Changeset 3412256

Timestamp:

12/05/2025 02:12:54 PM (9 days ago)

Author:

webdevstudios

Message:

release version 1.18.2

Location:

custom-post-type-ui

Files:

• tags/1.18.2 (added)
• tags/1.18.2/LICENSE (added)
• tags/1.18.2/build (added)
• tags/1.18.2/build/cptui-styles.css (added)
• tags/1.18.2/build/cptui-styles.css.map (added)
• tags/1.18.2/build/cptui-styles.min.css (added)
• tags/1.18.2/build/cptui-styles.min.css.map (added)
• tags/1.18.2/build/cptui.asset.php (added)
• tags/1.18.2/build/cptui.js (added)
• tags/1.18.2/build/cptui.js.map (added)
• tags/1.18.2/build/cptui.min.js (added)
• tags/1.18.2/build/cptui.min.js.map (added)
• tags/1.18.2/build/dashiconsPicker.asset.php (added)
• tags/1.18.2/build/dashiconsPicker.js (added)
• tags/1.18.2/build/dashiconsPicker.js.map (added)
• tags/1.18.2/build/dashiconsPicker.min.js (added)
• tags/1.18.2/build/dashiconsPicker.min.js.map (added)
• tags/1.18.2/classes (added)
• tags/1.18.2/classes/class.cptui_admin_ui.php (added)
• tags/1.18.2/classes/class.cptui_debug_info.php (added)
• tags/1.18.2/custom-post-type-ui.php (added)
• tags/1.18.2/external (added)
• tags/1.18.2/external/wpgraphql.php (added)
• tags/1.18.2/images (added)
• tags/1.18.2/images/cptui-icon-173x173.png (added)
• tags/1.18.2/images/wds_ads (added)
• tags/1.18.2/images/wds_ads/buddypages.png (added)
• tags/1.18.2/images/wds_ads/cptui-extended.png (added)
• tags/1.18.2/images/wds_ads/themeswitcher-pro.png (added)
• tags/1.18.2/images/wds_ads/wp-search-with-algolia-pro.png (added)
• tags/1.18.2/inc (added)
• tags/1.18.2/inc/about.php (added)
• tags/1.18.2/inc/listings.php (added)
• tags/1.18.2/inc/post-types.php (added)
• tags/1.18.2/inc/support.php (added)
• tags/1.18.2/inc/taxonomies.php (added)
• tags/1.18.2/inc/tools-sections (added)
• tags/1.18.2/inc/tools-sections/tools-debug.php (added)
• tags/1.18.2/inc/tools-sections/tools-get-code.php (added)
• tags/1.18.2/inc/tools-sections/tools-post-types.php (added)
• tags/1.18.2/inc/tools-sections/tools-taxonomies.php (added)
• tags/1.18.2/inc/tools.php (added)
• tags/1.18.2/inc/utility.php (added)
• tags/1.18.2/inc/wp-cli.php (added)
• tags/1.18.2/readme.txt (added)
• tags/1.18.2/wordfence-vendor.txt (added)
• tags/1.18.2/wpml-config.xml (added)
• trunk/custom-post-type-ui.php (modified) (7 diffs)
• trunk/external/wpgraphql.php (modified) (6 diffs)
• trunk/inc/post-types.php (modified) (7 diffs)
• trunk/inc/taxonomies.php (modified) (1 diff)
• trunk/inc/tools-sections/tools-debug.php (modified) (1 diff)
• trunk/inc/tools-sections/tools-get-code.php (modified) (2 diffs)
• trunk/inc/tools-sections/tools-post-types.php (modified) (6 diffs)
• trunk/inc/tools-sections/tools-taxonomies.php (modified) (3 diffs)
• trunk/readme.txt (modified) (3 diffs)

custom-post-type-ui/trunk/custom-post-type-ui.php

@@ -17 +17 @@
  * Description: Admin UI panel for registering custom post types and taxonomies
  * Author: WebDevStudios
- * Version: 1.18.1
+ * Version: 1.18.2
  * Author URI: https://webdevstudios.com/
  * Text Domain: custom-post-type-ui
- * Domain Path: /languages
  * License: GPL-2.0+
  * Requires at least: 6.6
@@ -34 +33 @@
 }
 
-define( 'CPT_VERSION', '1.18.1' ); // Left for legacy purposes.
-define( 'CPTUI_VERSION', '1.18.1' );
+define( 'CPT_VERSION', '1.18.2' ); // Left for legacy purposes.
+define( 'CPTUI_VERSION', '1.18.2' );
 define( 'CPTUI_WP_VERSION', get_bloginfo( 'version' ) );
 
@@ -110 +109 @@
 }
 register_deactivation_hook( __FILE__, 'cptui_deactivation' );
-
-/**
- * Register our text domain.
- *
- * @since 0.8.0
- *
- * @internal
- */
-function cptui_load_textdomain() {
-    load_plugin_textdomain( 'custom-post-type-ui' );
-}
-add_action( 'init', 'cptui_load_textdomain' );
 
 /**
@@ -936 +923 @@
     if ( 'add' === $action ) {
         if ( $success ) {
+            // translators: placeholder holds content name.
             $message .= sprintf( esc_html__( '%s has been successfully added', 'custom-post-type-ui' ), $object_type );
         } else {
+            // translators: placeholder holds content name.
             $message .= sprintf( esc_html__( '%s has failed to be added', 'custom-post-type-ui' ), $object_type );
         }
     } elseif ( 'update' === $action ) {
         if ( $success ) {
+            // translators: placeholder holds content name.
             $message .= sprintf( esc_html__( '%s has been successfully updated', 'custom-post-type-ui' ), $object_type );
         } else {
+            // translators: placeholder holds content name.
             $message .= sprintf( esc_html__( '%s has failed to be updated', 'custom-post-type-ui' ), $object_type );
         }
     } elseif ( 'delete' === $action ) {
         if ( $success ) {
+            // translators: placeholder holds content name.
             $message .= sprintf( esc_html__( '%s has been successfully deleted', 'custom-post-type-ui' ), $object_type );
         } else {
+            // translators: placeholder holds content name.
             $message .= sprintf( esc_html__( '%s has failed to be deleted', 'custom-post-type-ui' ), $object_type );
         }
     } elseif ( 'import' === $action ) {
         if ( $success ) {
+            // translators: placeholder holds content name.
             $message .= sprintf( esc_html__( '%s has been successfully imported', 'custom-post-type-ui' ), $object_type );
         } else {
+            // translators: placeholder holds content name.
             $message .= sprintf( esc_html__( '%s has failed to be imported', 'custom-post-type-ui' ), $object_type );
         }
@@ -1040 +1035 @@
     $preserved_labels = [
         'post_types' => [
+            // translators: placeholder holds content label.
             'add_new_item'       => sprintf( esc_html__( 'Add new %s', 'custom-post-type-ui' ), $singular ),
+            // translators: placeholder holds content label.
             'edit_item'          => sprintf( esc_html__( 'Edit %s', 'custom-post-type-ui' ), $singular ),
+            // translators: placeholder holds content label.
             'new_item'           => sprintf( esc_html__( 'New %s', 'custom-post-type-ui' ), $singular ),
+            // translators: placeholder holds content label.
             'view_item'          => sprintf( esc_html__( 'View %s', 'custom-post-type-ui' ), $singular ),
+            // translators: placeholder holds content label.
             'view_items'         => sprintf( esc_html__( 'View %s', 'custom-post-type-ui' ), $plural ),
+            // translators: placeholder holds content label.
             'all_items'          => sprintf( esc_html__( 'All %s', 'custom-post-type-ui' ), $plural ),
+            // translators: placeholder holds content label.
             'search_items'       => sprintf( esc_html__( 'Search %s', 'custom-post-type-ui' ), $plural ),
+            // translators: placeholder holds content label.
             'not_found'          => sprintf( esc_html__( 'No %s found.', 'custom-post-type-ui' ), $plural ),
+            // translators: placeholder holds content label.
             'not_found_in_trash' => sprintf( esc_html__( 'No %s found in trash.', 'custom-post-type-ui' ), $plural ),
         ],
         'taxonomies' => [
+            // translators: placeholder holds content label.
             'search_items'               => sprintf( esc_html__( 'Search %s', 'custom-post-type-ui' ), $plural ),
+            // translators: placeholder holds content label.
             'popular_items'              => sprintf( esc_html__( 'Popular %s', 'custom-post-type-ui' ), $plural ),
+            // translators: placeholder holds content label.
             'all_items'                  => sprintf( esc_html__( 'All %s', 'custom-post-type-ui' ), $plural ),
+            // translators: placeholder holds content label.
             'parent_item'                => sprintf( esc_html__( 'Parent %s', 'custom-post-type-ui' ), $singular ),
+            // translators: placeholder holds content label.
             'parent_item_colon'          => sprintf( esc_html__( 'Parent %s:', 'custom-post-type-ui' ), $singular ),
+            // translators: placeholder holds content label.
             'edit_item'                  => sprintf( esc_html__( 'Edit %s', 'custom-post-type-ui' ), $singular ),
+            // translators: placeholder holds content label.
             'update_item'                => sprintf( esc_html__( 'Update %s', 'custom-post-type-ui' ), $singular ),
+            // translators: placeholder holds content label.
             'add_new_item'               => sprintf( esc_html__( 'Add new %s', 'custom-post-type-ui' ), $singular ),
+            // translators: placeholder holds content label.
             'new_item_name'              => sprintf( esc_html__( 'New %s name', 'custom-post-type-ui' ), $singular ),
+            // translators: placeholder holds content label.
             'separate_items_with_commas' => sprintf( esc_html__( 'Separate %s with commas', 'custom-post-type-ui' ), $plural ),
+            // translators: placeholder holds content label.
             'add_or_remove_items'        => sprintf( esc_html__( 'Add or remove %s', 'custom-post-type-ui' ), $plural ),
+            // translators: placeholder holds content label.
             'choose_from_most_used'      => sprintf( esc_html__( 'Choose from the most used %s', 'custom-post-type-ui' ), $plural ),
         ],
@@ -1082 +1098 @@
         'post_types' => [
             'singular' => [
+                // translators: placeholder holds content label.
                 'add_new_item'  => esc_html__( 'Add new %s', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'edit_item'     => esc_html__( 'Edit %s', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'new_item'      => esc_html__( 'New %s', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'view_item'     => esc_html__( 'View %s', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'template_name' => esc_html__( 'Single item: %s', 'custom-post-type-ui' ),
             ],
             'plural'   => [
+                // translators: placeholder holds content label.
                 'view_items'         => esc_html__( 'View %s', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'all_items'          => esc_html__( 'All %s', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'search_items'       => esc_html__( 'Search %s', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'not_found'          => esc_html__( 'No %s found.', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'not_found_in_trash' => esc_html__( 'No %s found in trash.', 'custom-post-type-ui' ),
             ],
@@ -1098 +1124 @@
         'taxonomies' => [
             'singular' => [
+                // translators: placeholder holds content label.
                 'parent_item'       => esc_html__( 'Parent %s', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'parent_item_colon' => esc_html__( 'Parent %s:', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'edit_item'         => esc_html__( 'Edit %s', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'update_item'       => esc_html__( 'Update %s', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'add_new_item'      => esc_html__( 'Add new %s', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'new_item_name'     => esc_html__( 'New %s name', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'template_name'     => esc_html__( '%s Archives', 'custom-post-type-ui' ),
             ],
             'plural'   => [
+                // translators: placeholder holds content label.
                 'search_items'               => esc_html__( 'Search %s', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'popular_items'              => esc_html__( 'Popular %s', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'all_items'                  => esc_html__( 'All %s', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'separate_items_with_commas' => esc_html__( 'Separate %s with commas', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'add_or_remove_items'        => esc_html__( 'Add or remove %s', 'custom-post-type-ui' ),
+                // translators: placeholder holds content label.
                 'choose_from_most_used'      => esc_html__( 'Choose from the most used %s', 'custom-post-type-ui' ),
             ],

custom-post-type-ui/trunk/external/wpgraphql.php

@@ -189 +189 @@
 
                 <h2 class="hndle ui-sortable-handle">
-                    <span><?php esc_html_e( 'WPGraphQL', 'wp-graphql-custom-post-type-ui' ); ?></span>
+                    <span><?php esc_html_e( 'WPGraphQL', 'custom-post-type-ui' ); ?></span>
                 </h2>
                 <div class="handle-actions hide-if-no-js">
                     <button type="button" class="handlediv">
-                        <span class="screen-reader-text"><?php esc_html_e( 'Toggle panel: GraphQL Settings', 'wp-graphql-custom-post-type-ui' ); ?></span>
+                        <span class="screen-reader-text"><?php esc_html_e( 'Toggle panel: GraphQL Settings', 'custom-post-type-ui' ); ?></span>
                         <span class="toggle-indicator" aria-hidden="true"></span>
                     </button>
@@ -207 +207 @@
                                 [
                                     'attr' => '0',
-                                    'text' => esc_attr__( 'False', 'wp-graphql-custom-post-type-ui' ),
+                                    'text' => esc_attr__( 'False', 'custom-post-type-ui' ),
                                 ],
                                 [
                                     'attr' => '1',
-                                    'text' => esc_attr__( 'True', 'wp-graphql-custom-post-type-ui' ),
+                                    'text' => esc_attr__( 'True', 'custom-post-type-ui' ),
                                 ],
                             ],
@@ -221 +221 @@
                         echo $ui->get_select_input( // phpcs:ignore.
                             [
-                                'namearray'  => $name_array,
+                                'namearray'  => esc_attr( $name_array ),
                                 'name'       => 'show_in_graphql',
-                                'labeltext'  => esc_html__( 'Show in GraphQL', 'wp-graphql-custom-post-type-ui' ),
-                                'aftertext'  => esc_html__( 'Whether or not to show data of this type in the WPGraphQL. Default: false', 'wp-graphql-custom-post-type-ui' ),
+                                'labeltext'  => esc_html__( 'Show in GraphQL', 'custom-post-type-ui' ),
+                                'aftertext'  => esc_html__( 'Whether or not to show data of this type in the WPGraphQL. Default: false', 'custom-post-type-ui' ),
                                 'selections' => $selections, // phpcs:ignore.
                                 'default'    => false,
@@ -233 +233 @@
                         echo $ui->get_text_input( // phpcs:ignore.
                             [
-                                'namearray' => $name_array,
+                                'namearray' => esc_attr( $name_array ),
                                 'name'      => 'graphql_single_name',
-                                'labeltext' => esc_html__( 'GraphQL Single Name', 'wp-graphql-custom-post-type-ui' ),
-                                'aftertext' => esc_attr__( 'Singular name for reference in the GraphQL API.', 'wp-graphql-custom-post-type-ui' ),
+                                'labeltext' => esc_html__( 'GraphQL Single Name', 'custom-post-type-ui' ),
+                                'aftertext' => esc_attr__( 'Singular name for reference in the GraphQL API.', 'custom-post-type-ui' ),
                                 'textvalue' => ( isset( $current['graphql_single_name'] ) ) ? esc_attr( $current['graphql_single_name'] ) : '', // phpcs:ignore.
                                 'required'  => true,
@@ -244 +244 @@
                         echo $ui->get_text_input( // phpcs:ignore.
                             [
-                                'namearray' => $name_array,
+                                'namearray' => esc_attr( $name_array ),
                                 'name'      => 'graphql_plural_name',
-                                'labeltext' => esc_html__( 'GraphQL Plural Name', 'wp-graphql-custom-post-type-ui' ),
-                                'aftertext' => esc_attr__( 'Plural name for reference in the GraphQL API.', 'wp-graphql-custom-post-type-ui' ),
+                                'labeltext' => esc_html__( 'GraphQL Plural Name', 'custom-post-type-ui' ),
+                                'aftertext' => esc_attr__( 'Plural name for reference in the GraphQL API.', 'custom-post-type-ui' ),
                                 'textvalue' => ( isset( $current['graphql_plural_name'] ) ) ? esc_attr( $current['graphql_plural_name'] ) : '', // phpcs:ignore.
                                 'required'  => true,
@@ -338 +338 @@
                 echo sprintf(
                     // phpcs:ignore.
-                    esc_html__( 'Custom Post Type UI has native support for WPGraphQL. Please <a href="%s">de-active</a> the "WPGraphQL for Custom Post Type UI" extension to proceed.', 'custom-post-type-ui' ),
-                    $link // phpcs:ignore.
+                    esc_html__( 'Custom Post Type UI has native support for WPGraphQL. Please <a href="%s">de-activate</a> the "WPGraphQL for Custom Post Type UI" extension to proceed.', 'custom-post-type-ui' ),
+                    esc_url( $link )
                 );
                 ?>

custom-post-type-ui/trunk/inc/post-types.php

@@ -780 +780 @@
                                 );
 
-                                echo $ui->get_text_input( // phpcs:ignore.Z
+                                echo $ui->get_text_input( // phpcs:ignore.
                                     [
                                         'labeltext' => esc_html__( 'Attributes', 'custom-post-type-ui' ),
@@ -1233 +1233 @@
                             echo $ui->get_label( 'hierarchical', esc_html__( 'Hierarchical', 'custom-post-type-ui' ) ); // phpcs:ignore.
                             echo $ui->get_p( esc_html__( '"False" behaves like posts, "True" behaves like pages.', 'custom-post-type-ui' ) ); // phpcs:ignore.
-                            echo $ui->get_th_end() . $ui->get_td_start();
+                            echo $ui->get_th_end() . $ui->get_td_start(); // phpcs:ignore.
 
                             $select = [
@@ -1456 +1456 @@
                                     'textvalue'      => isset( $current['show_in_menu_string'] ) ? esc_attr( $current['show_in_menu_string'] ) : '', // phpcs:ignore.
                                     'helptext'       => $ui->get_label( 'show_in_menu_string', esc_attr__( 'The top-level admin menu page file name for which the post type should be in the sub menu of.', 'custom-post-type-ui' ) ),
+                                    // phpcs:ignore.
                                     'helptext_after' => true,
                                     'wrap'           => false,
@@ -1523 +1524 @@
                             echo $ui->get_p( esc_html__( 'Featured images and Post Formats need theme support added, to be used.', 'custom-post-type-ui' ) ); // phpcs:ignore.
 
-                            echo $ui->get_p(
+                            echo $ui->get_p( // phpcs:ignore.
                                 sprintf(
                                     '<a href="%s" target="_blank">%s</a><br/><a href="%s" target="_blank">%s</a>',
@@ -1769 +1770 @@
                                             'namearray'  => 'cpt_addon_taxes',
                                             'textvalue'  => esc_attr( $add_tax->name ),
-                                            'labeltext'  => $add_tax->label . ' ' . $core_label,
+                                            'labeltext'  => esc_html( $add_tax->label . ' ' . $core_label ),
                                             // phpcs:ignore.
                                             'helptext'   => sprintf( esc_attr__( 'Adds %s support', 'custom-post-type-ui' ), $add_tax->label ),
@@ -2139 +2140 @@
     // in the cptui_filtered_post_type_post_global() function. So we clean this up from the $_POST
     // global afterwards here.
-    $description = wp_kses_post( stripslashes_deep( $_POST['cpt_custom_post_type']['description'] ) );
+    $description = cptui_get_saved_description();
 
     $name                  = trim( $data['cpt_custom_post_type']['name'] );
@@ -2589 +2590 @@
 }
 add_filter( 'enter_title_here', 'cptui_custom_enter_title_here', 10, 2 );
+
+/**
+ * Get saved description value with added nonce check for extra security.
+ *
+ * @since NEXT
+ *
+ * @return string
+ */
+function cptui_get_saved_description() {
+    if ( ! current_user_can( 'manage_options' ) ) {
+        return '';
+    }
+
+    if ( empty( $_POST['cpt_custom_post_type']['description'] ) ) {
+        return '';
+    }
+
+    if ( ! empty( $_POST['cptui_select_post_type_nonce_field'] ) ) {
+        check_admin_referer( 'cptui_select_post_type_nonce_action', 'cptui_select_post_type_nonce_field' );
+    }
+
+    return wp_kses_post( stripslashes_deep( $_POST['cpt_custom_post_type']['description'] ) );
+}

custom-post-type-ui/trunk/inc/taxonomies.php

@@ -378 +378 @@
                                         true
                                     ) ? esc_html__( '(WP Core)', 'custom-post-type-ui' ) : '';
-                                    echo $ui->get_check_input( // phpcs:ignore.
+                                    echo $ui->get_check_input( // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
                                         [
-                                            'checkvalue' => $post_type->name,
+                                            'checkvalue' => esc_attr( $post_type->name ),
                                             'checked'    => ( ! empty( $current['object_types'] ) && is_array( $current['object_types'] ) && in_array( $post_type->name, $current['object_types'], true ) ) ? 'true' : 'false', // phpcs:ignore.
                                             'name'       => esc_attr( $post_type->name ),

custom-post-type-ui/trunk/inc/tools-sections/tools-debug.php

@@ -23 +23 @@
         if ( wp_verify_nonce( 'cptui_debuginfo_nonce_field', 'cptui_debuginfo_nonce_action' ) ) {
             $email_args          = [];
-            $email_args['email'] = sanitize_text_field( $_POST['cptui_debug_info_email'] );
+            $email_args['email'] = sanitize_text_field( wp_unslash( $_POST['cptui_debug_info_email'] ) );
             $debuginfo->send_email( $email_args );
         }

custom-post-type-ui/trunk/inc/tools-sections/tools-get-code.php

@@ -32 +32 @@
                 <?php
                 $type = ! empty( $post_type['label'] ) ? esc_html( $post_type['label'] ) : esc_html( $post_type['name'] );
+                // translators: placeholder will hold post type name.
                 printf( esc_html__( '%s Post Type', 'custom-post-type-ui' ), esc_html( $type ) ); ?></h2>
             <p>
@@ -57 +58 @@
                 <?php
                 $tax = ! empty( $taxonomy['label'] ) ? esc_html( $taxonomy['label'] ) : esc_html( $taxonomy['name'] );
+                // translators: placeholder will hold taxonomy name.
                 printf( esc_html__( '%s Taxonomy', 'custom-post-type-ui' ), esc_html( $tax ) );
                 ?>

custom-post-type-ui/trunk/inc/tools-sections/tools-post-types.php

@@ -33 +33 @@
             }
         }
-?>
-
+        ob_start();
+        ?>
 function <?php echo esc_html( $callback ); ?>() {
 <?php
 // Space before this line reflects in textarea.
         foreach ( $cptui_post_types as $type ) {
-            echo cptui_get_single_post_type_registery( $type );
+            cptui_get_single_post_type_registery( $type );
         }
 ?>
@@ -49 +49 @@
         esc_html_e( 'No post types to display at this time', 'custom-post-type-ui' );
     }
+    echo esc_html( trim( ob_get_clean() ) );
 }
 
@@ -195 +196 @@
 
     /**
-     * Post Type: <?php echo $post_type['label']; ?>.
+     * Post Type: <?php echo esc_html( $post_type['label'] ); ?>.
      */
 
     $labels = [
-        "name" => esc_html__( "<?php echo $post_type['label']; ?>", "<?php echo $textdomain; ?>" ),
-        "singular_name" => esc_html__( "<?php echo $post_type['singular_label']; ?>", "<?php echo $textdomain; ?>" ),
+        "name" => esc_html__( "<?php echo esc_html( $post_type['label'] ); ?>", "<?php echo esc_html( $textdomain ); ?>" ),
+        "singular_name" => esc_html__( "<?php echo esc_html( $post_type['singular_label'] ); ?>", "<?php echo esc_html( $textdomain ); ?>" ),
 <?php
     foreach ( $post_type['labels'] as $key => $label ) {
@@ -206 +207 @@
             if ( 'parent' === $key && ! array_key_exists( 'parent_item_colon', $post_type['labels'] ) ) {
                 // Fix for incorrect label key. See #439.
-                echo "\t\t" . '"' . 'parent_item_colon' . '" => esc_html__( "' . $label . '", "' . $textdomain . '" ),' . "\n";
+                echo "\t\t" . '"' . 'parent_item_colon' . '" => esc_html__( "' . esc_html( $label ) . '", "' . esc_html( $textdomain ) . '" ),' . "\n";
             } else {
-                echo "\t\t" . '"' . $key . '" => esc_html__( "' . $label . '", "' . $textdomain . '" ),' . "\n";
+                echo "\t\t" . '"' . esc_html( $key ) . '" => esc_html__( "' . esc_html( $label ) . '", "' . esc_html( $textdomain ) . '" ),' . "\n";
             }
         }
@@ -216 +217 @@
 
     $args = [
-        "label" => esc_html__( "<?php echo $post_type['label']; ?>", "<?php echo $textdomain; ?>" ),
+        "label" => esc_html__( "<?php echo esc_html( $post_type['label'] ); ?>", "<?php echo esc_html( $textdomain ); ?>" ),
         "labels" => $labels,
-        "description" => "<?php echo $post_type['description']; ?>",
-        "public" => <?php echo disp_boolean( $post_type['public'] ); ?>,
-        "publicly_queryable" => <?php echo disp_boolean( $post_type['publicly_queryable'] ); ?>,
-        "show_ui" => <?php echo disp_boolean( $post_type['show_ui'] ); ?>,
-        "show_in_rest" => <?php echo disp_boolean( $post_type['show_in_rest'] ); ?>,
-        "rest_base" => "<?php echo $post_type['rest_base']; ?>",
-        "rest_controller_class" => "<?php echo $rest_controller_class; ?>",
-        "rest_namespace" => "<?php echo $rest_namespace; ?>",
-        "has_archive" => <?php echo $has_archive; ?>,
-        "show_in_menu" => <?php echo $show_in_menu; ?>,
-        "show_in_nav_menus" => <?php echo $show_in_nav_menus; ?>,
-        "delete_with_user" => <?php echo $delete_with_user; ?>,
-        "exclude_from_search" => <?php echo disp_boolean( $post_type['exclude_from_search'] ); ?>,
-        "capability_type" => <?php echo $capability_type; ?>,
-        "map_meta_cap" => <?php echo disp_boolean( $post_type['map_meta_cap'] ); ?>,
-        "hierarchical" => <?php echo disp_boolean( $post_type['hierarchical'] ); ?>,
-        "can_export" => <?php echo $can_export; ?>,
-        "rewrite" => <?php echo $rewrite; ?>,
-        "query_var" => <?php echo $post_type['query_var']; ?>,
+        "description" => "<?php echo esc_html( $post_type['description'] ); ?>",
+        "public" => <?php echo disp_boolean( esc_html( $post_type['public'] ) ); ?>,
+        "publicly_queryable" => <?php echo disp_boolean( esc_html( $post_type['publicly_queryable'] ) ); ?>,
+        "show_ui" => <?php echo disp_boolean( esc_html( $post_type['show_ui'] ) ); ?>,
+        "show_in_rest" => <?php echo disp_boolean( esc_html( $post_type['show_in_rest'] ) ); ?>,
+        "rest_base" => "<?php echo esc_html( $post_type['rest_base'] ); ?>",
+        "rest_controller_class" => "<?php echo esc_html( $rest_controller_class ); ?>",
+        "rest_namespace" => "<?php echo esc_html( $rest_namespace ); ?>",
+        "has_archive" => <?php echo esc_html( $has_archive ); ?>,
+        "show_in_menu" => <?php echo esc_html( $show_in_menu ); ?>,
+        "show_in_nav_menus" => <?php echo esc_html( $show_in_nav_menus ); ?>,
+        "delete_with_user" => <?php echo esc_html( $delete_with_user ); ?>,
+        "exclude_from_search" => <?php echo disp_boolean( esc_html( $post_type['exclude_from_search'] ) ); ?>,
+        "capability_type" => <?php echo esc_html( $capability_type ); ?>,
+        "map_meta_cap" => <?php echo disp_boolean( esc_html( $post_type['map_meta_cap'] ) ); ?>,
+        "hierarchical" => <?php echo disp_boolean( esc_html( $post_type['hierarchical'] ) ); ?>,
+        "can_export" => <?php echo esc_html( $can_export ); ?>,
+        "rewrite" => <?php echo esc_html( $rewrite ); ?>,
+        "query_var" => <?php echo esc_html( $post_type['query_var'] ); ?>,
 <?php if ( ! empty( $post_type['menu_position'] ) ) { ?>
-        "menu_position" => <?php echo $post_type['menu_position']; ?>,
+        "menu_position" => <?php echo esc_html( $post_type['menu_position'] ); ?>,
 <?php } ?>
 <?php if ( ! empty( $post_type['menu_icon'] ) ) { ?>
-        "menu_icon" => "<?php echo $post_type['menu_icon']; ?>",
+        "menu_icon" => "<?php echo esc_html( $post_type['menu_icon'] ); ?>",
 <?php } ?>
 <?php if ( ! empty( $post_type['register_meta_box_cb'] ) ) { ?>
-        "register_meta_box_cb" => "<?php echo $post_type['register_meta_box_cb']; ?>",
+        "register_meta_box_cb" => "<?php echo esc_html( $post_type['register_meta_box_cb'] ); ?>",
 <?php } ?>
 <?php if ( ! empty( $supports ) ) { ?>
-        "supports" => <?php echo $supports; ?>,
+        "supports" => <?php echo esc_html( $supports ); ?>,
 <?php } ?>
 <?php if ( ! empty( $taxonomies ) ) { ?>
-        "taxonomies" => <?php echo $taxonomies; ?>,
+        "taxonomies" => <?php echo esc_html( $taxonomies ); ?>,
 <?php } ?>
 <?php if ( true === $yarpp ) { ?>
-        "yarpp_support" => <?php echo disp_boolean( $yarpp ); ?>,
+        "yarpp_support" => <?php echo disp_boolean( esc_html( $yarpp ) ); ?>,
 <?php } ?>
 <?php if ( $show_graphql ) : ?>
-        "show_in_graphql" => <?php echo disp_boolean( $post_type['show_in_graphql'] ); ?>,
+        "show_in_graphql" => <?php echo disp_boolean( esc_html( $post_type['show_in_graphql'] ) ); ?>,
         "graphql_single_name" => "<?php echo esc_html( $post_type['graphql_single_name'] ); ?>",
         "graphql_plural_name" => "<?php echo esc_html( $post_type['graphql_plural_name'] ); ?>",
@@ -264 +265 @@
     ];
 
-    register_post_type( "<?php echo esc_html( $post_type['name'] ); ?>", $args );
-<?php
-}
+    register_post_type( "<?php echo esc_html( esc_html( $post_type['name'] ) ); ?>", $args );
+<?php
+}

custom-post-type-ui/trunk/inc/tools-sections/tools-taxonomies.php

@@ -38 +38 @@
 <?php
     foreach ( $cptui_taxonomies as $tax ) {
-        echo cptui_get_single_taxonomy_registery( $tax );
+        cptui_get_single_taxonomy_registery( $tax );
     }
 ?>
@@ -47 +47 @@
         esc_html_e( 'No taxonomies to display at this time', 'custom-post-type-ui' );
     }
-    echo trim( ob_get_clean() );
+    echo esc_html( trim( ob_get_clean() ) );
 }
 
@@ -164 +164 @@
 
     $args = [
-        "label" => esc_html__( "<?php echo $taxonomy['label']; ?>", "<?php echo $textdomain; ?>" ),
+        "label" => esc_html__( "<?php echo esc_html( $taxonomy['label'] ); ?>", "<?php echo esc_html( $textdomain ); ?>" ),
         "labels" => $labels,
-        "public" => <?php echo $public; ?>,
-        "publicly_queryable" => <?php echo $publicly_queryable; ?>,
-        "hierarchical" => <?php echo $taxonomy['hierarchical']; ?>,
-        "show_ui" => <?php echo disp_boolean( $taxonomy['show_ui'] ); ?>,
-        "show_in_menu" => <?php echo $show_in_menu; ?>,
-        "show_in_nav_menus" => <?php echo $show_in_nav_menus; ?>,
-        "query_var" => <?php echo disp_boolean( $taxonomy['query_var'] ); ?>,
-        "rewrite" => <?php echo $rewrite; ?>,
-        "show_admin_column" => <?php echo $taxonomy['show_admin_column']; ?>,
-        "show_in_rest" => <?php echo $show_in_rest; ?>,
-        "show_tagcloud" => <?php echo $show_tagcloud; ?>,
-        "rest_base" => "<?php echo $rest_base; ?>",
-        "rest_controller_class" => "<?php echo $rest_controller_class; ?>",
-        "rest_namespace" => "<?php echo $rest_namespace; ?>",
-        "show_in_quick_edit" => <?php echo $show_in_quick_edit; ?>,
-        "sort" => <?php echo $sort; ?>,
+        "public" => <?php echo esc_html( $public ); ?>,
+        "publicly_queryable" => <?php echo esc_html( $publicly_queryable ); ?>,
+        "hierarchical" => <?php echo esc_html( $taxonomy['hierarchical'] ); ?>,
+        "show_ui" => <?php echo disp_boolean( esc_html( $taxonomy['show_ui'] ) ); ?>,
+        "show_in_menu" => <?php echo esc_html( $show_in_menu ); ?>,
+        "show_in_nav_menus" => <?php echo esc_html( $show_in_nav_menus ); ?>,
+        "query_var" => <?php echo disp_boolean( esc_html( $taxonomy['query_var'] ) ); ?>,
+        "rewrite" => <?php echo esc_html( $rewrite ); ?>,
+        "show_admin_column" => <?php echo esc_html( $taxonomy['show_admin_column'] ); ?>,
+        "show_in_rest" => <?php echo esc_html( $show_in_rest ); ?>,
+        "show_tagcloud" => <?php echo esc_html( $show_tagcloud ); ?>,
+        "rest_base" => "<?php echo esc_html( $rest_base ); ?>",
+        "rest_controller_class" => "<?php echo esc_html( $rest_controller_class ); ?>",
+        "rest_namespace" => "<?php echo esc_html( $rest_namespace ); ?>",
+        "show_in_quick_edit" => <?php echo esc_html( $show_in_quick_edit ); ?>,
+        "sort" => <?php echo esc_html( $sort ); ?>,
 <?php if ( $show_graphql ) : ?>
-        "show_in_graphql" => <?php echo disp_boolean( $taxonomy['show_in_graphql'] ); ?>,
+        "show_in_graphql" => <?php echo disp_boolean( esc_html( $taxonomy['show_in_graphql'] ) ); ?>,
         "graphql_single_name" => "<?php echo esc_html( $taxonomy['graphql_single_name'] ); ?>",
         "graphql_plural_name" => "<?php echo esc_html( $taxonomy['graphql_plural_name'] ); ?>",
 <?php else: ?>
-        "show_in_graphql" => <?php echo disp_boolean( false ); ?>,
+        "show_in_graphql" => <?php echo esc_html( disp_boolean( false ) ); ?>,
 <?php endif; ?>
 <?php if ( ! empty( $meta_box_cb ) ) { ?>
-        "meta_box_cb" => <?php echo $meta_box_cb; ?>,
+        "meta_box_cb" => <?php echo esc_html( $meta_box_cb ); ?>,
 <?php } ?>
 <?php if ( ! empty( $default_term ) ) { ?>
-        "default_term" => <?php echo $default_term; ?>,
+        "default_term" => <?php echo esc_html( $default_term ); ?>,
 <?php } ?>
     ];
-    register_taxonomy( "<?php echo esc_html( $taxonomy['name'] ); ?>", <?php echo $post_types; ?>, $args );
-<?php
-}
+    register_taxonomy( "<?php echo esc_html( $taxonomy['name'] ); ?>", <?php echo esc_html( $post_types ); ?>, $args );
+<?php
+}

custom-post-type-ui/trunk/readme.txt

@@ -4 +4 @@
 Tags: custom post types, post type, taxonomy, content types, types
 Requires at least: 6.6
-Tested up to: 6.8.2
-Stable tag: 1.18.1
+Tested up to: 6.9
+Stable tag: 1.18.2
 License: GPL-2.0+
 Requires PHP: 7.4
@@ -32 +32 @@
 
 == Changelog ==
+
+= 1.18.2 - 2025-12-05 =
+* Fixed: Security issue around Get Code functionality.
+* Fixed: Potential security issue around post type descriptions.
+* Updated: various internationalization details.
 
 = 1.18.1 - 2025-11-20 =
@@ -89 +94 @@
 
 = 1.18.1 =
-Security fixes, javascript touchups, CPTUI about screen cleanup.
+Security fixes, internationalization details.
 
 == Installation ==