] );
200
  else
201
  $post_id = '';
202
 
237
  }
238
 
239
  if( !empty( $_POST['action_type'] ) )
240
+ $action = sanitize_text_field( $_POST['action_type'] );
241
  else
242
  $action = '';
243
  if( !empty( $_POST['post_id'] ) )
244
+ $post_id = absint( $_POST['post_id'] );
245
  else
246
  $post_id = '';
247
 
509
  function wck_fep_add_post(){
510
  check_ajax_referer( 'wck-fep-add-post' );
511
 
512
+ $meta = sanitize_text_field( $_POST['meta'] );
513
+ $post_ID = absint( $_POST['postid'] );
514
  if( !empty( $_POST['values'] ) )
515
  $values = $_POST['values'];
516
  else
517
  $values = array();
518
  $single_cfcs = (!empty( $_POST['single_cfcs'] )) ? $_POST['single_cfcs'] : array() ;
519
+ $action_type = sanitize_text_field( $_POST['action_type'] );
520
 
521
  /* check required fields */
522
  $errors = array();
933
  if ( isset( $_GET['loginerror'] ) || isset( $_POST['loginerror'] ) ){
934
  $loginerror = isset( $_GET['loginerror'] ) ? $_GET['loginerror'] : $_POST['loginerror'];
935
  $lilo_form .= '<span class="wck-fep-error">';
936
+ $lilo_form .= wp_kses_post( urldecode( base64_decode( $loginerror ) ) );
937
  $lilo_form .= '</span>';
938
  }
939
 
1031
  check_ajax_referer( 'wck-fep-user-action' );
1032
 
1033
  if( !empty( $_POST['action_type'] ) )
1034
+ $action = sanitize_text_field( $_POST['action_type'] );
1035
  else
1036
  $action = '';
1037
  if( !empty( $_POST['username'] ) )
1038
+ $username = sanitize_user( $_POST['username'] );
1039
  else
1040
  $username = '';
1041
  if( !empty( $_POST['email'] ) )
1042
+ $email = sanitize_email( $_POST['email'] );
1043
  else
1044
  $email = '';
1045
  if( !empty( $_POST['password'] ) )
1051
  else
1052
  $confirm_password = '';
1053
  if( !empty( $_POST['description'] ) )
1054
+ $description = wp_kses_post( $_POST['description'] );
1055
  else
1056
  $description = '';
1057
 
1191
  function wck_upload_file_type($file) {
1192
  if (isset($_POST['allowed_type']) && !empty($_POST['allowed_type'])){
1193
  //this allows you to set multiple types seperated by a pipe "|"
1194
+ $allowed = explode("|", sanitize_text_field( $_POST['allowed_type'] ) );
1195
 
1196
  $ext = substr(strrchr($file['name'],'.'),1);
1197
  //first check if the user uploaded the right type
wordpress-creation-kit-api/wordpress-creation-kit.css CHANGED
@@ -21,6 +21,10 @@
21
  padding-right:10px;
22
  }
23
 
 
 
 
 
24
  .field-label.error{
25
  color:#ff0000;
26
  }
21
  padding-right:10px;
22
  }
23
 
24
+ .mb-list-entry-fields .field-label{
25
+ min-width:100px;
26
+ }
27
+
28
  .field-label.error{
29
  color:#ff0000;
30
  }
wordpress-creation-kit-api/wordpress-creation-kit.php CHANGED
@@ -175,9 +175,9 @@ class Wordpress_Creation_Kit{
175
  }
176
  else{
177
  if( !empty( $_GET['post'] ) )
178
- $post_id = $_GET['post'];
179
  else if( !empty( $_POST['post_ID'] ) )
180
- $post_id = $_POST['post_ID'];
181
  else
182
  $post_id = '';
183
 
@@ -866,7 +866,7 @@ class Wordpress_Creation_Kit{
866
  function wck_add_meta(){
867
  check_ajax_referer( "wck-add-meta" );
868
  if( !empty( $_POST['meta'] ) )
869
- $meta = $_POST['meta'];
870
  else
871
  $meta = '';
872
  if( !empty( $_POST['id'] ) )
@@ -953,7 +953,7 @@ class Wordpress_Creation_Kit{
953
  function wck_update_meta(){
954
  check_ajax_referer( "wck-update-entry" );
955
  if( !empty( $_POST['meta'] ) )
956
- $meta = $_POST['meta'];
957
  else
958
  $meta = '';
959
  if( !empty( $_POST['id'] ) )
@@ -961,7 +961,7 @@ class Wordpress_Creation_Kit{
961
  else
962
  $id = '';
963
  if( isset( $_POST['element_id'] ) )
964
- $element_id = $_POST['element_id'];
965
  else
966
  $element_id = 0;
967
  if( !empty( $_POST['values'] ) )
@@ -1033,7 +1033,7 @@ class Wordpress_Creation_Kit{
1033
  /* ajax to refresh the meta content */
1034
  function wck_refresh_list(){
1035
  if( isset( $_POST['meta'] ) )
1036
- $meta = $_POST['meta'];
1037
  else
1038
  $meta = '';
1039
  if( isset( $_POST['id'] ) )
@@ -1050,7 +1050,7 @@ class Wordpress_Creation_Kit{
1050
  /* ajax to refresh an entry content */
1051
  function wck_refresh_entry(){
1052
  if( isset( $_POST['meta'] ) )
1053
- $meta = $_POST['meta'];
1054
  else
1055
  $meta = '';
1056
  if( isset( $_POST['id'] ) )
@@ -1058,7 +1058,7 @@ class Wordpress_Creation_Kit{
1058
  else
1059
  $id = '';
1060
  if( isset( $_POST['element_id'] ) )
1061
- $element_id = $_POST['element_id'];
1062
  else
1063
  $element_id = '';
1064
 
@@ -1077,7 +1077,7 @@ class Wordpress_Creation_Kit{
1077
  /* ajax to add the form for single */
1078
  function wck_add_form(){
1079
  if( !empty( $_POST['meta'] ) )
1080
- $meta = $_POST['meta'];
1081
  else
1082
  $meta = '';
1083
  if( !empty( $_POST['id'] ) )
@@ -1095,9 +1095,9 @@ class Wordpress_Creation_Kit{
1095
  /* ajax to show the update form */
1096
  function wck_show_update_form(){
1097
  check_ajax_referer( "wck-edit-entry" );
1098
- $meta = $_POST['meta'];
1099
  $id = absint($_POST['id']);
1100
- $element_id = $_POST['element_id'];
1101
 
1102
  echo self::mb_update_form($this->args['meta_array'], $meta, $id, $element_id);
1103
 
@@ -1111,7 +1111,7 @@ class Wordpress_Creation_Kit{
1111
  function wck_remove_meta(){
1112
  check_ajax_referer( "wck-delete-entry" );
1113
  if( !empty( $_POST['meta'] ) )
1114
- $meta = $_POST['meta'];
1115
  else
1116
  $meta = '';
1117
  if( !empty( $_POST['id'] ) )
@@ -1220,7 +1220,7 @@ class Wordpress_Creation_Kit{
1220
  /* ajax to reorder records */
1221
  function wck_reorder_meta(){
1222
  if( !empty( $_POST['meta'] ) )
1223
- $meta = $_POST['meta'];
1224
  else
1225
  $meta = '';
1226
  if( !empty( $_POST['id'] ) )
@@ -1228,7 +1228,7 @@ class Wordpress_Creation_Kit{
1228
  else
1229
  $id = '';
1230
  if( !empty( $_POST['values'] ) )
1231
- $elements_id = $_POST['values'];
1232
  else
1233
  $elements_id = array();
1234
 
@@ -1498,7 +1498,7 @@ class Wordpress_Creation_Kit{
1498
  */
1499
  function wck_sync_translation_ajax(){
1500
  if( !empty( $_POST['id'] ) )
1501
- $post_id = $_POST['id'];
1502
  else
1503
  $post_id = '';
1504
 
175
  }
176
  else{
177
  if( !empty( $_GET['post'] ) )
178
+ $post_id = absint( $_GET['post'] );
179
  else if( !empty( $_POST['post_ID'] ) )
180
+ $post_id = absint( $_POST['post_ID'] );
181
  else
182
  $post_id = '';
183
 
866
  function wck_add_meta(){
867
  check_ajax_referer( "wck-add-meta" );
868
  if( !empty( $_POST['meta'] ) )
869
+ $meta = sanitize_text_field( $_POST['meta'] );
870
  else
871
  $meta = '';
872
  if( !empty( $_POST['id'] ) )
953
  function wck_update_meta(){
954
  check_ajax_referer( "wck-update-entry" );
955
  if( !empty( $_POST['meta'] ) )
956
+ $meta = sanitize_text_field( $_POST['meta'] );
957
  else
958
  $meta = '';
959
  if( !empty( $_POST['id'] ) )
961
  else
962
  $id = '';
963
  if( isset( $_POST['element_id'] ) )
964
+ $element_id = absint( $_POST['element_id'] );
965
  else
966
  $element_id = 0;
967
  if( !empty( $_POST['values'] ) )
1033
  /* ajax to refresh the meta content */
1034
  function wck_refresh_list(){
1035
  if( isset( $_POST['meta'] ) )
1036
+ $meta = sanitize_text_field( $_POST['meta'] );
1037
  else
1038
  $meta = '';
1039
  if( isset( $_POST['id'] ) )
1050
  /* ajax to refresh an entry content */
1051
  function wck_refresh_entry(){
1052
  if( isset( $_POST['meta'] ) )
1053
+ $meta = sanitize_text_field( $_POST['meta'] );
1054
  else
1055
  $meta = '';
1056
  if( isset( $_POST['id'] ) )
1058
  else
1059
  $id = '';
1060
  if( isset( $_POST['element_id'] ) )
1061
+ $element_id = absint( $_POST['element_id'] );
1062
  else
1063
  $element_id = '';
1064
 
1077
  /* ajax to add the form for single */
1078
  function wck_add_form(){
1079
  if( !empty( $_POST['meta'] ) )
1080
+ $meta = sanitize_text_field( $_POST['meta'] );
1081
  else
1082
  $meta = '';
1083
  if( !empty( $_POST['id'] ) )
1095
  /* ajax to show the update form */
1096
  function wck_show_update_form(){
1097
  check_ajax_referer( "wck-edit-entry" );
1098
+ $meta = sanitize_text_field( $_POST['meta'] );
1099
  $id = absint($_POST['id']);
1100
+ $element_id = absint( $_POST['element_id'] );
1101
 
1102
  echo self::mb_update_form($this->args['meta_array'], $meta, $id, $element_id);
1103
 
1111
  function wck_remove_meta(){
1112
  check_ajax_referer( "wck-delete-entry" );
1113
  if( !empty( $_POST['meta'] ) )
1114
+ $meta = sanitize_text_field( $_POST['meta'] );
1115
  else
1116
  $meta = '';
1117
  if( !empty( $_POST['id'] ) )
1220
  /* ajax to reorder records */
1221
  function wck_reorder_meta(){
1222
  if( !empty( $_POST['meta'] ) )
1223
+ $meta = sanitize_text_field( $_POST['meta'] );
1224
  else
1225
  $meta = '';
1226
  if( !empty( $_POST['id'] ) )
1228
  else
1229
  $id = '';
1230
  if( !empty( $_POST['values'] ) )
1231
+ $elements_id = array_map( 'absint', $_POST['values'] );
1232
  else
1233
  $elements_id = array();
1234
 
1498
  */
1499
  function wck_sync_translation_ajax(){
1500
  if( !empty( $_POST['id'] ) )
1501
+ $post_id = absint( $_POST['id'] );
1502
  else
1503
  $post_id = '';
1504