Merge pull request #215 from dcooney/feature/alm-block

ALM WP Block

README.txt

@@ -4,8 +4,8 @@ Donate link: https://connekthq.com/donate/
 Tags: infinite scroll, load more, ajax, lazy load, endless scroll, infinite scrolling, lazy loading, pagination, ajax, ajax posts, woocommerce, ajax load more, masonry
 Requires at least: 5.0
 Requires PHP: 5.6
-Tested up to: 6.4
-Stable tag: 7.0.3
+Tested up to: 6.5
+Stable tag: 7.1.0
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -36,7 +36,7 @@ Check out the **[website](https://connekthq.com/plugins/ajax-load-more/)** for m
 ### What's New
 
 -  **[Pro Bundle](https://connekthq.com/plugins/ajax-load-more/pro/)** - Access to all premium Ajax Load More add-ons in a single installation.
--  **[Filters Add-on](https://connekthq.com/plugins/ajax-load-more/add-ons/filters/)** - The Filters add-on provides front-end and admin functionality for building and managing Ajax filters.
+-  **[Filters Add-on](https://connekthq.com/plugins/ajax-load-more/add-ons/filters/)** - The Filters add-on provides front-end and admin functionality for building and managing Ajax based filters.
 -  **[Elementor Add-on](https://connekthq.com/plugins/ajax-load-more/add-ons/elementor/)** - Infinite scroll Elementor Posts Widget and WooCommerce widget content with Ajax Load More.
 -  **[WooCommerce Add-on](https://connekthq.com/plugins/ajax-load-more/add-ons/woocommerce/)** - Infinite scroll WooCommerce products without updating a line of template code.
 -  **[Advanced Custom Fields](https://connekthq.com/plugins/ajax-load-more/examples/advanced-custom-fields/)** - Compatibility and integration added for infinite scrolling Flexible Content, Gallery, Relationship and Repeater fields for Advanced Custom Fields.
@@ -260,6 +260,17 @@ How to install Ajax Load More.
 
 == Changelog ==
 
+= 7.1.0 - March 21, 2024 =
+* NEW: Added Ajax Load More block for the WordPress Block Editor. ALM instances are now able to be rendered inside the Block Editor.
+* NEW: Added Ajax Load More Filters block for the WordPress Block Editor. When activated, ALM Filters can be rendered inside the Block Editor using the Filters block.
+* NEW: Added new `wrapper_classes` parameter that injects classnames onto the top level `ajax-load-more-wrap` container.
+* NEW: Added new `alm_user_role` filter to allow developers to change the user role required to access the Ajax Load More admin. Default is `edit_theme_options`.
+* UPDATE: Various security fixes with regards to accessing layouts and directory paths.
+* UPDATE: Added support for caching Filter add-on facets with the Cache add-on.
+* FIX: Fixed bug with Next Page add-on disabling the Load More button early when there were pages remaining.
+* UDPATE: Various UI/UX updates throughout plugin admin and frontend.
+
+
 = 7.0.3 - February 15, 2024 =
 * FIX: Added fix for Paging add-on scrolling to top of listing on initial page load when `paging_scroll` was `true`.
 * FIX: Fixed issue with undefined `post_count` when loading Ajax Load More with Ajax/HTTP request.

admin/admin.php

@@ -109,7 +109,7 @@ function alm_admin_menu() {
 	$alm_page = add_menu_page(
 		'Ajax Load More',
 		'Ajax Load More',
-		'edit_theme_options',
+		apply_filters( 'alm_user_role', 'edit_theme_options' ),
 		'ajax-load-more',
 		'alm_settings_page',
 		alm_admin_menu_icon_svg()
@@ -120,7 +120,7 @@ function alm_admin_menu() {
 		'ajax-load-more',
 		__( 'Settings', 'ajax-load-more' ),
 		__( 'Settings', 'ajax-load-more' ),
-		'edit_theme_options',
+		apply_filters( 'alm_user_role', 'edit_theme_options' ),
 		'ajax-load-more',
 		'alm_settings_page'
 	);
@@ -136,7 +136,7 @@ function alm_admin_menu() {
 		'ajax-load-more',
 		__( 'Templates', 'ajax-load-more' ),
 		__( 'Templates', 'ajax-load-more' ),
-		'edit_theme_options',
+		apply_filters( 'alm_user_role', 'edit_theme_options' ),
 		'ajax-load-more-repeaters',
 		'alm_repeater_page'
 	);
@@ -152,7 +152,7 @@ function alm_admin_menu() {
 		'ajax-load-more',
 		__( 'Shortcode Builder', 'ajax-load-more' ),
 		__( 'Shortcode Builder', 'ajax-load-more' ),
-		'edit_theme_options',
+		apply_filters( 'alm_user_role', 'edit_theme_options' ),
 		'ajax-load-more-shortcode-builder',
 		'alm_shortcode_builder_page'
 	);
@@ -168,7 +168,7 @@ function alm_admin_menu() {
 		'ajax-load-more',
 		__( 'Filters', 'ajax-load-more' ),
 		$before_link . __( 'Filters', 'ajax-load-more' ) . $after_link,
-		'edit_theme_options',
+		apply_filters( 'alm_user_role', 'edit_theme_options' ),
 		'ajax-load-more-filters',
 		'alm_filters_page'
 	);
@@ -185,7 +185,7 @@ function alm_admin_menu() {
 			'ajax-load-more',
 			__( 'Cache', 'ajax-load-more' ),
 			__( 'Cache', 'ajax-load-more' ),
-			'edit_theme_options',
+			apply_filters( 'alm_user_role', 'edit_theme_options' ),
 			'ajax-load-more-cache',
 			'alm_cache_page'
 		);
@@ -205,7 +205,7 @@ function alm_admin_menu() {
 			'ajax-load-more',
 			__( 'WooCommerce', 'ajax-load-more' ),
 			__( 'WooCommerce', 'ajax-load-more' ),
-			'edit_theme_options',
+			apply_filters( 'alm_user_role', 'edit_theme_options' ),
 			'ajax-load-more-woocommerce',
 			'alm_woocommerce_page'
 		);
@@ -225,7 +225,7 @@ function alm_admin_menu() {
 			'ajax-load-more',
 			__( 'Add-ons', 'ajax-load-more' ),
 			$before_link . __( 'Add-ons', 'ajax-load-more' ) . $after_link,
-			'edit_theme_options',
+			apply_filters( 'alm_user_role', 'edit_theme_options' ),
 			'ajax-load-more-add-ons',
 			'alm_add_ons_page'
 		);
@@ -245,7 +245,7 @@ function alm_admin_menu() {
 		'ajax-load-more',
 		__( 'Extensions', 'ajax-load-more' ),
 		$alm_extensions_page_before . __( 'Extensions', 'ajax-load-more' ) . $alm_extensions_page_after,
-		'edit_theme_options',
+		apply_filters( 'alm_user_role', 'edit_theme_options' ),
 		'ajax-load-more-extensions',
 		'alm_extensions_page'
 	);
@@ -262,7 +262,7 @@ function alm_admin_menu() {
 			'ajax-load-more',
 			__( 'Pro', 'ajax-load-more' ),
 			$before_link . '<span class="dashicons dashicons-plus-alt" ' . $style_link_icon . '></span> ' . __( 'Pro', 'ajax-load-more' ) . $after_link,
-			'edit_theme_options',
+			apply_filters( 'alm_user_role', 'edit_theme_options' ),
 			'ajax-load-more-pro',
 			'alm_pro_page'
 		);
@@ -277,7 +277,7 @@ function alm_admin_menu() {
 			'ajax-load-more',
 			__( 'Pro', 'ajax-load-more' ),
 			$before_link . '<span class="dashicons dashicons-plus-alt" ' . $style_link_icon . '></span> ' . __( 'Go Pro', 'ajax-load-more' ) . $after_link,
-			'edit_theme_options',
+			apply_filters( 'alm_user_role', 'edit_theme_options' ),
 			'ajax-load-more-go-pro',
 			'alm_go_pro_page'
 		);
@@ -294,7 +294,7 @@ function alm_admin_menu() {
 		'ajax-load-more',
 		$license_title,
 		$before_link . $license_title . $after_link,
-		'edit_theme_options',
+		apply_filters( 'alm_user_role', 'edit_theme_options' ),
 		'ajax-load-more-licenses',
 		'alm_licenses_page'
 	);
@@ -310,7 +310,7 @@ function alm_admin_menu() {
 		'ajax-load-more',
 		__( 'Help', 'ajax-load-more' ),
 		__( 'Help', 'ajax-load-more' ),
-		'edit_theme_options',
+		apply_filters( 'alm_user_role', 'edit_theme_options' ),
 		'ajax-load-more-help',
 		'alm_help_page'
 	);

admin/functions/layouts.php

@@ -14,9 +14,8 @@
 function alm_get_layout() {
 	$form_data = filter_input_array( INPUT_GET );
 
-	if ( ! current_user_can( 'edit_theme_options' ) || ! isset( $form_data['nonce'] ) ) {
-		// Bail early if missing WP capabilities or nonce.
-		wp_die( esc_attr__( 'You don\'t belong here.', 'ajax-load-more' ) );
+	if ( ! current_user_can( apply_filters( 'alm_user_role', 'edit_theme_options' ) ) || ! isset( $form_data['nonce'] ) ) {
+		wp_die( esc_attr__( 'You don\'t belong here.', 'ajax-load-more' ) ); // Bail early if missing WP capabilities or nonce.
 	}
 
 	if ( ! wp_verify_nonce( $form_data['nonce'], 'alm_repeater_nonce' ) ) {
@@ -27,52 +26,49 @@ function alm_get_layout() {
 	$type   = sanitize_text_field( $form_data['type'] );
 	$custom = sanitize_text_field( $form_data['custom'] );
 
-	if ( $type === 'default' ) { // Default Layout.
+	if ( $type === 'default' ) {
+		// Default Layout.
 		$path = ALM_PATH . 'admin/includes/layout/' . $type . '.php';
 
-		// Security checker.
-		// Note: Confirm directory path does not contain relative path.
-		if ( false !== strpos( $path, './' ) ) {
+		// Security check.
+		if ( ! alm_is_valid_path( $path ) ) {
 			wp_die( esc_attr__( 'This doesn\'t look right, what are you trying to do?', 'ajax-load-more' ) );
 		}
 
 		$content = AjaxLoadMore::alm_get_default_repeater_markup();
 
-	} else {
-		if ( $custom === 'true' ) {
-			// Custom Layout.
-			$dir = 'alm_layouts';
-			if ( is_child_theme() ) {
-				$path = get_stylesheet_directory() . '/' . $dir . '/' . $type;
-				// if child theme does not have the layout, check the parent theme.
-				if ( ! file_exists( $path ) ) {
-					$path = get_template_directory() . '/' . $dir . '/' . $type;
-				}
-			} else {
+	} elseif ( $custom === 'true' ) {
+		// Custom Layout.
+		$dir = 'alm_layouts';
+		if ( is_child_theme() ) {
+			$path = get_stylesheet_directory() . '/' . $dir . '/' . $type;
+			// if child theme does not have the layout, check the parent theme.
+			if ( ! file_exists( $path ) ) {
 				$path = get_template_directory() . '/' . $dir . '/' . $type;
 			}
+		} else {
+			$path = get_template_directory() . '/' . $dir . '/' . $type;
+		}
 
-			// Security checker.
-			// Note: Confirm directory path does not contain relative path.
-			if ( false !== strpos( $path, './' ) ) {
-				wp_die();
-			}
+		// Security check.
+		if ( ! alm_is_valid_path( $path ) ) {
+			wp_die( esc_attr__( 'This doesn\'t look right, what are you trying to do?', 'ajax-load-more' ) );
+		}
 
-			// phpcs:ignore
-			$content = file_get_contents( $path );
+		// phpcs:ignore
+		$content = file_get_contents( $path );
 
-		} else {
-			// Layouts Add-on.
-			$path = ALM_LAYOUTS_PATH . 'layouts/' . $type . '.php';
+	} else {
+		// Layouts Add-on.
+		$path = ALM_LAYOUTS_PATH . 'layouts/' . $type . '.php';
 
-			// Security checker.
-			// Note: Confirm directory path does not contain relative path.
-			if ( false !== strpos( $path, './' ) ) {
-				wp_die();
-			}
-			// phpcs:ignore
-			$content = file_get_contents( ALM_LAYOUTS_PATH . 'layouts/' . $type . '.php' );
+		// Security check.
+		if ( ! alm_is_valid_path( $type ) ) {
+			wp_die( esc_attr__( 'This doesn\'t look right, what are you trying to do?', 'ajax-load-more' ) );
 		}
+
+		// phpcs:ignore
+		$content = file_get_contents( ALM_LAYOUTS_PATH . 'layouts/' . $type . '.php' );
 	}
 
 	$return['value'] = $content;

admin/functions/licensing.php

@@ -14,7 +14,7 @@
 function alm_license_activation() {
 	$form_data = filter_input_array( INPUT_GET );
 
-	if ( ! current_user_can( 'edit_theme_options' ) || ! isset( $form_data['nonce'] ) ) {
+	if ( ! current_user_can( apply_filters( 'alm_user_role', 'edit_theme_options' ) ) || ! isset( $form_data['nonce'] ) ) {
 		// Bail early if missing WP capabilities or nonce.
 		wp_die( esc_attr__( 'You don\'t belong here.', 'ajax-load-more' ) );
 		return;
@@ -58,7 +58,6 @@ function alm_license_activation() {
 			'body'      => $api_params,
 			'timeout'   => 30,
 			'sslverify' => apply_filters( 'alm_licensing_sslverify', false ),
-			// 'blocking'  => true
 		]
 	);
 

admin/functions/repeater-templates.php

@@ -15,7 +15,7 @@
 function alm_save_repeater() {
 	$form_data = filter_input_array( INPUT_POST );
 
-	if ( ! current_user_can( 'edit_theme_options' ) || ! isset( $form_data['nonce'] ) ) {
+	if ( ! current_user_can( apply_filters( 'alm_user_role', 'edit_theme_options' ) ) || ! isset( $form_data['nonce'] ) ) {
 		// Bail early if missing WP capabilities or nonce.
 		wp_die( esc_attr__( 'You don\'t belong here.', 'ajax-load-more' ) );
 	}
@@ -81,29 +81,29 @@ function alm_save_repeater() {
 
 	// Save to database.
 	if ( $t === 'default' ) {
-		$data_update = array(
+		$data_update = [
 			'repeaterDefault' => "$c",
 			'pluginVersion'   => ALM_VERSION,
-		);
-		$data_where  = array( 'name' => 'default' );
+		];
+		$data_where  = [ 'name' => 'default' ];
 	} elseif ( $t === 'unlimited' ) { // Custom Repeaters v2.
 		$table_name  = $wpdb->prefix . 'alm_unlimited';
-		$data_update = array(
+		$data_update = [
 			'repeaterDefault' => "$c",
 			'alias'           => "$a",
 			'pluginVersion'   => ALM_UNLIMITED_VERSION,
-		);
-		$data_where  = array( 'name' => $n );
+		];
+		$data_where  = [ 'name' => $n ];
 	} else { // Custom Repeaters.
-		$data_update = array(
+		$data_update = [
 			'repeaterDefault' => "$c",
 			'alias'           => "$a",
 			'pluginVersion'   => ALM_REPEATER_VERSION,
-		);
-		$data_where  = array( 'name' => $n );
+		];
+		$data_where  = [ 'name' => $n ];
 	}
 
-	$wpdb->update( $table_name, $data_update, $data_where );
+	$wpdb->update( $table_name, $data_update, $data_where ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
 
 	// Handle results message.
 	if ( $w ) {
@@ -125,7 +125,7 @@ function alm_save_repeater() {
 function alm_update_repeater() {
 	$form_data = filter_input_array( INPUT_POST );
 
-	if ( ! current_user_can( 'edit_theme_options' ) || ! isset( $form_data['nonce'] ) ) {
+	if ( ! current_user_can( apply_filters( 'alm_user_role', 'edit_theme_options' ) ) || ! isset( $form_data['nonce'] ) ) {
 		// Bail early if missing WP capabilities or nonce.
 		wp_die( esc_attr__( 'You don\'t belong here.', 'ajax-load-more' ) );
 	}
@@ -168,7 +168,7 @@ function alm_repeaters_export() {
 	$form_data = filter_input_array( INPUT_POST );
 
 	// Confirm post data and WP capabilities.
-	if ( isset( $form_data['alm_repeaters_export'] ) && ! wp_doing_ajax() && current_user_can( 'edit_theme_options' ) ) {
+	if ( isset( $form_data['alm_repeaters_export'] ) && ! wp_doing_ajax() && current_user_can( apply_filters( 'alm_user_role', 'edit_theme_options' ) ) ) {
 
 		$type = esc_attr( $form_data['alm_repeaters_export_type'] );
 		$name = sanitize_file_name( $form_data['alm_repeaters_export_name'] );

admin/shortcode-builder/components/filters.php

@@ -46,16 +46,14 @@
 								$count  = 0;
 								$return = '';
 								foreach ( $current_filters as $the_filter ) {
-									if ( ! in_array( $the_filter, array( 'alm_filters_license_key', 'alm_filters_license_status' ) ) ) {
-										$count++;
-										$value   = str_replace( ALM_FILTERS_PREFIX, '', $the_filter );
-										$return .= '<option value="' . $value . '">' . $value . '</option>';
-									}
+									$count++;
+									$value   = str_replace( ALM_FILTERS_PREFIX, '', $the_filter );
+									$return .= '<option value="' . $value . '">' . $value . '</option>';
 								}
 								if ( $count > 0 ) {
 									echo '<select class="alm_element" name="filters-id" id="filters-id">';
-										echo '<option value="" selected="selected">' . esc_attr__( '-- Select Filter --', 'ajax-load-more' ) . '</option>';
-										echo $return;
+									echo '<option value="" selected="selected">' . esc_attr__( '-- Select Filter --', 'ajax-load-more' ) . '</option>';
+									echo $return;
 									echo '</select>';
 								} else {
 									?>

admin/shortcode-builder/shortcode-builder.php

@@ -1424,7 +1424,7 @@
 						<section class="first">
 							<div class="shortcode-builder--label">
 								<p><?php _e( 'Ajax Load More will automatically create an archive query while viewing site archives.', 'ajax-load-more' ); ?></p>
-								<p><?php _e( 'Taxonomy, category, tag, date (year, month, day), post type and author archives are currently supported.', 'ajax-load-more' ); ?></p>
+								<p><?php _e( 'Search, taxonomy, category, tag, date (year, month, day), post type and author archives are currently supported.', 'ajax-load-more' ); ?></p>
 								<p><a class="button-small" href="https://connekthq.com/plugins/ajax-load-more/docs/archives/" target="_blank"><?php _e( 'View Docs', 'ajax-load-more' ); ?></a></p>
 							</div>
 							<div class="shortcode-builder--fields">