Add metabox plugin data but as custom fields or php code instead

i am using a theme that has custom post type and this custom post type has two ‘boxes’ or fields or whatever they are named i will include the meta codde below now the problem is i am using a plugin to add the posts but the plugin can only add via regular custom fields with value , and i can get the value but i don’t know how to format them in such a way the metabox adds them to the database the is is how they show in the database enter image description here

here is the full code for each one of them this one is for ab_embedgroup

a:2:{i:0;a:3:{s:11:"ab_hostname";s:2:"sd";s:8:"ab_embed";s:203:"<iframe width="1263" height="480" src="" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>";s:6:"_state";s:8:"expanded";}i:1;a:3:{s:11:"ab_hostname";s:7:"fsdqfsd";s:8:"ab_embed";s:203:"<iframe width="1263" height="480" src="" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>";s:6:"_state";s:8:"expanded";}} 

and this one is for ab_downloadgroup which keep in mind i added nothing there meaning this is the default value


now here is the meta file which is code for metabox settings and format

$  meta_boxes[] = array(         'id'         => 'episode',         'title'      => __( 'Episode' ),         'post_types' => array( 'watch' ),         'context'    => 'normal',         'autosave'   => true,         'fields'     => array(             array(                 'name'  => __( 'Episode' ),                 'id'    => "{$  prefix}eps",                 'type'  => 'text',             ),             array(                 'name'  => __( 'Episode Title' ),                 'id'    => "{$  prefix}epstitle",                 'type'  => 'text',             ),             array(                 'name' => __('Status', 'meta-box'),                 'id' => "{$  prefix}lang",                 'type' => 'radio',                 'options' => array(                     'RAW' => __('RAW', 'meta-box'),                     'Sub' => __('Sub', 'meta-box'),                 ),                 'multiple' => false,                 'std' => 'Sub'             ),             array(                 'name' => __('Series', 'meta-box'),                 'id' => "{$  prefix}series",                 'type' => 'post',                 'post_type' => 'series',                 'field_type' => 'select_advanced',                 'query_args' => array(                     'post_status' => 'publish',                     'posts_per_page' => -1,                     'orderby' => 'title',                     'order' => 'ASC'                 )             ),         ),     );     $  meta_boxes[] = array(         'title'  => 'Embed Video',         'pages' => array( 'post','watch' ),         'tabs'      => array(             'input-version' => array(                 'label' => 'Input Version',                 'icon'  => 'dashicons-admin-customizer',             ),             'sc-version'  => array(                 'label' => 'Shortcode Version',                 'icon'  => 'dashicons-editor-code',             ),         ),         'tab_style' => 'default',         'fields' => array(             array(                 'id'     => 'ab_embedgroup',                 'type'   => 'group',                 'clone'  => true,                 'sort_clone'  => true,                 'save_state' => true,                 'desc' => '<b style="color:red;">You can insert embed code or shortcode</b>',                 'tab'  => 'input-version',                 'fields' => array(                     array(                         'name'  => 'Host Name',                         'id'    => 'ab_hostname',                         'type'  => 'text',                     ),                     array(                         'name'   => 'Embed',                         'id'     => 'ab_embed',                         'type'   => 'textarea',                         'sanitize_callback' => 'none',                     ),                 ), //episode             ), //input-version             array(                 'name'  => __( 'Shortcode Video', 'meta-box' ),                 'id'    => "{$  prefix}embed",                 'type'  => 'textarea',                 'clone' => 'true',                 'sort_clone'  => true,                 'sanitize_callback' => 'none',                 'tab' => 'sc-version',             ),         ),     );     $  meta_boxes[] = array(         'title'  => 'Download',         'pages' => array( 'post','watch' ),         'tabs'      => array(             'input-version' => array(                 'label' => 'Input Version',                 'icon'  => 'dashicons-admin-customizer',             ),             'sc-version'  => array(                 'label' => 'Shortcode Version',                 'icon'  => 'dashicons-editor-code',             ),         ),         'tab_style' => 'default',         'fields' => array(             array(                 'id'     => 'ab_downloadgroup',                 'type'   => 'group',                 'clone'  => true,                 'sort_clone'  => true,                 'tab'  => 'input-version',                 'save_state' => true,                 'fields' => array(                     array(                         'name'  => 'Host Name',                         'id'    => 'ab_hostname',                         'type'  => 'text',                         'columns' => '3',                     ),                     array(                         'name'   => 'Language',                         'id'     => 'ab_language',                         'type'   => 'text',                         'columns' => '3',                     ),                     array(                         'name'   => 'Quality',                         'id'     => 'ab_quality',                         'type'   => 'text',                         'columns' => '3',                     ),                     array(                         'name'   => 'Link',                         'id'     => 'ab_linkurl',                         'type'   => 'text',                         'columns' => '3',                         'sanitize_callback' => 'none',                     ),                 ),             ), //input-version             array(                 'name'  => __( 'Shortcode Download', 'meta-box' ),                 'id'    => "{$  prefix}url",                 'type'  => 'textarea',                 'desc'  => 'Example: [dl n="FileHosting" u="" s="English" q="HD"]',                 'clone' => 'true',                 'sanitize_callback' => 'none',                 'tab' => 'sc-version',             ),         ),     ); 

here is how they show on the dashboard this the first box enter image description here

here is the second box enter image description here

and thank you in advace 🙂

Using conditional logic on fields in gravity form based on Paid Memberships Pro membership level

I’m trying to use conditional logic to hide/show fields in my gravity form based on user’s membership level determined by Paid Memberships Pro. I’ve tried all different variations using {user:membership_level} in a hidden field. Then, using conditional logic on selected fields, I’ve tried to hide/show based on the value of the membership level.

Any help would be appreciated. Is my meta key ({user:membership_level}) incorrect?

Having issues with CMB2 uploader and fields saving in IOS and Safari [closed]

I’m using a WordPress theme and everything works fine on Chrome, Firefox and Edge, but on Safari and iOS the CMB2 image uploader does nothing and the php form also submits empty fields (randomly).

This seems to only be happening with Safari and iOS.

I can attach the form process if anyone could point me in the right direction it would be a great help.

What kind of JavaScript protection is usually applied on password fields to prevent value injection? [closed]

There is a certain website with a certain login form which includes two fields; username and password.

I can successfully inject data with vanilla JavaScript to the first field:

document.querySelector("#username").value = "USERNAME"; 

But when I try to inject a password:

document.querySelector("#password").value = "PASSWORD"; 

I get an error:

VM1766:1 Uncaught TypeError: Cannot set property ‘value’ of null at :1:45

My problem

I double checked if the field exists as is and it is indeed existing in DOM;
I further ran a code like console.log(document.querySelector("#password")); and got lots of output which I purposely evade pasting here due to legal reasons.

My question

What kind of JavaScript protection is usually applied on password fields to prevent value injection?

Is it practical to use entity-attribute-value (EAV) model to support custom user fields and avoid bloating of tables?

I am currently working on a medium-sized web app project that is already in production using Laravel framework and MySQL 5.6.10. My clients have been asking for the ability to add additional attributes to the orders table to keep track of some additional dates.

At first to avoid bloating up the orders table, i was planning to create a new table called order_custom_fields that will link to the orders table and have a column for each of the custom field. But this will make it not conventional if more custom fields need to be added in the future for different clients or if the custom fields will be attached to different tables.

I have since stumbled upon the EAV model and thought that it seems like it would solve my problem if not for most sources saying that it should be avoided mainly for performance reason and possible difficulty when querying.

Since mysql 5.6 still does not support json, is the EAV model likely my most practical choice as to avoid bloating up the orders table with custom user field?

Does anyone have a similar case and can provide some insight?

More information:

  • The orders table currently already has 9 foreign key, 20 attribute fields, programatically linked to many other tables, and already has close to 50,000 records.
  • The Laravel framework handles all my database queries, and can programatically create polymorphic relation between database tables so only 1 EAV table will be required in my case. Also, the data in the EAV table can simply be a varchar/text and be casted as required in the program.

In laravel style, the table will be something like:

+-------------+-----------+-------------+------------+ | entity_type | entity_id |  attribute  |   value    | +-------------+-----------+-------------+------------+ | Order       |         1 | custom_date | 2020-02-02 | | Order       |         2 | custom_date | 1991-01-01 | | Product     |         1 | custom_name | phone1     | +-------------+-----------+-------------+------------+ 

Can Cleric-zilla work without antimagic fields?

For a long time I have been under the impression that, as the Internet says, clerics (and druids) are better fighters than the fighter.

They have a plethora of spells they can use to buff themselves, and on the defensive side they’re pretty good, I must admit, but offensively? I’m now under the impression that there are some feats that are so good despite requiring almost useless prerequisite feats that no spell can make the cleric a better fighter than someone who’s not feat starved.

I am talking about Leap Attack and Shock Trooper mainly, but Combat Brute also seems to be a staple for melee builds I see in my games.

Sure, I can persist or quicken Visage of the Deity, greater, and Divine Power plus Righteous Might and Divine Favor, I can even gain access to Shapechange and turn into an arcane giant or a pouncing leonal, but… without their damage multipliers, how am I better at being a fighter than a raging barbarian with a few fighter levels (only 2 Str below my arcane giant form) or a fighter with a lot of feats?

Sure, they need to have contingent spells of air walk to be able to charge where they otherwise couldn’t and some even use contingent spells of wraith touch to avoid taking Shock Trooper, but that’s just because our characters usually face only a single big encounter each day… which should favour the caster, shouldn’t it?

So I’ve been looking into it and the sources I’ve found (admittedly just a few, seeing how GitP forums are down right now) say that CoDzilla, for the cleric part, is just two persisted spells: divine power and righteous might.

Wait, what?

Well, the only thing that was suggested other than that was a full-fledged Double Betrayer of Mystra (a completely theoretical build where nemy goddesses Shar and Mystra grant the cleric the power to keep their magic buffs in both antimagic fields and dead magic zones), and thinking about it I have seen people in my games build clerics surrounded by a selective1 antimagic field in order to debuff their enemies but not themselves.

I don’t like the idea. It looks like cheese to me so my question is, is it the only real way to make a melee cleric effective, when measured against ubercharger builds? Is it even enough?

1) yes I know they are still vulnerable to a lot of magic attacks with that literal hole in their defenses but both the cleric and the fighter will die to a maximized empowered twinned force orb and its quickened sister, so it’s a moot point.

Disable Fields in Custom Meta Boxes inside Custom Post Type

I want to create an Options page for my plugin.

I have two custom post types. Both habe metaboxes with fields inside. They are perfectly saving now (thanks to you guys on stackexchange).

Now, I want to create an Options Page (already done) and want to allow the admin to disable or enable every single field of every metabox

For example

Post Type: np-food Metabox: nutrition-info fields: energy_kcal, energy_kilojoule, etc


Enable energy_kcal yes/no dropdown Enable energy_kilojoule yes/no dropdown

Saving removes them if disabled and let them appear if enabled.

Glad for any help 🙂

Have a great Day


Select all entries where range of two DATETIME fields includes given date

I’m looking for a way to get all entries from my reservations table to be shown in a calendar.

Now I know that I will have to iterate over all days of the current week and run a database query to select all reservations with dt_from >= start_of_the_week / start_of_the_day and dt_to <= end_of_the_week / end_of_the_day.

But that only gives me the reservations that start or end within the week / respectively within the given day.

What I am trying to figure out is: How do I get the reservations which started earlier and/or end after the current day or week?

I have some kind of the following table design

+----+-------------------+---------------------+---------------------+ | ID | NAME | DT_FROM | DT_TO | +----+-------------------+---------------------+---------------------+ | 1 | Jeff Atwood | 2020-01-06 09:00:00 | 2020-01-16 09:00:00 | | 2 | Terry Jones | 2020-01-30 09:00:00 | 2020-02-16 09:00:00 | | 3 | Brian of Nazareth | 2020-02-06 09:00:00 | 2020-03-16 09:00:00 | +----+-------------------+---------------------+---------------------+

I have been stuck with this for a while now and would appreciate a push into the right direction.

Thank you 🙂

How to select fields using alias name?

I have an select:

SELECT  tb_dim_equipe.no_equipe "EQUIPE",  tb_dim_profissional.no_profissional "PROFISSIONAL",  no_cidadao "CIDADÃO",  a.nu_cns "CNS",  sum(case when co_dim_tempo >= 20190100 and co_dim_tempo <= 20200131 then 1 else 0 end) as "TOTAL"  from ( SELECT no_cidadao,  tb_fat_cad_individual.nu_cns,  tb_fat_cad_individual.co_dim_profissional,  tb_fat_cad_individual.co_dim_equipe from tb_fat_cidadao_pec  join tb_fat_cad_individual on tb_fat_cad_individual.nu_cns = tb_fat_cidadao_pec.nu_cns  join tb_fat_cidadao on tb_fat_cad_individual.co_seq_fat_cad_individual = tb_fat_cidadao.co_fat_cad_individual  where st_mudou = 0  and st_vivo = 1  and st_gestante = 1  and tb_fat_cidadao.co_dim_tempo_validade = 30001231) a   left join ( SELECT tb_fat_atendimento_individual.nu_cns,  tb_fat_atendimento_individual.co_dim_tempo  from tb_fat_atendimento_individual  join tb_dim_tempo on tb_dim_tempo.co_seq_dim_tempo = tb_fat_atendimento_individual.co_dim_tempo  where co_seq_dim_tempo >= 20190100  and co_seq_dim_tempo <= 20200131  and ds_filtro_ciaps like '%ABP001%'  union SELECT tb_fat_proced_atend.nu_cns,  tb_fat_proced_atend.co_dim_tempo  from tb_fat_proced_atend  join tb_dim_tempo on tb_dim_tempo.co_seq_dim_tempo = tb_fat_proced_atend.co_dim_tempo  where co_seq_dim_tempo >= 20190100  and co_seq_dim_tempo <= 20200131  and ds_filtro_procedimento like '%0301010110%') b  on a.nu_cns = b.nu_cns  join tb_dim_equipe on tb_dim_equipe.co_seq_dim_equipe = a.co_dim_equipe  join tb_dim_profissional on tb_dim_profissional.co_seq_dim_profissional = a.co_dim_profissional  group by no_equipe, no_profissional, no_cidadao, a.nu_cns  order by no_equipe, no_profissional, no_cidadao 

This return to me five columns EQUIPE, PROFISSIONAL, CIDADÃO, CNS and TOTAL

I want to create a new select command like this:

SELECT sum(c.TOTAL) from *query above* c 

but I receive the error that column not exists.

How I can use a select with the names of alias columns EQUIPE, PROFISSIONAL, CIDADÃO, CNS and TOTAL?

Code Change That Resulted in Database Fields and Values Exposed

At my company, we have a new development team that has been completely rewriting all of the code for different parts of the system.

I’ve noticed that with one of the recent changes, you can now see the JSON data for all of the fields and values for each field that exist in our database for that particular section of an account where a user is logged in. You can do so simply by using Developer Tools in Chrome.

Is this a bad idea from an information security perspective? Why or why not?

Disclaimer: I am not part of any development team, but would like to make others aware so that this can be dealt with appropriately if it is a security concern.