Blog

Pods 1.12: Security Update, Features, Changes, and Bug Fixes

Release Notes

  • Important: As with all upgrades, we take them seriously. If you experience any major issues when upgrading to this version from a previous version, immediately contact [email protected] and we’ll help get your upgrade issue figured out (critical bugs only please)
  • Security Update: AJAX API calls all utilize _wpnonce hashes, update your customized publicForm / input helper code AJAX (api.php and misc.php expect `wp_create_nonce(‘pods-‘ . $action)` usage)
  • Added: Multi-level references in field names when referenced in Pod :: findRecords $params (`select, where, groupby, having, orderby`) – ex. `’where’ => ‘pick_field.another_pick_field.another_pick.field = “Example”‘` (donation-funded by @chriscarvache)
  • Added: Multi-level references in search filters when referenced in Pod :: findRecords $params (`select, where, groupby, having, orderby`) or Pod :: traverse variable (when not mentioned in params but you want it filterable) (donation-funded by @chriscarvache)
  • Added: Lightweight Relationship (PICK) field support in Pod :: findRecords (2.0 full support in UI) (donation-funded by @chriscarvache)
  • Added: Fully revamped JOINs based on field names when referenced in Pod :: findRecords $params (`select, where, groupby, having, orderby`) (donation-funded by @chriscarvache)
  • Added: RegEx auto-sanitizing of field names when referenced in Pod :: findRecords $params (`select, where, groupby, having, orderby`) (donation-funded by @chriscarvache)
  • Added: PodAPI :: duplicate_pod_item with $params as `’datatype’ => ‘podname’, ‘tbl_row_id’ => $item_id_to_duplicate` (returns new id) (donation-funded by @gr0b1)
  • Added: PodAPI :: export_pod_item with $params as `’datatype’ => ‘podname’, ‘tbl_row_id’ => $item_id_to_export` (returns array of data – pick/file columns are arrays of their data) (donation-funded by @gr0b1)
  • Added: PODS_STRICT_MODE constant to enable many features at once which are common settings for advanced developers including – Pagination defaults to off; Search defaults to off; PodAPI $params are auto-sanitized (stripslashes_deep if you already sanitized or are dealing with sanitized values in your $params)
  • Added: Pod(‘pod_name’, $params) ability to run findRecords straight away with one single line that also sets up the Pod object, $params must be an array
  • Added: Option to use SQL_CALC_FOUND_ROWS or COUNT(*) for getting the total rows available (for use with pagination / Pod :: getTotalRows) setting ‘calc_found_rows’ or ‘count_found_rows’ to true in Pod :: findRecords $params (useful for complex queries on data)
  • Added: Option to disable pagination altogether (separate from setting page to 1, but also forces page to be 1) in findRecords $params `’pagination’ => false`
  • Added: PODS_GLOBAL_POD_PAGINATION constant to globally disable pagination by setting the constant to false (can be renabled as needed in findRecords $params `’pagination’ => true`)
  • Added: PODS_GLOBAL_POD_SEARCH constant to globally disable search by setting the constant to false (can be renabled as needed in findRecords $params `’search’ => true`)
  • Added: PODS_GLOBAL_POD_SEARCH_MODE constant to globally set the search_mode to ‘text’, ‘int’, or ‘text_like’ (default ‘int’ which references field IDs) – can be overrided as needed in findRecords $params `’search_mode’ => ‘text’`)
  • Added: PODS_DISABLE_EVAL constant to globally disable PHP eval() on PHP-enabled areas of Pods (Templates, Helpers, Pod Pages)
  • Added: PODS_WP_VERSION_MINIMUM constant to disable WP minimum version requirement
  • Added: PODS_PHP_VERSION_MINIMUM constant to disable PHP minimum version requirement
  • Added: PODS_MYSQL_VERSION_MINIMUM constant to disable MySQL minimum version requirement
  • Added: Pod :: getRowNumber() to get current row number and Pod :: row_number variable to internally be used to keep track of which row_number you’re on in findRecords loop (incremented in fetchRecord)
  • Added: Pod :: raw_sql contains SQL without @ table references replaced and Pod :: sql now should reflect the same query as hits the DB (@ table references replaced)
  • Added: Pod :: getZebra() which uses a switch (Pod :: zebra) that goes from false to true during fetchRecord loops (initial value is false, first fetch switches it to true and reverses each additional fetch)
  • Added: PodAPI :: save_template / save_page / save_helper now allow ‘name’ / ‘uri’ to be renamed on save (only in API, not UI)
  • Added: PodAPI :: save_pod_item now accepts an array for $params->tbl_row_id which will let you save multiple items at a time using the rest of the $params
  • Added: PodAPI :: delete_pod_item now accepts an array for $params->tbl_row_id which will let you delete multiple items at a time
  • Added: Having trouble updating Pods but you know things should be OK (advanced users)? Try adding ?pods_bypass_update=1 to the page URL you’re on to bypass the update
  • Added: Pagination / Filters to pods_shortcode (ex. `

    Pods Embed Error: Please provide either a template or field name.

    `)
  • Added: pods_page_templates filter to get $page_templates for use in Pod Page editor, which allows support for Pods built into iThemes Builder coming soon (to select layouts)
  • Added: When using pods_query and setting $error to false, will bypass die on MySQL error
  • Added: When using Pods UI as an admin (manage_options capability), add ‘debug=1’ to the URL to see the currently used SQL query for a manage screen
  • Added: pods_manage now returns $object
  • Added: Sort classes now used to show current sort direction
  • Added: PodAPI :: load_column now accepts ‘name’ and ‘datatype’ (id) parameters for lookup instead of only just ‘id’ of field
  • Added: PodAPI :: load_helper now accepts ‘type’ parameter for lookup instead of only just ‘id’ and ‘name’ of helper
  • Added: New function ‘pods_function_or_file’ that checks if a function or file exists based on a number of locations, used for Helpers / Templates / Pod Pages, filter available called ‘pods_function_or_file’ if you want to customize further
  • Changed: Pod Page Precode now runs on ‘after_setup_theme’ action instead of ‘plugins_loaded’
  • Changed: pods_generate_key / pods_validate_key revamped to work off of wpnonce, though $_SESSION is still used for holding the columns from that form usage
  • Changed: pods_sanitize now sanitizes keys (previously only values)
  • Changed: Now using wp_hash instead of md5 to get the hash of a value
  • Changed: PODS_VERSION_FULL removed and PODS_VERSION now set as real point version (ex. `1.12`), updated all checks for version to use PHP version_compare
  • Changed: input_helper in column options returns only value instead of the actual ‘phpcode’ now during publicForm, which then enables file-based / function-based checks during input_field.php loop
  • Changed: pods_unique_slug to work more efficiently
  • Removed: $this->wpdb from Pod class (just a vestige of the past, now using global $wpdb)
  • Removed: PodAPI / UI References to old Pods Menu functionality
  • Fixed: jQuery Sortable include fix
  • Fixed: WP 3.3 errors fixed in regards to new WP Editor API for TinyMCE (via @azzozz)
  • Fixed: Tightened up uninstall.php and when it can be run to avoid accidental uninstalls (Reminder: When you delete Pods (and other plugins) within WP, you’ll delete the files AND your data as we follow the WP Plugin data standard for uninstalling)
  • Fixed: Pods >> Setup UI updated with lots of fixes when editing Pods / Columns, and Helpers (no more refreshes needed where they may have been needed before)
  • Fixed: PodAPI setting of defaults for $params to avoid isset checks
  • Fixed: PodAPI :: save_column now sets pick-related extra data to empty if not a pick column
  • Fixed: Pod :: getRecordById() now gets all of the same data as findRecords pulls in (pod_id, created, modified)
  • Fixed: pods_url_variable references updated to pods_var
  • Fixed: SQL cleaned up (extra line breaks removed so it’s not as ugly) and standardized to escape field names in SQL references

44 thoughts on “Pods 1.12: Security Update, Features, Changes, and Bug Fixes”

  1. Is it possible to install the Beta to try it without clobbering the Pods I’ve already created? If yes, will I be able to update to the final version from the dashboard?

    • Pods 1.12 makes no database changes, so you would be fine. And yes, WP is sophisticated in it’s version handling and knows that 1.12-beta-4 is less than 1.12 final.

  2. OK, I’m running WordPress 3.21, Pods CMS Framework 1.12-beta-6, and had installed 2.0.2 of the Pod Ratings package last week. Unfortunately, the Pod Ratings package doesn’t seem to be working; the stars don’t show up at all. The location of the stars image file has been edited, and require_wp_user is set to true in both helpers (I’ve also tried it with both set to false). The page with the embedded list of Pods is here:
    http://no-consent.org/book-reviews/
    and here’s the detail page for the Pod:
    http://no-consent.org/bookreview/the-federalist-papers/
    This was working BTW to a point with the old version of Pods/Pod Ratings; the stars would display, but the values weren’t being saved.

  3. Bug in PodAPI.php — can’t “Add new pod”

    replace if (in_array($column, array(‘id’, ‘order’)))
    WITH if (in_array($column, array(‘id’, ‘order’, ‘return_pod’)))

    replace $set = implode(“‘, ‘”, $set);
    WITH $set = implode(‘, ‘, $set);

    replace $pod_id = pod_query(“INSERT INTO @wp_pod_types ({$columns}) VALUES (‘{$set}’)”, ‘Cannot add new pod’);
    WITH $pod_id = pod_query(“INSERT INTO @wp_pod_types ({$columns}) VALUES ({$set})”, ‘Cannot add new pod’);

  4. I am working on my first Pods project and I had the following problems with Pods 1.12-rc-5

    1. I could not create a new fresh activation of the Pods CMS using 1.12-rc-5. I got a fatal error. I proceeded to activate Pods in 1.11, then I was able to switch to Pods 1.12-rc-5 and imported previous code that worked fine in 1.11.

    2. The following errors occurred in 1.12 that did not in 1.11:

    a. I got a syntax error in findRecords when the first parameter was ‘name ASC ‘. It worked fine if the first parameter is changed to ‘name ASC’. It did not like the extra space at the end.

    b. I got an unknown column error in findRecords when the first parameter was ‘modified ASC’, where ‘modified’ is the predefined modified date.

    Thanks

    • Good finds, I knew of the #1, it had to do with line endings and is fixed already for RC 6, as for #2 I’ll look into it and fix them. Thanks for reporting!

    • #2b: When referencing modified, you need to prefix it with a p., so you end up with ‘p.modified ASC’

      Also, just MySQL shorthand – you don’t have to include ASC specifically as that’s what sorting MySQL defaults to.

      • If I change in RC 5 the first parameter to ‘p.modified ASC’ or plain ‘modified’ as you suggested and it works fine.

        If I use ‘modified ASC’ the MySQL generated tries to attach a t in front of modified getting the error: … ORDER BY `t`.`modified` ASC; Response: Unknown column ‘t.modified’ in ‘order clause.

        Thanks.

        • Oh now I see, I just now patched it in Pods 1.12 RC 6, but you’ll want to wait about an hour until the ZIP on wp.org refreshes. That should #2a..

          but for #2b, that’s part of the functionality, if you don’t put in p. it will assume it’s a reference to the current column and prefix it with t. to avoid other potential database errors in other cases.

  5. There seem to be a conflict between sort and filters in Pods UI in RC6. If I add ‘filters’=> array(‘state’,’region’), where ‘state’ and ‘region’ are pick columns, to the definition, it works fine.

    But if then I add ‘sort’ => ‘region.name’, it will filter fine the region but the state filtering gets ignored completely.

  6. Sorry if this is not the place to ask this, but I’m a bit messed up with version numbres. I see people talking about 1.9X in the forums, and now I see a release with 1.12 RC7 numbering, but 2.0 is due to october :S. Am I missing something?

    • Ok, I missed the subversion in the version numbers. It was 1.9.X so, 1.12 is a newer one :D. Just sleepy.
      Just another question, I have seen there’s a release date for 2.0 for sept/oct. Is this still valid? Or the release date is not set?. I’m just asking because we’re starting a new project this week and we’re thinking on using pods 2.0 (Posts integration is a must for us) but don’t know if we could wait for the release or use another CMS.

  7. Hi, I’m using Pods 1.12 RC 6 with WP 3.3 beta 2.
    With a paragraph input text field I get “Fatal error: Call to a member function editor() on a non-object in /var/www/vhosts/gicare.com/httpdocs/wp-content/plugins/pods/ui/input_fields.php on line 156”

  8. Hi there,
    Is it hard to split edit and add in roles?
    I think it might be really helpful to assign some users the right to add only and not to edit pods.

  9. Looked through RC7: checked basic functionality, the public form stuff, but didn’t have time to go through the API improvements yet. One thing I noticed when adding or editing pods, if a Paragraph Text (desc) field is left on the HTML tab when clicking “Save Changes”, the field contents are not saved. However, if you switch to the “Visual” tab before hitting the save button, the contents are saved correctly.

  10. Hi guys,
    I’ve updated PODS CMS plugin to 1.12.1. Automatic installation succeeded without errors. I went to PODS Setup to create a new pod and got the following error:
    Cannot add new pod; SQL: INSERT INTO wp_pod_types(`name`,`label`,`is_toplevel`,`detail_page`, `pre_save_helpers`,`pre_drop_helpsers`,`post_save_helpers`,’post_drop_helpers`,`_REPEATED`) VALUES (‘speakers,”,”,”,”,”,”,”,’1’); Response: Unknown column ‘_REPEATED’ in ‘field list’
    Could you please help me fix the problem?
    Thanks.
    Mo

    • Don’t worry about the typos in the SQL command above (helpsers instead of helpers, missing closing quote after speakers, and what else). I had to re-type since the dialog box wasn’t editable. The actual crux of the issue is the _REPEATED column that is missing.

    • Gotcha! That’s being caused by the Dagon Designer Form Mailer plugin. Once that plugin is deactivated, pod creation (and update) works OK.

  11. Hi, i have updated to 1.12.2 / 3.3. The auto_set_current_user input helper stopped working and all my get_field (‘author.display_name’) outputs disappeared. Maybe it helps.

  12. I’m on localhost only, but i also tested this with a clean WP 3.3 Installation. After WP i added Pods 1.12.2, imported the “Auto Set Current User” helper from the pods website, created a test pod with an ‘editor’ column (pick wp_user) and added the input_helper. Than i tried to add an item to my test pod , but even in backend the helper did not work.

Comments are closed.