Pods – Custom Content Types and Fields

Descripción

Gestiona todas tus necesidades de contenido personalizado en una ubicación con el framework de Pods.

  • Crea tipos de contenido, incluidos tipos de contenido personalizado, taxonomías personalizadas y nuestros tipos de contenido avanzados especiales (las ACT obtienen sus propias tablas personalizadas)
  • Amplia y personaliza los tipos de contenido , incluidas entradas, páginas, categorías, etiquetas, usuarios y medios con un solo clic
  • Crea páginas de ajustes personalizadas fácilmente en segundos
  • Añade campos personalizados a cualquier tipo de contenido
  • Muestra campos condicionalmente según el valor de otros campos con lógica condicional
  • Agrupa tus campos como quieras en tus propias secciones y añade encabezados adicionales para ayudar a organizar
  • Muestra tus campos en cualquier lugar utilizando nuestros bloques, shortcodes, widgets o la opción plantilla de Podssin código junto con nuestra integración automática de temas
  • Crea conexiones entre cualquiera de tus contenidos con los campos relacionados para mantener tu contenido organizado

Deja que Pods te ayude a desarrollar tus habilidades de desarrollo y creación de sitios para que puedas administrar el contenido más allá de las entradas y páginas estándar de WordPress.

¿Quieres echarle un vistazo? Prueba Pods con nuestra nueva demostración en un clic.

Echa un vistazo a nuestra documentación, foros de soporte y nuestro chat de Slack de la comunidad en vivo para obtener ayuda para crear el proyecto de tus sueños con Pods.

Introducción

Tipos de contenido que evolucionan con tus necesidades

Crea cualquier tipo de contenido que desees — pequeño o grande — lo tenemos cubierto. Cada tipo de contenido creado con Pods recibe todo el amor que necesita para crecer grande y fuerte. Tendrás una interfaz fácil de usar que te permitirá gestionar grupos de campos, campos personalizados y el aspecto y funcionamiento de tu tipo de contenido.

Crear nuevos tipos de contenido

Con Pods, puedes crear nuevos tipos de contenido y páginas de ajustes.

Todos los tipo de campo, GRATIS

Si eliges usar Pods para tus campos personalizados, obtendrás todos los tipos de campo que necesites, de forma gratuita. Pods funciona muy bien junto con otras extensiones de campos personalizados como Advanced Custom Fields.

Tenemos una extensa colección de más de 25 tipos de entrada diferentes para elegir en 20+ tipos de campos diferentes para cualquier estructura de contenido. Cada tipo de campo viene con sus propias opciones adicionales para ayudarte a personalizar la entrada y visualización de contenido.

También puedes controlar la visibilidad por perfil/capacidad y otras opciones avanzadas.

  • Campos repetibles: Convierte casi cualquier campo en un campo repetible con múltiples valores
  • Texto: Texto sin formato, sitio web, teléfono, correo electrónico, contraseña
  • Párrafo: Texto de párrafo sin formato, WYSIWYG (editor visual), código (resaltado de sintaxis)
  • Fecha / Hora: Fecha y hora, fecha, hora
  • Número: número simple, moneda (más de 30 monedas internacionales)
  • Relaciones / medios: archivo / imagen / video (biblioteca de medios y opciones básicas de subida disponibles), avatar (para usuarios extendidos), oEmbed, relación (menú desplegable, selección múltiple, autocompletar, casillas de verificación, botones de opción y vista de lista disponibles)
  • Casilla de verificación (Sí / No)
  • Selector de color
  • Campos de estructura: Texto de encabezado, contenido HTML

Relaciones para dominar el mundo con

El poder está en tus manos con nuestro soporte integral para relacionar tu contenido con cualquier cosa.

  • Listas definidas personalizadas de opciones de texto
  • Relacionar con cualquier tipo de contenido o taxonomía las entradas/términos
  • Relacionado con cualquier perfil de usuario
  • Relacionado con perfiles o capacidades de usuario
  • Relacionado con cualquier comentario

Y muchas otras relaciones también están disponibles incluyendo:

  • Tamaños de imagen
  • Menús de navegación
  • Relacionado con el contenido dentro de cualquier tabla de la base de datos
  • Países (predefinidos)
  • Estados de Estados Unidos (predefinidos)
  • Provincias Canadienses (predefinidos)
  • Calendario – Días de la semana (predefinido)
  • Calendario – Meses del Año (predefinido)
  • ¡Y muchos más!

Componentes opcionales para hacer aún más

Puedes habilitar algunos de nuestros componentes incluidos para ampliar aún más tu sitio de WordPress:

  • Modo solo tipo de contenido – En nuestra página de ajustes de Pods, puedes elegir desactivar la creación de campos personalizados para mejorar el rendimiento si solo quieres usar Pods para tipos de contenido o planeas usarlo junto con otras extensiones de campos personalizados
  • Pods Templates – Usa nuestro motor de plantillas para crear plantillas que se pueden entregar a los clientes para una gestión sin preocupaciones
  • Sintaxis Markdown : analiza la sintaxis Markdown para los campos texto de párrafo / WYSIWYG
  • Relaciones avanzadas : añade aún más objetos de relación, incluidas tablas de base de datos, redes multisitios, multisitios, temas, plantillas de página (en el tema), barras laterales, objetos de tipo de publicación y objetos de taxonomía
  • Almacenamiento de tablas : activa el almacenamiento de bases de datos basado en tablas para campos personalizados en tipos de contenido, medios, usuarios y comentarios
  • Perfiles y capacidades – crea o edita perfiles para tu sitio y personaliza a qué tienen acceso
  • Tipos de contenido avanzados: crea tipos de contenido completamente personalizados que tengan su propia tabla en la base de datos, y existirán fuera del contexto normal de WordPress evitando las tablas de metadatos
  • Pods Pages – Crea páginas personalizadas que funcionan fuera de la ruta URL de tu sitio con soporte comodín y elige la plantilla de página en el tema a usar, más útil en combinación con los tipos de contenido avanzados

Plugins que se integran con Pods

Temas que se integran con Pods

  • Genesis (StudioPress) tiene integración directa en el propio Pods

Amplía Pods con extensiones gratuitas

Amplía Pods con extensiones gratuitas de terceros

Extensión Pods Pro by SKCDEV Premium

¿Cómo puedo traducir Pods a mi propio idioma?

Muchas gracias a la magnífica gente que nos han ayudado a traducir el plugin de Pods a muchos otros idiomas.

Únete a nosotros para traducir aún más la interfaz de Pods en el panel oficial de traducciones de WordPress

También estamos disponibles a través de nuestro chat de Slack de la comunidad en vivo para ayudar a nuestros traductores a comenzar y apoyarlos en el proceso.

¿Quiere traducir tus propios Pods y campos? Deberás activar la extensión «Traducir Pods» desde el administrador de Pods > Components.

Colaboradores

Pods realmente no estaría donde están sin todas las contribuciones de nuestros donantes y colaboradores de código/soporte.

Capturas

  • Crea nuevos tipos de contenido o extiende los existentes
  • Añade grupos de campos y administra el tipo de contenido
  • Añade campos de muchos tipos con opciones individuales para cada uno
  • Al crear o extender un tipo de publicación, se añadirán grupos de campos al editor de entradas
  • La creación o ampliación de una taxonomía añadirá grupos de campos al editor de términos
  • Extender usuarios añadirá grupos de campos a los formularios perfil de usuario y editar

Bloques

Este plugin proporciona 6 bloques.

  • Pods Single Item – List Fields Display fields for a single Pod item.
  • Pods Field Value Display a single Pod item's field value (custom fields).
  • Pods View Include a file from a theme, with caching options
  • Pods Single Item Display a single Pod item.
  • Pods Item List List multiple Pod items.
  • Pods Form Display a form for creating and editing Pod items.

Instalación

  1. Desempaqueta todo el contenido de este archivo zip del plugin en la carpeta local wp-content/plugins/
  2. Subir a tu sitio
  3. Ve a wp-admin/plugins.php en tu sitio (tu página de plugins en la administración de WordPress)
  4. Activar este plugin

O simplemente puedes instalarlo con WordPress yendo a Plugins >> Añadir nuevo >> y escribe el nombre de este plugin

FAQ

¿Dónde puedo obtener soporte en tu plugin?

Nuestro soporte principal se gestiona a través de nuestros foros de soporte. Para obtener el soporte más rápido, puedes ponerte en contacto con nosotros en nuestro chat de Slack de la comunidad en vivo en el canal #support. No contamos con personal en nuestro canal de Slack las 24 horas del día, los 7 días de la semana, pero verificamos cualquier pregunta que surja a diario y respondemos a cualquier pregunta sin respuesta.

Tenemos una comunidad de usuarios y desarrolladores de Pods que se reúnen en Slack, así que seguro que obtienes una respuesta rápidamente. Respondemos a las preguntas de nuestro foro una vez a la semana y hacemos un seguimiento durante la semana, ya que estamos priorizando recursos para reestructurar y mejorar nuestra documentación.

¿Dónde puedo informar de errores o solicitar funciones?

Si has encontrado un error o tienes una idea para una nueva característica, te pedimos amablemente que crees un Issue en nuestro repositorio de GitHub en https://github.com/pods-framework/pods/issues/new. Sé muy específico sobre los pasos que realizaste para tener el problema que tienes e incluye capturas de pantalla u otros parámetros de configuración para ayudarnos a recrear o aislar el problema.

¿Funcionará Pods en mi tema?

Lo más probable es que la respuesta sea sí. No necesita ningún CSS especial o atributos de visualización para usar Pods con tu tema, por lo que deberías tener poca o ninguna dificultad para mostrar tu contenido en tu tema. Si encuentras algún problema, contacta con tu desarrollador de temas y pregúntale sobre su soporte para las funciones estándar de temas de WordPress y cómo usar la jerarquía de plantillas de WordPress con su tema.

Reseñas

5 de agosto de 2024
Pods works perfectly with my Elementor theme. It’s one of the best plugins I’ve found so far. Huge thanks to the developers, you simply rock!
9 de julio de 2024
I have been trying to use, understand, and extends Pods for the sake of maintaining legacy code.I am still confused, to me it seems like an overcomplicated custom fields implementation that makes WordPress unnecessarily slow and is hard to customize even when reading the documentation over and over. I guess that a reason for still using Pods in 2024 might be a use case with a very complicated data structure. Otherwise, just define custom fields in PHP, if you’re a coder, or try ACF instead.
10 de mayo de 2024
No se puede añadir campos repetibles en los CCT ,, 🙁 Estaria genial poder limitar los campos repetibles actuales y cualquier otro campo, para que los usuarios no puedan añadir datos infinitos. El no poder limitar la cantidad de campos que se pueden introducir en los campos repetibles, puede convertirse en una brecha en la seguridad importante en todos los proyectos webs y sobre carga de datos y archivos las bases de datos. Tampoco estaria mal el poder dar la opción de limitar la cantidad de CPT o CCT que puede añadir un usuario o rol de usuario especifico,,,, pero esto ya es otra historia. Un saludo desde España y muy buen trabajo con este maravilloso plugin. Me encanta….
26 de marzo de 2024 1 respuesta
Working with PODS for years now.. It is really fantastic to work with. Great Support, great flexibility and integration in Elementor. Works with all the plugins I throw at it. Don’t believe the negative reviews about the integration with Elementor, those users probably never contacted support here. Thanks a lot developers of PODS, you rock!
10 de marzo de 2024 4 respuestas
I want to love Pods but their complete lack of documentation makes it utterly infuriating to work with. The fact that an option in your plugin can’t be found referenced in your documentation is ludicrous. Half the time there is «documentation» it ends up just being a blank page or contains content that lacks any context, like a random data table. For a plugin that has been around for years, this is completely unacceptable.
4 de febrero de 2024
I am currently redoing a website for which pods.io was an absolute gamechanger. Unfortunately I don’t fully understand php and sql which is why I am possibly missing some features but until now, the plugin is configured and works pretty well. It will, in future, save me tons of hours.
Leer todas las 407 reseñas

Colaboradores y desarrolladores

«Pods – Custom Content Types and Fields» está traducido en 129 idiomas. Gracias a los traductores por sus contribuciones.

Traduce «Pods – Custom Content Types and Fields» a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.

Registro de cambios

3.2.7 – August 28th, 2024

  • Feature: New Pods Related Item List block that works like a Pods Item List block but uses the Pods Single Item block context where you specify a relationship field name to reference. (@sc0ttkclark)
  • Feature: You can now link field value output from Pods Field Value block to any website field or just use permalink to link to the current item of the field. Works with single select relationship field as the link reference. (@sc0ttkclark)
  • Feature: Add support for having multiple filters/pagination on the same page when using Pods shortcodes/blocks. (@sc0ttkclark)
  • Feature: When a relationship field is using Taxonomy syncing, you can not choose to hide the Taxonomy UI from the Block Editor and Classic Editor. (@sc0ttkclark)
  • Feature: New support for Query Monitor now shows Pods debug logs in a QM panel. (@sc0ttkclark)
  • Tweak: Toggle add file button on single file field depending on whether a file is provided yet. #7315 (@heybran)
  • Tweak: Added a <p> wrapper for the span-based pagination. (@sc0ttkclark)
  • Removed: PHP support for Pod Templates and Pod Pages has been finally turned off by default (PODS_DISABLE_EVAL constant set to false can be used to re-enable it). It will be completely removed in Pods 3.3 after being deprecated in Pods 2.3. (@sc0ttkclark)
  • Fixed: Improve REST authentication method to support other auth forms when registering fields. #7340 #7341 (@JoryHogeveen, @sc0ttkclark)
  • Fixed: Fix invalid default value for REST API write_all option. #7339 (@JoryHogeveen)
  • Fixed: Resolve issue with Taxonomy syncing for relationship fields. #7336 #7334 (@pdclark, @sc0ttkclark)
  • Fixed: Add fallback for clipboard.writeText. #7314 (@heybran)
  • Fixed: Reset items loop before running the fetch loop in Pods::template() and the Templates component. (@sc0ttkclark)
  • Fixed: Resolve issues with cached queries in PodsData not having the correct corresponding total found for pagination. (@sc0ttkclark)
  • Fixed: More phpstan/phpcs fixes across the codebase. (@sc0ttkclark)

3.2.6 – July 22nd, 2024

  • Fixed: Resolve issue with WordPress 6.5 and earlier compatibility by adding polyfill for react-jsx-runtime dependency that WP 6.6 related tooling now requires. (@sc0ttkclark)
  • Fixed: Resolve register_meta issue where it wasn’t checking if post type supported revisions before setting meta key as revisionable. (@sc0ttkclark)
  • Tweak: Partial work towards a fix for REST API update handling for meta fields which was broken in a previous release. Final fix will be in Pods 3.2.7. (@sc0ttkclark)

3.2.5 – July 19th, 2024

  • Fixed: Resolve issue with WordPress 6.6 compatibility that caused Pods Admin > Edit Pod and Pods forms to stop working properly on some sites. (@sc0ttkclark, @swissspidy)
  • Fixed: Resolve PHP deprecated notices with null being passed into certain htmlspecialchars related functions. (@sc0ttkclark)

3.2.4 – July 15th, 2024

  • Feature: Allow restricting media library for File fields to only showing attachments associated to the current post ID. (@sc0ttkclark)
  • Feature: Allow File field to automatically use the first file saved as the featured image for the post. (@sc0ttkclark)
  • Feature: Add support for Post Types that have associated Taxonomies to have a Relationship field which will automatically sync to the corresponding taxonomy on save. (@sc0ttkclark)
  • Fixed: Register meta handling now properly loads when enabled. (@sc0ttkclark)
  • Fixed: Remove always visible scrollbar from Settings modal panel container since it does not scroll. (@sc0ttkclark)
  • Fixed: REST API Show All Fields setting for a Pod now works as expected again. (@sc0ttkclark)

3.2.3 – July 15th, 2024

The Pods 3.2.3 release turned into Pods 3.2.4 after an failed attempt at hijacking our plugin on WordPress.org was accidentally documented by online security vulnerability databases as successful.

To be safe and sure that those who are using Pods do not mistake Pods 3.2.3 as a vulnerable release, we will instead release the next version as Pods 3.2.4.

3.2.2 – June 18th, 2024

  • Feature: You can now turn on Taxonomy filters for a Custom Taxonomy so that you see a dropdown filter on the list of posts for any associated post types. (@sc0ttkclark)
  • Added: Pods Templates > Support for comments on post types using Pods Templates using [each comments] and [if comments]. (@sc0ttkclark)
  • Added: REST API > Add support for determining whether to require person to be logged in to read values for custom fields (default: login not required). (@sc0ttkclark)
  • Added: Automatically redirect to the proper edit URL when going to the Pods Admin > Edit Pods page for a specific pod but id=XX is the slug. (@sc0ttkclark)
  • Tweak: Accessibility > Make it easier to copy and paste field names for the Edit Pod screen with a new copy icon you can click. #7291 #7237 (@heybran, @sc0ttkclark)
  • Tweak: Responsive UI > Improved appearance for the Edit Pod screen for smaller screens. (@sc0ttkclark)
  • Fixed: Security hardening > Sanitize HTML before passing into Pods field inputs for paragraph/code/wysiwyg field types to cover additional cases where something could make it past the sanitization process on save. (@sc0ttkclark)
  • Fixed: Accessibility > Add label for color fields in the Pods Blocks API so it shows the label and not just the color input itself. #7306 #7305 (@pdclark)
  • Fixed: Group and field names now generate in the UI as expected. (@sc0ttkclark)
  • Fixed: Compatibility > Date, Date/Time, and Time default values now use single quotes to ensure maximum compatibility with various SQL engines. (@sc0ttkclark)
  • Fixed: Compatibility > More PHP compatibility issues with trim() related function usage resolved. (@sc0ttkclark)
  • Fixed: Code quality > Various phpstan/phpcs issues resolved. (@sc0ttkclark)

3.2.1.1 – May 8th, 2024

Security Release

  • Security hardening: Enforce safe URLs for Pods form submission confirmation page URLs. Props to the wesley (wcraft) / Wordfence for responsibly reporting this. (@sc0ttkclark)

3.2.1 – March 29th, 2024

  • Performance: The Advanced Filters popup now uses Autocomplete for relationship fields to improve performance for large itemsets. FYI filters are a feature in the Manage Content UI for Advanced Content Types only. (@sc0ttkclark)
  • Fixed: Conditional logic for display callbacks ‘allowed’ field now showing when choosing the Customized option. (@sc0ttkclark)
  • Fixed: PHP 8.1 compatibility fix for null values passed to esc_* functions in WP. (@sc0ttkclark)
  • Fixed: PHP 8.1 compatibility fix for html_entity_decode. (@sc0ttkclark)

3.2.0 – March 25th, 2024

  • Feature: New support for Custom Field revisions in Pods that are Post Types that use Meta storage. You can optionally enable the feature per-pod or per-field. #7265 (@sc0ttkclark)
  • Feature: New support for WordPress register_meta() for all Pods fields on meta-based Pods. You can enable this feature in Pods Admin > Settings > «Register meta fields». (@sc0ttkclark)
  • Feature: New support for specifying where your Custom Fields show in REST API responses for Pods that support that. You can choose from Object (response.field_name) or Meta (response.meta.field_name). (@sc0ttkclark)
  • Feature: New support for Custom Fields in the new WordPress 6.5 Block Bindings API for the core/post-meta source. To use your custom fields there, you will need to enable «Register meta fields» in your Pods Admin > Settings and set your Pod to show it’s REST API fields in the «Meta» location instead of Object. (@sc0ttkclark)
  • Feature: New custom binding source support for the WordPress 6.5 Block Bindings API. Specify your source as pods/bindings-field and then just pass the same arguments you would pass for a normal [pods] shortcode or block. This will bind that dynamic output to the block you are working with. (@sc0ttkclark)
  • Feature: Now you can specify whether to default values for a Pods field when the field is empty. This works great for when you add a new field to a Pod and you want to edit an existing item that did not have a field value set. The default value will be used in that circumstance. (@sc0ttkclark)
  • Feature: Support for multiple default values when working with a multi-select field. Now you can just separate your values with a comma and they will be set as the default values. (@sc0ttkclark)
  • Feature: Now you can specify whether to evaluate magic tags for default values like {@user.ID}. (@sc0ttkclark)
  • Tweak: New option for Pods shortcodes when used in plugins like Elementor to bypass detecting the loop and to just use whatever ID/post type is available. Use the bypass_detect_loop="1" attribute. #7269 (@sc0ttkclark)
  • Tweak: Added first used and last installed Pods versions to the Site Health information to be more helpful with debugging. (@sc0ttkclark)
  • Tweak: Improved the field label/description for Additional User Capabilities field in the CPT settings. (@sc0ttkclark)
  • Fixed: Resolved an annoying issue when adding a new group or field where it would reset the Pod label to the name (slug) of the pod. (@sc0ttkclark)
  • Fixed: Updated logic for default value handling when using magic tags for internal field configs to ensure the magic tags get evaluated. (@sc0ttkclark)
  • Fixed: Resolve issue with pods_register_block_type() not clearing the known blocks cache when registering them. #7167 (@sc0ttkclark)
  • Fixed: PHP fatal errors resolved with array_combine() usage from changes in WP 6.5. #7266 (@sc0ttkclark)
  • Fixed: Custom capability fallbacks when the option is empty now properly fallback to the default capability using that post type name. #7250 (@JoryHogeveen)
  • Fixed: PHP deprecated notice with trim(). (@sc0ttkclark)
  • Fixed: Resolved plupload browse button references to prevent JS console errors. (@sc0ttkclark)
  • Fixed: Resolved issue with window.wpEditorL10n calls to more safely check for it to prevent JS console errors. (@sc0ttkclark)
  • Fixed: Updated the implementation of the compatibility hooks for set_transient and setted_transient hooks have the proper args expected sent. (@sc0ttkclark)
  • Fixed: Empty REST API fields no longer show when the pod doesn’t support REST API. (@sc0ttkclark)
  • Fixed: Restrict/unrestrict dynamic features logic now properly updates all of the associated Pod settings it needs to in the Access Rights Review screen. (@sc0ttkclark)
  • Fixed: Empty arrays now return correctly in Pod / Group / Field settings instead of using their defaults when empty. (@sc0ttkclark)
  • Fixed: Resolve potential issues with REST API in certain circumstances which would throw exceptions with the Pods REST API Messages object. (@sc0ttkclark)
  • Fixed: Resolve issues when duplicating pods where the new pod name is over the limit and prevents creating the new pod correctly. (@sc0ttkclark)
  • Fixed: Access Rights Review notice now only shows on existing installs updating from pre-3.1 instead of showing on new 3.1+ installs too. (@sc0ttkclark)
  • Fixed: Accessibility issues with tabbing resolved for Pods Admin > Edit Pods table and Pods Admin > Edit Pod fields list table when working with row actions. #7196 #7198 (@heybran, @sc0ttkclark)

3.1.4 – February 28th, 2024

  • Fixed: Defaults now show correctly for checkbox groups in the Edit Field modals. (@sc0ttkclark)
  • Fixed: Resolve potential PHP errors with cached configs in Collections classes that has been there since Pods 2.x. (@sc0ttkclark)
  • Fixed: Revisited due to our automated NPM build issue – Resolved an issue with CodeMirror 6.x fields in forms (this is separate from the version 5.x that the Pods Template editor uses). (@sc0ttkclark)

3.1.3 – February 27th, 2024

  • Fixed: Resolved an issue with CodeMirror 6.x fields in forms (this is separate from the version 5.x that the Pods Template editor uses). (@sc0ttkclark)

3.1.2 – February 27th, 2024

  • Added: Now you can set Content Visibility when creating a new pod. (@sc0ttkclark)
  • Added: More help text to better explain things on the Access Rights Review screen for extended content types. (@sc0ttkclark)
  • Added: New option to specify whether to Sanitize Output for a field in the Additional Field Options of Heading, Paragraph, WYSIWYG, Code, and Text fields. (@sc0ttkclark)
  • Added: Pod Reference metabox on the Pods Templates editor screen now has more help text and will now allow clicking to copy any magic tag to clipboard. (@sc0ttkclark)
  • Added: Better explain Public vs Publicly Queryable for Post Types and Taxonomies along with showing the current Content Visibility below. (@sc0ttkclark)
  • Changed: Updated CodeMirror to 5.65.16 so we can start moving towards CodeMirror 6 for the Pods Template editor. (@sc0ttkclark)
  • Fixed: Resolved issues with Access Rights Review screen when making content type public or private causing it not to be fully set (only public was set on, it left out publicly_queryable). (@sc0ttkclark)

3.1.1 – February 22nd, 2024

This is just a release to retrigger the zip generation on WordPress.org that missed a fix put into the initial 3.1 release tag in SVN.

Pods 3.1 is a security focused release, see below for the changelog information.

3.1 – February 21st, 2024

Security Release

While this release is meant to be as backwards compatible as possible, some aspects of security hardening may require manual intervention by site owners and their developers. There were no known reports and no known attempts to take advantage of the issues resolved by this release except where noted.

Read more about How access rights work with Pods for more details including new filters/snippets that can provide limited access.

  • Security hardening: Introduced new access checks and additional fine-grained control over dynamic features across any place in Pods that allows embedding content or forms. This only applies to usage through Pods Blocks or Shortcodes. Using PHP will continue to expect you are handling this on your own unless you pass the appropriate arguments to the corresponding Pods methods. (@sc0ttkclark)
  • Security hardening: Prevent using the Pods Views Block / Shortcode to embed any files outside of the current theme. Props to the Nex Team / Wordfence for responsibly reporting this. (@sc0ttkclark)
  • Security hardening: Prevent output of user_pass, user_activation_key, and post_password through Pods dynamic features / PHP. These values will be set in Pods references to **************** if they were not-empty so you can still do conditional checks as normal. While Scott was already aware of this in pre-planned security release work, additional props go to the Nex Team / Wordfence for responsibly reporting this too. (@sc0ttkclark)
  • Security hardening: Prevent more unsavory PHP display callbacks from being used with magic tags in addition to those already prevented. Props to the Nex Team / Wordfence for responsibly reporting this. (@sc0ttkclark)
  • Feature: Access rights > Access-related Admin notices and Errors can be hidden by admins in a new setting in Pods Admin > Settings > Security. (@sc0ttkclark)
  • Feature: Dynamic Features > Dynamic features (Pods Blocks and Shortcodes) can be disabled by admins in a new setting in Pods Admin > Settings > Security. (@sc0ttkclark)
  • Changed: Dynamic Features > New installs will now default to not allowing all SQL arguments to be used by dynamic features. Existing installs will default to only allowing simple SQL arguments. All SQL fragments are checked for disallowed usage like subqueries. This can be set in a new setting in Pods Admin > Settings > Security. (@sc0ttkclark)
  • Feature: Pods Display > The Display-related Pods Blocks and Shortcodes have additional checks that limit access to content based on the user viewing it. For Post Types that are non-public, they must have access to the read capability from that post type as a normal user. For displaying content from Users, they must have access to list_users capability to view that. Read more about how access rights work with Pods (@sc0ttkclark)
  • Feature: Pods Forms > The Pods Form Block and Form Shortcode have additional checks that limit access to creating/editing content based on the user submitting the form. For Post Types that are non-public, they must have access to the ‘create’ capability from that post type as a normal user. Forms that submit to the Users pod, now require that the submitter must have access to the create_users or edit_users capability to create or edit that user. Read more about how access rights work with Pods (@sc0ttkclark)
  • Feature: Pods Forms > The Pods Form Block and Form Shortcode now have a new option to identify the form with a custom key you choose that will get passed to various access-related filters so that developers can override access rights more easily. (@sc0ttkclark)
  • Feature: Pods Forms > When a user has access to create or edit content through a Pods form for a post type, the post_content field is cleaned based on the level of access they have to prevent inserting unintentional shortcodes or blocks. (@sc0ttkclark)
  • Feature: Markdown functionality has now been replaced by the Parsedown library for better security and performance and it’s uniquely prefixed so it prevents future conflicts with plugins using the same library. (@sc0ttkclark)
  • Changed: Pods Views > One of the breaking changes in this work is that the Pods Views Block / Shortcode dynamic feature is now disabled by default and must be enabled for new and existing installs. This can be done in a new setting in Pods Admin > Settings > Security. (@sc0ttkclark)
  • Changed: Display PHP callbacks > New installs will now default to only allowing specific callbacks to be used. This defaults the specific callbacks allowed to esc_attr,esc_html which can be further customized in Pods Admin > Settings > Security. (@sc0ttkclark)

3.0.10 – December 11th, 2023

  • Fixed: The safe rendering handler for Pods Blocks now properly passes along context to all Pods Blocks so that they work within Query Loops again and other places they could take on context. (@sc0ttkclark)
  • Fixed: Resolved PHP 8.3 deprecation notice with get_class() usage. #7225 (@netlas, @sc0ttkclark)
  • Fixed: File fields using the direct plupload option will properly avoid uploading files above the limit and handle uploading multiple files without losing all but the first file in the file list. #7138 (@sc0ttkclark, @PD-CM)

Our GitHub has the full list of all prior releases of Pods: https://github.com/pods-framework/pods/releases