Customizer – binding jQuery created controls

I tried several plugins posted by Weston Ruter for jQuery created controls for the wp customizer. They work but are different from those created via PHP. For example, controls created with PHP ( customizer.php ) respond normally to code in customize-controls.js or in customize-previews.js:

”’ api( ‘tzkmx_test_control’, function( value ){ value.bind( function( to ) { var answer = to; });}); ”’ Controls created with jQuery do not respond to binding! Does anyone know how to bind them?

Adapting JQuery loops in wordpress?

I am trying to convert a HTML theme into WordPress and may be this is a noob question and with my keywords it is impossible to find an answer. In original template’s custom.js, it has a loop:

$  (".navigation-link-1").on("mouseover", function () {     $  (".project-preview").css({         "background-image": "url(img/portfolio/img-1.jpg)"     }); });  $  (".navigation-link-2").on("mouseover", function () {     $  (".project-preview").css({         "background-image": "url(img/portfolio/img-2.jpg)"     }); });  $  (".navigation-link-3").on("mouseover", function () {     $  (".project-preview").css({         "background-image": "url(img/portfolio/img-3.jpg)"     }); }); 

How do I convert this loop for my custom post types ? I am thinking of options inside functions.php or template but i cannot figure with my basic wordpress knowledge. Can you help me ?

Thanks

jQuery Ajax not loading page with ACF fields

I’m using the following jQuery code to load contents from a template part into another on click. Without the ACF PHP tags, it works. However, when I add these tags in <?php the_field('field_name'); ?> it throws a 500 (Internal Server Error) error. Does anyone have a solution for this, please?

    var baseUrl = "http://projectname:8888/wp-content/themes/custom-theme"      $  (".cross__functional").click(function (e) {         e.preventDefault();         console.log('cross functional Clicked')         $  ("#keContent").load(baseUrl + "/template-parts/components/filename.php");     }); 

Removing focus ring for non-tab users (vanilla JS to jQuery conversion)

I’m working on an accessibility issue for a client with Genesis Theme on WordPress and some custom jQuery. They need to remove the onFocus indicator border for mouse users, while leaving it intact for tab users. The following JS was suggested on Medium:

function handleFirstTab(e) {          if (e.keyCode === 9) { // the "I am a keyboard user" key         document.body.classList.add('user-is-tabbing');          window.removeEventListener('keydown', handleFirstTab);    }}  window.addEventListener('keydown', handleFirstTab); 

What might this look like if implemented in JQuery instead? For more context see: https://medium.com/hackernoon/removing-that-ugly-focus-ring-and-keeping-it-too-6c8727fefcd2

Getting and setting CSS variables with JQuery in WordPress backend fails

On a WordPress settings page of a plugin I develop, I have to implement a visual element that I want to change by JavaScript. I’ve got my solution working as it should and tested it on code-pen and JSFiddle. But when loading the equivilant code including the script, it will not work.

Here is the schema I’m using: HTML

<div id="origin" class="box"></div> <div id="target" class="box"></div> <button id="toggle-color">Toggle Color</button> 

CSS

:root {   --origin-color: red;   --target-color: blue; }  .box{   width: 150px;   height: 150px; }  #origin{   background-color: var(--origin-color); }  #target{   background-color: var(--target-color); } 

JS (jQuery 3.4.1)

(function( $   ) {     'use strict';     $  (document).ready(function(){               $  ('#toggle-color').on('click', function(event){         event.preventDefault();         var root = $  (":root");         var origin_color = '--origin-color';         var target_color = '--target-color';         var origin_value = root.css(origin_color);         var target_value = root.css(target_color);         root.css(origin_color, target_value);           root.css(target_color, origin_value);         return false;       });   });     })( jQuery ); 

The Problem I have is, that while it is working in test environments in the WordPress backend, the lines where I fetch the colors with

var origin_value = root.css(origin_color); var target_value = root.css(target_color); 

returns ‘undefined’, so the next line where I switch the colors fails.

See my example here: https://jsfiddle.net/tomybyte/hvbc3zu1/6/

I don’t understand why it is working in JSFiddle and code-pen but not when loading in WordPress (yes the code is loaded, I checked that!)

How to make jquery count down timer function manually editable

I have a wordpress theme and I would like to display a certain promo start time in front page. It uses jquery.countdown.min.js and has following default timer settings

var siteCountDown = function() {          if ( $  ('#date-countdown').length > 0 ) {             $  ('#date-countdown').countdown('2020/10/10', function(event) {               var $  this = $  (this).html(event.strftime(''                 + '<span class="countdown-block"><span class="label">%w</span> weeks </span>'                 + '<span class="countdown-block"><span class="label">%d</span> days </span>'                 + '<span class="countdown-block"><span class="label">%H</span> hr </span>'                 + '<span class="countdown-block"><span class="label">%M</span> min </span>'                 + '<span class="countdown-block"><span class="label">%S</span> sec</span>'));             });         }      };     siteCountDown(); 

It displays that promo will start in four months later after now. But I would like to set timer manually via wordpress admin dashboard. Is it possible to insert some php codes in .countdown(‘2020/10/10’ something like

<?php if ($  year = get_option('of_year') && $  month = get_option('of_month') &&  $  day = get_option('of_day') ) { ?> .countdown('<?php echo $  year; ?>/<?php echo $  month; ?>/<?php echo $  day; ?> <?php }  ?> 

so that I can edit promo start time manually

My options are:

$  options[] = array( "name" => "Year",                     "desc" => "promo start year",                     "id" => $  shortname."_promo_year",                     "std" => "",                     "type" => "tex");   $  options[] = array( "name" => "Mount",                     "desc" => "promo start month",                     "id" => $  shortname."_promo_month",                     "std" => "",                     "type" => "tex");  $  options[] = array( "name" => "Day",                     "desc" => "promo start day",                     "id" => $  shortname."_promo_day",                     "std" => "",                     "type" => "tex"); 

JQuery calling a Custom PHP function (Works in Dev but not in WordPress)

My code is working fine on my localhost in my development environment which is outside of the WordPress press environment. I know the PHP function is working. I am able to send test votes to my server from my localhost on my PC.

Problem: I cannot get this to work in WordPress.

My Thoughts I think it’s a path issue, but I’ve tried putting the PHP script in the root and using a full path. I am not getting any errors in the web browser console (f12).

WordPress Version: 5.4.1 I put my custom php code into “/wp-contents/custom-php/votifier.php” My JQuery script is in the header. (yes, I know I should put it in the footer.)

The Button

<div id="voteButton"> <button type="button">Try it</button> </div> 

Localhost Version

<script> $  (document).ready(function(){   $  ("#voteButton").click(function(){     $  .post("votifier/votifier.php",     {       key: $  .trim($  ("#field_yjr62").val()),       ip: $  ('input[name="item_meta[40]"]').val(),       port: $  ('input[name="item_meta[42]"]').val(),       service: "Votifier",       username: $  ('input[name="item_meta[59]"]').val()     },     function(data,status){       alert("Data: " + data + "\nStatus: " + status);     });   }); }); </script>  

WordPress Version

<script> jQuery(document).ready(function( $   ) {   jQuery("#voteButton").click(function(){     $  .post("/home/xxxxxxxxxxxx/public_html/wp-content/custom-php/votifier.php",     {       key: $  .trim($  ("#field_yjr62").val()),       ip: $  ('input[name="item_meta[40]"]').val(),       port: $  ('input[name="item_meta[42]"]').val(),       service: "Votifier",       username: $  ('input[name="item_meta[59]"]').val()     },     function(data,status){       alert("Data: " + data + "\nStatus: " + status);     });   }); }); </script> 

My Custom PHP Script

<?php  const VOTE_FORMAT = "VOTE\n%s\n%s\n%s\n%d\n"; const PUBLIC_KEY_FORMAT = "-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----";  $  public_key     = formatPublicKey($  _POST['key']); $  server_ip      = $  _POST["ip"]; $  port           = $  _POST["port"]; $  service_name   = $  _POST["service"]; $  username       = $  _POST["username"];  sendVote($  username, $  public_key, $  server_ip, $  port, $  service_name);  function formatPublicKey($  public_key) {     $  public_key = wordwrap($  public_key, 65, "\n", true);     $  public_key = sprintf(PUBLIC_KEY_FORMAT, $  public_key);     return $  public_key; }  function sendVote($  username, $  public_key, $  server_ip, $  port, $  service_name) {       if (php_sapi_name() !== 'cli') {         //Detect proxy and use correct IP.         $  address = isset($  _SERVER['HTTP_X_FORWARDED_FOR']) ? $  _SERVER['HTTP_X_FORWARDED_FOR'] : $  _SERVER['REMOTE_ADDR'];     } else {         //Script is run via CLI, use server name.         $  address = $  _SERVER['SERVER_NAME'];     }      $  data = sprintf(VOTE_FORMAT, $  service_name, $  username, $  address, time());     openssl_public_encrypt($  data, $  crypted, $  public_key);     $  socket = @fsockopen($  server_ip, $  port);      if ($  socket) {         if (fwrite($  socket, $  crypted)) {             fclose($  socket);             return true;         }     }      return false; } ?> 

DOM XSS via JQuery function init()

Burp reported potential DOM XSS. Data is read from location and passed to the ‘init()’ function of JQuery via:

var table = location['table'] || location['sysparm_table']; snPresence.init(table, sys_id, query); 

URL looks as such,

https://publicsite.com/scripts/Scoreboard/js_includes_cmdb_scoreboard.jsx

Is this vulnerable? How can I check if vulnerable with Chrome DevTools?

Portswigger also mentions the init() sink of JQuery as leading to DOM XSS
https://portswigger.net/web-security/cross-site-scripting/dom-based