plugin updates

2024-10-29 13:49:07 -04:00
parent 66268c4512
commit 9000316050
41 changed files with 916 additions and 570 deletions
--- a/wp/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-oembed.php
+++ b/wp/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-oembed.php
@@ -110,7 +110,7 @@ if ( ! class_exists( 'acf_field_oembed' ) ) :
 				)
 			);

-			if ( ! acf_verify_ajax( $args['nonce'], $args['field_key'] ) ) {
+			if ( ! acf_verify_ajax( $args['nonce'], $args['field_key'], true ) ) {
 				die();
 			}

@@ -169,7 +169,7 @@ if ( ! class_exists( 'acf_field_oembed' ) ) :
 		public function render_field( $field ) {
 			$atts = array(
 				'class'      => 'acf-oembed',
-				'data-nonce' => wp_create_nonce( $field['key'] ),
+				'data-nonce' => wp_create_nonce( 'acf_field_' . $this->name . '_' . $field['key'] ),
 			);

 			if ( $field['value'] ) {
--- a/wp/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-page_link.php
+++ b/wp/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-page_link.php
@@ -81,7 +81,7 @@ if ( ! class_exists( 'acf_field_page_link' ) ) :
 				$key   = '';
 			}

-			if ( ! acf_verify_ajax( $nonce, $key ) ) {
+			if ( ! acf_verify_ajax( $nonce, $key, ! $conditional_logic ) ) {
 				die();
 			}

@@ -392,7 +392,7 @@ if ( ! class_exists( 'acf_field_page_link' ) ) :
 			$field['ui']      = 1;
 			$field['ajax']    = 1;
 			$field['choices'] = array();
-			$field['nonce']   = wp_create_nonce( $field['key'] );
+			$field['nonce']   = wp_create_nonce( 'acf_field_' . $this->name . '_' . $field['key'] );

 			// populate choices if value exists
 			if ( ! empty( $field['value'] ) ) {
--- a/wp/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-post_object.php
+++ b/wp/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-post_object.php
@@ -76,7 +76,7 @@ if ( ! class_exists( 'acf_field_post_object' ) ) :
 				$key   = '';
 			}

-			if ( ! acf_verify_ajax( $nonce, $key ) ) {
+			if ( ! acf_verify_ajax( $nonce, $key, ! $conditional_logic ) ) {
 				die();
 			}

@@ -314,7 +314,7 @@ if ( ! class_exists( 'acf_field_post_object' ) ) :
 			$field['type']    = 'select';
 			$field['ui']      = 1;
 			$field['ajax']    = 1;
-			$field['nonce']   = wp_create_nonce( $field['key'] );
+			$field['nonce']   = wp_create_nonce( 'acf_field_' . $this->name . '_' . $field['key'] );
 			$field['choices'] = array();

 			// load posts
--- a/wp/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-relationship.php
+++ b/wp/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-relationship.php
@@ -102,7 +102,7 @@ if ( ! class_exists( 'acf_field_relationship' ) ) :
 				$key   = '';
 			}

-			if ( ! acf_verify_ajax( $nonce, $key ) ) {
+			if ( ! acf_verify_ajax( $nonce, $key, ! $conditional_logic ) ) {
 				die();
 			}

@@ -417,7 +417,7 @@ if ( ! class_exists( 'acf_field_relationship' ) ) :
 				'data-paged'     => 1,
 				'data-post_type' => '',
 				'data-taxonomy'  => '',
-				'data-nonce'     => wp_create_nonce( $field['key'] ),
+				'data-nonce'     => wp_create_nonce( 'acf_field_' . $this->name . '_' . $field['key'] ),
 			);

 			?>
--- a/wp/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-select.php
+++ b/wp/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-select.php
@@ -115,13 +115,19 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 			$nonce = acf_request_arg( 'nonce', '' );
 			$key   = acf_request_arg( 'field_key', '' );

+			$is_field_key = acf_is_field_key( $key );
+
 			// Back-compat for field settings.
-			if ( ! acf_is_field_key( $key ) ) {
+			if ( ! $is_field_key ) {
+				if ( ! acf_current_user_can_admin() ) {
+					die();
+				}
+
 				$nonce = '';
 				$key   = '';
 			}

-			if ( ! acf_verify_ajax( $nonce, $key ) ) {
+			if ( ! acf_verify_ajax( $nonce, $key, $is_field_key ) ) {
 				die();
 			}

@@ -286,7 +292,7 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 				$select['data-nonce'] = $field['nonce'];
 			}
 			if ( $field['ajax'] && empty( $field['nonce'] ) && acf_is_field_key( $field['key'] ) ) {
-				$select['data-nonce'] = wp_create_nonce( $field['key'] );
+				$select['data-nonce'] = wp_create_nonce( 'acf_field_' . $this->name . '_' . $field['key'] );
 			}
 			if ( ! empty( $field['hide_search'] ) ) {
 				$select['data-minimum-results-for-search'] = '-1';
--- a/wp/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-taxonomy.php
+++ b/wp/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-taxonomy.php
@@ -70,7 +70,7 @@ if ( ! class_exists( 'acf_field_taxonomy' ) ) :
 				$key   = '';
 			}

-			if ( ! acf_verify_ajax( $nonce, $key ) ) {
+			if ( ! acf_verify_ajax( $nonce, $key, ! $conditional_logic ) ) {
 				die();
 			}

@@ -470,6 +470,8 @@ if ( ! class_exists( 'acf_field_taxonomy' ) ) :
 			// force value to array
 			$field['value'] = acf_get_array( $field['value'] );

+			$nonce = wp_create_nonce( 'acf_field_' . $this->name . '_' . $field['key'] );
+
 			// vars
 			$div = array(
 				'class'           => 'acf-taxonomy-field',
@@ -477,7 +479,7 @@ if ( ! class_exists( 'acf_field_taxonomy' ) ) :
 				'data-ftype'      => $field['field_type'],
 				'data-taxonomy'   => $field['taxonomy'],
 				'data-allow_null' => $field['allow_null'],
-				'data-nonce'      => wp_create_nonce( $field['key'] ),
+				'data-nonce'      => $nonce,
 			);
 			// get taxonomy
 			$taxonomy = get_taxonomy( $field['taxonomy'] );
@@ -499,11 +501,11 @@ if ( ! class_exists( 'acf_field_taxonomy' ) ) :
 			if ( $field['field_type'] == 'select' ) {
 				$field['multiple'] = 0;

-				$this->render_field_select( $field );
+				$this->render_field_select( $field, $nonce );
 			} elseif ( $field['field_type'] == 'multi_select' ) {
 				$field['multiple'] = 1;

-				$this->render_field_select( $field );
+				$this->render_field_select( $field, $nonce );
 			} elseif ( $field['field_type'] == 'radio' ) {
 				$this->render_field_checkbox( $field );
 			} elseif ( $field['field_type'] == 'checkbox' ) {
@@ -524,12 +526,13 @@ if ( ! class_exists( 'acf_field_taxonomy' ) ) :
 		 *
 		 * @param   $field - an array holding all the field's data
 		 */
-		function render_field_select( $field ) {
+		function render_field_select( $field, $nonce ) {

 			// Change Field into a select
 			$field['type']    = 'select';
 			$field['ui']      = 1;
 			$field['ajax']    = 1;
+			$field['nonce']   = $nonce;
 			$field['choices'] = array();

 			// value
@@ -766,7 +769,7 @@ if ( ! class_exists( 'acf_field_taxonomy' ) ) :
 				)
 			);

-			if ( ! acf_verify_ajax( $args['nonce'], $args['field_key'] ) ) {
+			if ( ! acf_verify_ajax( $args['nonce'], $args['field_key'], true ) ) {
 				die();
 			}

--- a/wp/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-user.php
+++ b/wp/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-user.php
@@ -164,7 +164,7 @@ if ( ! class_exists( 'ACF_Field_User' ) ) :
 			$field['ui']      = 1;
 			$field['ajax']    = 1;
 			$field['choices'] = array();
-			$field['nonce']   = wp_create_nonce( $field['key'] );
+			$field['nonce']   = wp_create_nonce( 'acf_field_' . $this->name . '_' . $field['key'] );

 			// Populate choices.
 			if ( $field['value'] ) {
@@ -404,7 +404,7 @@ if ( ! class_exists( 'ACF_Field_User' ) ) :
 			$nonce = acf_request_arg( 'nonce', '' );
 			$key   = acf_request_arg( 'field_key', '' );

-			if ( ! acf_verify_ajax( $nonce, $key ) ) {
+			if ( ! acf_verify_ajax( $nonce, $key, true ) ) {
 				$query->send( new WP_Error( 'acf_invalid_request', __( 'Invalid request.', 'acf' ), array( 'status' => 404 ) ) );
 			}
 		}