Merge branch 'release/2.32.0'

Author: Misplon

changelog.txt

@@ -1,5 +1,13 @@
 == Changelog ==
 
+= 2.32.0 – 13 June 2025 =
+* Background Image: Added Alt Text setting for improved accessibility.
+* Layout Block: Added additional PanelsData check and prevented potential JavaScript null quirk.
+* Layout Builder: Fixed potential object.keys issue when removing all blocks.
+* Polylang: Prevented undefined sync warning.
+* Improved security with enhanced parameter sanitization across admin features.
+* Code Quality: Updated WordPress PHP Coding Standards compliance.
+
 = 2.31.8 – 12 May 2025 =
 * Border Styles: Improved handling of multiple border values.
 * Multi-select: Fixed type error in field handling.

compat/js/siteorigin-panels-layout-block.js

@@ -81,7 +81,7 @@ function (_wp$element$Component) {
     key: "initializeState",
     value: function initializeState(props) {
       var newState = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : true;
-      var hasPanelsData = _typeof(props.panelsData) === 'object' && Object.keys(props.panelsData).length > 0;
+      var hasPanelsData = props.panelsData && _typeof(props.panelsData) === 'object' && Object.keys(props.panelsData).length > 0;
       var isDefaultModeEdit = window.soPanelsBlockEditorAdmin.defaultMode === 'edit';
       var editMode = hasPanelsData === true ? isDefaultModeEdit : true;
       this.initialState = {
@@ -238,8 +238,13 @@ function (_wp$element$Component) {
           return true;
         }
 
-        if (!newPanelsData || !oldPanelsData || _typeof(newPanelsData) !== 'object' && _typeof(oldPanelsData) !== 'object') {
+        if (!newPanelsData || !oldPanelsData) {
           return newPanelsData === oldPanelsData;
+        } // If neither newPanelsData nor oldPanelsData are objects, assume they're not the same.
+
+
+        if (_typeof(newPanelsData) !== 'object' || _typeof(oldPanelsData) !== 'object') {
+          return false;
         }
 
         var keys = Object.keys(newPanelsData);
@@ -412,7 +417,7 @@ wp.blocks.registerBlockType('siteorigin-panels/layout-block', {
         toggleSelection = _ref.toggleSelection;
 
     var onLayoutBlockContentChange = function onLayoutBlockContentChange(newPanelsData) {
-      if (_typeof(newPanelsData.widgets) === 'object' && Object.keys(newPanelsData.widgets).length > 0) {
+      if (newPanelsData.widgets !== null && _typeof(newPanelsData.widgets) === 'object' && Object.keys(newPanelsData.widgets).length > 0) {
         // Send panelsData to server for sanitization.
         var isNewWPBlockEditor = jQuery('.widgets-php').length;
 

compat/js/siteorigin-panels-layout-block.jsx

@@ -11,7 +11,10 @@ class SiteOriginPanelsLayoutBlock extends wp.element.Component {
 	}
 
 	initializeState(props, newState = true) {
-		const hasPanelsData = typeof props.panelsData === 'object' && Object.keys( props.panelsData ).length > 0;
+		const hasPanelsData = props.panelsData &&
+			typeof props.panelsData === 'object' &&
+			Object.keys( props.panelsData ).length > 0;
+			
 		const isDefaultModeEdit = window.soPanelsBlockEditorAdmin.defaultMode === 'edit';
 		const editMode = hasPanelsData === true ? isDefaultModeEdit : true;
 
@@ -169,15 +172,16 @@ class SiteOriginPanelsLayoutBlock extends wp.element.Component {
 				return true;
 			}
 
+			if ( ! newPanelsData || ! oldPanelsData ) {
+				return newPanelsData === oldPanelsData;
+			}
+
+			// If neither newPanelsData nor oldPanelsData are objects, assume they're not the same.
 			if (
-				! newPanelsData ||
-				! oldPanelsData ||
-				(
-					typeof newPanelsData !== 'object' &&
-					typeof oldPanelsData !== 'object'
-				)
+				typeof( newPanelsData ) !== 'object' ||
+				typeof( oldPanelsData ) !== 'object'
 			) {
-				return newPanelsData === oldPanelsData;
+				return false;
 			}
 
 			var keys = Object.keys( newPanelsData );
@@ -370,8 +374,9 @@ wp.blocks.registerBlockType( 'siteorigin-panels/layout-block', {
 		let onLayoutBlockContentChange = ( newPanelsData ) => {
 
 			if (
-				typeof newPanelsData.widgets === 'object' &&
-				Object.keys( newPanelsData.widgets ).length > 0
+				newPanelsData.widgets !== null && 
+			    typeof newPanelsData.widgets === 'object' &&
+			    Object.keys( newPanelsData.widgets ).length > 0
 			) {
 				// Send panelsData to server for sanitization.
 				var isNewWPBlockEditor = jQuery( '.widgets-php' ).length;

compat/polylang.php

@@ -42,13 +42,13 @@ private function get_pll_language_cache( $post_id ) {
 		}
 
 		$language_data = maybe_unserialize( $terms[0]->description );
-		$sync_data = $language_data['sync'];
 
 		// If there's no sync data, there's nothing to sync.
 		if ( empty( $language_data['sync'] ) || ! is_array( $language_data['sync'] ) ) {
 			return $this->pll_language_cache[ $post_id ] = array();
 		}
 
+		$sync_data = $language_data['sync'];
 		unset( $language_data['sync'] );
 
 		return $this->pll_language_cache[ $post_id ] = array(

compat/seopress.php

@@ -1,6 +1,6 @@
 <?php
 function siteorigin_panels_seopress_compat( $content ) {
-	$id = empty( $_GET['post'] ) ? $_GET['post_id'] : $_GET['post'];
+	$id = empty( $_GET['post'] ) ? (int) $_GET['post_id'] : (int) $_GET['post'];
 	if ( ! empty( $id ) ) {
 		$page_builder_data = get_post_meta( $id, 'panels_data', true );
 		if ( ! empty( $page_builder_data ) ) {

css/front-flex.less

@@ -105,3 +105,12 @@ body.siteorigin-panels-before-js:not(.siteorigin-panels-css-container) {
 		padding-left: 1000px !important;
 	}
 }
+
+.so-sr-only {
+	height :1px;
+	left: -10000px;
+	overflow: hidden;
+	position: absolute;
+	top: auto;
+	width: 1px;
+}

inc/admin-layouts.php

@@ -234,9 +234,9 @@ public function action_get_prebuilt_layouts() {
 		// Get any layouts that the current user could edit.
 		header( 'content-type: application/json' );
 
-		$type = ! empty( $_REQUEST['type'] ) ? $_REQUEST['type'] : 'directory-siteorigin';
-		$search = ! empty( $_REQUEST['search'] ) ? trim( strtolower( $_REQUEST['search'] ) ) : '';
-		$page_num = ! empty( $_REQUEST['page'] ) ? (int) $_REQUEST['page'] : 1;
+		$type = ! empty( $_REQUEST['type'] ) ? sanitize_key( $_REQUEST['type'] ) : 'directory-siteorigin';
+		$search = ! empty( $_REQUEST['search'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['search'] ) ) : '';
+		$page_num = ! empty( $_REQUEST['page'] ) ? intval( $_REQUEST['page'] ) : 1;
 
 		$return = array(
 			'title' => '',
@@ -426,11 +426,14 @@ public function decode_panels_data( $data, $file = null ) {
 	 * Ajax handler to get an individual prebuilt layout
 	 */
 	public function action_get_prebuilt_layout() {
-		if ( empty( $_REQUEST['type'] ) ) {
+		$type = isset( $_REQUEST['type'] ) ? sanitize_key( $_REQUEST['type'] ) : '';
+		$layout_id = isset( $_REQUEST['lid'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['lid'] ) ) : '';
+
+		if ( empty( $type ) ) {
 			wp_die();
 		}
 
-		if ( ! isset( $_REQUEST['lid'] ) ) {
+		if ( empty( $layout_id ) ) {
 			wp_die();
 		}
 
@@ -442,20 +445,20 @@ public function action_get_prebuilt_layout() {
 		$panels_data = array();
 		$raw_panels_data = false;
 
-		if ( $_REQUEST['type'] == 'prebuilt' ) {
+		if ( $type == 'prebuilt' ) {
 			$layouts = apply_filters( 'siteorigin_panels_prebuilt_layouts', array() );
 
 			if (
-				! is_numeric( $_REQUEST['lid'] ) &&
-				empty( $layouts[ $_REQUEST['lid'] ] )
+				! is_numeric( $layout_id ) &&
+				empty( $layouts[ $layout_id ] )
 			) {
 				wp_send_json_error( array(
 					'error'   => true,
 					'message' => __( 'Missing layout ID or no such layout exists', 'siteorigin-panels' ),
 				) );
 			}
 
-			$layout = $layouts[ $_REQUEST['lid'] ];
+			$layout = $layouts[ $layout_id ];
 
 			// Fix the format of this layout
 			if ( ! empty( $layout[ 'filename' ] ) ) {
@@ -470,7 +473,7 @@ public function action_get_prebuilt_layout() {
 			}
 
 			// A theme or plugin could use this to change the data in the layout
-			$panels_data = apply_filters( 'siteorigin_panels_prebuilt_layout', $layout, $_REQUEST['lid'] );
+			$panels_data = apply_filters( 'siteorigin_panels_prebuilt_layout', $layout, $layout_id );
 
 			// Remove all the layout specific attributes
 			if ( isset( $panels_data['name'] ) ) {
@@ -486,14 +489,14 @@ public function action_get_prebuilt_layout() {
 			}
 
 			$raw_panels_data = true;
-		} elseif ( substr( $_REQUEST['type'], 0, 10 ) == 'directory-' ) {
-			$directory_id = str_replace( 'directory-', '', $_REQUEST['type'] );
+		} elseif ( substr( $type, 0, 10 ) == 'directory-' ) {
+			$directory_id = str_replace( 'directory-', '', $type );
 
 			$directories = $this->get_directories();
 			$directory = ! empty( $directories[ $directory_id ] ) ? $directories[ $directory_id ] : false;
 
 			if ( ! empty( $directory ) ) {
-				$url = $directory[ 'url' ] . 'layout/' . urlencode( $_REQUEST[ 'lid' ] ) . '/?action=download';
+				$url = $directory[ 'url' ] . 'layout/' . urlencode( $layout_id ) . '/?action=download';
 
 				if ( ! empty( $directory[ 'args' ] ) && is_array( $directory[ 'args' ] ) ) {
 					$url = add_query_arg( $directory[ 'args' ], $url );
@@ -512,8 +515,8 @@ public function action_get_prebuilt_layout() {
 				}
 			}
 			$raw_panels_data = true;
-		} elseif ( current_user_can( 'edit_post', $_REQUEST['lid'] ) ) {
-			$panels_data = get_post_meta( $_REQUEST['lid'], 'panels_data', true );
+		} elseif ( current_user_can( 'edit_post', $layout_id ) ) {
+			$panels_data = get_post_meta( $layout_id, 'panels_data', true );
 
 			// Clear id and timestamp for SO widgets to prevent 'newer content version' notification in widget forms.
 			foreach ( $panels_data['widgets'] as &$widget ) {

inc/admin-widgets-bundle.php

@@ -35,11 +35,11 @@ public function render_page() {
 		if ( isset( $_GET[ sanitize_key( 'plugin' ) ] ) && ( isset( $_GET[ sanitize_key( 'siteorigin-pa-install' ) ] ) && 'install-plugin' == $_GET[ sanitize_key( 'siteorigin-pa-install' ) ] ) && current_user_can( 'install_plugins' ) ) {
 			check_admin_referer( 'siteorigin-pa-install' );
 
-			$plugin['name'] = $_GET['plugin_name']; // Plugin name
-			$plugin['slug'] = $_GET['plugin']; // Plugin slug
+			$plugin['name'] = sanitize_text_field( wp_unslash( $_GET['plugin_name'] ) ); // Plugin name
+			$plugin['slug'] = sanitize_text_field( wp_unslash( $_GET['plugin'] ) ); // Plugin slug
 
 			if ( ! empty( $_GET['plugin_source'] ) ) {
-				$plugin['source'] = $_GET['plugin_source'];
+				$plugin['source'] = esc_url_raw( $_GET['plugin_source'] );
 			} else {
 				$plugin['source'] = false;
 			}

inc/styles-admin.php

@@ -30,7 +30,7 @@ public function action_style_form() {
 			);
 		}
 
-		$type = $_REQUEST['type'];
+		$type = isset( $_REQUEST['type'] ) ? sanitize_key( $_REQUEST['type'] ) : '';
 
 		if ( ! in_array( $type, array( 'row', 'cell', 'widget' ) ) ) {
 			wp_die(
@@ -40,12 +40,12 @@ public function action_style_form() {
 			);
 		}
 
-		$post_id = empty( $_REQUEST['postId'] ) ? 0 : $_REQUEST['postId'];
+		$post_id = empty( $_REQUEST['postId'] ) ? 0 : (int) $_REQUEST['postId'];
 		$args = ! empty( $_POST['args'] ) ? json_decode( stripslashes( $_POST['args'] ), true ) : array();
 
 		$current = apply_filters(
 			'siteorigin_panels_general_current_styles',
-			isset( $_REQUEST['style'] ) ? $_REQUEST['style'] : array(),
+			isset( $_REQUEST['style'] ) ? wp_unslash( $_REQUEST['style'] ) : array(),
 			$post_id,
 			$type,
 			$args

inc/styles.php

@@ -56,6 +56,11 @@ public function __construct() {
 			add_filter( 'siteorigin_panels_inside_cell_before', array( $this, 'add_parallax' ), 10, 2 );
 			add_filter( 'siteorigin_panels_inside_widget_before', array( $this, 'add_parallax' ), 10, 2 );
 		}
+
+		// Background Alt Text.
+		add_action( 'siteorigin_panels_inside_row_before', array( $this, 'maybe_add_background_alt' ), 10, 2 );
+		add_action( 'siteorigin_panels_inside_cell_before', array( $this, 'maybe_add_background_alt' ), 10, 2 );
+		add_action( 'siteorigin_panels_inside_widget_before', array( $this, 'maybe_add_background_alt' ), 10, 2 );
 	}
 
 	public static function single() {
@@ -234,6 +239,14 @@ public static function get_general_style_fields( $id, $label ) {
 			'priority'    => 6,
 		);
 
+		$fields['background_image_alt'] = array(
+			'name'        => __( 'Background Image Alt Text', 'siteorigin-panels' ),
+			'type'        => 'text',
+			'group'       => 'design',
+			'priority'    => 7,
+			'description' => __( 'Leave empty for decorative images.', 'siteorigin-panels' ),
+		);
+
 		$fields['background_display'] = array(
 			'name'        => __( 'Background Image Display', 'siteorigin-panels' ),
 			'type'        => 'select',
@@ -1404,4 +1417,56 @@ public static function get_attachment_image_src( $image, $size = 'full' ) {
 			return ! empty( $matches ) ? $matches : false;
 		}
 	}
+
+	/**
+	 * If the current context has a background image and alt text set,
+	 * add the alt text inside and before the context's HTML.
+	 *
+	 * @param string $before The HTML before the context.
+	 * @param array $context An array containing the the current context's data.
+	 *
+	 * @return string The modified HTML with the background alt text added if applicable.
+	 *
+	 */
+	public function maybe_add_background_alt( $before, $context ) {
+		if ( empty( $context['style'] ) ) {
+			return $before;
+		}
+
+		// Does this context have a background image set?
+		if (
+			empty( $context['style']['background_image_attachment'] ) &&
+			empty( $context['style']['background_image_attachment_fallback'] )
+		) {
+			return $before;
+		}
+
+		// Is alt text set?
+		if ( empty( $context['style']['background_image_alt'] ) ) {
+			return $before;
+		}
+
+		// Work out the current context type.
+		switch( current_filter() ) {
+			case 'siteorigin_panels_inside_row_before':
+				$context_type = 'row';
+				break;
+			case 'siteorigin_panels_inside_cell_before':
+				$context_type = 'cell';
+				break;
+			case 'siteorigin_panels_inside_widget_before':
+				$context_type = 'widget';
+				break;
+			default:
+				$context_type = '';
+				break;
+		}
+
+		// Add the background alt text.
+		$before .= "<div class='so-panels-background-alt so-sr-only $context_type'>";
+		$before .= esc_html( $context['style']['background_image_alt'] );
+		$before .= '</div>';
+
+		return $before;
+	}
 }