Upgrade plugins

Signed-off-by: Chris Abraham <cjyabraham@gmail.com>

composer.lock

@@ -1013,15 +1013,15 @@
         },
         {
             "name": "wpackagist-plugin/publishpress-checklists",
-            "version": "2.18.0",
+            "version": "2.20.0",
             "source": {
                 "type": "svn",
                 "url": "https://plugins.svn.wordpress.org/publishpress-checklists/",
-                "reference": "tags/2.18.0"
+                "reference": "tags/2.20.0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://downloads.wordpress.org/plugin/publishpress-checklists.2.18.0.zip"
+                "url": "https://downloads.wordpress.org/plugin/publishpress-checklists.2.20.0.zip"
             },
             "require": {
                 "composer/installers": "^1.0 || ^2.0"
@@ -1067,15 +1067,15 @@
         },
         {
             "name": "wpackagist-plugin/shortpixel-image-optimiser",
-            "version": "6.2.0",
+            "version": "6.2.1",
             "source": {
                 "type": "svn",
                 "url": "https://plugins.svn.wordpress.org/shortpixel-image-optimiser/",
-                "reference": "tags/6.2.0"
+                "reference": "tags/6.2.1"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://downloads.wordpress.org/plugin/shortpixel-image-optimiser.6.2.0.zip"
+                "url": "https://downloads.wordpress.org/plugin/shortpixel-image-optimiser.6.2.1.zip"
             },
             "require": {
                 "composer/installers": "^1.0 || ^2.0"
@@ -1103,15 +1103,15 @@
         },
         {
             "name": "wpackagist-plugin/wp-mail-smtp",
-            "version": "4.4.0",
+            "version": "4.5.0",
             "source": {
                 "type": "svn",
                 "url": "https://plugins.svn.wordpress.org/wp-mail-smtp/",
-                "reference": "tags/4.4.0"
+                "reference": "tags/4.5.0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://downloads.wordpress.org/plugin/wp-mail-smtp.4.4.0.zip"
+                "url": "https://downloads.wordpress.org/plugin/wp-mail-smtp.4.5.0.zip"
             },
             "require": {
                 "composer/installers": "^1.0 || ^2.0"
@@ -1393,12 +1393,12 @@
             "source": {
                 "type": "git",
                 "url": "https://github.com/Roave/SecurityAdvisories.git",
-                "reference": "4aa0a0890ece3b361fc4179b1e30fdcc0d2c689b"
+                "reference": "d1d1619048a615bd2836f095f8dd3dd33e4ba457"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/Roave/SecurityAdvisories/zipball/4aa0a0890ece3b361fc4179b1e30fdcc0d2c689b",
+                "url": "https://api.github.com/repos/Roave/SecurityAdvisories/zipball/d1d1619048a615bd2836f095f8dd3dd33e4ba457",
-                "reference": "4aa0a0890ece3b361fc4179b1e30fdcc0d2c689b",
+                "reference": "d1d1619048a615bd2836f095f8dd3dd33e4ba457",
                 "shasum": ""
             },
             "conflict": {
@@ -1440,7 +1440,10 @@
                 "athlon1600/php-proxy-app": "<=3",
                 "athlon1600/youtube-downloader": "<=4",
                 "austintoddj/canvas": "<=3.4.2",
-                "auth0/wordpress": "<=4.6",
+                "auth0/auth0-php": ">=8.0.0.0-beta1,<8.14",
+                "auth0/login": "<7.17",
+                "auth0/symfony": "<5.4",
+                "auth0/wordpress": "<5.3",
                 "automad/automad": "<2.0.0.0-alpha5",
                 "automattic/jetpack": "<9.8",
                 "awesome-support/awesome-support": "<=6.0.7",
@@ -1460,6 +1463,7 @@
                 "baserproject/basercms": "<=5.1.1",
                 "bassjobsen/bootstrap-3-typeahead": ">4.0.2",
                 "bbpress/bbpress": "<2.6.5",
+                "bcit-ci/codeigniter": "<3.1.3",
                 "bcosca/fatfree": "<3.7.2",
                 "bedita/bedita": "<4",
                 "bednee/cooluri": "<1.0.30",
@@ -1495,9 +1499,10 @@
                 "centreon/centreon": "<22.10.15",
                 "cesnet/simplesamlphp-module-proxystatistics": "<3.1",
                 "chriskacerguis/codeigniter-restserver": "<=2.7.1",
+                "chrome-php/chrome": "<1.14",
                 "civicrm/civicrm-core": ">=4.2,<4.2.9|>=4.3,<4.3.3",
                 "ckeditor/ckeditor": "<4.25",
-                "clickstorm/cs-seo": ">=6,<6.7|>=7,<7.4|>=8,<8.3|>=9,<9.2",
+                "clickstorm/cs-seo": ">=6,<6.8|>=7,<7.5|>=8,<8.4|>=9,<9.3",
                 "co-stack/fal_sftp": "<0.2.6",
                 "cockpit-hq/cockpit": "<2.7|==2.7",
                 "codeception/codeception": "<3.1.3|>=4,<4.1.22",
@@ -1520,6 +1525,7 @@
                 "contao/managed-edition": "<=1.5",
                 "corveda/phpsandbox": "<1.3.5",
                 "cosenary/instagram": "<=2.3",
+                "couleurcitron/tarteaucitron-wp": "<0.3",
                 "craftcms/cms": "<4.15.3|>=5,<5.7.5",
                 "croogo/croogo": "<4",
                 "cuyz/valinor": "<0.12",
@@ -1708,7 +1714,7 @@
                 "imdbphp/imdbphp": "<=5.1.1",
                 "impresscms/impresscms": "<=1.4.5",
                 "impresspages/impresspages": "<1.0.13",
-                "in2code/femanager": "<5.5.3|>=6,<6.3.4|>=7,<7.2.3",
+                "in2code/femanager": "<5.5.5|>=6,<6.4.1|>=7,<7.4.2|>=8,<8.2.2",
                 "in2code/ipandlanguageredirect": "<5.1.2",
                 "in2code/lux": "<17.6.1|>=18,<24.0.2",
                 "in2code/powermail": "<7.5.1|>=8,<8.5.1|>=9,<10.9.1|>=11,<12.4.1",
@@ -1787,6 +1793,7 @@
                 "livewire/volt": "<1.7",
                 "lms/routes": "<2.1.1",
                 "localizationteam/l10nmgr": "<7.4|>=8,<8.7|>=9,<9.2",
+                "lomkit/laravel-rest-api": "<2.13",
                 "luracast/restler": "<3.1",
                 "luyadev/yii-helpers": "<1.2.1",
                 "macropay-solutions/laravel-crud-wizard-free": "<3.4.17",
@@ -1804,7 +1811,7 @@
                 "marcwillmann/turn": "<0.3.3",
                 "matomo/matomo": "<1.11",
                 "matyhtf/framework": "<3.0.6",
-                "mautic/core": "<5.2.3",
+                "mautic/core": "<5.2.6|>=6.0.0.0-alpha,<6.0.2",
                 "mautic/core-lib": ">=1.0.0.0-beta,<4.4.13|>=5.0.0.0-alpha,<5.1.1",
                 "maximebf/debugbar": "<1.19",
                 "mdanter/ecc": "<2",
@@ -1861,6 +1868,7 @@
                 "nette/application": ">=2,<2.0.19|>=2.1,<2.1.13|>=2.2,<2.2.10|>=2.3,<2.3.14|>=2.4,<2.4.16|>=3,<3.0.6",
                 "nette/nette": ">=2,<2.0.19|>=2.1,<2.1.13",
                 "nilsteampassnet/teampass": "<3.1.3.1-dev",
+                "nitsan/ns-backup": "<13.0.1",
                 "nonfiction/nterchange": "<4.1.1",
                 "notrinos/notrinos-erp": "<=0.7",
                 "noumo/easyii": "<=0.9",
@@ -1925,6 +1933,7 @@
                 "phpmyadmin/phpmyadmin": "<5.2.2",
                 "phpmyfaq/phpmyfaq": "<3.2.5|==3.2.5|>=3.2.10,<=4.0.1",
                 "phpoffice/common": "<0.2.9",
+                "phpoffice/math": "<=0.2",
                 "phpoffice/phpexcel": "<=1.8.2",
                 "phpoffice/phpspreadsheet": "<1.29.9|>=2,<2.1.8|>=2.2,<2.3.7|>=3,<3.9",
                 "phpseclib/phpseclib": "<2.0.47|>=3,<3.0.36",
@@ -1985,11 +1994,13 @@
                 "really-simple-plugins/complianz-gdpr": "<6.4.2",
                 "redaxo/source": "<5.18.3",
                 "remdex/livehelperchat": "<4.29",
+                "renolit/reint-downloadmanager": "<4.0.2|>=5,<5.0.1",
                 "reportico-web/reportico": "<=8.1",
                 "rhukster/dom-sanitizer": "<1.0.7",
                 "rmccue/requests": ">=1.6,<1.8",
                 "robrichards/xmlseclibs": ">=1,<3.0.4",
                 "roots/soil": "<4.1",
+                "roundcube/roundcubemail": "<1.5.10|>=1.6,<1.6.11",
                 "rudloff/alltube": "<3.0.3",
                 "rudloff/rtmpdump-bin": "<=2.3.1",
                 "s-cart/core": "<6.9",
@@ -2039,7 +2050,7 @@
                 "simplesamlphp/xml-security": "==1.6.11",
                 "simplito/elliptic-php": "<1.0.6",
                 "sitegeist/fluid-components": "<3.5",
-                "sjbr/sr-feuser-register": "<2.6.2",
+                "sjbr/sr-feuser-register": "<2.6.2|>=5.1,<12.5",
                 "sjbr/sr-freecap": "<2.4.6|>=2.5,<2.5.3",
                 "sjbr/static-info-tables": "<2.3.1",
                 "slim/psr7": "<1.4.1|>=1.5,<1.5.1|>=1.6,<1.6.1",
@@ -2066,7 +2077,7 @@
                 "subhh/libconnect": "<7.0.8|>=8,<8.1",
                 "sukohi/surpass": "<1",
                 "sulu/form-bundle": ">=2,<2.5.3",
-                "sulu/sulu": "<1.6.44|>=2,<2.5.21|>=2.6,<2.6.5",
+                "sulu/sulu": "<1.6.44|>=2,<2.5.25|>=2.6,<2.6.9|>=3.0.0.0-alpha1,<3.0.0.0-alpha3",
                 "sumocoders/framework-user-bundle": "<1.4",
                 "superbig/craft-audit": "<3.0.2",
                 "svewap/a21glossary": "<=0.4.10",
@@ -2113,6 +2124,8 @@
                 "symfony/translation": ">=2,<2.0.17",
                 "symfony/twig-bridge": ">=2,<4.4.51|>=5,<5.4.31|>=6,<6.3.8",
                 "symfony/ux-autocomplete": "<2.11.2",
+                "symfony/ux-live-component": "<2.25.1",
+                "symfony/ux-twig-component": "<2.25.1",
                 "symfony/validator": "<5.4.43|>=6,<6.4.11|>=7,<7.1.4",
                 "symfony/var-exporter": ">=4.2,<4.2.12|>=4.3,<4.3.8",
                 "symfony/web-profiler-bundle": ">=2,<2.3.19|>=2.4,<2.4.9|>=2.5,<2.5.4",
@@ -2150,10 +2163,10 @@
                 "twbs/bootstrap": "<=3.4.1|>=4,<=4.6.2",
                 "twig/twig": "<3.11.2|>=3.12,<3.14.1|>=3.16,<3.19",
                 "typo3/cms": "<9.5.29|>=10,<10.4.35|>=11,<11.5.23|>=12,<12.2",
-                "typo3/cms-backend": "<4.1.14|>=4.2,<4.2.15|>=4.3,<4.3.7|>=4.4,<4.4.4|>=7,<=7.6.50|>=8,<=8.7.39|>=9,<=9.5.24|>=10,<10.4.46|>=11,<11.5.40|>=12,<12.4.21|>=13,<13.3.1",
+                "typo3/cms-backend": "<4.1.14|>=4.2,<4.2.15|>=4.3,<4.3.7|>=4.4,<4.4.4|>=7,<=7.6.50|>=8,<=8.7.39|>=9,<=9.5.24|>=10,<10.4.46|>=11,<11.5.40|>=12,<=12.4.30|>=13,<=13.4.11",
                 "typo3/cms-belog": ">=10,<=10.4.47|>=11,<=11.5.41|>=12,<=12.4.24|>=13,<=13.4.2",
                 "typo3/cms-beuser": ">=10,<=10.4.47|>=11,<=11.5.41|>=12,<=12.4.24|>=13,<=13.4.2",
-                "typo3/cms-core": "<=8.7.56|>=9,<=9.5.48|>=10,<=10.4.47|>=11,<=11.5.41|>=12,<=12.4.24|>=13,<=13.4.2",
+                "typo3/cms-core": "<=8.7.56|>=9,<=9.5.50|>=10,<=10.4.49|>=11,<=11.5.43|>=12,<=12.4.30|>=13,<=13.4.11",
                 "typo3/cms-dashboard": ">=10,<=10.4.47|>=11,<=11.5.41|>=12,<=12.4.24|>=13,<=13.4.2",
                 "typo3/cms-extbase": "<6.2.24|>=7,<7.6.8|==8.1.1",
                 "typo3/cms-extensionmanager": ">=10,<=10.4.47|>=11,<=11.5.41|>=12,<=12.4.24|>=13,<=13.4.2",
@@ -2166,6 +2179,8 @@
                 "typo3/cms-lowlevel": ">=11,<=11.5.41",
                 "typo3/cms-rte-ckeditor": ">=9.5,<9.5.42|>=10,<10.4.39|>=11,<11.5.30",
                 "typo3/cms-scheduler": ">=11,<=11.5.41",
+                "typo3/cms-setup": ">=9,<=9.5.50|>=10,<=10.4.49|>=11,<=11.5.43|>=12,<=12.4.30|>=13,<=13.4.11",
+                "typo3/cms-webhooks": ">=12,<=12.4.30|>=13,<=13.4.11",
                 "typo3/flow": ">=1,<1.0.4|>=1.1,<1.1.1|>=2,<2.0.1|>=2.3,<2.3.16|>=3,<3.0.12|>=3.1,<3.1.10|>=3.2,<3.2.13|>=3.3,<3.3.13|>=4,<4.0.6",
                 "typo3/html-sanitizer": ">=1,<=1.5.2|>=2,<=2.1.3",
                 "typo3/neos": ">=1.1,<1.1.3|>=1.2,<1.2.13|>=2,<2.0.4|>=2.3,<2.3.99|>=3,<3.0.20|>=3.1,<3.1.18|>=3.2,<3.2.14|>=3.3,<3.3.23|>=4,<4.0.17|>=4.1,<4.1.16|>=4.2,<4.2.12|>=4.3,<4.3.3",
@@ -2237,7 +2252,7 @@
                 "yiisoft/yii2-elasticsearch": "<2.0.5",
                 "yiisoft/yii2-gii": "<=2.2.4",
                 "yiisoft/yii2-jui": "<2.0.4",
-                "yiisoft/yii2-redis": "<2.0.8",
+                "yiisoft/yii2-redis": "<2.0.20",
                 "yikesinc/yikes-inc-easy-mailchimp-extender": "<6.8.6",
                 "yoast-seo-for-typo3/yoast_seo": "<7.2.3",
                 "yourls/yourls": "<=1.8.2",
@@ -2315,7 +2330,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-05-14T18:07:05+00:00"
+            "time": "2025-06-06T23:05:15+00:00"
         },
         {
             "name": "squizlabs/php_codesniffer",

web/wp-content/plugins/advanced-custom-fields-pro/README.md

@@ -0,0 +1,27 @@
+# Advanced Custom Fields
+
+Welcome to the official Advanced Custom Fields repository on GitHub. ACF is a WordPress plugin used to take full control of your edit screens & custom field data.
+
+## Documentation
+
+Do you need help getting started with ACF, or do you have questions about one of the ACF features? You can [search through our documentation here](https://www.advancedcustomfields.com/resources/). If you don't find the answers you're looking for, you can start a new forum thread in the [support forum](https://support.advancedcustomfields.com/) or contact our [support team](https://www.advancedcustomfields.com/contact/)
+
+If you've got feedback or a feature suggestion for ACF, please use our [feedback board](https://www.advancedcustomfields.com/feedback/)
+
+## Support
+
+This repository is not suitable for support. Please don't use our issue tracker for support requests, but for core issues only. 
+Support can take place in the appropriate channels:
+
+* Community forum
+* Email based ticket system 
+
+These channels can be accessed from our [support website](https://support.advancedcustomfields.com/).
+
+## Contributing
+
+If you have a patch, or stumbled upon an issue with ACF core, you can contribute this back to the code. Please create a new github issue with as much information as possible, and a PR if appropriate.
+
+## Translations
+
+If you're looking to translate ACF, you can submit new PRO translations via a PR on this repo. Any strings from the free version are imported from [translate.wordpress.org](https://translate.wordpress.org/projects/wp-plugins/advanced-custom-fields/stable/). For more information, please view our [translation guide](https://www.advancedcustomfields.com/resources/how-to-help-translate-acf-into-other-languages/)

web/wp-content/plugins/advanced-custom-fields-pro/acf.php

@@ -2,17 +2,17 @@
 /**
  * Advanced Custom Fields PRO
  *
- * @package       ACF
+ * @package ACF
- * @author        WP Engine
+ * @author  WP Engine
  *
  * @wordpress-plugin
  * Plugin Name:       Advanced Custom Fields PRO
  * Plugin URI:        https://www.advancedcustomfields.com
  * Description:       Customize WordPress with powerful, professional and intuitive fields.
- * Version:           6.3.9
+ * Version:           6.4.2
  * Author:            WP Engine
  * Author URI:        https://wpengine.com/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=plugin_directory&utm_content=advanced_custom_fields
- * Update URI:        false
+ * Update URI:        https://www.advancedcustomfields.com/pro
  * Text Domain:       acf
  * Domain Path:       /lang
  * Requires PHP:      7.4
@@ -36,7 +36,7 @@ if ( ! class_exists( 'ACF' ) ) {
 		 *
 		 * @var string
 		 */
-		public $version = '6.3.9';
+		public $version = '6.4.2';
 
 		/**
 		 * The plugin settings array.
@@ -91,7 +91,7 @@ if ( ! class_exists( 'ACF' ) ) {
 
 			// Define settings.
 			$this->settings = array(
-				'name'                    => __( 'Advanced Custom Fields', 'acf' ),
+				'name'                    => 'Advanced Custom Fields',
 				'slug'                    => dirname( ACF_BASENAME ),
 				'version'                 => ACF_VERSION,
 				'basename'                => ACF_BASENAME,
@@ -130,8 +130,12 @@ if ( ! class_exists( 'ACF' ) ) {
 				'enable_shortcode'        => true,
 				'enable_bidirection'      => true,
 				'enable_block_bindings'   => true,
+				'enable_meta_box_cb_edit' => true,
 			);
 
+			// Include autoloader.
+			include_once __DIR__ . '/vendor/autoload.php';
+
 			// Include utility functions.
 			include_once ACF_PATH . 'includes/acf-utility-functions.php';
 
@@ -143,13 +147,22 @@ if ( ! class_exists( 'ACF' ) ) {
 			// Include classes.
 			acf_include( 'includes/class-acf-data.php' );
 			acf_include( 'includes/class-acf-internal-post-type.php' );
-			acf_include( 'includes/class-acf-site-health.php' );
 			acf_include( 'includes/fields/class-acf-field.php' );
 			acf_include( 'includes/locations/abstract-acf-legacy-location.php' );
 			acf_include( 'includes/locations/abstract-acf-location.php' );
 
+			// Initialise autoloaded classes.
+			new ACF\Site_Health\Site_Health();
+
 			// Include functions.
 			acf_include( 'includes/acf-helper-functions.php' );
+
+			acf_new_instance( 'ACF\Meta\Comment' );
+			acf_new_instance( 'ACF\Meta\Post' );
+			acf_new_instance( 'ACF\Meta\Term' );
+			acf_new_instance( 'ACF\Meta\User' );
+			acf_new_instance( 'ACF\Meta\Option' );
+
 			acf_include( 'includes/acf-hook-functions.php' );
 			acf_include( 'includes/acf-field-functions.php' );
 			acf_include( 'includes/acf-bidirectional-functions.php' );
@@ -227,15 +240,15 @@ if ( ! class_exists( 'ACF' ) ) {
 			// Include legacy.
 			acf_include( 'includes/legacy/legacy-locations.php' );
 
-			// Include PRO.
+			// Include updater if included with this build.
-			acf_include( 'pro/acf-pro.php' );
+			acf_include( 'includes/Updater/init.php' );
+
+			// Include PRO if included with this build.
+			if ( ! defined( 'ACF_PREVENT_PRO_LOAD' ) || ( defined( 'ACF_PREVENT_PRO_LOAD' ) && ! ACF_PREVENT_PRO_LOAD ) ) {
+				acf_include( 'pro/acf-pro.php' );
+			}
 
 			if ( is_admin() && function_exists( 'acf_is_pro' ) && ! acf_is_pro() ) {
-
-				// Include WPE update system.
-				acf_include( 'includes/class-PluginUpdater.php' );
-				acf_include( 'includes/acf-upgrades.php' );
-
 				acf_include( 'includes/admin/admin-options-pages-preview.php' );
 			}
 
@@ -274,6 +287,9 @@ if ( ! class_exists( 'ACF' ) ) {
 			// Load textdomain file.
 			acf_load_textdomain();
 
+			// Make plugin name translatable.
+			acf_update_setting( 'name', __( 'Advanced Custom Fields', 'acf' ) );
+
 			// Include 3rd party compatiblity.
 			acf_include( 'includes/third-party.php' );
 
@@ -396,9 +412,8 @@ if ( ! class_exists( 'ACF' ) ) {
 			 */
 			do_action( 'acf/include_taxonomies', ACF_MAJOR_VERSION );
 
-			// If we're on 6.5 or newer, load block bindings. This will move to an autoloader in 6.3.
+			// If we're on 6.5 or newer, load block bindings.
-			if ( version_compare( get_bloginfo( 'version' ), '6.5-beta1', '>=' ) ) {
+			if ( version_compare( get_bloginfo( 'version' ), '6.5', '>=' ) ) {
-				acf_include( 'includes/Blocks/Bindings.php' );
 				new ACF\Blocks\Bindings();
 			}
 
@@ -788,6 +803,37 @@ if ( ! class_exists( 'ACF' ) ) {
 		}
 	}
 
+	/**
+	 * An ACF specific getter to replace `home_url` in our license checks to ensure we can avoid third party filters.
+	 *
+	 * @since 6.0.1
+	 * @since 6.2.8 - Renamed to acf_pro_get_home_url to match pro exclusive function naming.
+	 * @since 6.3.10 - Renamed to acf_get_home_url now updater logic applies to free.
+	 *
+	 * @return string $home_url The output from home_url, sans known third party filters which cause license activation issues.
+	 */
+	function acf_get_home_url() {
+		if ( acf_is_pro() ) {
+			// Disable WPML and TranslatePress's home url overrides for our license check.
+			add_filter( 'wpml_get_home_url', 'acf_pro_license_ml_intercept', 99, 2 );
+			add_filter( 'trp_home_url', 'acf_pro_license_ml_intercept', 99, 2 );
+
+			if ( acf_pro_is_legacy_multisite() && acf_is_multisite_sub_site() ) {
+				$home_url = get_home_url( get_main_site_id() );
+			} else {
+				$home_url = home_url();
+			}
+
+			// Re-enable WPML and TranslatePress's home url overrides.
+			remove_filter( 'wpml_get_home_url', 'acf_pro_license_ml_intercept', 99 );
+			remove_filter( 'trp_home_url', 'acf_pro_license_ml_intercept', 99 );
+		} else {
+			$home_url = home_url();
+		}
+
+		return $home_url;
+	}
+
 	/**
 	 * The main function responsible for returning the one true acf Instance to functions everywhere.
 	 * Use this function like you would a global variable, except without needing to declare the global.

web/wp-content/plugins/advanced-custom-fields-pro/composer.json

@@ -0,0 +1,20 @@
+{
+	"name": "wp-engine/advanced-custom-fields",
+	"description": "Advanced Custom Fields",
+	"type": "wordpress-plugin",
+	"license": "GPLv2 or later",
+	"autoload": {
+		"psr-4": {
+			"ACF\\": "src/"
+		}
+	},
+	"authors": [
+		{
+			"name": "WP Engine"
+		}
+	],
+	"config": {
+		"optimize-autoloader": true
+	},
+	"require": {}
+}

web/wp-content/plugins/advanced-custom-fields-pro/includes/Updater/Updater.php

@@ -5,24 +5,28 @@
  * @package ACF
  */
 
+namespace ACF;
+
+use WP_Error;
+
 // Exit if accessed directly.
 if ( ! defined( 'ABSPATH' ) ) {
 	exit;
 }
 
-if ( ! class_exists( 'ACF_Updates' ) ) {
+if ( ! class_exists( 'Updater' ) ) {
 
 	/**
 	 * class for handling API services.
 	 */
-	class ACF_Updates {
+	class Updater {
 
 		/**
-		 * The ACF_Updates version
+		 * The Updater version
 		 *
 		 * @var string
 		 */
-		public $version = '2.4';
+		public $version = '3.0';
 
 		/**
 		 * The array of registered plugins
@@ -45,8 +49,8 @@ if ( ! class_exists( 'ACF_Updates' ) ) {
 		 */
 		public function __construct() {
 
-			// disable showing updates if show updates is hidden.
+			// disable showing PRO updates if show updates is hidden.
-			if ( ! acf_pro_is_updates_page_visible() ) {
+			if ( acf_is_pro() && ! acf_pro_is_updates_page_visible() ) {
 				return;
 			}
 
@@ -120,7 +124,16 @@ if ( ! class_exists( 'ACF_Updates' ) ) {
 		 */
 		public function request( $endpoint = '', $body = null ) {
 
-			// Determine URL.
+			$site_url = acf_get_home_url();
+			if ( empty( $site_url ) || ! is_string( $site_url ) ) {
+				$site_url = '';
+			}
+
+			$headers = array(
+				'X-ACF-Version' => ACF_VERSION,
+				'X-ACF-URL'     => $site_url,
+			);
+
 			$url = "https://connect.advancedcustomfields.com/$endpoint";
 
 			// Staging environment.
@@ -129,27 +142,25 @@ if ( ! class_exists( 'ACF_Updates' ) ) {
 				acf_log( $url, $body );
 			}
 
-			$license_key = acf_pro_get_license_key();
+			// Determine URL.
-			if ( ! $license_key ) {
+			if ( acf_is_pro() ) {
-				$license_key = '';
+				$license_key = acf_pro_get_license_key();
-			}
+				if ( empty( $license_key ) || ! is_string( $license_key ) ) {
-
+					$license_key = '';
-			$site_url = acf_pro_get_home_url();
+				}
-			if ( ! $site_url ) {
+				$headers['X-ACF-License'] = $license_key;
-				$site_url = '';
+				$headers['X-ACF-Plugin']  = 'pro';
+			} else {
+				$headers['X-ACF-Plugin'] = 'acf';
 			}
 
 			// Make request.
 			$raw_response = wp_remote_post(
 				$url,
 				array(
-					'timeout' => 28,
+					'timeout' => 20,
 					'body'    => $body,
-					'headers' => array(
+					'headers' => $headers,
-						'X-ACF-Version' => ACF_VERSION,
-						'X-ACF-License' => $license_key,
-						'X-ACF-URL'     => $site_url,
-					),
 				)
 			);
 
@@ -298,7 +309,7 @@ if ( ! class_exists( 'ACF_Updates' ) ) {
 				'wp'      => wp_json_encode(
 					array(
 						'wp_name'      => get_bloginfo( 'name' ),
-						'wp_url'       => acf_pro_get_home_url(),
+						'wp_url'       => acf_get_home_url(),
 						'wp_version'   => get_bloginfo( 'version' ),
 						'wp_language'  => get_bloginfo( 'language' ),
 						'wp_timezone'  => get_option( 'timezone_string' ),
@@ -310,7 +321,7 @@ if ( ! class_exists( 'ACF_Updates' ) ) {
 					array(
 						'acf_version' => get_option( 'acf_version' ),
 						'acf_pro'     => acf_is_pro(),
-						'block_count' => acf_pro_get_registered_block_count(),
+						'block_count' => function_exists( 'acf_pro_get_registered_block_count' ) ? acf_pro_get_registered_block_count() : 0,
 					)
 				),
 			);
@@ -481,34 +492,4 @@ if ( ! class_exists( 'ACF_Updates' ) ) {
 		}
 	}
 
-
-	/**
-	 * The main function responsible for returning the acf_updates singleton.
-	 * Use this function like you would a global variable, except without needing to declare the global.
-	 *
-	 * Example: <?php $acf_updates = acf_updates(); ?>
-	 *
-	 * @since   5.5.12
-	 *
-	 * @return ACF_Updates The singleton instance of ACF_Updates.
-	 */
-	function acf_updates() {
-		global $acf_updates;
-		if ( ! isset( $acf_updates ) ) {
-			$acf_updates = new ACF_Updates();
-		}
-		return $acf_updates;
-	}
-
-	/**
-	 * Alias of acf_updates()->add_plugin().
-	 *
-	 * @since   5.5.10
-	 *
-	 * @param   array $plugin Plugin data array.
-	 */
-	function acf_register_plugin_update( $plugin ) {
-		acf_updates()->add_plugin( $plugin );
-	}
-
 }

web/wp-content/plugins/advanced-custom-fields-pro/includes/Updater/init.php

@@ -0,0 +1,126 @@
+<?php
+/**
+ * Initializes ACF updater logic and logic specific to ACF direct downloads.
+ *
+ * @package ACF
+ */
+
+if ( ! defined( 'ABSPATH' ) ) {
+	exit;
+}
+
+// Include updater.
+acf_include( 'includes/Updater/Updater.php' );
+
+if ( ! class_exists( 'ACF_Updates' ) ) {
+	/**
+	 * The main function responsible for returning the acf_updates singleton.
+	 * Use this function like you would a global variable, except without needing to declare the global.
+	 *
+	 * Example: <?php $acf_updates = acf_updates(); ?>
+	 *
+	 * @since   5.5.12
+	 *
+	 * @return ACF\Updater The singleton instance of Updater.
+	 */
+	function acf_updates() {
+		global $acf_updates;
+		if ( ! isset( $acf_updates ) ) {
+			$acf_updates = new ACF\Updater();
+		}
+		return $acf_updates;
+	}
+
+	/**
+	 * Alias of acf_updates()->add_plugin().
+	 *
+	 * @since   5.5.10
+	 *
+	 * @param   array $plugin Plugin data array.
+	 */
+	function acf_register_plugin_update( $plugin ) {
+		acf_updates()->add_plugin( $plugin );
+	}
+
+	/**
+	 * Register a dummy ACF_Updates class for back compat.
+	 */
+	class ACF_Updates {} //phpcs:ignore -- Back compat.
+}
+
+/**
+ * Registers updates for the free version of ACF hosted on connect.
+ *
+ * @return void
+ */
+function acf_register_free_updates() {
+	// If we're ACF free, register the updater.
+	if ( function_exists( 'acf_is_pro' ) && ! acf_is_pro() ) {
+		acf_register_plugin_update(
+			array(
+				'id'       => 'acf',
+				'slug'     => acf_get_setting( 'slug' ),
+				'basename' => acf_get_setting( 'basename' ),
+				'version'  => acf_get_setting( 'version' ),
+			)
+		);
+	}
+}
+add_action( 'acf/init', 'acf_register_free_updates' );
+
+/**
+ * Filters the "Update Source" param in the ACF site health.
+ *
+ * @since 6.3.11.1
+ *
+ * @param string $update_source The original update source.
+ * @return string
+ */
+function acf_direct_update_source( $update_source ) {
+	return __( 'ACF Direct', 'acf' );
+}
+add_filter( 'acf/site_health/update_source', 'acf_direct_update_source' );
+
+/**
+ * Unsets ACF from reporting back to the WP.org API.
+ *
+ * @param array  $args An array of HTTP request arguments.
+ * @param string $url  The request URL.
+ * @return array|mixed
+ */
+function acf_unset_plugin_from_org_reporting( $args, $url ) {
+	// Bail if not a plugins request.
+	if ( empty( $args['body']['plugins'] ) ) {
+		return $args;
+	}
+
+	// Bail if not a request to the wp.org API.
+	$parsed_url = wp_parse_url( $url );
+	if ( empty( $parsed_url['host'] ) || 'api.wordpress.org' !== $parsed_url['host'] ) {
+		return $args;
+	}
+
+	$plugins = json_decode( $args['body']['plugins'], true );
+	if ( empty( $plugins ) ) {
+		return $args;
+	}
+
+	// Remove ACF from reporting.
+	if ( ! empty( $plugins['plugins'][ ACF_BASENAME ] ) ) {
+		unset( $plugins['plugins'][ ACF_BASENAME ] );
+	}
+
+	if ( ! empty( $plugins['active'] ) && is_array( $plugins['active'] ) ) {
+		$is_active = array_search( ACF_BASENAME, $plugins['active'], true );
+		if ( $is_active !== false ) {
+			unset( $plugins['active'][ $is_active ] );
+			$plugins['active'] = array_values( $plugins['active'] );
+		}
+	}
+
+	// Add the plugins list (minus ACF) back to $args.
+	$args['body']['plugins'] = wp_json_encode( $plugins );
+
+	return $args;
+}
+add_filter( 'http_request_args', 'acf_unset_plugin_from_org_reporting', 10, 2 );

web/wp-content/plugins/advanced-custom-fields-pro/includes/acf-meta-functions.php

@@ -11,44 +11,21 @@
  * @return array
  */
 function acf_get_meta( $post_id = 0 ) {
-
 	// Allow filter to short-circuit load_value logic.
 	$null = apply_filters( 'acf/pre_load_meta', null, $post_id );
 	if ( $null !== null ) {
 		return ( $null === '__return_null' ) ? null : $null;
 	}
 
-	// Decode $post_id for $type and $id.
+	// Decode the $post_id for $type and $id.
-	$decoded = acf_decode_post_id( $post_id );
+	$decoded  = acf_decode_post_id( $post_id );
+	$instance = acf_get_meta_instance( $decoded['type'] );
+	$meta     = array();
 
-	/**
+	if ( $instance ) {
-	 * Determine CRUD function.
+		$meta = $instance->get_meta( $decoded['id'] );
-	 *
-	 * - Relies on decoded post_id result to identify option or meta types.
-	 * - Uses xxx_metadata(type) instead of xxx_type_meta() to bypass additional logic that could alter the ID.
-	 */
-	if ( $decoded['type'] === 'option' ) {
-		$allmeta = acf_get_option_meta( $decoded['id'] );
-	} else {
-		$allmeta = get_metadata( $decoded['type'], $decoded['id'], '' );
 	}
 
-	// Loop over meta and check that a reference exists for each value.
-	$meta = array();
-	if ( $allmeta ) {
-		foreach ( $allmeta as $key => $value ) {
-
-			// If a reference exists for this value, add it to the meta array.
-			if ( isset( $allmeta[ "_$key" ] ) ) {
-				$meta[ $key ]    = $allmeta[ $key ][0];
-				$meta[ "_$key" ] = $allmeta[ "_$key" ][0];
-			}
-		}
-	}
-
-	// Unserialized results (get_metadata does not unserialize if $key is empty).
-	$meta = array_map( 'acf_maybe_unserialize', $meta );
-
 	/**
 	 * Filters the $meta array after it has been loaded.
 	 *
@@ -74,7 +51,6 @@ function acf_get_meta( $post_id = 0 ) {
  * @return  array
  */
 function acf_get_option_meta( $prefix = '' ) {
-
 	// Globals.
 	global $wpdb;
 
@@ -241,32 +217,23 @@ function acf_delete_metadata( $post_id = 0, $name = '', $hidden = false ) {
 }
 
 /**
- * acf_copy_postmeta
- *
  * Copies meta from one post to another. Useful for saving and restoring revisions.
  *
- * @date    25/06/2016
  * @since   5.3.8
  *
- * @param   (int|string) $from_post_id The post id to copy from.
+ * @param integer|string $from_post_id The post id to copy from.
- * @param   (int|string) $to_post_id   The post id to paste to.
+ * @param integer|string $to_post_id   The post id to paste to.
- * @return  void
+ * @return void
  */
 function acf_copy_metadata( $from_post_id = 0, $to_post_id = 0 ) {
-
+	// Get all metadata.
-	// Get all postmeta.
 	$meta = acf_get_meta( $from_post_id );
 
-	// Check meta.
+	$decoded  = acf_decode_post_id( $to_post_id );
-	if ( $meta ) {
+	$instance = acf_get_meta_instance( $decoded['type'] );
 
-		// Slash data. WP expects all data to be slashed and will unslash it (fixes '\' character issues).
+	if ( $meta && $instance ) {
-		$meta = wp_slash( $meta );
+		$instance->update_meta( $decoded['id'], $meta );
-
-		// Loop over meta.
-		foreach ( $meta as $name => $value ) {
-			acf_update_metadata( $to_post_id, $name, $value );
-		}
 	}
 }
 
@@ -382,3 +349,155 @@ function acf_update_metaref( $post_id = 0, $type = 'fields', $references = array
 	// Update metadata.
 	return acf_update_metadata( $post_id, "_acf_$type", $references );
 }
+
+/**
+ * Retrieves an ACF meta instance for the provided meta type.
+ *
+ * @since 6.4
+ *
+ * @param string $type The meta type as decoded from the post ID.
+ * @return object|null
+ */
+function acf_get_meta_instance( string $type ): ?object {
+	$instance       = null;
+	$meta_locations = acf_get_store( 'acf-meta-locations' );
+
+	if ( $meta_locations && $meta_locations->has( $type ) ) {
+		$instance = acf_get_instance( $meta_locations->get( $type ) );
+	}
+
+	return $instance;
+}
+
+/**
+ * Gets metadata from the database.
+ *
+ * @since 6.4
+ *
+ * @param integer|string $post_id The post id.
+ * @param array          $field   The field array.
+ * @param boolean        $hidden  True if we should return the reference key.
+ * @return mixed
+ */
+function acf_get_metadata_by_field( $post_id = 0, $field = array(), bool $hidden = false ) {
+	if ( empty( $field['name'] ) ) {
+		return null;
+	}
+
+	// Allow filter to short-circuit logic.
+	$null = apply_filters( 'acf/pre_load_metadata', null, $post_id, $field['name'], $hidden );
+	if ( $null !== null ) {
+		return ( $null === '__return_null' ) ? null : $null;
+	}
+
+	// Decode the $post_id for $type and $id.
+	$decoded = acf_decode_post_id( $post_id );
+	$id      = $decoded['id'];
+	$type    = $decoded['type'];
+
+	// Bail early if no $id (possible during new acf_form).
+	if ( ! $id ) {
+		return null;
+	}
+
+	$meta_instance = acf_get_meta_instance( $type );
+
+	if ( ! $meta_instance ) {
+		return false;
+	}
+
+	if ( $hidden ) {
+		return $meta_instance->get_reference( $id, $field['name'] );
+	}
+
+	return $meta_instance->get_value( $id, $field );
+}
+
+/**
+ * Updates metadata in the database.
+ *
+ * @since 6.4
+ *
+ * @param integer|string $post_id The post id.
+ * @param array          $field   The field array.
+ * @param mixed          $value   The meta value.
+ * @param boolean        $hidden  True if we should update the reference key.
+ * @return integer|boolean Meta ID if the key didn't exist, true on successful update, false on failure.
+ */
+function acf_update_metadata_by_field( $post_id = 0, $field = array(), $value = '', bool $hidden = false ) {
+	if ( empty( $field['name'] ) ) {
+		return null;
+	}
+
+	// Allow filter to short-circuit logic.
+	$pre = apply_filters( 'acf/pre_update_metadata', null, $post_id, $field['name'], $value, $hidden );
+	if ( $pre !== null ) {
+		return $pre;
+	}
+
+	// Decode the $post_id for $type and $id.
+	$decoded = acf_decode_post_id( $post_id );
+	$id      = $decoded['id'];
+	$type    = $decoded['type'];
+
+	// Bail early if no $id (possible during new acf_form).
+	if ( ! $id ) {
+		return false;
+	}
+
+	$meta_instance = acf_get_meta_instance( $type );
+
+	if ( ! $meta_instance ) {
+		return false;
+	}
+
+	if ( $hidden ) {
+		return $meta_instance->update_reference( $id, $field['name'], $field['key'] );
+	}
+
+	return $meta_instance->update_value( $id, $field, $value );
+}
+
+/**
+ * Deletes metadata from the database.
+ *
+ * @since 6.4
+ *
+ * @param integer|string $post_id The post id.
+ * @param array          $field   The field array.
+ * @param boolean        $hidden  True if we should update the reference key.
+ * @return boolean
+ */
+function acf_delete_metadata_by_field( $post_id = 0, $field = array(), bool $hidden = false ) {
+	if ( empty( $field['name'] ) ) {
+		return null;
+	}
+
+	// Allow filter to short-circuit logic.
+	$pre = apply_filters( 'acf/pre_delete_metadata', null, $post_id, $field['name'], $hidden );
+	if ( $pre !== null ) {
+		return $pre;
+	}
+
+	// Decode the $post_id for $type and $id.
+	$decoded = acf_decode_post_id( $post_id );
+	$id      = $decoded['id'];
+	$type    = $decoded['type'];
+
+	// Bail early if no $id (possible during new acf_form).
+	if ( ! $id ) {
+		return false;
+	}
+
+	$meta_instance = acf_get_meta_instance( $type );
+
+	if ( ! $meta_instance ) {
+		return false;
+	}
+
+	if ( $hidden ) {
+		return $meta_instance->delete_reference( $id, $field['name'] );
+	}
+
+	return $meta_instance->delete_value( $id, $field );
+}

web/wp-content/plugins/advanced-custom-fields-pro/includes/acf-upgrades.php

@@ -1,17 +0,0 @@
-<?php
-
-namespace ACF\Upgrades;
-
-/**
- * Initialize the checking for plugin updates for ACF non-PRO.
- */
-function check_for_acf_upgrades() {
-	$properties = array(
-		// This must match the key in "https://wpe-plugin-updates.wpengine.com/plugins.json".
-		'plugin_slug'     => 'advanced-custom-fields',
-		'plugin_basename' => ACF_BASENAME,
-	);
-
-	new \ACF\Upgrades\PluginUpdater( $properties );
-}
-add_action( 'admin_init', __NAMESPACE__ . '\check_for_acf_upgrades' );

web/wp-content/plugins/advanced-custom-fields-pro/includes/acf-value-functions.php

@@ -13,18 +13,35 @@ acf_register_store( 'values' )->prop( 'multisite', true );
  *
  * @param   string $field_name The name of the field. eg 'sub_heading'.
  * @param   mixed  $post_id    The post_id of which the value is saved against.
- * @return  string The field key.
+ * @return  string|null The field key, or null on failure.
  */
 function acf_get_reference( $field_name, $post_id ) {
-
 	// Allow filter to short-circuit load_value logic.
 	$reference = apply_filters( 'acf/pre_load_reference', null, $field_name, $post_id );
 	if ( $reference !== null ) {
 		return $reference;
 	}
 
+	// Back-compat.
+	$reference = apply_filters( 'acf/pre_load_metadata', null, $post_id, $field_name, true );
+	if ( $reference !== null ) {
+		return ( $reference === '__return_null' ) ? null : $reference;
+	}
+
+	$decoded = acf_decode_post_id( $post_id );
+
+	// Bail if no ID or type.
+	if ( empty( $decoded['id'] ) || empty( $decoded['type'] ) ) {
+		return null;
+	}
+
+	$meta_instance = acf_get_meta_instance( $decoded['type'] );
+	if ( ! $meta_instance ) {
+		return null;
+	}
+
 	// Get hidden meta for this field name.
-	$reference = acf_get_metadata( $post_id, $field_name, true );
+	$reference = $meta_instance->get_reference( $decoded['id'], $field_name );
 
 	/**
 	 * Filters the reference value.
@@ -78,7 +95,9 @@ function acf_get_value( $post_id, $field ) {
 
 	// If we're using a non options_ option key, ensure we have a valid reference key.
 	if ( 'option' === $decoded['type'] && 'options' !== $decoded['id'] ) {
-		$meta = acf_get_metadata( $post_id, $field_name, true );
+		// TODO: Move this into options meta class? i.e. return false
+		$meta = acf_get_metadata_by_field( $post_id, $field, true );
+
 		if ( ! $meta ) {
 			$allow_load = false;
 		} elseif ( $meta !== $field['key'] ) {
@@ -97,7 +116,7 @@ function acf_get_value( $post_id, $field ) {
 			return $store->get( "$post_id:$field_name" );
 		}
 
-		$value = acf_get_metadata( $post_id, $field_name );
+		$value = acf_get_metadata_by_field( $post_id, $field );
 	}
 
 	// Use field's default_value if no meta was found.
@@ -220,11 +239,9 @@ function acf_update_value( $value, $post_id, $field ) {
 		return acf_delete_value( $post_id, $field );
 	}
 
-	// Update meta.
+	// Update value and reference key.
-	$return = acf_update_metadata( $post_id, $field['name'], $value );
+	$return = acf_update_metadata_by_field( $post_id, $field, $value );
-
+	acf_update_metadata_by_field( $post_id, $field, $field['key'], true );
-	// Update reference.
-	acf_update_metadata( $post_id, $field['name'], $field['key'], true );
 
 	// Delete stored data.
 	acf_flush_value_cache( $post_id, $field['name'] );
@@ -310,11 +327,9 @@ function acf_delete_value( $post_id, $field ) {
 	 */
 	do_action( 'acf/delete_value', $post_id, $field['name'], $field );
 
-	// Delete meta.
+	// Delete value and reference key.
-	$return = acf_delete_metadata( $post_id, $field['name'] );
+	$return = acf_delete_metadata_by_field( $post_id, $field );
-
+	acf_delete_metadata_by_field( $post_id, $field, true );
-	// Delete reference.
-	acf_delete_metadata( $post_id, $field['name'], true );
 
 	// Delete stored data.
 	acf_flush_value_cache( $post_id, $field['name'] );
@@ -372,8 +387,8 @@ function acf_log_invalid_field_notice( $field, $function ) {
 	}
 
 	$error_text = sprintf(
-		/* translators: %1 plugin name, %2 the URL to the documentation on this error */
+		// This happens too early for translations to be loaded properly.
-		__( '<strong>%1$s</strong> - We\'ve detected one or more calls to retrieve ACF field values before ACF has been initialized. This is not supported and can result in malformed or missing data. <a href="%2$s" target="_blank">Learn how to fix this</a>.', 'acf' ),
+		'<strong>%1$s</strong> - We\'ve detected one or more calls to retrieve ACF field values before ACF has been initialized. This is not supported and can result in malformed or missing data. <a href="%2$s" target="_blank">Learn how to fix this</a>.',
 		acf_get_setting( 'name' ),
 		acf_add_url_utm_tags( 'https://www.advancedcustomfields.com/resources/acf-field-functions/', 'docs', 'early_init_warning' )
 	);

web/wp-content/plugins/advanced-custom-fields-pro/includes/acf-wp-functions.php

@@ -195,6 +195,10 @@ function acf_decode_post_id( $post_id = 0 ) {
 			$type = taxonomy_exists( $type ) ? 'term' : 'blog';
 			$id   = absint( $id );
 			break;
+		case 'woo_order_%d':
+			$type = 'woo_order';
+			$id   = absint( $id );
+			break;
 		default:
 			// Check for taxonomy name.
 			if ( taxonomy_exists( $type ) && is_numeric( $id ) ) {

web/wp-content/plugins/advanced-custom-fields-pro/includes/admin/admin-internal-post-type.php

@@ -45,7 +45,6 @@ if ( ! class_exists( 'ACF_Admin_Internal_Post_Type' ) ) :
 			add_action( 'current_screen', array( $this, 'current_screen' ) );
 			add_action( 'save_post_' . $this->post_type, array( $this, 'save_post' ), 10, 2 );
 			add_action( 'wp_ajax_acf/link_field_groups', array( $this, 'ajax_link_field_groups' ) );
-			add_filter( 'post_updated_messages', array( $this, 'post_updated_messages' ) );
 			add_filter( 'use_block_editor_for_post_type', array( $this, 'use_block_editor_for_post_type' ), 10, 2 );
 		}
 
@@ -92,6 +91,7 @@ if ( ! class_exists( 'ACF_Admin_Internal_Post_Type' ) ) :
 			acf_enqueue_scripts();
 
 			add_action( 'admin_body_class', array( $this, 'admin_body_class' ) );
+			add_filter( 'post_updated_messages', array( $this, 'post_updated_messages' ) );
 			add_action( 'acf/input/admin_enqueue_scripts', array( $this, 'admin_enqueue_scripts' ) );
 			add_action( 'acf/input/admin_head', array( $this, 'admin_head' ) );
 			add_action( 'acf/input/form_data', array( $this, 'form_data' ) );

web/wp-content/plugins/advanced-custom-fields-pro/includes/admin/admin.php

@@ -216,7 +216,7 @@ if ( ! class_exists( 'ACF_Admin' ) ) :
 			}
 
 			// Allow opting-out of the notice.
-			if ( apply_filters( 'acf/admin/prevent_escaped_html_notice', false ) ) {
+			if ( apply_filters( 'acf/admin/prevent_escaped_html_notice', true ) ) {
 				return;
 			}
 
@@ -318,9 +318,18 @@ if ( ! class_exists( 'ACF_Admin' ) ) :
 			$wp_engine_link = acf_add_url_utm_tags( 'https://wpengine.com/', 'bx_prod_referral', acf_is_pro() ? 'acf_pro_plugin_footer_text' : 'acf_free_plugin_footer_text', false, 'acf_plugin', 'referral' );
 			$acf_link       = acf_add_url_utm_tags( 'https://www.advancedcustomfields.com/', 'footer', 'footer' );
 
+			if ( acf_is_pro() ) {
+				return sprintf(
+					/* translators: This text is prepended by a link to ACF's website, and appended by a link to WP Engine's website. */
+					'<a href="%1$s" target="_blank">ACF&#174;</a> and <a href="%1$s" target="_blank">ACF&#174; PRO</a> ' . __( 'are developed and maintained by', 'acf' ) . ' <a href="%2$s" target="_blank">WP Engine</a>.',
+					$acf_link,
+					$wp_engine_link
+				);
+			}
+
 			return sprintf(
 				/* translators: This text is prepended by a link to ACF's website, and appended by a link to WP Engine's website. */
-				'<a href="%1$s" target="_blank">' . ( acf_is_pro() ? 'ACF PRO' : 'ACF' ) . '</a> ' . __( 'is developed and maintained by', 'acf' ) . ' <a href="%2$s" target="_blank">WP Engine</a>.',
+				'<a href="%1$s" target="_blank">ACF&#174;</a> ' . __( 'is developed and maintained by', 'acf' ) . ' <a href="%2$s" target="_blank">WP Engine</a>.',
 				$acf_link,
 				$wp_engine_link
 			);

web/wp-content/plugins/advanced-custom-fields-pro/includes/admin/post-types/admin-post-type.php

@@ -312,6 +312,15 @@ if ( ! class_exists( 'ACF_Admin_Post_Type' ) ) :
 			$_POST['acf_post_type']['ID']    = $post_id;
 			$_POST['acf_post_type']['title'] = isset( $_POST['acf_post_type']['labels']['name'] ) ? $_POST['acf_post_type']['labels']['name'] : '';
 
+			if ( ! acf_get_setting( 'enable_meta_box_cb_edit' ) ) {
+				$_POST['acf_post_type']['register_meta_box_cb'] = '';
+
+				$existing_post = acf_maybe_unserialize( $post->post_content );
+				if ( ! empty( $existing_post['register_meta_box_cb'] ) ) {
+					$_POST['acf_post_type']['register_meta_box_cb'] = $existing_post['register_meta_box_cb'];
+				}
+			}
+
 			// Save the post type.
 			acf_update_internal_post_type( $_POST['acf_post_type'], $this->post_type ); // phpcs:ignore WordPress.Security.NonceVerification.Missing -- Validated in verify_save_post
 			// phpcs:enable WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

web/wp-content/plugins/advanced-custom-fields-pro/includes/admin/post-types/admin-taxonomy.php

@@ -314,6 +314,29 @@ if ( ! class_exists( 'ACF_Admin_Taxonomy' ) ) :
 			$_POST['acf_taxonomy']['ID']    = $post_id;
 			$_POST['acf_taxonomy']['title'] = isset( $_POST['acf_taxonomy']['labels']['name'] ) ? $_POST['acf_taxonomy']['labels']['name'] : '';
 
+			if ( ! acf_get_setting( 'enable_meta_box_cb_edit' ) ) {
+				$_POST['acf_taxonomy']['meta_box_cb']          = '';
+				$_POST['acf_taxonomy']['meta_box_sanitize_cb'] = '';
+
+				if ( ! empty( $_POST['acf_taxonomy']['meta_box'] ) && 'custom' === $_POST['acf_taxonomy']['meta_box'] ) {
+					$_POST['acf_taxonomy']['meta_box'] = 'default';
+				}
+
+				$existing_post = acf_maybe_unserialize( $post->post_content );
+
+				if ( ! empty( $existing_post['meta_box'] ) ) {
+					$_POST['acf_taxonomy']['meta_box'] = $existing_post['meta_box'];
+				}
+
+				if ( ! empty( $existing_post['meta_box_cb'] ) ) {
+					$_POST['acf_taxonomy']['meta_box_cb'] = $existing_post['meta_box_cb'];
+				}
+
+				if ( ! empty( $existing_post['meta_box_sanitize_cb'] ) ) {
+					$_POST['acf_taxonomy']['meta_box_sanitize_cb'] = $existing_post['meta_box_sanitize_cb'];
+				}
+			}
+
 			// Save the taxonomy.
 			acf_update_internal_post_type( $_POST['acf_taxonomy'], $this->post_type ); // phpcs:ignore WordPress.Security.NonceVerification.Missing -- Validated in verify_save_post
 			// phpcs:enable WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

web/wp-content/plugins/advanced-custom-fields-pro/includes/admin/views/acf-field-group/field.php

@@ -319,6 +319,7 @@ if ( isset( $field['conditional_logic'] ) && is_array( $field['conditional_logic
 				?>
 				<div class="acf-field-settings-footer">
 					<a class="button close-field edit-field" title="<?php esc_attr_e( 'Close Field', 'acf' ); ?>" href="#"><?php esc_html_e( 'Close Field', 'acf' ); ?></a>
+					<a class="acf-btn acf-btn-secondary close-add-field" title="<?php esc_attr_e( 'Close and Add Field', 'acf' ); ?>" href="#"><?php esc_html_e( 'Close and Add Field', 'acf' ); ?></a>
 				</div>
 			</div>
 		</div>

web/wp-content/plugins/advanced-custom-fields-pro/includes/admin/views/acf-field-group/fields.php

@@ -98,7 +98,7 @@ if ( $is_subfield ) {
 
 	<ul class="acf-hl acf-tfoot">
 		<li class="acf-fr">
-			<a href="#" class="acf-btn acf-btn-secondary add-field"><i class="acf-icon acf-icon-plus"></i><?php esc_html_e( 'Add Field', 'acf' ); ?></a>
+			<a href="#" class="acf-btn acf-btn-sm add-field"><i class="acf-icon acf-icon-plus"></i><?php esc_html_e( 'Add Field', 'acf' ); ?></a>
 		</li>
 	</ul>
 

web/wp-content/plugins/advanced-custom-fields-pro/includes/admin/views/acf-post-type/advanced-settings.php

@@ -838,24 +838,39 @@ foreach ( acf_get_combined_post_type_settings_tabs() as $tab_key => $tab_label )
 				'field'
 			);
 
-			acf_render_field_wrap(
+			$acf_enable_meta_box_cb_edit  = acf_get_setting( 'enable_meta_box_cb_edit' );
-				array(
+			$acf_meta_box_cb_instructions = __( 'A PHP function name to be called when setting up the meta boxes for the edit screen. For security, this callback will be executed in a special context without access to any superglobals like $_POST or $_GET.', 'acf' );
-					'type'         => 'text',
+
-					'name'         => 'register_meta_box_cb',
+			// Only show if user is allowed to update, or if it already has a value.
-					'key'          => 'register_meta_box_cb',
+			if ( $acf_enable_meta_box_cb_edit || ! empty( $acf_post_type['register_meta_box_cb'] ) ) {
-					'prefix'       => 'acf_post_type',
+				if ( ! $acf_enable_meta_box_cb_edit ) {
-					'value'        => $acf_post_type['register_meta_box_cb'],
+					if ( is_multisite() ) {
-					'label'        => __( 'Custom Meta Box Callback', 'acf' ),
+						$acf_meta_box_cb_instructions .= ' ' . __( 'By default only super admin users can edit this setting.', 'acf' );
-					'instructions' => __( 'A PHP function name to be called when setting up the meta boxes for the edit screen. For security, this callback will be executed in a special context without access to any superglobals like $_POST or $_GET.', 'acf' ),
+					} else {
-					'conditions'   => array(
+						$acf_meta_box_cb_instructions .= ' ' . __( 'By default only admin users can edit this setting.', 'acf' );
-						'field'    => 'show_ui',
+					}
-						'operator' => '==',
+				}
-						'value'    => '1',
+
+				acf_render_field_wrap(
+					array(
+						'type'         => 'text',
+						'name'         => 'register_meta_box_cb',
+						'key'          => 'register_meta_box_cb',
+						'prefix'       => 'acf_post_type',
+						'value'        => $acf_post_type['register_meta_box_cb'],
+						'label'        => __( 'Custom Meta Box Callback', 'acf' ),
+						'instructions' => $acf_meta_box_cb_instructions,
+						'readonly'     => ! $acf_enable_meta_box_cb_edit,
+						'conditions'   => array(
+							'field'    => 'show_ui',
+							'operator' => '==',
+							'value'    => '1',
+						),
 					),
-				),
+					'div',
-				'div',
+					'field'
-				'field'
+				);
-			);
+			}
 
 			acf_render_field_wrap(
 				array(

web/wp-content/plugins/advanced-custom-fields-pro/includes/admin/views/acf-taxonomy/advanced-settings.php

@@ -745,6 +745,16 @@ foreach ( acf_get_combined_taxonomy_settings_tabs() as $tab_key => $tab_label )
 			$acf_tags_meta_box_text       = __( 'Tags Meta Box', 'acf' );
 			$acf_categories_meta_box_text = __( 'Categories Meta Box', 'acf' );
 			$acf_default_meta_box_text    = empty( $acf_taxonomy['hierarchical'] ) ? $acf_tags_meta_box_text : $acf_categories_meta_box_text;
+			$acf_enable_meta_box_cb_edit  = acf_get_setting( 'enable_meta_box_cb_edit' );
+			$acf_meta_box_choices         = array(
+				'default'  => $acf_default_meta_box_text,
+				'custom'   => __( 'Custom Meta Box', 'acf' ),
+				'disabled' => __( 'No Meta Box', 'acf' ),
+			);
+
+			if ( ! $acf_enable_meta_box_cb_edit && 'custom' !== $acf_taxonomy['meta_box'] ) {
+				unset( $acf_meta_box_choices['custom'] );
+			}
 
 			acf_render_field_wrap(
 				array(
@@ -757,11 +767,7 @@ foreach ( acf_get_combined_taxonomy_settings_tabs() as $tab_key => $tab_label )
 					'label'        => __( 'Meta Box', 'acf' ),
 					'instructions' => __( 'Controls the meta box on the content editor screen. By default, the Categories meta box is shown for hierarchical taxonomies, and the Tags meta box is shown for non-hierarchical taxonomies.', 'acf' ),
 					'hide_search'  => true,
-					'choices'      => array(
+					'choices'      => $acf_meta_box_choices,
-						'default'  => $acf_default_meta_box_text,
-						'custom'   => __( 'Custom Meta Box', 'acf' ),
-						'disabled' => __( 'No Meta Box', 'acf' ),
-					),
 					'data'         => array(
 						'tags_meta_box'       => __( 'Tags Meta Box', 'acf' ),
 						'categories_meta_box' => __( 'Categories Meta Box', 'acf' ),
@@ -794,54 +800,68 @@ foreach ( acf_get_combined_taxonomy_settings_tabs() as $tab_key => $tab_label )
 				)
 			);
 
-			acf_render_field_wrap(
+			if ( $acf_enable_meta_box_cb_edit || 'custom' === $acf_taxonomy['meta_box'] ) {
-				array(
+				$acf_meta_box_cb_instructions = __( 'A PHP function name to be called to handle the content of a meta box on your taxonomy. For security, this callback will be executed in a special context without access to any superglobals like $_POST or $_GET.', 'acf' );
-					'type'         => 'text',
-					'name'         => 'meta_box_cb',
-					'key'          => 'meta_box_cb',
-					'prefix'       => 'acf_taxonomy',
-					'value'        => $acf_taxonomy['meta_box_cb'],
-					'label'        => __( 'Register Meta Box Callback', 'acf' ),
-					'instructions' => __( 'A PHP function name to be called to handle the content of a meta box on your taxonomy. For security, this callback will be executed in a special context without access to any superglobals like $_POST or $_GET.', 'acf' ),
-					'conditions'   => array(
-						'field'    => 'meta_box',
-						'operator' => '==',
-						'value'    => 'custom',
-					),
-				),
-				'div',
-				'field'
-			);
 
-			acf_render_field_wrap(
+				if ( ! $acf_enable_meta_box_cb_edit ) {
-				array(
+					if ( is_multisite() ) {
-					'type'         => 'text',
+						$acf_meta_box_cb_instructions .= ' ' . __( 'By default only super admin users can edit this setting.', 'acf' );
-					'name'         => 'meta_box_sanitize_cb',
+					} else {
-					'key'          => 'meta_box_sanitize_cb',
+						$acf_meta_box_cb_instructions .= ' ' . __( 'By default only admin users can edit this setting.', 'acf' );
-					'prefix'       => 'acf_taxonomy',
+					}
-					'value'        => $acf_taxonomy['meta_box_sanitize_cb'],
+				}
-					'label'        => __( 'Meta Box Sanitization Callback', 'acf' ),
-					'instructions' => __( 'A PHP function name to be called for sanitizing taxonomy data saved from a meta box.', 'acf' ),
-					'conditions'   => array(
-						'field'    => 'meta_box',
-						'operator' => '==',
-						'value'    => 'custom',
-					),
-				),
-				'div',
-				'field'
-			);
 
-			acf_render_field_wrap(
+				acf_render_field_wrap(
-				array(
+					array(
-					'type'       => 'seperator',
+						'type'         => 'text',
-					'conditions' => array(
+						'name'         => 'meta_box_cb',
-						'field'    => 'meta_box',
+						'key'          => 'meta_box_cb',
-						'operator' => '==',
+						'prefix'       => 'acf_taxonomy',
-						'value'    => 'custom',
+						'value'        => $acf_taxonomy['meta_box_cb'],
+						'label'        => __( 'Register Meta Box Callback', 'acf' ),
+						'instructions' => $acf_meta_box_cb_instructions,
+						'readonly'     => ! $acf_enable_meta_box_cb_edit,
+						'conditions'   => array(
+							'field'    => 'meta_box',
+							'operator' => '==',
+							'value'    => 'custom',
+						),
 					),
-				)
+					'div',
-			);
+					'field'
+				);
+
+				acf_render_field_wrap(
+					array(
+						'type'         => 'text',
+						'name'         => 'meta_box_sanitize_cb',
+						'key'          => 'meta_box_sanitize_cb',
+						'prefix'       => 'acf_taxonomy',
+						'value'        => $acf_taxonomy['meta_box_sanitize_cb'],
+						'label'        => __( 'Meta Box Sanitization Callback', 'acf' ),
+						'instructions' => __( 'A PHP function name to be called for sanitizing taxonomy data saved from a meta box.', 'acf' ),
+						'readonly'     => ! $acf_enable_meta_box_cb_edit,
+						'conditions'   => array(
+							'field'    => 'meta_box',
+							'operator' => '==',
+							'value'    => 'custom',
+						),
+					),
+					'div',
+					'field'
+				);
+
+				acf_render_field_wrap(
+					array(
+						'type'       => 'seperator',
+						'conditions' => array(
+							'field'    => 'meta_box',
+							'operator' => '==',
+							'value'    => 'custom',
+						),
+					)
+				);
+			}
 
 			acf_render_field_wrap(
 				array(

web/wp-content/plugins/advanced-custom-fields-pro/includes/admin/views/global/navigation.php

@@ -93,10 +93,11 @@ if ( ! defined( 'PWP_NAME' ) ) {
 	$acf_wpengine_logo     = sprintf( '<span><img class="acf-wp-engine-pro" src="%s" alt="WP Engine" /></span>', $acf_wpengine_logo );
 	$utm_content           = acf_is_pro() ? 'acf_pro_plugin_topbar_dropdown_cta' : 'acf_free_plugin_topbar_dropdown_cta';
 	$wpengine_more_items[] = array(
-		'url'      => acf_add_url_utm_tags( 'https://wpengine.com/plans/?coupon=freedomtocreate', 'bx_prod_referral', $utm_content, false, 'acf_plugin', 'referral' ),
+		'url'        => acf_add_url_utm_tags( 'https://wpengine.com/plans/?coupon=freedomtocreate', 'bx_prod_referral', $utm_content, false, 'acf_plugin', 'referral' ),
-		'text'     => $acf_wpengine_logo . '<span class="acf-wp-engine-upsell-pill">' . __( '4 Months Free', 'acf' ) . '</span>',
+		'text'       => $acf_wpengine_logo . '<span class="acf-wp-engine-upsell-pill">' . __( '4 Months Free', 'acf' ) . '</span>',
-		'target'   => '_blank',
+		'target'     => '_blank',
-		'li_class' => 'acf-wp-engine',
+		'li_class'   => 'acf-wp-engine',
+		'aria-label' => __( 'Get 4 months free on any WP Engine plan', 'acf' ),
 	);
 }
 
@@ -142,16 +143,18 @@ function acf_print_menu_section( $menu_items, $section = '' ) {
 	$section_html = '';
 
 	foreach ( $menu_items as $menu_item ) {
-		$class    = ! empty( $menu_item['class'] ) ? $menu_item['class'] : $menu_item['text'];
+		$class      = ! empty( $menu_item['class'] ) ? $menu_item['class'] : $menu_item['text'];
-		$target   = ! empty( $menu_item['target'] ) ? ' target="' . esc_attr( $menu_item['target'] ) . '"' : '';
+		$target     = ! empty( $menu_item['target'] ) ? ' target="' . esc_attr( $menu_item['target'] ) . '"' : '';
-		$li_class = ! empty( $menu_item['li_class'] ) ? esc_attr( $menu_item['li_class'] ) : '';
+		$aria_label = ! empty( $menu_item['aria-label'] ) ? ' aria-label="' . esc_attr( $menu_item['aria-label'] ) . '"' : '';
+		$li_class   = ! empty( $menu_item['li_class'] ) ? esc_attr( $menu_item['li_class'] ) : '';
 
 		$html = sprintf(
-			'<a class="acf-tab%s %s" href="%s"%s><i class="acf-icon"></i>%s</a>',
+			'<a class="acf-tab%s %s" href="%s"%s%s><i class="acf-icon"></i>%s</a>',
 			! empty( $menu_item['is_active'] ) ? ' is-active' : '',
 			'acf-header-tab-' . esc_attr( acf_slugify( $class ) ),
 			esc_url( $menu_item['url'] ),
 			$target,
+			$aria_label,
 			acf_esc_html( $menu_item['text'] )
 		);
 
@@ -173,11 +176,11 @@ function acf_print_menu_section( $menu_items, $section = '' ) {
 	<div class="acf-admin-toolbar-inner">
 		<div class="acf-nav-wrap">
 			<?php if ( acf_is_pro() && acf_pro_is_license_active() ) { ?>
-				<a href="<?php echo esc_url( admin_url( 'edit.php?post_type=acf-field-group' ) ); ?>" class="acf-logo pro">
+				<a href="<?php echo esc_url( admin_url( 'edit.php?post_type=acf-field-group' ) ); ?>" class="acf-logo pro" aria-label="<?php esc_attr_e( 'Edit ACF Field Groups', 'acf' ); ?>">
 					<img src="<?php echo esc_url( acf_get_url( 'assets/images/acf-pro-logo.svg' ) ); ?>" alt="<?php esc_attr_e( 'Advanced Custom Fields logo', 'acf' ); ?>">
 				</a>
 			<?php } else { ?>
-				<a href="<?php echo esc_url( admin_url( 'edit.php?post_type=acf-field-group' ) ); ?>" class="acf-logo">
+				<a href="<?php echo esc_url( admin_url( 'edit.php?post_type=acf-field-group' ) ); ?>" class="acf-logo" aria-label="<?php esc_attr_e( 'Edit ACF Field Groups', 'acf' ); ?>">
 					<img src="<?php echo esc_url( acf_get_url( 'assets/images/acf-logo.svg' ) ); ?>" alt="<?php esc_attr_e( 'Advanced Custom Fields logo', 'acf' ); ?>">
 				</a>
 			<?php } ?>
@@ -234,7 +237,7 @@ function acf_print_menu_section( $menu_items, $section = '' ) {
 				<?php
 			}
 			?>
-			<a href="<?php echo $acf_wpengine_logo_link; ?>" target="_blank" class="acf-nav-wpengine-logo"><?php //phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- escaped on generation. ?>
+			<a href="<?php echo $acf_wpengine_logo_link; ?>" target="_blank" class="acf-nav-wpengine-logo" aria-label="<?php esc_attr_e( 'WP Engine', 'acf' ); ?>"><?php //phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- escaped on generation. ?>
 				<img src="<?php echo esc_url( acf_get_url( 'assets/images/wp-engine-horizontal-white.svg' ) ); ?>" alt="<?php esc_html_e( 'WP Engine logo', 'acf' ); ?>" />
 			</a>
 		</div>

web/wp-content/plugins/advanced-custom-fields-pro/includes/admin/views/tools/tools.php

@@ -10,10 +10,12 @@ $tool  = $active ? ' tool-' . $active : '';
 ?>
 <div id="acf-admin-tools" class="wrap<?php echo esc_attr( $tool ); ?>">
 
-	<h1><?php esc_html_e( 'Tools', 'acf' ); ?> <?php
+	<h1>
-	if ( $active ) :
+		<?php esc_html_e( 'Tools', 'acf' ); ?>
-		?>
+		<?php if ( $active ) { ?>
-		<a class="page-title-action" href="<?php echo esc_url( acf_get_admin_tools_url() ); ?>"><?php esc_html_e( 'Back to all tools', 'acf' ); ?></a><?php endif; ?></h1>
+			<a class="page-title-action" href="<?php echo esc_url( acf_get_admin_tools_url() ); ?>"><?php esc_html_e( 'Back to all tools', 'acf' ); ?></a>
+		<?php } ?>
+	</h1>
 
 	<div class="acf-meta-box-wrap -<?php echo esc_attr( $class ); ?>">
 		<?php do_meta_boxes( $screen_id, 'normal', '' ); ?>

web/wp-content/plugins/advanced-custom-fields-pro/includes/ajax/class-acf-ajax-query-users.php

@@ -24,8 +24,9 @@ if ( ! class_exists( 'ACF_Ajax_Query_Users' ) ) :
 				return new WP_Error( 'acf_invalid_args', __( 'Invalid request args.', 'acf' ), array( 'status' => 404 ) );
 			}
 
-			$nonce  = $request['nonce'];
+			$nonce        = $request['nonce'];
-			$action = $request['field_key'];
+			$action       = $request['field_key'];
+			$field_action = true;
 
 			if ( isset( $request['conditional_logic'] ) && true === (bool) $request['conditional_logic'] ) {
 				if ( ! acf_current_user_can_admin() ) {
@@ -33,11 +34,12 @@ if ( ! class_exists( 'ACF_Ajax_Query_Users' ) ) :
 				}
 
 				// Use the standard ACF admin nonce.
-				$nonce  = '';
+				$nonce        = '';
-				$action = '';
+				$action       = '';
+				$field_action = false;
 			}
 
-			if ( ! acf_verify_ajax( $nonce, $action ) ) {
+			if ( ! acf_verify_ajax( $nonce, $action, $field_action ) ) {
 				return new WP_Error( 'acf_invalid_nonce', __( 'Invalid nonce.', 'acf' ), array( 'status' => 404 ) );
 			}
 

web/wp-content/plugins/advanced-custom-fields-pro/includes/api/api-helpers.php

@@ -687,16 +687,32 @@ function acf_verify_nonce( $value ) {
  *
  * @since   5.2.3
  *
- * @param string $nonce  The nonce to check.
+ * @param string  $nonce           The nonce to check.
- * @param string $action The action of the nonce.
+ * @param string  $action          The action of the nonce.
+ * @param boolean $action_is_field If the action is a field, modify the action to match validate the field type.
  * @return boolean
  */
-function acf_verify_ajax( $nonce = '', $action = '' ) {
+function acf_verify_ajax( $nonce = '', $action = '', $action_is_field = false ) {
 	// Bail early if we don't have a nonce to check.
 	if ( empty( $nonce ) && empty( $_REQUEST['nonce'] ) ) {
 		return false;
 	}
 
+	// Build the action if we're trying to validate a specific field nonce.
+	if ( $action_is_field ) {
+		if ( ! acf_is_field_key( $action ) ) {
+			return false;
+		}
+
+		$field = acf_get_field( $action );
+
+		if ( empty( $field['type'] ) ) {
+			return false;
+		}
+
+		$action = 'acf_field_' . $field['type'] . '_' . $action;
+	}
+
 	$nonce_to_check = ! empty( $nonce ) ? $nonce : $_REQUEST['nonce']; // phpcs:ignore WordPress.Security -- We're verifying a nonce here.
 	$nonce_action   = ! empty( $action ) ? $action : 'acf_nonce';
 
@@ -3974,3 +3990,20 @@ function acf_is_multisite_main_site() {
 	}
 	return false;
 }
+
+/**
+ * Allow filterable permissions metabox callbacks.
+ *
+ * @since   6.3.10
+ *
+ * @param   boolean $enable_meta_box_cb_edit Can the current user edit metabox callbacks.
+ * @return  boolean
+ */
+function acf_settings_enable_meta_box_cb_edit( $enable_meta_box_cb_edit ): bool {
+	if ( ! is_super_admin() ) {
+		return false;
+	}
+
+	return (bool) $enable_meta_box_cb_edit;
+}
+add_filter( 'acf/settings/enable_meta_box_cb_edit', 'acf_settings_enable_meta_box_cb_edit', 1 );

web/wp-content/plugins/advanced-custom-fields-pro/includes/api/api-template.php

@@ -142,7 +142,7 @@ function the_field( $selector, $post_id = false, $format_value = true ) {
  */
 function _acf_log_escaped_html( $function, $selector, $field, $post_id ) {
 	// If the notice isn't shown, no use in logging the errors.
-	if ( apply_filters( 'acf/admin/prevent_escaped_html_notice', false ) ) {
+	if ( apply_filters( 'acf/admin/prevent_escaped_html_notice', true ) ) {
 		return;
 	}
 

web/wp-content/plugins/advanced-custom-fields-pro/includes/assets.php

@@ -476,6 +476,7 @@ if ( ! class_exists( 'ACF_Assets' ) ) :
 				'editor'      => acf_is_block_editor() ? 'block' : 'classic',
 				'is_pro'      => acf_is_pro(),
 				'debug'       => acf_is_beta() || ( defined( 'ACF_DEVELOPMENT_MODE' ) && ACF_DEVELOPMENT_MODE ),
+				'StrictMode'  => defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG && version_compare( $wp_version, '6.6', '>=' ),
 			);
 
 			acf_localize_data( $data_to_localize );

web/wp-content/plugins/advanced-custom-fields-pro/includes/class-PluginUpdater.php

@@ -1,251 +0,0 @@
-<?php
-/**
- * The PluginUpdater class which can be used to pull plugin updates from a new location.
- * @package advanced-custom-fields
- */
-
-namespace ACF\Upgrades;
-
-// Exit if accessed directly.
-if ( ! defined( 'ABSPATH' ) ) {
-	exit;
-}
-
-use stdClass;
-
-/**
- * The PluginUpdater class which can be used to pull plugin updates from a new location.
- */
-class PluginUpdater {
-	/**
-	 * The URL where the api is located.
-	 * @var ApiUrl
-	 */
-	private $api_url;
-
-	/**
-	 * The amount of time to wait before checking for new updates.
-	 * @var CacheTime
-	 */
-	private $cache_time;
-
-	/**
-	 * These properties are passed in when instantiating to identify the plugin and it's update location.
-	 * @var Properties
-	 */
-	private $properties;
-
-	/**
-	 * Get the class constructed.
-	 *
-	 * @param Properties $properties These properties are passed in when instantiating to identify the plugin and it's update location.
-	 */
-	public function __construct( $properties ) {
-		if (
-			// This must match the key in "https://wpe-plugin-updates.wpengine.com/plugins.json".
-			empty( $properties['plugin_slug'] ) ||
-
-			// This must be the result of calling plugin_basename( __FILE__ ); in the main plugin root file.
-			empty( $properties['plugin_basename'] )
-		) {
-			// If any of the values we require were not passed, throw a fatal.
-			error_log( 'WPE Secure Plugin Updater received a malformed request.' );
-			return;
-		}
-
-		$this->api_url = 'https://wpe-plugin-updates.wpengine.com/';
-
-		$this->cache_time = time() + HOUR_IN_SECONDS * 5;
-
-		$this->properties = $this->get_full_plugin_properties( $properties, $this->api_url );
-
-		if ( ! $this->properties ) {
-			return;
-		}
-
-		$this->register();
-	}
-
-	/**
-	 * Get the full plugin properties, including the directory name, version, basename, and add a transient name.
-	 *
-	 * @param Properties $properties These properties are passed in when instantiating to identify the plugin and it's update location.
-	 * @param ApiUrl     $api_url    The URL where the api is located.
-	 */
-	public function get_full_plugin_properties( $properties, $api_url ) {
-		$plugins = \get_plugins();
-
-		// Scan through all plugins installed and find the one which matches this one in question.
-		foreach ( $plugins as $plugin_basename => $plugin_data ) {
-			// Match using the passed-in plugin's basename.
-			if ( $plugin_basename === $properties['plugin_basename'] ) {
-				// Add the values we need to the properties.
-				$properties['plugin_dirname']                   = dirname( $plugin_basename );
-				$properties['plugin_version']                   = $plugin_data['Version'];
-				$properties['plugin_update_transient_name']     = 'wpesu-plugin-' . sanitize_title( $properties['plugin_dirname'] );
-				$properties['plugin_update_transient_exp_name'] = 'wpesu-plugin-' . sanitize_title( $properties['plugin_dirname'] ) . '-expiry';
-				$properties['plugin_manifest_url']              = trailingslashit( $api_url ) . trailingslashit( $properties['plugin_slug'] ) . 'info.json';
-
-				return $properties;
-			}
-		}
-
-		// No matching plugin was found installed.
-		return null;
-	}
-
-	/**
-	 * Register hooks.
-	 *
-	 * @return void
-	 */
-	public function register() {
-		add_filter( 'plugins_api', array( $this, 'filter_plugin_update_info' ), 20, 3 );
-		add_filter( 'pre_set_site_transient_update_plugins', array( $this, 'filter_plugin_update_transient' ) );
-	}
-
-	/**
-	 * Filter the plugin update transient to take over update notifications.
-	 *
-	 * @param object $transient The site_transient_update_plugins transient.
-	 *
-	 * @handles site_transient_update_plugins
-	 * @return object
-	 */
-	public function filter_plugin_update_transient( $transient ) {
-		// No update object exists. Return early.
-		if ( empty( $transient ) ) {
-			return $transient;
-		}
-
-		$result = $this->fetch_plugin_info();
-
-		if ( false === $result ) {
-			return $transient;
-		}
-
-		$res = $this->parse_plugin_info( $result );
-
-		if ( version_compare( $this->properties['plugin_version'], $result->version, '<' ) ) {
-			$transient->response[ $res->plugin ] = $res;
-			$transient->checked[ $res->plugin ]  = $result->version;
-		} else {
-			$transient->no_update[ $res->plugin ] = $res;
-		}
-
-		return $transient;
-	}
-
-	/**
-	 * Filters the plugin update information.
-	 *
-	 * @param object $res    The response to be modified for the plugin in question.
-	 * @param string $action The action in question.
-	 * @param object $args   The arguments for the plugin in question.
-	 *
-	 * @handles plugins_api
-	 * @return object
-	 */
-	public function filter_plugin_update_info( $res, $action, $args ) {
-		// Do nothing if this is not about getting plugin information.
-		if ( 'plugin_information' !== $action ) {
-			return $res;
-		}
-
-		// Do nothing if it is not our plugin.
-		if ( $this->properties['plugin_dirname'] !== $args->slug ) {
-			return $res;
-		}
-
-		$result = $this->fetch_plugin_info();
-
-		// Do nothing if we don't get the correct response from the server.
-		if ( false === $result ) {
-			return $res;
-		}
-
-		return $this->parse_plugin_info( $result );
-	}
-
-	/**
-	 * Fetches the plugin update object from the WP Product Info API.
-	 *
-	 * @return object|false
-	 */
-	private function fetch_plugin_info() {
-		// Fetch cache first.
-		$expiry   = get_option( $this->properties['plugin_update_transient_exp_name'], 0 );
-		$response = get_option( $this->properties['plugin_update_transient_name'] );
-
-		if ( empty( $expiry ) || time() > $expiry || empty( $response ) ) {
-			$response = wp_remote_get(
-				$this->properties['plugin_manifest_url'],
-				array(
-					'timeout' => 10,
-					'headers' => array(
-						'Accept' => 'application/json',
-					),
-				)
-			);
-
-			if (
-				is_wp_error( $response ) ||
-				200 !== wp_remote_retrieve_response_code( $response ) ||
-				empty( wp_remote_retrieve_body( $response ) )
-			) {
-				return false;
-			}
-
-			$response = wp_remote_retrieve_body( $response );
-
-			// Cache the response.
-			update_option( $this->properties['plugin_update_transient_exp_name'], $this->cache_time, false );
-			update_option( $this->properties['plugin_update_transient_name'], $response, false );
-		}
-
-		$decoded_response = json_decode( $response );
-
-		if ( json_last_error() !== JSON_ERROR_NONE ) {
-			return false;
-		}
-
-		return $decoded_response;
-	}
-
-	/**
-	 * Parses the product info response into an object that WordPress would be able to understand.
-	 *
-	 * @param object $response The response object.
-	 *
-	 * @return stdClass
-	 */
-	private function parse_plugin_info( $response ) {
-
-		global $wp_version;
-
-		$res                = new stdClass();
-		$res->name          = $response->name;
-		$res->slug          = $response->slug;
-		$res->version       = $response->version;
-		$res->requires      = $response->requires;
-		$res->download_link = $response->download_link;
-		$res->trunk         = $response->download_link;
-		$res->new_version   = $response->version;
-		$res->plugin        = $this->properties['plugin_basename'];
-		$res->package       = $response->download_link;
-
-		// Plugin information modal and core update table use a strict version comparison, which is weird.
-		// If we're genuinely not compatible with the point release, use our WP tested up to version.
-		// otherwise use exact same version as WP to avoid false positive.
-		$res->tested = 1 === version_compare( substr( $wp_version, 0, 3 ), $response->tested )
-			? $response->tested
-			: $wp_version;
-
-		$res->sections = array(
-			'description' => $response->sections->description,
-			'changelog'   => $response->sections->changelog,
-		);
-
-		return $res;
-	}
-}

web/wp-content/plugins/advanced-custom-fields-pro/includes/class-acf-site-health.php

@@ -1,719 +0,0 @@
-<?php
-/**
- * Adds helpful debugging information to a new "Advanced Custom Fields"
- * panel in the WordPress Site Health screen.
- *
- * @package ACF
- */
-
-// Exit if accessed directly.
-defined( 'ABSPATH' ) || exit;
-
-if ( ! class_exists( 'ACF_Site_Health' ) ) {
-
-	/**
-	 * The ACF Site Health class responsible for populating ACF debug information in WordPress Site Health.
-	 */
-	class ACF_Site_Health {
-		/**
-		 * The option name used to store site health data.
-		 *
-		 * @var string
-		 */
-		public string $option_name = 'acf_site_health';
-
-		/**
-		 * Constructs the ACF_Site_Health class.
-		 *
-		 * @since 6.3
-		 */
-		public function __construct() {
-			add_action( 'debug_information', array( $this, 'render_tab_content' ) );
-			add_action( 'acf_update_site_health_data', array( $this, 'update_site_health_data' ) );
-
-			if ( ! wp_next_scheduled( 'acf_update_site_health_data' ) ) {
-				wp_schedule_event( time(), 'weekly', 'acf_update_site_health_data' );
-			}
-
-			// ACF events.
-			add_action( 'acf/first_activated', array( $this, 'add_activation_event' ) );
-			add_action( 'acf/activated_pro', array( $this, 'add_activation_event' ) );
-			add_filter( 'acf/pre_update_field_group', array( $this, 'pre_update_acf_internal_cpt' ) );
-			add_filter( 'acf/pre_update_post_type', array( $this, 'pre_update_acf_internal_cpt' ) );
-			add_filter( 'acf/pre_update_taxonomy', array( $this, 'pre_update_acf_internal_cpt' ) );
-			add_filter( 'acf/pre_update_ui_options_page', array( $this, 'pre_update_acf_internal_cpt' ) );
-		}
-
-		/**
-		 * Gets the stored site health information.
-		 *
-		 * @since 6.3
-		 *
-		 * @return array
-		 */
-		public function get_site_health(): array {
-			$site_health = get_option( $this->option_name, '' );
-
-			if ( is_string( $site_health ) ) {
-				$site_health = json_decode( $site_health, true );
-			}
-
-			return is_array( $site_health ) ? $site_health : array();
-		}
-
-		/**
-		 * Updates the site health information.
-		 *
-		 * @since 6.3
-		 *
-		 * @param array $data An array of site health information to update.
-		 * @return boolean
-		 */
-		public function update_site_health( array $data = array() ): bool {
-			return update_option( $this->option_name, wp_json_encode( $data ), false );
-		}
-
-		/**
-		 * Stores debug data in the ACF site health option.
-		 *
-		 * @since 6.3
-		 *
-		 * @param array $data Data to update with (optional).
-		 * @return boolean
-		 */
-		public function update_site_health_data( array $data = array() ): bool {
-			if ( wp_doing_cron() ) {
-				// Bootstrap wp-admin, as WP_Cron doesn't do this for us.
-				require_once trailingslashit( ABSPATH ) . 'wp-admin/includes/admin.php';
-			}
-
-			$site_health = $this->get_site_health();
-			$values      = ! empty( $data ) ? $data : $this->get_site_health_values();
-			$updated     = array();
-
-			if ( ! empty( $values ) ) {
-				foreach ( $values as $key => $value ) {
-					$updated[ $key ] = $value['debug'] ?? $value['value'];
-				}
-			}
-
-			foreach ( $site_health as $key => $value ) {
-				if ( 'event_' === substr( $key, 0, 6 ) ) {
-					$updated[ $key ] = $value;
-				}
-			}
-
-			$updated['last_updated'] = time();
-
-			return $this->update_site_health( $updated );
-		}
-
-		/**
-		 * Pushes an event to the ACF site health option.
-		 *
-		 * @since 6.3
-		 *
-		 * @param string $event_name The name of the event to push.
-		 * @return boolean
-		 */
-		public function add_site_health_event( string $event_name = '' ): bool {
-			$site_health = $this->get_site_health();
-
-			// Allow using action/filter hooks to set events.
-			if ( empty( $event_name ) ) {
-				$current_filter = current_filter();
-
-				if ( strpos( $current_filter, 'acf/' ) !== false ) {
-					$event_name = str_replace( 'acf/', '', $current_filter );
-				}
-			}
-
-			// Bail if this event was already stored.
-			if ( empty( $event_name ) || ! empty( $site_health[ 'event_' . $event_name ] ) ) {
-				return false;
-			}
-
-			$time = time();
-
-			$site_health[ 'event_' . $event_name ] = $time;
-			$site_health['last_updated']           = $time;
-
-			return $this->update_site_health( $site_health );
-		}
-
-		/**
-		 * Logs activation events for free/pro.
-		 *
-		 * @since 6.3
-		 *
-		 * @return boolean
-		 */
-		public function add_activation_event() {
-			$event_name = 'first_activated';
-
-			if ( acf_is_pro() ) {
-				$event_name = 'first_activated_pro';
-
-				if ( 'acf/first_activated' !== current_filter() ) {
-					$site_health = $this->get_site_health();
-
-					/**
-					 * We already have an event for when pro was first activated,
-					 * so we don't need to log an additional event here.
-					 */
-					if ( ! empty( $site_health[ 'event_' . $event_name ] ) ) {
-						return false;
-					}
-
-					$event_name = 'activated_pro';
-				}
-			}
-
-			return $this->add_site_health_event( $event_name );
-		}
-
-		/**
-		 * Adds events when ACF internal post types are created.
-		 *
-		 * @since 6.3
-		 *
-		 * @param array $post The post about to be updated.
-		 * @return array
-		 */
-		public function pre_update_acf_internal_cpt( array $post = array() ): array {
-			if ( empty( $post['key'] ) ) {
-				return $post;
-			}
-
-			$post_type = acf_determine_internal_post_type( $post['key'] );
-
-			if ( $post_type ) {
-				$posts = acf_get_internal_post_type_posts( $post_type );
-
-				if ( empty( $posts ) ) {
-					$post_type = str_replace(
-						array(
-							'acf-',
-							'-',
-						),
-						array(
-							'',
-							'_',
-						),
-						$post_type
-					);
-					$this->add_site_health_event( 'first_created_' . $post_type );
-				}
-			}
-
-			return $post;
-		}
-
-		/**
-		 * Appends the ACF section to the "Info" tab of the WordPress Site Health screen.
-		 *
-		 * @since 6.3
-		 *
-		 * @param array $debug_info The current debug info for site health.
-		 * @return array The debug info appended with the ACF section.
-		 */
-		public function render_tab_content( array $debug_info ): array {
-			$data = $this->get_site_health_values();
-
-			$this->update_site_health_data( $data );
-
-			// Unset values we don't want to display yet.
-			$fields_to_unset = array(
-				'wp_version',
-				'mysql_version',
-				'is_multisite',
-				'active_theme',
-				'parent_theme',
-				'active_plugins',
-				'number_of_fields_by_type',
-				'number_of_third_party_fields_by_type',
-			);
-
-			foreach ( $fields_to_unset as $field ) {
-				if ( isset( $data[ $field ] ) ) {
-					unset( $data[ $field ] );
-				}
-			}
-
-			foreach ( $data as $key => $value ) {
-				if ( 'event_' === substr( $key, 0, 6 ) ) {
-					unset( $data[ $key ] );
-				}
-			}
-
-			$debug_info['acf'] = array(
-				'label'       => __( 'ACF', 'acf' ),
-				'description' => __( 'This section contains debug information about your ACF configuration which can be useful to provide to support.', 'acf' ),
-				'fields'      => $data,
-			);
-
-			return $debug_info;
-		}
-
-		/**
-		 * Gets the values for all data in the ACF site health section.
-		 *
-		 * @since 6.3
-		 *
-		 * @return array
-		 */
-		public function get_site_health_values(): array {
-			global $wpdb;
-
-			$fields         = array();
-			$is_pro         = acf_is_pro();
-			$license        = $is_pro ? acf_pro_get_license() : array();
-			$license_status = $is_pro ? acf_pro_get_license_status() : array();
-			$field_groups   = acf_get_field_groups();
-			$post_types     = acf_get_post_types();
-			$taxonomies     = acf_get_taxonomies();
-
-			$yes = __( 'Yes', 'acf' );
-			$no  = __( 'No', 'acf' );
-
-			$fields['version'] = array(
-				'label' => __( 'Plugin Version', 'acf' ),
-				'value' => defined( 'ACF_VERSION' ) ? ACF_VERSION : '',
-			);
-
-			$fields['plugin_type'] = array(
-				'label' => __( 'Plugin Type', 'acf' ),
-				'value' => $is_pro ? __( 'PRO', 'acf' ) : __( 'Free', 'acf' ),
-				'debug' => $is_pro ? 'PRO' : 'Free',
-			);
-
-			$fields['update_source'] = array(
-				'label' => __( 'Update Source', 'acf' ),
-				'value' => __( 'ACF Direct', 'acf' ),
-			);
-
-			if ( $is_pro ) {
-				$fields['activated'] = array(
-					'label' => __( 'License Activated', 'acf' ),
-					'value' => ! empty( $license ) ? $yes : $no,
-					'debug' => ! empty( $license ),
-				);
-
-				$fields['activated_url'] = array(
-					'label' => __( 'Licensed URL', 'acf' ),
-					'value' => ! empty( $license['url'] ) ? $license['url'] : '',
-				);
-
-				$fields['license_type'] = array(
-					'label' => __( 'License Type', 'acf' ),
-					'value' => $license_status['name'],
-				);
-
-				$fields['license_status'] = array(
-					'label' => __( 'License Status', 'acf' ),
-					'value' => $license_status['status'],
-				);
-
-				$expiry = ! empty( $license_status['expiry'] ) ? $license_status['expiry'] : '';
-				$format = get_option( 'date_format', 'F j, Y' );
-
-				$fields['subscription_expires'] = array(
-					'label' => __( 'Subscription Expiry Date', 'acf' ),
-					'value' => is_numeric( $expiry ) ? date_i18n( $format, $expiry ) : '',
-					'debug' => $expiry,
-				);
-			}
-
-			$fields['wp_version'] = array(
-				'label' => __( 'WordPress Version', 'acf' ),
-				'value' => get_bloginfo( 'version' ),
-			);
-
-			$fields['mysql_version'] = array(
-				'label' => __( 'MySQL Version', 'acf' ),
-				'value' => $wpdb->db_server_info(),
-			);
-
-			$fields['is_multisite'] = array(
-				'label' => __( 'Is Multisite', 'acf' ),
-				'value' => is_multisite() ? __( 'Yes', 'acf' ) : __( 'No', 'acf' ),
-				'debug' => is_multisite(),
-			);
-
-			$active_theme = wp_get_theme();
-			$parent_theme = $active_theme->parent();
-
-			$fields['active_theme'] = array(
-				'label' => __( 'Active Theme', 'acf' ),
-				'value' => array(
-					'name'       => $active_theme->get( 'Name' ),
-					'version'    => $active_theme->get( 'Version' ),
-					'theme_uri'  => $active_theme->get( 'ThemeURI' ),
-					'stylesheet' => $active_theme->get( 'Stylesheet' ),
-				),
-			);
-
-			if ( $parent_theme ) {
-				$fields['parent_theme'] = array(
-					'label' => __( 'Parent Theme', 'acf' ),
-					'value' => array(
-						'name'       => $parent_theme->get( 'Name' ),
-						'version'    => $parent_theme->get( 'Version' ),
-						'theme_uri'  => $parent_theme->get( 'ThemeURI' ),
-						'stylesheet' => $parent_theme->get( 'Stylesheet' ),
-					),
-				);
-			}
-
-			$active_plugins = array();
-			$plugins        = get_plugins();
-
-			foreach ( $plugins as $plugin_path => $plugin ) {
-				if ( ! is_plugin_active( $plugin_path ) ) {
-					continue;
-				}
-
-				$active_plugins[ $plugin_path ] = array(
-					'name'       => $plugin['Name'],
-					'version'    => $plugin['Version'],
-					'plugin_uri' => empty( $plugin['PluginURI'] ) ? '' : $plugin['PluginURI'],
-				);
-			}
-
-			$fields['active_plugins'] = array(
-				'label' => __( 'Active Plugins', 'acf' ),
-				'value' => $active_plugins,
-			);
-
-			$ui_field_groups = array_filter(
-				$field_groups,
-				function ( $field_group ) {
-					return empty( $field_group['local'] );
-				}
-			);
-
-			$fields['ui_field_groups'] = array(
-				'label' => __( 'Registered Field Groups (UI)', 'acf' ),
-				'value' => number_format_i18n( count( $ui_field_groups ) ),
-			);
-
-			$php_field_groups = array_filter(
-				$field_groups,
-				function ( $field_group ) {
-					return ! empty( $field_group['local'] ) && 'PHP' === $field_group['local'];
-				}
-			);
-
-			$fields['php_field_groups'] = array(
-				'label' => __( 'Registered Field Groups (PHP)', 'acf' ),
-				'value' => number_format_i18n( count( $php_field_groups ) ),
-			);
-
-			$json_field_groups = array_filter(
-				$field_groups,
-				function ( $field_group ) {
-					return ! empty( $field_group['local'] ) && 'json' === $field_group['local'];
-				}
-			);
-
-			$fields['json_field_groups'] = array(
-				'label' => __( 'Registered Field Groups (JSON)', 'acf' ),
-				'value' => number_format_i18n( count( $json_field_groups ) ),
-			);
-
-			$rest_field_groups = array_filter(
-				$field_groups,
-				function ( $field_group ) {
-					return ! empty( $field_group['show_in_rest'] );
-				}
-			);
-
-			$fields['rest_field_groups'] = array(
-				'label' => __( 'Field Groups Enabled for REST API', 'acf' ),
-				'value' => number_format_i18n( count( $rest_field_groups ) ),
-			);
-
-			$graphql_field_groups = array_filter(
-				$field_groups,
-				function ( $field_group ) {
-					return ! empty( $field_group['show_in_graphql'] );
-				}
-			);
-
-			if ( is_plugin_active( 'wpgraphql-acf/wpgraphql-acf.php' ) ) {
-				$fields['graphql_field_groups'] = array(
-					'label' => __( 'Field Groups Enabled for GraphQL', 'acf' ),
-					'value' => number_format_i18n( count( $graphql_field_groups ) ),
-				);
-			}
-
-			$all_fields = array();
-			foreach ( $field_groups as $field_group ) {
-				$all_fields = array_merge( $all_fields, acf_get_fields( $field_group ) );
-			}
-
-			$fields_by_type             = array();
-			$third_party_fields_by_type = array();
-			$core_field_types           = array_keys( acf_get_field_types() );
-
-			foreach ( $all_fields as $field ) {
-				if ( in_array( $field['type'], $core_field_types, true ) ) {
-					if ( ! isset( $fields_by_type[ $field['type'] ] ) ) {
-						$fields_by_type[ $field['type'] ] = 0;
-					}
-
-					++$fields_by_type[ $field['type'] ];
-
-					continue;
-				}
-
-				if ( ! isset( $third_party_fields_by_type[ $field['type'] ] ) ) {
-					$third_party_fields_by_type[ $field['type'] ] = 0;
-				}
-
-				++$third_party_fields_by_type[ $field['type'] ];
-			}
-
-			$fields['number_of_fields_by_type'] = array(
-				'label' => __( 'Number of Fields by Field Type', 'acf' ),
-				'value' => $fields_by_type,
-			);
-
-			$fields['number_of_third_party_fields_by_type'] = array(
-				'label' => __( 'Number of Third Party Fields by Field Type', 'acf' ),
-				'value' => $third_party_fields_by_type,
-			);
-
-			$enable_post_types = acf_get_setting( 'enable_post_types' );
-
-			$fields['post_types_enabled'] = array(
-				'label' => __( 'Post Types and Taxonomies Enabled', 'acf' ),
-				'value' => $enable_post_types ? $yes : $no,
-				'debug' => $enable_post_types,
-			);
-
-			$ui_post_types = array_filter(
-				$post_types,
-				function ( $post_type ) {
-					return empty( $post_type['local'] );
-				}
-			);
-
-			$fields['ui_post_types'] = array(
-				'label' => __( 'Registered Post Types (UI)', 'acf' ),
-				'value' => number_format_i18n( count( $ui_post_types ) ),
-			);
-
-			$json_post_types = array_filter(
-				$post_types,
-				function ( $post_type ) {
-					return ! empty( $post_type['local'] ) && 'json' === $post_type['local'];
-				}
-			);
-
-			$fields['json_post_types'] = array(
-				'label' => __( 'Registered Post Types (JSON)', 'acf' ),
-				'value' => number_format_i18n( count( $json_post_types ) ),
-			);
-
-			$ui_taxonomies = array_filter(
-				$taxonomies,
-				function ( $taxonomy ) {
-					return empty( $taxonomy['local'] );
-				}
-			);
-
-			$fields['ui_taxonomies'] = array(
-				'label' => __( 'Registered Taxonomies (UI)', 'acf' ),
-				'value' => number_format_i18n( count( $ui_taxonomies ) ),
-			);
-
-			$json_taxonomies = array_filter(
-				$taxonomies,
-				function ( $taxonomy ) {
-					return ! empty( $taxonomy['local'] ) && 'json' === $taxonomy['local'];
-				}
-			);
-
-			$fields['json_taxonomies'] = array(
-				'label' => __( 'Registered Taxonomies (JSON)', 'acf' ),
-				'value' => number_format_i18n( count( $json_taxonomies ) ),
-			);
-
-			if ( $is_pro ) {
-				$enable_options_pages_ui = acf_get_setting( 'enable_options_pages_ui' );
-
-				$fields['ui_options_pages_enabled'] = array(
-					'label' => __( 'Options Pages UI Enabled', 'acf' ),
-					'value' => $enable_options_pages_ui ? $yes : $no,
-					'debug' => $enable_options_pages_ui,
-				);
-
-				$options_pages    = acf_get_options_pages();
-				$ui_options_pages = array();
-
-				if ( empty( $options_pages ) || ! is_array( $options_pages ) ) {
-					$options_pages = array();
-				}
-
-				if ( $enable_options_pages_ui ) {
-					$ui_options_pages = acf_get_ui_options_pages();
-
-					$ui_options_pages_in_ui = array_filter(
-						$ui_options_pages,
-						function ( $ui_options_page ) {
-							return empty( $ui_options_page['local'] );
-						}
-					);
-
-					$json_options_pages = array_filter(
-						$ui_options_pages,
-						function ( $ui_options_page ) {
-							return ! empty( $ui_options_page['local'] );
-						}
-					);
-
-					$fields['ui_options_pages'] = array(
-						'label' => __( 'Registered Options Pages (UI)', 'acf' ),
-						'value' => number_format_i18n( count( $ui_options_pages_in_ui ) ),
-					);
-
-					$fields['json_options_pages'] = array(
-						'label' => __( 'Registered Options Pages (JSON)', 'acf' ),
-						'value' => number_format_i18n( count( $json_options_pages ) ),
-					);
-				}
-
-				$ui_options_page_slugs = array_column( $ui_options_pages, 'menu_slug' );
-				$php_options_pages     = array_filter(
-					$options_pages,
-					function ( $options_page ) use ( $ui_options_page_slugs ) {
-						return ! in_array( $options_page['menu_slug'], $ui_options_page_slugs, true );
-					}
-				);
-
-				$fields['php_options_pages'] = array(
-					'label' => __( 'Registered Options Pages (PHP)', 'acf' ),
-					'value' => number_format_i18n( count( $php_options_pages ) ),
-				);
-			}
-
-			$rest_api_format = acf_get_setting( 'rest_api_format' );
-
-			$fields['rest_api_format'] = array(
-				'label' => __( 'REST API Format', 'acf' ),
-				'value' => 'standard' === $rest_api_format ? __( 'Standard', 'acf' ) : __( 'Light', 'acf' ),
-				'debug' => $rest_api_format,
-			);
-
-			if ( $is_pro ) {
-				$fields['registered_acf_blocks'] = array(
-					'label' => __( 'Registered ACF Blocks', 'acf' ),
-					'value' => number_format_i18n( acf_pro_get_registered_block_count() ),
-				);
-
-				$blocks                 = acf_get_block_types();
-				$block_api_versions     = array();
-				$acf_block_versions     = array();
-				$blocks_using_post_meta = 0;
-
-				foreach ( $blocks as $block ) {
-					if ( ! isset( $block_api_versions[ 'v' . $block['api_version'] ] ) ) {
-						$block_api_versions[ 'v' . $block['api_version'] ] = 0;
-					}
-
-					if ( ! isset( $acf_block_versions[ 'v' . $block['acf_block_version'] ] ) ) {
-						$acf_block_versions[ 'v' . $block['acf_block_version'] ] = 0;
-					}
-
-					if ( ! empty( $block['use_post_meta'] ) ) {
-						++$blocks_using_post_meta;
-					}
-
-					++$block_api_versions[ 'v' . $block['api_version'] ];
-					++$acf_block_versions[ 'v' . $block['acf_block_version'] ];
-				}
-
-				$fields['blocks_per_api_version'] = array(
-					'label' => __( 'Blocks Per API Version', 'acf' ),
-					'value' => $block_api_versions,
-				);
-
-				$fields['blocks_per_acf_block_version'] = array(
-					'label' => __( 'Blocks Per ACF Block Version', 'acf' ),
-					'value' => $acf_block_versions,
-				);
-
-				$fields['blocks_using_post_meta'] = array(
-					'label' => __( 'Blocks Using Post Meta', 'acf' ),
-					'value' => number_format_i18n( $blocks_using_post_meta ),
-				);
-
-				$preload_blocks = acf_get_setting( 'preload_blocks' );
-
-				$fields['preload_blocks'] = array(
-					'label' => __( 'Block Preloading Enabled', 'acf' ),
-					'value' => ! empty( $preload_blocks ) ? $yes : $no,
-					'debug' => $preload_blocks,
-				);
-			}
-
-			$show_admin = acf_get_setting( 'show_admin' );
-
-			$fields['admin_ui_enabled'] = array(
-				'label' => __( 'Admin UI Enabled', 'acf' ),
-				'value' => $show_admin ? $yes : $no,
-				'debug' => $show_admin,
-			);
-
-			$field_type_modal_enabled = apply_filters( 'acf/field_group/enable_field_browser', true );
-
-			$fields['field_type-modal_enabled'] = array(
-				'label' => __( 'Field Type Modal Enabled', 'acf' ),
-				'value' => ! empty( $field_type_modal_enabled ) ? $yes : $no,
-				'debug' => $field_type_modal_enabled,
-			);
-
-			$field_settings_tabs_enabled = apply_filters( 'acf/field_group/disable_field_settings_tabs', false );
-
-			$fields['field_settings_tabs_enabled'] = array(
-				'label' => __( 'Field Settings Tabs Enabled', 'acf' ),
-				'value' => empty( $field_settings_tabs_enabled ) ? $yes : $no,
-				'debug' => $field_settings_tabs_enabled,
-			);
-
-			$shortcode_enabled = acf_get_setting( 'enable_shortcode' );
-
-			$fields['shortcode_enabled'] = array(
-				'label' => __( 'Shortcode Enabled', 'acf' ),
-				'value' => ! empty( $shortcode_enabled ) ? $yes : $no,
-				'debug' => $shortcode_enabled,
-			);
-
-			$fields['registered_acf_forms'] = array(
-				'label' => __( 'Registered ACF Forms', 'acf' ),
-				'value' => number_format_i18n( count( acf_get_forms() ) ),
-			);
-
-			$local_json = acf_get_instance( 'ACF_Local_JSON' );
-			$save_paths = $local_json->get_save_paths();
-			$load_paths = $local_json->get_load_paths();
-
-			$fields['json_save_paths'] = array(
-				'label' => __( 'JSON Save Paths', 'acf' ),
-				'value' => number_format_i18n( count( $save_paths ) ),
-				'debug' => count( $save_paths ),
-			);
-
-			$fields['json_load_paths'] = array(
-				'label' => __( 'JSON Load Paths', 'acf' ),
-				'value' => number_format_i18n( count( $load_paths ) ),
-				'debug' => count( $load_paths ),
-			);
-
-			return $fields;
-		}
-	}
-
-	acf_new_instance( 'ACF_Site_Health' );
-}

web/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-icon_picker.php

@@ -66,6 +66,43 @@ if ( ! class_exists( 'acf_field_icon_picker' ) ) :
 			return apply_filters( 'acf/fields/icon_picker/tabs', $tabs );
 		}
 
+		/**
+		 * Renders an icon list tab (i.e. dashicons, custom icons).
+		 *
+		 * @since 6.4
+		 *
+		 * @param string $tab_name The name of the tab being rendered.
+		 * @return void
+		 */
+		public function render_icon_list_tab( $tab_name ) {
+			?>
+			<div class="acf-icon-list-search-wrap">
+				<?php
+				acf_text_input(
+					array(
+						'class'       => 'acf-icon-list-search-input',
+						'placeholder' => esc_html__( 'Search icons...', 'acf' ),
+						'type'        => 'search',
+					)
+				);
+				?>
+			</div>
+			<div class="acf-icon-list" role="radiogroup" data-parent-tab="<?php echo esc_attr( $tab_name ); ?>"></div>
+			<div class="acf-icon-list-empty">
+				<img src="<?php echo esc_url( acf_get_url( 'assets/images/face-sad.svg' ) ); ?>" />
+				<p class="acf-no-results-text">
+					<?php
+					printf(
+						/* translators: %s: The invalid search term */
+						esc_html__( "No search results for '%s'", 'acf' ),
+						'<span class="acf-invalid-icon-list-search-term"></span>'
+					);
+					?>
+				</p>
+			</div>
+			<?php
+		}
+
 		/**
 		 * Renders icon picker field
 		 *
@@ -131,35 +168,11 @@ if ( ! class_exists( 'acf_field_icon_picker' ) ) :
 				}
 
 				$wrapper_class = str_replace( '_', '-', $name );
-				echo '<div class="acf-icon-picker-tabs acf-icon-picker-' . esc_attr( $wrapper_class ) . '-tabs">';
+				echo '<div class="acf-icon-picker-tabs acf-icon-picker-' . esc_attr( $wrapper_class ) . '-tabs" data-tab="' . esc_attr( $name ) . '">';
 
 				switch ( $name ) {
 					case 'dashicons':
-						echo '<div class="acf-dashicons-search-wrap">';
+						$this->render_icon_list_tab( $name );
-							acf_text_input(
-								array(
-									'class'       => 'acf-dashicons-search-input',
-									'placeholder' => esc_html__( 'Search icons...', 'acf' ),
-									'type'        => 'search',
-								)
-							);
-						echo '</div>';
-						echo '<div class="acf-dashicons-list"></div>';
-						?>
-						<div class="acf-dashicons-list-empty">
-							<img src="<?php echo esc_url( acf_get_url( 'assets/images/face-sad.svg' ) ); ?>" />
-							<p class="acf-no-results-text">
-								<?php
-								printf(
-									/* translators: %s: The invalid search term */
-									esc_html__( "No search results for '%s'", 'acf' ),
-									'<span class="acf-invalid-dashicon-search-term"></span>'
-								);
-								?>
-							</p>
-						</div>
-
-						<?php
 						break;
 					case 'media_library':
 						?>
@@ -214,6 +227,18 @@ if ( ! class_exists( 'acf_field_icon_picker' ) ) :
 						break;
 					default:
 						do_action( 'acf/fields/icon_picker/tab/' . $name, $field );
+
+						$custom_icons = apply_filters( 'acf/fields/icon_picker/' . $name . '/icons', array(), $field );
+
+						if ( is_array( $custom_icons ) && ! empty( $custom_icons ) ) {
+							$this->render_icon_list_tab( $name, $custom_icons );
+
+							acf_localize_data(
+								array(
+									'iconPickerIcons_' . $name  => $custom_icons,
+								)
+							);
+						}
 				}
 
 				echo '</div>';

web/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-oembed.php

@@ -110,7 +110,7 @@ if ( ! class_exists( 'acf_field_oembed' ) ) :
 				)
 			);
 
-			if ( ! acf_verify_ajax( $args['nonce'], $args['field_key'] ) ) {
+			if ( ! acf_verify_ajax( $args['nonce'], $args['field_key'], true ) ) {
 				die();
 			}
 
@@ -169,7 +169,7 @@ if ( ! class_exists( 'acf_field_oembed' ) ) :
 		public function render_field( $field ) {
 			$atts = array(
 				'class'      => 'acf-oembed',
-				'data-nonce' => wp_create_nonce( $field['key'] ),
+				'data-nonce' => wp_create_nonce( 'acf_field_' . $this->name . '_' . $field['key'] ),
 			);
 
 			if ( $field['value'] ) {

web/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-page_link.php

@@ -81,7 +81,7 @@ if ( ! class_exists( 'acf_field_page_link' ) ) :
 				$key   = '';
 			}
 
-			if ( ! acf_verify_ajax( $nonce, $key ) ) {
+			if ( ! acf_verify_ajax( $nonce, $key, ! $conditional_logic ) ) {
 				die();
 			}
 
@@ -392,7 +392,7 @@ if ( ! class_exists( 'acf_field_page_link' ) ) :
 			$field['ui']      = 1;
 			$field['ajax']    = 1;
 			$field['choices'] = array();
-			$field['nonce']   = wp_create_nonce( $field['key'] );
+			$field['nonce']   = wp_create_nonce( 'acf_field_' . $this->name . '_' . $field['key'] );
 
 			// populate choices if value exists
 			if ( ! empty( $field['value'] ) ) {

web/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-post_object.php

@@ -76,7 +76,7 @@ if ( ! class_exists( 'acf_field_post_object' ) ) :
 				$key   = '';
 			}
 
-			if ( ! acf_verify_ajax( $nonce, $key ) ) {
+			if ( ! acf_verify_ajax( $nonce, $key, ! $conditional_logic ) ) {
 				die();
 			}
 
@@ -314,7 +314,7 @@ if ( ! class_exists( 'acf_field_post_object' ) ) :
 			$field['type']    = 'select';
 			$field['ui']      = 1;
 			$field['ajax']    = 1;
-			$field['nonce']   = wp_create_nonce( $field['key'] );
+			$field['nonce']   = wp_create_nonce( 'acf_field_' . $this->name . '_' . $field['key'] );
 			$field['choices'] = array();
 
 			// load posts

web/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-relationship.php

@@ -102,7 +102,7 @@ if ( ! class_exists( 'acf_field_relationship' ) ) :
 				$key   = '';
 			}
 
-			if ( ! acf_verify_ajax( $nonce, $key ) ) {
+			if ( ! acf_verify_ajax( $nonce, $key, ! $conditional_logic ) ) {
 				die();
 			}
 
@@ -417,7 +417,7 @@ if ( ! class_exists( 'acf_field_relationship' ) ) :
 				'data-paged'     => 1,
 				'data-post_type' => '',
 				'data-taxonomy'  => '',
-				'data-nonce'     => wp_create_nonce( $field['key'] ),
+				'data-nonce'     => wp_create_nonce( 'acf_field_' . $this->name . '_' . $field['key'] ),
 			);
 
 			?>

web/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-select.php

@@ -4,20 +4,14 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 
 	class acf_field_select extends acf_field {
 
-
 		/**
-		 * This function will setup the field type data
+		 * Sets up the field type data.
 		 *
-		 * @type    function
-		 * @date    5/03/2014
 		 * @since   5.0.0
 		 *
-		 * @param   n/a
+		 * @return void
-		 * @return  n/a
 		 */
-		function initialize() {
+		public function initialize() {
-
-			// vars
 			$this->name          = 'select';
 			$this->label         = _x( 'Select', 'noun', 'acf' );
 			$this->category      = 'choice';
@@ -25,22 +19,22 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 			$this->preview_image = acf_get_url() . '/assets/images/field-type-previews/field-preview-select.png';
 			$this->doc_url       = acf_add_url_utm_tags( 'https://www.advancedcustomfields.com/resources/select/', 'docs', 'field-type-selection' );
 			$this->defaults      = array(
-				'multiple'      => 0,
+				'multiple'       => 0,
-				'allow_null'    => 0,
+				'allow_null'     => 0,
-				'choices'       => array(),
+				'choices'        => array(),
-				'default_value' => '',
+				'default_value'  => '',
-				'ui'            => 0,
+				'ui'             => 0,
-				'ajax'          => 0,
+				'ajax'           => 0,
-				'placeholder'   => '',
+				'placeholder'    => '',
-				'return_format' => 'value',
+				'return_format'  => 'value',
+				'create_options' => 0,
+				'save_options'   => 0,
 			);
 
-			// ajax
 			add_action( 'wp_ajax_acf/fields/select/query', array( $this, 'ajax_query' ) );
 			add_action( 'wp_ajax_nopriv_acf/fields/select/query', array( $this, 'ajax_query' ) );
 		}
 
-
 		/**
 		 * Enqueues admin scripts for the Select field.
 		 *
@@ -115,13 +109,19 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 			$nonce = acf_request_arg( 'nonce', '' );
 			$key   = acf_request_arg( 'field_key', '' );
 
+			$is_field_key = acf_is_field_key( $key );
+
 			// Back-compat for field settings.
-			if ( ! acf_is_field_key( $key ) ) {
+			if ( ! $is_field_key ) {
+				if ( ! acf_current_user_can_admin() ) {
+					die();
+				}
+
 				$nonce = '';
 				$key   = '';
 			}
 
-			if ( ! acf_verify_ajax( $nonce, $key ) ) {
+			if ( ! acf_verify_ajax( $nonce, $key, $is_field_key ) ) {
 				die();
 			}
 
@@ -202,26 +202,22 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 
 
 		/**
-		 * Create the HTML interface for your field
+		 * Creates the HTML interface for the field.
 		 *
-		 * @param   $field - an array holding all the field's data
+		 * @since 3.6
 		 *
-		 * @type    action
+		 * @param array $field An array holding all the field's data.
-		 * @since   3.6
+		 * @return void
-		 * @date    23/01/13
 		 */
-		function render_field( $field ) {
+		public function render_field( $field ) {
-
-			// convert
 			$value   = acf_get_array( $field['value'] );
 			$choices = acf_get_array( $field['choices'] );
 
-			// placeholder
 			if ( empty( $field['placeholder'] ) ) {
 				$field['placeholder'] = _x( 'Select', 'verb', 'acf' );
 			}
 
-			// add empty value (allows '' to be selected)
+			// Add empty value (allows '' to be selected).
 			if ( empty( $value ) ) {
 				$value = array( '' );
 			}
@@ -244,7 +240,6 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 				$choices = $minimal;
 			}
 
-			// vars
 			$select = array(
 				'id'               => $field['id'],
 				'class'            => $field['class'],
@@ -260,7 +255,6 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 				$select['aria-label'] = $field['aria-label'];
 			}
 
-			// multiple
 			if ( $field['multiple'] ) {
 				$select['multiple'] = 'multiple';
 				$select['size']     = 5;
@@ -272,6 +266,10 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 				}
 			}
 
+			if ( ! empty( $field['create_options'] ) && $field['ui'] ) {
+				$select['data-create_options'] = true;
+			}
+
 			// special atts
 			if ( ! empty( $field['readonly'] ) ) {
 				$select['readonly'] = 'readonly';
@@ -286,13 +284,13 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 				$select['data-nonce'] = $field['nonce'];
 			}
 			if ( $field['ajax'] && empty( $field['nonce'] ) && acf_is_field_key( $field['key'] ) ) {
-				$select['data-nonce'] = wp_create_nonce( $field['key'] );
+				$select['data-nonce'] = wp_create_nonce( 'acf_field_' . $this->name . '_' . $field['key'] );
 			}
 			if ( ! empty( $field['hide_search'] ) ) {
 				$select['data-minimum-results-for-search'] = '-1';
 			}
 
-			// hidden input is needed to allow validation to see <select> element with no selected value
+			// Hidden input is needed to allow validation to see <select> element with no selected value.
 			if ( $field['multiple'] || $field['ui'] ) {
 				acf_hidden_input(
 					array(
@@ -302,26 +300,34 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 				);
 			}
 
-			// append
 			$select['value']   = $value;
 			$select['choices'] = $choices;
 
-			// render
+			if ( ! empty( $field['create_options'] ) && $field['ui'] && is_array( $field['value'] ) ) {
+				foreach ( $field['value'] as $value ) {
+					// Already exists in choices.
+					if ( isset( $field['choices'][ $value ] ) ) {
+						continue;
+					}
+
+					$option = esc_attr( $value );
+
+					$select['choices'][ $option ] = $option;
+				}
+			}
+
 			acf_select_input( $select );
 		}
 
-
 		/**
-		 * Create extra options for your field. This is rendered when editing a field.
+		 * Renders the field settings used in the "General" tab.
-		 * The value of $field['name'] can be used (like bellow) to save extra data to the $field
 		 *
-		 * @type    action
+		 * @since 3.6
-		 * @since   3.6
-		 * @date    23/01/13
 		 *
-		 * @param   $field  - an array holding all the field's data
+		 * @param array $field An array holding all the field's data.
+		 * @return void
 		 */
-		function render_field_settings( $field ) {
+		public function render_field_settings( $field ) {
 
 			// encode choices (convert from array)
 			$field['choices']       = acf_encode_choices( $field['choices'] );
@@ -386,7 +392,7 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 		 * @param array $field The field settings array.
 		 * @return void
 		 */
-		function render_field_validation_settings( $field ) {
+		public function render_field_validation_settings( $field ) {
 			acf_render_field_setting(
 				$field,
 				array(
@@ -407,7 +413,7 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 		 * @param array $field The field settings array.
 		 * @return void
 		 */
-		function render_field_presentation_settings( $field ) {
+		public function render_field_presentation_settings( $field ) {
 			acf_render_field_setting(
 				$field,
 				array(
@@ -434,22 +440,70 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 					),
 				)
 			);
+
+			acf_render_field_setting(
+				$field,
+				array(
+					'label'        => __( 'Create Options', 'acf' ),
+					'instructions' => __( 'Allow content editors to create new options by typing in the Select input. Multiple options can be created from a comma separated string.', 'acf' ),
+					'name'         => 'create_options',
+					'type'         => 'true_false',
+					'ui'           => 1,
+					'conditions'   => array(
+						array(
+							'field'    => 'ui',
+							'operator' => '==',
+							'value'    => 1,
+						),
+						array(
+							'field'    => 'multiple',
+							'operator' => '==',
+							'value'    => 1,
+						),
+					),
+				)
+			);
+
+			acf_render_field_setting(
+				$field,
+				array(
+					'label'        => __( 'Save Options', 'acf' ),
+					'instructions' => __( 'Save created options back to the "Choices" setting in the field definition.', 'acf' ),
+					'name'         => 'save_options',
+					'type'         => 'true_false',
+					'ui'           => 1,
+					'conditions'   => array(
+						array(
+							'field'    => 'ui',
+							'operator' => '==',
+							'value'    => 1,
+						),
+						array(
+							'field'    => 'multiple',
+							'operator' => '==',
+							'value'    => 1,
+						),
+						array(
+							'field'    => 'create_options',
+							'operator' => '==',
+							'value'    => 1,
+						),
+					),
+				)
+			);
 		}
 
 		/**
-		 * This filter is applied to the $value after it is loaded from the db
+		 * Filters the $value after it is loaded from the db.
 		 *
-		 * @type    filter
 		 * @since   3.6
-		 * @date    23/01/13
 		 *
-		 * @param   $value (mixed) the value found in the database
+		 * @param mixed          $value   The value found in the database.
-		 * @param   $post_id (mixed) the post_id from which the value was loaded
+		 * @param integer|string $post_id The post_id from which the value was loaded.
-		 * @param   $field (array) the field array holding all the field options
+		 * @param array          $field   The field array holding all the field options.
-		 * @return  $value
+		 * @return mixed
 		 */
-		function load_value( $value, $post_id, $field ) {
+		public function load_value( $value, $post_id, $field ) {
-
 			// Return an array when field is set for multiple.
 			if ( $field['multiple'] ) {
 				if ( acf_is_empty( $value ) ) {
@@ -462,23 +516,16 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 			return acf_unarray( $value );
 		}
 
-
 		/**
+		 * Filters the $field before it is saved to the database.
 		 *
-		 * This filter is appied to the $field before it is saved to the database
+		 * @since 3.6
 		 *
-		 * @type    filter
+		 * @param array $field The field array holding all the field options.
-		 * @since   3.6
+		 * @return array
-		 * @date    23/01/13
-		 *
-		 * @param   $field - the field array holding all the field options
-		 * @param   $post_id - the field group ID (post_type = acf)
-		 *
-		 * @return  $field - the modified field
 		 */
-		function update_field( $field ) {
+		public function update_field( $field ) {
-
+			// Decode choices (convert to array).
-			// decode choices (convert to array)
 			$field['choices']       = acf_decode_choices( $field['choices'] );
 			$field['default_value'] = acf_decode_choices( $field['default_value'], true );
 
@@ -487,26 +534,21 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 				$field['default_value'] = acf_unarray( $field['default_value'] );
 			}
 
-			// return
 			return $field;
 		}
 
-
 		/**
-		 * This filter is appied to the $value before it is updated in the db
+		 * Filters the $value before it is updated in the db.
 		 *
-		 * @type    filter
+		 * @since 3.6
-		 * @since   3.6
-		 * @date    23/01/13
 		 *
-		 * @param   $value - the value which will be saved in the database
+		 * @param mixed          $value   The value which will be saved in the database.
-		 * @param   $post_id - the post_id of which the value will be saved
+		 * @param integer|string $post_id The post_id of which the value will be saved.
-		 * @param   $field - the field array holding all the field options
+		 * @param array          $field   The field array holding all the field options.
 		 *
-		 * @return  $value - the modified value
+		 * @return mixed
 		 */
-		function update_value( $value, $post_id, $field ) {
+		public function update_value( $value, $post_id, $field ) {
-
 			// Bail early if no value.
 			if ( empty( $value ) ) {
 				return $value;
@@ -518,45 +560,63 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 				$value = array_map( 'strval', $value );
 			}
 
-			// return
+			// Save custom options back to the field definition if configured.
+			if ( ! empty( $field['save_options'] ) && is_array( $value ) ) {
+				// Get the raw field, using the ID if present or the key otherwise (i.e. when using JSON).
+				$selector = $field['ID'] ? $field['ID'] : $field['key'];
+				$field    = acf_get_field( $selector );
+
+				// Bail if we don't have a valid field or field ID (JSON only).
+				if ( empty( $field['ID'] ) ) {
+					return $value;
+				}
+
+				foreach ( $value as $v ) {
+					// Ignore if the option already exists.
+					if ( isset( $field['choices'][ $v ] ) ) {
+						continue;
+					}
+
+					// Unslash (fixes serialize single quote issue) and sanitize.
+					$v = wp_unslash( $v );
+					$v = sanitize_text_field( $v );
+
+					// Append to the field choices.
+					$field['choices'][ $v ] = $v;
+				}
+
+				acf_update_field( $field );
+			}
+
 			return $value;
 		}
 
-
 		/**
-		 * This function will translate field settings
+		 * Translates the field settings.
 		 *
-		 * @type    function
+		 * @since 5.3.2
-		 * @date    8/03/2016
-		 * @since   5.3.2
 		 *
-		 * @param   $field (array)
+		 * @param array $field The main field array.
-		 * @return  $field
+		 * @return array
 		 */
-		function translate_field( $field ) {
+		public function translate_field( $field ) {
-
-			// translate
 			$field['choices'] = acf_translate( $field['choices'] );
-
-			// return
 			return $field;
 		}
 
 
 		/**
-		 * This filter is appied to the $value after it is loaded from the db and before it is returned to the template
+		 * Filters the $value after it is loaded from the db, and before it is returned to the template.
 		 *
-		 * @type    filter
 		 * @since   3.6
-		 * @date    23/01/13
 		 *
-		 * @param   $value (mixed) the value which was loaded from the database
+		 * @param mixed          $value   The value which was loaded from the database.
-		 * @param   $post_id (mixed) the post_id from which the value was loaded
+		 * @param integer|string $post_id The post_id from which the value was loaded.
-		 * @param   $field (array) the field array holding all the field options
+		 * @param array          $field   The field array holding all the field options.
 		 *
-		 * @return  $value (mixed) the modified value
+		 * @return mixed
 		 */
-		function format_value( $value, $post_id, $field ) {
+		public function format_value( $value, $post_id, $field ) {
 			if ( is_array( $value ) ) {
 				foreach ( $value as $i => $val ) {
 					$value[ $i ] = $this->format_value_single( $val, $post_id, $field );
@@ -564,37 +624,37 @@ if ( ! class_exists( 'acf_field_select' ) ) :
 			} else {
 				$value = $this->format_value_single( $value, $post_id, $field );
 			}
+
 			return $value;
 		}
 
-
+		/**
-		function format_value_single( $value, $post_id, $field ) {
+		 * Formats the value when the select is not a multi-select.
-
+		 *
-			// bail early if is empty
+		 * @since 3.6
+		 *
+		 * @param mixed          $value   The value to format.
+		 * @param integer|string $post_id The post_id from which the value was loaded.
+		 * @param array          $field   The field array holding all the field options.
+		 * @return mixed
+		 */
+		public function format_value_single( $value, $post_id, $field ) {
+			// Bail early if is empty.
 			if ( acf_is_empty( $value ) ) {
 				return $value;
 			}
 
-			// vars
 			$label = acf_maybe_get( $field['choices'], $value, $value );
 
-			// value
+			if ( $field['return_format'] === 'label' ) {
-			if ( $field['return_format'] == 'value' ) {
-
-				// do nothing
-				// label
-			} elseif ( $field['return_format'] == 'label' ) {
 				$value = $label;
-
+			} elseif ( $field['return_format'] === 'array' ) {
-				// array
-			} elseif ( $field['return_format'] == 'array' ) {
 				$value = array(
 					'value' => $value,
 					'label' => $label,
 				);
 			}
 
-			// return
 			return $value;
 		}
 

web/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-taxonomy.php

@@ -70,7 +70,7 @@ if ( ! class_exists( 'acf_field_taxonomy' ) ) :
 				$key   = '';
 			}
 
-			if ( ! acf_verify_ajax( $nonce, $key ) ) {
+			if ( ! acf_verify_ajax( $nonce, $key, ! $conditional_logic ) ) {
 				die();
 			}
 
@@ -470,6 +470,8 @@ if ( ! class_exists( 'acf_field_taxonomy' ) ) :
 			// force value to array
 			$field['value'] = acf_get_array( $field['value'] );
 
+			$nonce = wp_create_nonce( 'acf_field_' . $this->name . '_' . $field['key'] );
+
 			// vars
 			$div = array(
 				'class'           => 'acf-taxonomy-field',
@@ -477,7 +479,7 @@ if ( ! class_exists( 'acf_field_taxonomy' ) ) :
 				'data-ftype'      => $field['field_type'],
 				'data-taxonomy'   => $field['taxonomy'],
 				'data-allow_null' => $field['allow_null'],
-				'data-nonce'      => wp_create_nonce( $field['key'] ),
+				'data-nonce'      => $nonce,
 			);
 			// get taxonomy
 			$taxonomy = get_taxonomy( $field['taxonomy'] );
@@ -499,11 +501,11 @@ if ( ! class_exists( 'acf_field_taxonomy' ) ) :
 			if ( $field['field_type'] == 'select' ) {
 				$field['multiple'] = 0;
 
-				$this->render_field_select( $field );
+				$this->render_field_select( $field, $nonce );
 			} elseif ( $field['field_type'] == 'multi_select' ) {
 				$field['multiple'] = 1;
 
-				$this->render_field_select( $field );
+				$this->render_field_select( $field, $nonce );
 			} elseif ( $field['field_type'] == 'radio' ) {
 				$this->render_field_checkbox( $field );
 			} elseif ( $field['field_type'] == 'checkbox' ) {
@@ -524,12 +526,13 @@ if ( ! class_exists( 'acf_field_taxonomy' ) ) :
 		 *
 		 * @param   $field - an array holding all the field's data
 		 */
-		function render_field_select( $field ) {
+		function render_field_select( $field, $nonce ) {
 
 			// Change Field into a select
 			$field['type']    = 'select';
 			$field['ui']      = 1;
 			$field['ajax']    = 1;
+			$field['nonce']   = $nonce;
 			$field['choices'] = array();
 
 			// value
@@ -766,7 +769,7 @@ if ( ! class_exists( 'acf_field_taxonomy' ) ) :
 				)
 			);
 
-			if ( ! acf_verify_ajax( $args['nonce'], $args['field_key'] ) ) {
+			if ( ! acf_verify_ajax( $args['nonce'], $args['field_key'], true ) ) {
 				die();
 			}
 

web/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-user.php

@@ -164,7 +164,7 @@ if ( ! class_exists( 'ACF_Field_User' ) ) :
 			$field['ui']      = 1;
 			$field['ajax']    = 1;
 			$field['choices'] = array();
-			$field['nonce']   = wp_create_nonce( $field['key'] );
+			$field['nonce']   = wp_create_nonce( 'acf_field_' . $this->name . '_' . $field['key'] );
 
 			// Populate choices.
 			if ( $field['value'] ) {
@@ -404,7 +404,7 @@ if ( ! class_exists( 'ACF_Field_User' ) ) :
 			$nonce = acf_request_arg( 'nonce', '' );
 			$key   = acf_request_arg( 'field_key', '' );
 
-			if ( ! acf_verify_ajax( $nonce, $key ) ) {
+			if ( ! acf_verify_ajax( $nonce, $key, true ) ) {
 				$query->send( new WP_Error( 'acf_invalid_request', __( 'Invalid request.', 'acf' ), array( 'status' => 404 ) ) );
 			}
 		}

web/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field.php

@@ -344,9 +344,9 @@ if ( ! class_exists( 'acf_field' ) ) :
 				$binding_url
 			);
 
-			// This field setting has a unique behaviour. If the value isn't defined on the field object, it defaults to true, but for new fields, it defaults to off.
+			// This field setting has unique behavior. If the value isn't defined on the field object, it defaults to true, but for new fields or when changing field types, it defaults to off.
 			if ( ! isset( $field['allow_in_bindings'] ) ) {
-				if ( empty( $field['ID'] ) ) {
+				if ( empty( $field['ID'] ) || doing_action( 'wp_ajax_acf/field_group/render_field_settings' ) ) {
 					$field['allow_in_bindings'] = false;
 				} else {
 					$field['allow_in_bindings'] = true;

web/wp-content/plugins/advanced-custom-fields-pro/includes/forms/form-front.php

@@ -8,28 +8,37 @@ if ( ! class_exists( 'acf_form_front' ) ) :
 	#[AllowDynamicProperties]
 	class acf_form_front {
 
-		/** @var array An array of registered form settings */
+		/**
+		 * An array of registered form settings.
+		 * @var array
+		 */
 		private $forms = array();
 
-		/** @var array An array of default fields */
+		/**
+		 * An array of default fields.
+		 * @var array
+		 */
 		public $fields = array();
 
+		/**
+		 * Constructs the class.
+		 *
+		 * @since 5.0.0
+		 */
+		public function __construct() {
+			add_action( 'acf/validate_save_post', array( $this, 'validate_save_post' ), 1 );
+			add_filter( 'acf/pre_save_post', array( $this, 'pre_save_post' ), 5, 2 );
+		}
 
 		/**
-		 * This function will setup the class functionality
+		 * Returns fields used by frontend forms.
 		 *
-		 * @type    function
+		 * @since 6.4
-		 * @date    5/03/2014
-		 * @since   5.0.0
 		 *
-		 * @param   n/a
+		 * @return array
-		 * @return  n/a
 		 */
-		function __construct() {
+		public function get_default_fields(): array {
-
-			// vars
 			$this->fields = array(
-
 				'_post_title'     => array(
 					'prefix'   => 'acf',
 					'name'     => '_post_title',
@@ -56,17 +65,11 @@ if ( ! class_exists( 'acf_form_front' ) ) :
 					'value'   => '',
 					'wrapper' => array( 'style' => 'display:none !important;' ),
 				),
-
 			);
 
-			// actions
+			return $this->fields;
-			add_action( 'acf/validate_save_post', array( $this, 'validate_save_post' ), 1 );
-
-			// filters
-			add_filter( 'acf/pre_save_post', array( $this, 'pre_save_post' ), 5, 2 );
 		}
 
-
 		/**
 		 * description
 		 *
@@ -200,7 +203,7 @@ if ( ! class_exists( 'acf_form_front' ) ) :
 		function validate_save_post() {
 
 			// register field if isset in $_POST
-			foreach ( $this->fields as $k => $field ) {
+			foreach ( $this->get_default_fields() as $k => $field ) {
 
 				// bail early if no in $_POST
 				if ( ! isset( $_POST['acf'][ $k ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing -- Verified elsewhere.
@@ -444,7 +447,7 @@ if ( ! class_exists( 'acf_form_front' ) ) :
 			acf_update_setting( 'uploader', $args['uploader'] );
 
 			// Register local fields.
-			foreach ( $this->fields as $k => $field ) {
+			foreach ( $this->get_default_fields() as $k => $field ) {
 				acf_add_local_field( $field );
 			}
 
@@ -513,9 +516,9 @@ if ( ! class_exists( 'acf_form_front' ) ) :
 
 			// display form
 			if ( $args['form'] ) : ?>
-		<form <?php echo acf_esc_attrs( $args['form_attributes'] ); ?>>
+				<form <?php echo acf_esc_attrs( $args['form_attributes'] ); ?>>
 				<?php
-		endif;
+			endif;
 
 			// Render hidde form data.
 			acf_form_data(
@@ -533,12 +536,12 @@ if ( ! class_exists( 'acf_form_front' ) ) :
 				<?php echo $args['html_after_fields']; ?><?php //phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- designed to contain potentially unsafe HTML, set by developers. ?>
 			</div>
 			<?php if ( $args['form'] ) : ?>
-			<div class="acf-form-submit">
+				<div class="acf-form-submit">
-				<?php printf( $args['html_submit_button'], $args['submit_value'] ); ?><?php //phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- designed to contain potentially unsafe HTML, set by developers. ?>
+					<?php printf( $args['html_submit_button'], $args['submit_value'] ); ?><?php //phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- designed to contain potentially unsafe HTML, set by developers. ?>
-				<?php echo $args['html_submit_spinner']; ?><?php //phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- designed to contain potentially unsafe HTML, set by developers. ?>
+					<?php echo $args['html_submit_spinner']; ?><?php //phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- designed to contain potentially unsafe HTML, set by developers. ?>
-			</div>
+				</div>
-		</form>
+				</form>
-		<?php endif;
+			<?php endif;
 		}
 	}
 

web/wp-content/plugins/advanced-custom-fields-pro/includes/post-types/class-acf-post-type.php

@@ -691,6 +691,12 @@ if ( ! class_exists( 'ACF_Post_Type' ) ) {
 			// Validate and prepare the post for export.
 			$post = $this->validate_post( $post );
 			$args = $this->get_post_type_args( $post, false );
+
+			// Restore original metabox callback.
+			if ( ! empty( $args['register_meta_box_cb'] ) && ! empty( $post['register_meta_box_cb'] ) ) {
+				$args['register_meta_box_cb'] = (string) $post['register_meta_box_cb'];
+			}
+
 			$code = var_export( $args, true ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions -- Used for PHP export.
 
 			if ( ! $code ) {
@@ -767,6 +773,30 @@ if ( ! class_exists( 'ACF_Post_Type' ) ) {
 			return $post;
 		}
 
+		/**
+		 * Prepares an ACF post type for import.
+		 *
+		 * @since 6.3.10
+		 *
+		 * @param array $post The ACF post array.
+		 * @return array
+		 */
+		public function prepare_post_for_import( $post ) {
+			if ( ! acf_get_setting( 'enable_meta_box_cb_edit' ) && ! empty( $post['register_meta_box_cb'] ) ) {
+				$post['register_meta_box_cb'] = '';
+
+				if ( ! empty( $post['ID'] ) ) {
+					$existing_post = $this->get_post( $post['ID'] );
+
+					if ( is_array( $existing_post ) ) {
+						$post['register_meta_box_cb'] = ! empty( $existing_post['register_meta_box_cb'] ) ? (string) $existing_post['register_meta_box_cb'] : '';
+					}
+				}
+			}
+
+			return parent::prepare_post_for_import( $post );
+		}
+
 		/**
 		 * Imports a post type from CPTUI.
 		 *

web/wp-content/plugins/advanced-custom-fields-pro/includes/post-types/class-acf-taxonomy.php

@@ -577,7 +577,13 @@ if ( ! class_exists( 'ACF_Taxonomy' ) ) {
 			$objects      = (array) $post['object_type'];
 			$objects      = var_export( $objects, true ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions -- Used for PHP export.
 			$args         = $this->get_taxonomy_args( $post, false );
-			$args         = var_export( $args, true ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions -- Used for PHP export.
+
+			// Restore original metabox callback.
+			if ( ! empty( $args['meta_box_cb'] ) && ! empty( $post['meta_box_cb'] ) ) {
+				$args['meta_box_cb'] = $post['meta_box_cb'];
+			}
+
+			$args = var_export( $args, true ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions -- Used for PHP export.
 
 			if ( ! $args ) {
 				return $return;
@@ -654,6 +660,37 @@ if ( ! class_exists( 'ACF_Taxonomy' ) ) {
 			return $post;
 		}
 
+		/**
+		 * Prepares an ACF taxonomy for import.
+		 *
+		 * @since 6.3.10
+		 *
+		 * @param array $post The ACF post array.
+		 * @return array
+		 */
+		public function prepare_post_for_import( $post ) {
+			if ( ! acf_get_setting( 'enable_meta_box_cb_edit' ) && ( ! empty( $post['meta_box_cb'] ) || ! empty( $post['meta_box_sanitize_cb'] ) ) ) {
+				$post['meta_box_cb']          = '';
+				$post['meta_box_sanitize_cb'] = '';
+
+				if ( ! empty( $post['meta_box'] ) && 'custom' === $post['meta_box'] ) {
+					$post['meta_box'] = 'default';
+				}
+
+				if ( ! empty( $post['ID'] ) ) {
+					$existing_post = $this->get_post( $post['ID'] );
+
+					if ( is_array( $existing_post ) ) {
+						$post['meta_box']             = ! empty( $existing_post['meta_box'] ) ? (string) $existing_post['meta_box'] : '';
+						$post['meta_box_cb']          = ! empty( $existing_post['meta_box_cb'] ) ? (string) $existing_post['meta_box_cb'] : '';
+						$post['meta_box_sanitize_cb'] = ! empty( $existing_post['meta_box_sanitize_cb'] ) ? (string) $existing_post['meta_box_sanitize_cb'] : '';
+					}
+				}
+			}
+
+			return parent::prepare_post_for_import( $post );
+		}
+
 		/**
 		 * Imports a taxonomy from CPTUI.
 		 *

web/wp-content/plugins/advanced-custom-fields-pro/includes/upgrades.php

@@ -537,47 +537,3 @@ function acf_upgrade_550_taxonomy( $taxonomy ) {
 	// action for 3rd party
 	do_action( 'acf/upgrade_550_taxonomy', $taxonomy );
 }
-
-/**
- * Unsets ACF from reporting back to the WP.org API.
- *
- * @param array  $args An array of HTTP request arguments.
- * @param string $url  The request URL.
- * @return array|mixed
- */
-function acf_unset_plugin_from_org_reporting( $args, $url ) {
-	// Bail if not a plugins request.
-	if ( empty( $args['body']['plugins'] ) ) {
-		return $args;
-	}
-
-	// Bail if not a request to the wp.org API.
-	$parsed_url = wp_parse_url( $url );
-	if ( empty( $parsed_url['host'] ) || 'api.wordpress.org' !== $parsed_url['host'] ) {
-		return $args;
-	}
-
-	$plugins = json_decode( $args['body']['plugins'], true );
-	if ( empty( $plugins ) ) {
-		return $args;
-	}
-
-	// Remove ACF from reporting.
-	if ( ! empty( $plugins['plugins'][ ACF_BASENAME ] ) ) {
-		unset( $plugins['plugins'][ ACF_BASENAME ] );
-	}
-
-	if ( ! empty( $plugins['active'] ) && is_array( $plugins['active'] ) ) {
-		$is_active = array_search( ACF_BASENAME, $plugins['active'], true );
-		if ( $is_active !== false ) {
-			unset( $plugins['active'][ $is_active ] );
-			$plugins['active'] = array_values( $plugins['active'] );
-		}
-	}
-
-	// Add the plugins list (minus ACF) back to $args.
-	$args['body']['plugins'] = wp_json_encode( $plugins );
-
-	return $args;
-}
-add_filter( 'http_request_args', 'acf_unset_plugin_from_org_reporting', 10, 2 );

web/wp-content/plugins/advanced-custom-fields-pro/includes/validation.php

@@ -127,13 +127,23 @@ if ( ! class_exists( 'acf_validation' ) ) :
 		 */
 		public function ajax_validate_save_post() {
 			if ( ! acf_verify_ajax() ) {
+				if ( empty( $_REQUEST['nonce'] ) ) {
+					$nonce_error = __( 'ACF was unable to perform validation because no nonce was received by the server.', 'acf' );
+				} else {
+					$nonce_error = __( 'ACF was unable to perform validation because the provided nonce failed verification.', 'acf' );
+				}
+
 				wp_send_json_success(
 					array(
 						'valid'  => 0,
 						'errors' => array(
 							array(
 								'input'   => false,
-								'message' => __( 'ACF was unable to perform validation due to an invalid security nonce being provided.', 'acf' ),
+								'message' => $nonce_error,
+								'action'  => array(
+									'label' => __( 'Learn more', 'acf' ),
+									'url'   => acf_add_url_utm_tags( 'https://www.advancedcustomfields.com/resources/validation-nonce-errors/', 'docs', 'validation-nonce' ),
+								),
 							),
 						),
 					)

web/wp-content/plugins/advanced-custom-fields-pro/lang/acf-ar.po

@@ -12,7 +12,7 @@
 # This file is distributed under the same license as Advanced Custom Fields.
 msgid ""
 msgstr ""
-"PO-Revision-Date: 2024-10-02T12:08:46+00:00\n"
+"PO-Revision-Date: 2025-05-19T16:45:13+00:00\n"
 "Report-Msgid-Bugs-To: http://support.advancedcustomfields.com\n"
 "Language: ar\n"
 "MIME-Version: 1.0\n"

web/wp-content/plugins/advanced-custom-fields-pro/lang/acf-bg_BG.po

@@ -12,7 +12,7 @@
 # This file is distributed under the same license as Advanced Custom Fields.
 msgid ""
 msgstr ""
-"PO-Revision-Date: 2024-10-02T12:08:46+00:00\n"
+"PO-Revision-Date: 2025-05-19T16:45:13+00:00\n"
 "Report-Msgid-Bugs-To: http://support.advancedcustomfields.com\n"
 "Language: bg_BG\n"
 "MIME-Version: 1.0\n"

web/wp-content/plugins/advanced-custom-fields-pro/lang/acf-de_CH.po

@@ -12,7 +12,7 @@
 # This file is distributed under the same license as Advanced Custom Fields.
 msgid ""
 msgstr ""
-"PO-Revision-Date: 2024-10-02T12:08:46+00:00\n"
+"PO-Revision-Date: 2025-05-19T16:45:13+00:00\n"
 "Report-Msgid-Bugs-To: http://support.advancedcustomfields.com\n"
 "Language: de_CH\n"
 "MIME-Version: 1.0\n"