Merge branch 'release/1.65.0'

admin/tpl/admin.php

@@ -6,17 +6,31 @@
 			<img src="<?php echo siteorigin_widgets_url( 'admin/images/icon-gear.png' ); ?>" class="icon-gear" width="26" height="26">
 			<img src="<?php echo siteorigin_widgets_url( 'admin/images/icon-front.png' ); ?>" class="icon-front" width="50" height="43">
 		</span>
-		<h1><?php _e( 'SiteOrigin Widgets Bundle', 'so-widgets-bundle' ); ?></h1>
+		<h1>
+			<?php echo esc_html__( 'SiteOrigin Widgets Bundle', 'so-widgets-bundle' ); ?>
+		</h1>
 
 		<div id="sow-widget-search">
 			<input type="search" placeholder="<?php esc_attr_e( 'Filter Widgets', 'so-widgets-bundle' ); ?>" />
 		</div>
 	</div>
 
 	<ul class="page-nav">
-		<li class="active"><a href="#all"><?php _e( 'All', 'so-widgets-bundle' ); ?></a></li>
-		<li><a href="#enabled"><?php _e( 'Enabled', 'so-widgets-bundle' ); ?></a></li>
-		<li><a href="#disabled"><?php _e( 'Disabled', 'so-widgets-bundle' ); ?></a></li>
+		<li class="active">
+			<a href="#all">
+				<?php echo esc_html__( 'All', 'so-widgets-bundle' ); ?>
+			</a>
+		</li>
+		<li>
+			<a href="#enabled">
+				<?php echo esc_html__( 'Enabled', 'so-widgets-bundle' ); ?>
+			</a>
+		</li>
+		<li>
+			<a href="#disabled">
+				<?php echo esc_html__( 'Disabled', 'so-widgets-bundle' ); ?>
+			</a>
+		</li>
 	</ul>
 
 
@@ -46,7 +60,9 @@
 
 					<div class="so-widget-text">
 
-						<div class="so-widget-active-indicator"><?php _e( 'Active', 'so-widgets-bundle' ); ?></div>
+						<div class="so-widget-active-indicator">
+							<?php echo esc_html__( 'Active', 'so-widgets-bundle' ); ?>
+						</div>
 
 						<h3><?php echo esc_html( $widget['Name'] ); ?></h3>
 
@@ -75,11 +91,11 @@
 							<?php if ( empty( $widget['HideActivate'] ) ) { ?>
 								<div class="so-widget-toggle-active">
 									<button class="button-secondary so-widget-activate" data-status="1">
-										<?php esc_html_e( 'Activate', 'so-widgets-bundle' ); ?>
+										<?php echo esc_html__( 'Activate', 'so-widgets-bundle' ); ?>
 									</button>
 
 									<button class="button-secondary so-widget-deactivate" data-status="0">
-										<?php esc_html_e( 'Deactivate', 'so-widgets-bundle' ); ?>
+										<?php echo esc_html__( 'Deactivate', 'so-widgets-bundle' ); ?>
 									</button>
 								</div>
 							<?php } ?>
@@ -102,15 +118,15 @@
 
 								?>
 								<button class="button-secondary so-widget-settings" data-form-url="<?php echo esc_url( $form_url ); ?>">
-									<?php esc_html_e( 'Settings', 'so-widgets-bundle' ); ?>
+									<?php echo esc_html__( 'Settings', 'so-widgets-bundle' ); ?>
 								</button>
 								<?php
 							}
 							?>
 
 							<?php if ( ! empty( $widget['Documentation'] ) ) { ?>
 								<a href="<?php echo esc_url( $widget['Documentation'] ); ?>" target="_blank" rel="noopener noreferrer" class="so-widget-documentation">
-									<?php _e( 'Documentation', 'so-widgets-bundle' ); ?>
+									<?php echo esc_html__( 'Documentation', 'so-widgets-bundle' ); ?>
 								</a>
 							<?php } ?>
 						</div>
@@ -125,7 +141,7 @@
 	<?php if ( ! class_exists( 'SiteOrigin_Panels' ) || ! class_exists( 'SiteOrigin_Premium' ) ) { ?>
 		<div class="installer">
 			<a href="#" class="installer-link">
-				<?php _e( 'General Widget Bundle Settings', 'so-widgets-bundle' ); ?>
+				<?php echo esc_html__( 'General Widget Bundle Settings', 'so-widgets-bundle' ); ?>
 			</a>
 
 			<div class="installer-container" style="display: none;">
@@ -145,15 +161,19 @@ class="installer_status"
 
 
 	<div class="developers-link">
-		<?php _e( 'Developers - create your own widgets for the Widgets Bundle.', 'so-widgets-bundle' ); ?>
-		<a href="https://siteorigin.com/docs/widgets-bundle/" target="_blank" rel="noopener noreferrer"><?php _e( 'Read More', 'so-widgets-bundle' ); ?></a>.
+		<?php echo esc_html__( 'Developers - create your own widgets for the Widgets Bundle.', 'so-widgets-bundle' ); ?>
+		<a href="https://siteorigin.com/docs/widgets-bundle/" target="_blank" rel="noopener noreferrer">
+			<?php echo esc_html__( 'Read More', 'so-widgets-bundle' ); ?>
+		</a>.
 	</div>
 
 	<div id="sow-settings-dialog">
 		<div class="so-overlay"></div>
 
 		<div class="so-title-bar">
-			<h3 class="so-title"><?php _e( 'Widget Settings', 'so-widgets-bundle' ); ?></h3>
+			<h3 class="so-title">
+				<?php echo esc_html__( 'Widget Settings', 'so-widgets-bundle' ); ?>
+			</h3>
 			<a class="so-close" tabindex="0">
 				<span class="so-dialog-icon"></span>
 			</a>
@@ -165,7 +185,7 @@ class="installer_status"
 		<div class="so-toolbar">
 			<div class="so-buttons">
 				<button class="button-primary so-save" tabindex="0">
-					<?php _e( 'Save', 'so-widgets-bundle' ); ?>
+					<?php echo esc_html__( 'Save', 'so-widgets-bundle' ); ?>
 				</button>
 			</div>
 		</div>

base/base.php

@@ -350,6 +350,36 @@ function siteorigin_widgets_url( $path = '' ) {
 	return plugins_url( 'so-widgets-bundle/' . $path );
 }
 
+/**
+ * Check if the Page Builder can render.
+ *
+ * This method checks if the necessary conditions are met for Page Builder to
+ * render. It first verifies that Page Builder is active. It then checks
+ * if either:
+ * - The request is in the admin area, OR
+ * - If this is a REST request and the block editor is active.
+ *
+ * If none of these conditions are met, Page Builder can't render.
+ *
+ * @return bool True if Page Builder builder can render, false otherwise.
+ */
+function siteorigin_widgets_can_render_builder_field() {
+	if ( ! defined( 'SITEORIGIN_PANELS_VERSION' ) ) {
+		return false;
+	}
+
+	if ( is_admin() ) {
+		return true;
+	}
+
+	// Is this field being rendered inside one of our blocks?
+	if ( defined( 'REST_REQUEST' ) && function_exists( 'register_block_type' ) ) {
+		return true;
+	}
+
+	return false;
+}
+
 function siteorigin_loading_optimization_attributes( $attr, $widget, $instance, $class ) {
 	// Allow other plugins to override whether this widget is lazy loaded or not.
 	if (
@@ -452,12 +482,20 @@ function siteorigin_widget_onclick( $onclick = null, $recursive = true ) {
 
 	if ( apply_filters( 'siteorigin_widgets_onclick_disallowlist', true ) ) {
 		// It's possible for allowed functions to contain disallowed functions, so we need to loop through and remove.
-		$disallowed_functions = array( 'alert', 'eval', 'execScript', 'setTimeout', 'setInterval', 'function', 'document', 'Object', 'window', 'innerHTML', 'outerHTML', 'onload', 'onerror', 'onclick', 'storage', 'fetch', 'XMLHttpRequest', 'jQuery', '$.', 'prototype', '__proto__', 'constructor', 'decode', 'encode', 'atob', 'btoa', 'Promise', 'setImmediate', 'unescape', 'escape', 'captureEvents', 'proxy', 'Reflect', 'Array', 'String', 'Math', 'Date', 'property', 'Properties', 'Error', 'Map', 'Set', 'Generator', 'Web', 'dataview', 'Blob', 'javascript', 'Text', 'Intl', 'JSON', 'RegExp', 'console', 'history', 'location', 'navigator', 'screen', 'worker', 'FinalizationRegistry', 'weak', 'top', 'self', 'open', 'parent', 'frame', 'import', 'fragment', 'globalThis', 'frames', 'import', 'this', 'escape', 'watch', 'element', 'file', 'db', 'worker', 'EventSource', 'join', 'upper' );
+		$disallowed_functions = array( 'alert', 'eval', 'execScript', 'setTimeout', 'setInterval', 'function', 'document', 'Object', 'window', 'innerHTML', 'outerHTML', 'onload', 'onerror', 'onclick', 'storage', 'fetch', 'XMLHttpRequest', 'jQuery', '$.', 'prototype', '__proto__', 'constructor', 'decode', 'encode', 'atob', 'btoa', 'Promise', 'setImmediate', 'unescape', 'escape', 'captureEvents', 'proxy', 'Reflect', 'Array', 'String', 'Math', 'Date', 'property', 'Properties', 'Error', 'Map', 'Set', 'Generator', 'Web', 'dataview', 'Blob', 'javascript', 'Text', 'Intl', 'JSON', 'RegExp', 'console', 'history', 'location', 'navigator', 'screen', 'worker', 'FinalizationRegistry', 'weak', 'top', 'self', 'parent', 'frame', 'import', 'fragment', 'globalThis', 'frames', 'import', 'this', 'escape', 'watch', 'element', 'file', 'db', 'worker', 'EventSource', 'join', 'upper' );
 
 		if ( preg_match( '/\b(' . implode( '|', array_map( 'preg_quote', $disallowed_functions ) ) . ')\b/i', $onclick ) ) {
 			return;
 		}
 
+		// If string contains 'open' or 'close', check if there's a
+		// preceding dot. If not, disallow.
+		if ( preg_match( '/\b(open|close)\b/i', $onclick ) ) {
+			if ( ! preg_match( '/\.\s*(open|close)\s*\(/i', $onclick ) ) {
+				return;
+			}
+		}
+
 		// Case sensitive disallow.
 		$case_sensitive_disallow = array(
 			'URL',
@@ -469,6 +507,11 @@ function siteorigin_widget_onclick( $onclick = null, $recursive = true ) {
 	}
 
 	if ( apply_filters( 'siteorigin_widgets_onclick_allowlist', true ) ) {
+		// Ensure $onclick ends with a semicolon to prevent syntax errors.
+		if ( substr( $onclick, -1 ) !== ';' ) {
+			$onclick .= ';';
+		}
+
 		$onclick_parts = explode( ');', $onclick );
 
 		$adjusted_onclick = '';
@@ -514,6 +557,7 @@ function siteorigin_widget_onclick( $onclick = null, $recursive = true ) {
 				'ym',
 				'ml_account', // MailerLite.
 				'calendly.initpopupwidget', // Calendly.
+				'pum.open', // Popup Maker.
 			)
 		) );
 

base/css/admin.less

@@ -5,19 +5,48 @@
 }
 
 .siteorigin-widget-teaser {
-	padding: 10px 12px;
-	border: 1px solid #5fc133;
+	align-items: center;
 	background: #edfbe7;
+	border: 1px solid #5fc133;
 	color: #394a3a;
+	display: flex;
+	justify-content: space-between;
 	margin-bottom: 20px;
+	padding: 10px 12px;
 
-	.dashicons {
-		float: right;
-		margin: 1px 2px 6px 10px;
+	&-message {
+		margin: 0;
+
+		a {
+
+			&:hover,
+			&:focus {
+				text-decoration: none;
+			}
+		}
+	}
+
+	&-dismiss {
+		appearance: none;
+		background: none;
+		border: none;
+		color: #394a3a;
 		cursor: pointer;
 		font-size: 18px;
-		width: 18px;
-		height: 18px;
+
+		&:hover,
+		&:focus {
+			color: #666;
+		}
+
+		.dashicons {
+			cursor: pointer;
+			float: right;
+			font-size: 18px;
+			height: 18px;
+			margin: 1px 2px 6px 10px;
+			width: 18px;
+		}
 	}
 }
 
@@ -27,6 +56,12 @@
 	background-color: #cde2ec;
 	margin-bottom: 20px;
 
+	&.sow-error {
+		background: #fce4e5;
+		border: 1px solid #ec666a;
+		color: #ec666a;
+	}
+
 	> span {
 		line-height: 22px;
 	}
@@ -162,6 +197,7 @@ div.siteorigin-widget-form {
 			}
 
 			&[multiple] {
+				background: #fff;
 				max-height: 83px;
 			}
 
@@ -1009,6 +1045,10 @@ div.siteorigin-widget-form {
 			font-size: 14px;
 			padding: 0 24px 0 8px;
 
+			&[multiple] {
+				padding: 0 8px;
+			}
+
 			/* 5.7.2 .wp-core-ui select styling */
 			-webkit-appearance: none;
 			background: #fff url('data:image/svg+xml;charset=US-ASCII,%3Csvg%20width%3D%2220%22%20height%3D%2220%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cpath%20d%3D%22M5%206l5%205%205-5%202%201-7%207-7-7%202-1z%22%20fill%3D%22%23555%22%2F%3E%3C%2Fsvg%3E') no-repeat right 5px top 55%;
@@ -1023,9 +1063,12 @@ div.siteorigin-widget-form {
 			font-size: 14px;
 			line-height: 2;
 			min-height: 30px;
-			padding: 0 24px 0 8px;
 			vertical-align: middle;
 			width: auto;
+
+			&[multiple] {
+				background: #fff;
+			}
 		}
 
 		@media (max-width: 399px) {

base/inc/actions.php

@@ -50,7 +50,9 @@ function siteorigin_widget_preview_widget_action() {
 	?>
 	<html>
 	<head>
-		<title><?php _e( 'Widget Preview', 'so-widgets-bundle' ); ?></title>
+		<title>
+			<?php echo esc_html( 'Widget Preview', 'so-widgets-bundle' ); ?>
+		</title>
 		<?php
 		wp_print_scripts();
 		wp_print_styles();