Beschrijving
Manage all your custom content needs in one location with the Pods Framework.
- Create content types including Custom Post Types, Custom Taxonomies, and our special Advanced Content Types (ACTs get their own custom tables)
- Extend and customize content types including Posts, Pages, Categories, Tags, Users, and Media with one easy click
- Create custom settings pages easily within seconds
- Add custom fields to any content type
- Conditionally show fields based on the value of other fields with Conditional Logic
- Group your fields however you’d like into their own sections and add additional headings to help organize
- Show your fields anywhere using our blocks, shortcodes, widgets, or the non-coder Pods Template approach along with our automatic theme integration
- Create connections between any of your content with relationship fields to keep your content organized
Let Pods help you grow your development and site building skills so that you can manage content beyond the standard WordPress Posts & Pages.
Want to check it out? Give Pods a test drive with our new One-click Demo.
Check out our Documentation, Support Forums, and our Live Community Slack Chat for assistance building your dream project with Pods.
Introductie
Content types that evolve with your needs
Create any type of content that you want — small or large — we’ve got you covered. Every content type created with Pods gets all the love it needs to grow up big and strong. You’ll get an easy-to-use interface that lets you manage field groups, custom fields, and how your content type will look or function.
Create new content types
With Pods, you can create entirely new content types and settings pages.
Every Field Type, FREE
If you choose to use Pods for your custom fields, you’ll get every field type you need, free of charge. Pods works great alongside other custom field plugins like Advanced Custom Fields too.
We have an extensive collection of over 25 different input types to choose from on 20+ different field types for any content structure. Each field type comes with their own additional options to help you customize content entry and display.
You can also control visibility by role/capability and other advanced options.
- Repeatable Fields: Turn almost any field into a repeatable field with multiple values
- Text: Plain Text, Website, Phone, Email, Password
- Paragraph: Plain Paragraph Text, WYSIWYG (Visual Editor), Code (Syntax Highlighting)
- Date / Time: Date and Time, Date, Time
- Number: Plain Number, Currency (30+ international currencies)
- Relationships / Media: File / Image / Video (Media library and basic upload options available), Avatar (for extended Users), oEmbed, Relationship (Dropdown, Multi Select, Autocomplete, Checkboxes, Radio Buttons, and List View available)
- Checkbox (Yes / No)
- Color Picker
- Layout Fields: Heading text, HTML content
Relationships to rule the world with
The power is in your hands with our comprehensive support to relate your content to anything.
- Custom defined lists of text options
- Relate to any Post Type or Taxonomy posts / terms
- Relate to any User profile
- Relate to User Roles or Capabilities
- Relate to any Comment
And many other relationships are also available including:
- Image Sizes
- Navigation Menus
- Relate to content within any Database Table
- Countries (predefined)
- US States (predefined)
- Canadian Provinces (predefined)
- Calendar – Days of Week (predefined)
- Calendar – Months of Year (predefined)
- And many more!
Optional Components to do even more
You can enable some of our included components to extend your WordPress site even further:
- Types-only Mode – On our Pods Settings page, you can choose to disable creating custom fields for a performance boost if you only want to use Pods for content types or you plan on using it alongside of other custom field plugins
- Pods Templates – Use our template engine to create templates that can be handed off to clients for care-free management
- Markdown Syntax – Parses Markdown Syntax for Paragraph Text / WYSIWYG fields
- Advanced Relationships – Add even more relationship objects including Database Tables, Multisite Networks, Multisite Sites, Themes, Page Templates (in the theme), Sidebars, Post Type Objects, and Taxonomy Objects
- Table Storage – Enable table-based database storage for custom fields on Post Types, Media, Users, and Comments
- Roles and Capabilities – Create or edit Roles for your site and customize what they have access to
- Advanced Content Types – Create entirely custom content types that have their own database table, and they will exist outside the normal WordPress context avoiding meta database tables
- Pods Pages – Create custom pages that function off of your site’s URL path with wildcard support and choose the Page Template in the theme to use — most useful paired with Advanced Content Types
Plugins that integrate with Pods
- Advanced Views Lite – Lets you build templates (views) and queries (cards) so that you can manage your content rendering with less code. (Disclaimer: We have an affiliate link to them to help support our project)
- Bricks Builder
- Codepress Admin Columns using premium Admin Columns Pro Pods integration
- Conductor
- Elementor Pro
- Polylang has direct integration in Pods itself
- Timber
- WPGraphQL has direct integration in Pods itself
- WPML has direct integration in Pods itself
- YARPP has direct integration in Pods itself
Themes that integrate with Pods
- Genesis (StudioPress) has direct integration in Pods itself
Extend Pods with Free Add-Ons
- Pods Beaver Themer Add-On – Integrates Pods with Beaver Themer
- Pods Gravity Forms Add-On – Integrates Pods with Gravity Forms
- Pods Alternative Cache Add-On – Speed up Pods on servers with limited object caching capabilities
- Pods SEO Add-On – Integrates Pods Advanced Content Types with Yoast SEO
- Pods AJAX Views Add-On – Adds new functions you can use to output template parts that load via AJAX after other page elements
Breid Pods uit met gratis add-ons van derden
- Paid Memberships Pro – Pods Add On – Integrates Pods with Paid Memberships Pro to extend PMPro objects with custom fields added by Pods
- Panda Pods Repeater Field Add-On – Laat je toe herhalende veldgroepen toe te voegen die worden opgeslagen in hun eigen aangepaste databasetabel (Geavanceerde configuratie vereist)
Pods Pro by SKCDEV Premium Add-Ons
- List Tables Add-On – A new block and shortcode to list/filter content from Pods in a table format
- Page Builder Toolkit Add-On – Integrates Pods with Beaver Builder, Beaver Themer, Conditional Blocks Pro, Divi Theme, Elementor, GenerateBlocks, Oxygen Builder, and Stackable Blocks (premium)
- Advanced Relationships Storage Add-On – Advanced options for relationship storage
- TablePress Integration Add-On – Integrates Pods with TablePress
- Advanced Permalinks Add-On – Advanced permalink structures and taxonomy landing pages
How can I translate Pods into my own language?
Many thanks go out to the fine folks who have helped us translate the Pods plugin into many other languages.
Join us in further translating the Pods interface on the official Translating WordPress dashboard
We are also available through our Live Community Slack Chat to help our translators get started and to support them on the process.
Are you looking to translate your Pods and Fields themselves? You’ll want to enable the “Translate Pods” component from Pods Admin > Components.
Bijdragers
Pods really wouldn’t be where it is without all the contributions from our donors and code/support contributors.
Schermafdrukken
Blokken
Deze plugin heeft 6 blokken.
- Pods Field Value Display a single Pod item's field value (custom fields).
- Pods Single Item – List Fields Display fields for a single Pod item.
- Pods View Include a file from a theme, with caching options
- Pods Item List List multiple Pod items.
- Pods Single Item Display a single Pod item.
- Pods Form Display a form for creating and editing Pod items.
Installatie
- Unpack the entire contents of this plugin zip file into your
wp-content/plugins/
folder locally - Upload to your site
- Navigate to
wp-admin/plugins.php
on your site (your WP Admin plugin page) - Activeer deze plugin
OR you can just install it with WordPress by going to Plugins >> Add New >> and type this plugin’s name
FAQ
-
Waar kunnen we terecht voor ondersteuning met je plugin?
-
Our primary Support is handled through our Support Forums. For the fastest support, you can contact us on our Live Community Slack Chat in the #support channel. We do not staff our Slack channel 24/7, but we do check any questions that come through daily and reply to any unanswered questions.
Ook hebben we een community aan Pods gebruikers en ontwikkelaars die actief zijn op Slack dus je kan zeker zijn dat je vraag snel beantwoord zal worden. We beantwoorden onze forum vragen minimaal eens per week met vervolg in het verloop van de week. Mede omdat we onze middelen aan het focussen zijn op het herstructureren en verbeteren van onze documentatie.
-
Where do I report bugs or request features?
-
Als je een bug gevonden hebt of een idee hebt voor een nieuwe functie verwijzen we je graag door naar onze GitHub repository op https://github.com/pods-framework/pods/issues/new. Wees zeer specifiek over wat voor probleem je precies hebt en voeg schermafbeeldingen en/of andere configuratie parameters toe die ons kunnen helpen het probleem te vinden.
-
Werkt Pods met mijn thema?
-
Most likely the answer is yes. We don’t require any special CSS or display attributes to use Pods with your theme, so you should have little to no difficulty showing your content in your theme. If you encounter any issues, contact your theme developer and ask them about their support for the standard WordPress theming functions and how to use WordPress Template Hierarchy with their theme.
Beoordelingen
Bijdragers & ontwikkelaars
“Pods – Aangepaste Content Typen en Velden” is open source software. De volgende personen hebben bijgedragen aan deze plugin.
Bijdragers“Pods – Aangepaste Content Typen en Velden” is vertaald in 129 talen. Dank voor de vertalers voor hun bijdragen.
Vertaal “Pods – Aangepaste Content Typen en Velden” naar jouw taal.
Interesse in ontwikkeling?
Bekijk de code, haal de SVN repository op, of abonneer je op het ontwikkellog via RSS.
Changelog
3.2.8.1 – November 22nd, 2024
- Security: Resolve stored XSS issue with the File Upload field Add Button Text option. Props to the CleanTalk / Dmitrii Ignatyev for responsibly reporting this (their second report, they are doing good work!). (@sc0ttkclark)
- Security: Harden the use of values within id and class HTML attributes in Pods form elements. (@sc0ttkclark)
3.2.8 – November 17th, 2024
REMINDER: PHP support for Pod Templates and Pod Pages been turned off by default in Pods 3.2.7+ (PODS_DISABLE_EVAL
constant set to false
can be used to re-enable it). It will be completely removed in Pods 3.3 after being deprecated back in Pods 2.3. (@sc0ttkclark)
- Feature: Migrate the PHP in your Pod Templates and Pod Pages directly into your current theme with a new Pods Admin > Tools > Migrate PHP tool. We recommend you use a child theme that you control. PHP warnings now appear on the Pod Template and Pod Page editor screens to prompt you to run the migration. (@sc0ttkclark)
- Feature: Updated the design and user experience of the various guided screens inside of the Pods Admin to make it easier to read and click through on small screens. (@sc0ttkclark, @heybran)
- Enhanced: Pod Page template part handling for PHP template files now passes the
$pods
variable. (@sc0ttkclark) - Enhanced: Added support for parsing magic tags in Pod Template files in the theme when you set the PHP header comment
Magic Tags: Enabled
. (@sc0ttkclark) - Enhanced: Run wpautop on Pods Item List and Pods Related Item List blocks for the “not found” content if they are not already formatted. (@sc0ttkclark)
- Fixed: Only running wpautop for block the Pods Field block content if it does not contain div, ul, ol, heading, or p HTML tags. (@sc0ttkclark)
- Fixed: Resolve issue with empty strings showing when using magic tags before/after functionality. (@JoryHogeveen)
- Fixed: Ignore more internal WP post types and taxonomies plus others from other plugins.
- Fixed: Move load_plugin_textdomain usage into init and make it optional with the constant
PODS_LOAD_TEXTDOMAIN
set totrue
. It is no longer needed for WordPress.org plugins but may be needed in the future for testing. (@sc0ttkclark) - Fixed: When getting plugin data, don’t make it translatable. (@sc0ttkclark)
- Fixed: When saving bidirectional relationship, attempt to save hook up existing related items data in the
wp_podsrel
table with the bidirectional connection. (@sc0ttkclark) - Fixed: Resolve PHP notices with site debug information. (@sc0ttkclark)
- Fixed: Resolve PHP warnings with empty template code. (@sc0ttkclark)
- Fixed: More improvements to Pod Page and Pod Template file loading from themes. (@sc0ttkclark)
- Fixed: Resolve issue with slug fields not formatting as expected. (@sc0ttkclark)
- Fixed: SCSS migrated from
@import
to@use
for compatibility with the latest versions of our SCSS scripting. (@sc0ttkclark)
3.2.7.1 – October 9th, 2024
- Security: Lock down heading field to only specific allowed HTML tags and preventing it from being used to insert malicious scripts. Props to the CleanTalk / Dmitrii Ignatyev for responsibly reporting this. (@sc0ttkclark)
3.2.7 – August 28th, 2024
- Feature: New Pods Related Item List block that works like a Pods Item List block but uses the Pods Single Item block context where you specify a relationship field name to reference. (@sc0ttkclark)
- Feature: You can now link field value output from Pods Field Value block to any website field or just use
permalink
to link to the current item of the field. Works with single select relationship field as the link reference. (@sc0ttkclark) - Feature: Add support for having multiple filters/pagination on the same page when using Pods shortcodes/blocks. (@sc0ttkclark)
- Feature: When a relationship field is using Taxonomy syncing, you can not choose to hide the Taxonomy UI from the Block Editor and Classic Editor. (@sc0ttkclark)
- Feature: New support for Query Monitor now shows Pods debug logs in a QM panel. (@sc0ttkclark)
- Tweak: Toggle add file button on single file field depending on whether a file is provided yet. #7315 (@heybran)
- Tweak: Added a
<p>
wrapper for the span-based pagination. (@sc0ttkclark) - Removed: PHP support for Pod Templates and Pod Pages has been finally turned off by default (
PODS_DISABLE_EVAL
constant set tofalse
can be used to re-enable it). It will be completely removed in Pods 3.3 after being deprecated back in Pods 2.3. (@sc0ttkclark) - Fixed: Improve REST authentication method to support other auth forms when registering fields. #7340 #7341 (@JoryHogeveen, @sc0ttkclark)
- Fixed: Fix invalid default value for REST API
write_all
option. #7339 (@JoryHogeveen) - Fixed: Resolve issue with Taxonomy syncing for relationship fields. #7336 #7334 (@pdclark, @sc0ttkclark)
- Fixed: Add fallback for clipboard.writeText. #7314 (@heybran)
- Fixed: Reset items loop before running the fetch loop in
Pods::template()
and the Templates component. (@sc0ttkclark) - Fixed: Resolve issues with cached queries in PodsData not having the correct corresponding total found for pagination. (@sc0ttkclark)
- Fixed: More phpstan/phpcs fixes across the codebase. (@sc0ttkclark)
3.2.6 – July 22nd, 2024
- Fixed: Resolve issue with WordPress 6.5 and earlier compatibility by adding polyfill for
react-jsx-runtime
dependency that WP 6.6 related tooling now requires. (@sc0ttkclark) - Fixed: Resolve
register_meta
issue where it wasn’t checking if post type supported revisions before setting meta key as revisionable. (@sc0ttkclark) - Tweak: Partial work towards a fix for REST API update handling for meta fields which was broken in a previous release. Final fix will be in Pods 3.2.7. (@sc0ttkclark)
3.2.5 – July 19th, 2024
- Fixed: Resolve issue with WordPress 6.6 compatibility that caused Pods Admin > Edit Pod and Pods forms to stop working properly on some sites. (@sc0ttkclark, @swissspidy)
- Fixed: Resolve PHP deprecated notices with null being passed into certain htmlspecialchars related functions. (@sc0ttkclark)
3.2.4 – July 15th, 2024
- Feature: Allow restricting media library for File fields to only showing attachments associated to the current post ID. (@sc0ttkclark)
- Feature: Allow File field to automatically use the first file saved as the featured image for the post. (@sc0ttkclark)
- Feature: Add support for Post Types that have associated Taxonomies to have a Relationship field which will automatically sync to the corresponding taxonomy on save. (@sc0ttkclark)
- Fixed: Register meta handling now properly loads when enabled. (@sc0ttkclark)
- Fixed: Remove always visible scrollbar from Settings modal panel container since it does not scroll. (@sc0ttkclark)
- Fixed: REST API Show All Fields setting for a Pod now works as expected again. (@sc0ttkclark)
3.2.3 – July 15th, 2024
The Pods 3.2.3 release turned into Pods 3.2.4 after an failed attempt at hijacking our plugin on WordPress.org was accidentally documented by online security vulnerability databases as successful.
To be safe and sure that those who are using Pods do not mistake Pods 3.2.3 as a vulnerable release, we will instead release the next version as Pods 3.2.4.
3.2.2 – June 18th, 2024
- Feature: You can now turn on Taxonomy filters for a Custom Taxonomy so that you see a dropdown filter on the list of posts for any associated post types. (@sc0ttkclark)
- Added: Pods Templates > Support for comments on post types using Pods Templates using
[each comments]
and[if comments]
. (@sc0ttkclark) - Added: REST API > Add support for determining whether to require person to be logged in to read values for custom fields (default: login not required). (@sc0ttkclark)
- Added: Automatically redirect to the proper edit URL when going to the Pods Admin > Edit Pods page for a specific pod but
id=XX
is the slug. (@sc0ttkclark) - Tweak: Accessibility > Make it easier to copy and paste field names for the Edit Pod screen with a new copy icon you can click. #7291 #7237 (@heybran, @sc0ttkclark)
- Tweak: Responsive UI > Improved appearance for the Edit Pod screen for smaller screens. (@sc0ttkclark)
- Fixed: Security hardening > Sanitize HTML before passing into Pods field inputs for paragraph/code/wysiwyg field types to cover additional cases where something could make it past the sanitization process on save. (@sc0ttkclark)
- Fixed: Accessibility > Add label for color fields in the Pods Blocks API so it shows the label and not just the color input itself. #7306 #7305 (@pdclark)
- Fixed: Group and field names now generate in the UI as expected. (@sc0ttkclark)
- Fixed: Compatibility > Date, Date/Time, and Time default values now use single quotes to ensure maximum compatibility with various SQL engines. (@sc0ttkclark)
- Fixed: Compatibility > More PHP compatibility issues with
trim()
related function usage resolved. (@sc0ttkclark) - Fixed: Code quality > Various phpstan/phpcs issues resolved. (@sc0ttkclark)
3.2.1.1 – May 8th, 2024
Security Release
- Security hardening: Enforce safe URLs for Pods form submission confirmation page URLs. Props to the wesley (wcraft) / Wordfence for responsibly reporting this. (@sc0ttkclark)
3.2.1 – March 29th, 2024
- Performance: The Advanced Filters popup now uses Autocomplete for relationship fields to improve performance for large itemsets. FYI filters are a feature in the Manage Content UI for Advanced Content Types only. (@sc0ttkclark)
- Fixed: Conditional logic for display callbacks ‘allowed’ field now showing when choosing the Customized option. (@sc0ttkclark)
- Fixed: PHP 8.1 compatibility fix for null values passed to esc_* functions in WP. (@sc0ttkclark)
- Fixed: PHP 8.1 compatibility fix for html_entity_decode. (@sc0ttkclark)
3.2.0 – March 25th, 2024
- Feature: New support for Custom Field revisions in Pods that are Post Types that use Meta storage. You can optionally enable the feature per-pod or per-field. #7265 (@sc0ttkclark)
- Feature: New support for WordPress
register_meta()
for all Pods fields on meta-based Pods. You can enable this feature in Pods Admin > Settings > “Register meta fields”. (@sc0ttkclark) - Feature: New support for specifying where your Custom Fields show in REST API responses for Pods that support that. You can choose from Object (response.field_name) or Meta (response.meta.field_name). (@sc0ttkclark)
- Feature: New support for Custom Fields in the new WordPress 6.5 Block Bindings API for the
core/post-meta
source. To use your custom fields there, you will need to enable “Register meta fields” in your Pods Admin > Settings and set your Pod to show it’s REST API fields in the “Meta” location instead of Object. (@sc0ttkclark) - Feature: New custom binding source support for the WordPress 6.5 Block Bindings API. Specify your source as
pods/bindings-field
and then just pass the same arguments you would pass for a normal[pods]
shortcode or block. This will bind that dynamic output to the block you are working with. (@sc0ttkclark) - Feature: Now you can specify whether to default values for a Pods field when the field is empty. This works great for when you add a new field to a Pod and you want to edit an existing item that did not have a field value set. The default value will be used in that circumstance. (@sc0ttkclark)
- Feature: Support for multiple default values when working with a multi-select field. Now you can just separate your values with a comma and they will be set as the default values. (@sc0ttkclark)
- Feature: Now you can specify whether to evaluate magic tags for default values like
{@user.ID}
. (@sc0ttkclark) - Tweak: New option for Pods shortcodes when used in plugins like Elementor to bypass detecting the loop and to just use whatever ID/post type is available. Use the
bypass_detect_loop="1"
attribute. #7269 (@sc0ttkclark) - Tweak: Added first used and last installed Pods versions to the Site Health information to be more helpful with debugging. (@sc0ttkclark)
- Tweak: Improved the field label/description for Additional User Capabilities field in the CPT settings. (@sc0ttkclark)
- Fixed: Resolved an annoying issue when adding a new group or field where it would reset the Pod label to the name (slug) of the pod. (@sc0ttkclark)
- Fixed: Updated logic for default value handling when using magic tags for internal field configs to ensure the magic tags get evaluated. (@sc0ttkclark)
- Fixed: Resolve issue with
pods_register_block_type()
not clearing the known blocks cache when registering them. #7167 (@sc0ttkclark) - Fixed: PHP fatal errors resolved with
array_combine()
usage from changes in WP 6.5. #7266 (@sc0ttkclark) - Fixed: Custom capability fallbacks when the option is empty now properly fallback to the default capability using that post type name. #7250 (@JoryHogeveen)
- Fixed: PHP deprecated notice with
trim()
. (@sc0ttkclark) - Fixed: Resolved plupload browse button references to prevent JS console errors. (@sc0ttkclark)
- Fixed: Resolved issue with
window.wpEditorL10n
calls to more safely check for it to prevent JS console errors. (@sc0ttkclark) - Fixed: Updated the implementation of the compatibility hooks for
set_transient
andsetted_transient
hooks have the proper args expected sent. (@sc0ttkclark) - Fixed: Empty REST API fields no longer show when the pod doesn’t support REST API. (@sc0ttkclark)
- Fixed: Restrict/unrestrict dynamic features logic now properly updates all of the associated Pod settings it needs to in the Access Rights Review screen. (@sc0ttkclark)
- Fixed: Empty arrays now return correctly in Pod / Group / Field settings instead of using their defaults when empty. (@sc0ttkclark)
- Fixed: Resolve potential issues with REST API in certain circumstances which would throw exceptions with the Pods REST API Messages object. (@sc0ttkclark)
- Fixed: Resolve issues when duplicating pods where the new pod name is over the limit and prevents creating the new pod correctly. (@sc0ttkclark)
- Fixed: Access Rights Review notice now only shows on existing installs updating from pre-3.1 instead of showing on new 3.1+ installs too. (@sc0ttkclark)
- Fixed: Accessibility issues with tabbing resolved for Pods Admin > Edit Pods table and Pods Admin > Edit Pod fields list table when working with row actions. #7196 #7198 (@heybran, @sc0ttkclark)
3.1.4 – February 28th, 2024
- Fixed: Defaults now show correctly for checkbox groups in the Edit Field modals. (@sc0ttkclark)
- Fixed: Resolve potential PHP errors with cached configs in Collections classes that has been there since Pods 2.x. (@sc0ttkclark)
- Fixed: Revisited due to our automated NPM build issue – Resolved an issue with CodeMirror 6.x fields in forms (this is separate from the version 5.x that the Pods Template editor uses). (@sc0ttkclark)
3.1.3 – February 27th, 2024
- Fixed: Resolved an issue with CodeMirror 6.x fields in forms (this is separate from the version 5.x that the Pods Template editor uses). (@sc0ttkclark)
3.1.2 – February 27th, 2024
- Added: Now you can set Content Visibility when creating a new pod. (@sc0ttkclark)
- Added: More help text to better explain things on the Access Rights Review screen for extended content types. (@sc0ttkclark)
- Added: New option to specify whether to Sanitize Output for a field in the Additional Field Options of Heading, Paragraph, WYSIWYG, Code, and Text fields. (@sc0ttkclark)
- Added: Pod Reference metabox on the Pods Templates editor screen now has more help text and will now allow clicking to copy any magic tag to clipboard. (@sc0ttkclark)
- Added: Better explain Public vs Publicly Queryable for Post Types and Taxonomies along with showing the current Content Visibility below. (@sc0ttkclark)
- Changed: Updated CodeMirror to 5.65.16 so we can start moving towards CodeMirror 6 for the Pods Template editor. (@sc0ttkclark)
- Fixed: Resolved issues with Access Rights Review screen when making content type public or private causing it not to be fully set (only public was set on, it left out publicly_queryable). (@sc0ttkclark)
3.1.1 – February 22nd, 2024
This is just a release to retrigger the zip generation on WordPress.org that missed a fix put into the initial 3.1 release tag in SVN.
Pods 3.1 is a security focused release, see below for the changelog information.
3.1 – February 21st, 2024
Security Release
While this release is meant to be as backwards compatible as possible, some aspects of security hardening may require manual intervention by site owners and their developers. There were no known reports and no known attempts to take advantage of the issues resolved by this release except where noted.
Read more about How access rights work with Pods for more details including new filters/snippets that can provide limited access.
- Security hardening: Introduced new access checks and additional fine-grained control over dynamic features across any place in Pods that allows embedding content or forms. This only applies to usage through Pods Blocks or Shortcodes. Using PHP will continue to expect you are handling this on your own unless you pass the appropriate arguments to the corresponding Pods methods. (@sc0ttkclark)
- Security hardening: Prevent using the Pods Views Block / Shortcode to embed any files outside of the current theme. Props to the Nex Team / Wordfence for responsibly reporting this. (@sc0ttkclark)
- Security hardening: Prevent output of
user_pass
,user_activation_key
, andpost_password
through Pods dynamic features / PHP. These values will be set in Pods references to****************
if they were not-empty so you can still do conditional checks as normal. While Scott was already aware of this in pre-planned security release work, additional props go to the Nex Team / Wordfence for responsibly reporting this too. (@sc0ttkclark) - Security hardening: Prevent more unsavory PHP display callbacks from being used with magic tags in addition to those already prevented. Props to the Nex Team / Wordfence for responsibly reporting this. (@sc0ttkclark)
- Feature: Access rights > Access-related Admin notices and Errors can be hidden by admins in a new setting in Pods Admin > Settings > Security. (@sc0ttkclark)
- Feature: Dynamic Features > Dynamic features (Pods Blocks and Shortcodes) can be disabled by admins in a new setting in Pods Admin > Settings > Security. (@sc0ttkclark)
- Changed: Dynamic Features > New installs will now default to not allowing all SQL arguments to be used by dynamic features. Existing installs will default to only allowing simple SQL arguments. All SQL fragments are checked for disallowed usage like subqueries. This can be set in a new setting in Pods Admin > Settings > Security. (@sc0ttkclark)
- Feature: Pods Display > The Display-related Pods Blocks and Shortcodes have additional checks that limit access to content based on the user viewing it. For Post Types that are non-public, they must have access to the
read
capability from that post type as a normal user. For displaying content from Users, they must have access tolist_users
capability to view that. Read more about how access rights work with Pods (@sc0ttkclark) - Feature: Pods Forms > The Pods Form Block and Form Shortcode have additional checks that limit access to creating/editing content based on the user submitting the form. For Post Types that are non-public, they must have access to the ‘create’ capability from that post type as a normal user. Forms that submit to the Users pod, now require that the submitter must have access to the
create_users
oredit_users
capability to create or edit that user. Read more about how access rights work with Pods (@sc0ttkclark) - Feature: Pods Forms > The Pods Form Block and Form Shortcode now have a new option to identify the form with a custom key you choose that will get passed to various access-related filters so that developers can override access rights more easily. (@sc0ttkclark)
- Feature: Pods Forms > When a user has access to create or edit content through a Pods form for a post type, the
post_content
field is cleaned based on the level of access they have to prevent inserting unintentional shortcodes or blocks. (@sc0ttkclark) - Feature: Markdown functionality has now been replaced by the Parsedown library for better security and performance and it’s uniquely prefixed so it prevents future conflicts with plugins using the same library. (@sc0ttkclark)
- Changed: Pods Views > One of the breaking changes in this work is that the Pods Views Block / Shortcode dynamic feature is now disabled by default and must be enabled for new and existing installs. This can be done in a new setting in Pods Admin > Settings > Security. (@sc0ttkclark)
- Changed: Display PHP callbacks > New installs will now default to only allowing specific callbacks to be used. This defaults the specific callbacks allowed to
esc_attr,esc_html
which can be further customized in Pods Admin > Settings > Security. (@sc0ttkclark)
3.0.10 – December 11th, 2023
- Fixed: The safe rendering handler for Pods Blocks now properly passes along context to all Pods Blocks so that they work within Query Loops again and other places they could take on context. (@sc0ttkclark)
- Fixed: Resolved PHP 8.3 deprecation notice with
get_class()
usage. #7225 (@netlas, @sc0ttkclark) - Fixed: File fields using the direct plupload option will properly avoid uploading files above the limit and handle uploading multiple files without losing all but the first file in the file list. #7138 (@sc0ttkclark, @PD-CM)
Our GitHub has the full list of all prior releases of Pods: https://github.com/pods-framework/pods/releases