chore: sync Settings API v2.9.0 — add helper methods, fix sensitive field sanitization, update Tom Select

Author: ajaydsouza

includes/admin/settings/class-settings-api.php

@@ -18,7 +18,7 @@
 /**
  * Settings API wrapper class
  *
- * @version 2.8.2
+ * @version 2.9.0
  */
 class Settings_API {
 
@@ -27,7 +27,7 @@ class Settings_API {
 	 *
 	 * @var   string
 	 */
-	public const VERSION = '2.8.2';
+	public const VERSION = '2.9.0';
 
 	/**
 	 * Settings Key.

includes/admin/settings/class-settings-form.php

@@ -197,45 +197,47 @@ protected function get_allowed_html(): array {
 
 		$form_tags = array(
 			'input'    => array(
-				'type'             => true,
-				'name'             => true,
-				'id'               => true,
-				'value'            => true,
-				'class'            => true,
-				'style'            => true,
-				'checked'          => true,
-				'disabled'         => true,
-				'readonly'         => true,
-				'required'         => true,
-				'placeholder'      => true,
-				'size'             => true,
-				'min'              => true,
-				'max'              => true,
-				'step'             => true,
-				'multiple'         => true,
-				'autocomplete'     => true,
+				'type'                 => true,
+				'name'                 => true,
+				'id'                   => true,
+				'value'                => true,
+				'class'                => true,
+				'style'                => true,
+				'checked'              => true,
+				'disabled'             => true,
+				'readonly'             => true,
+				'required'             => true,
+				'placeholder'          => true,
+				'size'                 => true,
+				'min'                  => true,
+				'max'                  => true,
+				'step'                 => true,
+				'multiple'             => true,
+				'autocomplete'         => true,
 				// Tom Select data attributes (built-in Settings API feature).
-				'data-wp-prefix'   => true,
-				'data-wp-action'   => true,
-				'data-wp-nonce'    => true,
-				'data-wp-endpoint' => true,
-				'data-ts-config'   => true,
+				'data-wp-prefix'       => true,
+				'data-wp-action'       => true,
+				'data-wp-nonce'        => true,
+				'data-wp-endpoint'     => true,
+				'data-ts-config'       => true,
+				'data-wp-extra-fields' => true,
 			),
 			'select'   => array(
-				'id'               => true,
-				'name'             => true,
-				'class'            => true,
-				'style'            => true,
-				'disabled'         => true,
-				'multiple'         => true,
-				'size'             => true,
-				'autocomplete'     => true,
+				'id'                   => true,
+				'name'                 => true,
+				'class'                => true,
+				'style'                => true,
+				'disabled'             => true,
+				'multiple'             => true,
+				'size'                 => true,
+				'autocomplete'         => true,
 				// Tom Select data attributes (built-in Settings API feature).
-				'data-wp-prefix'   => true,
-				'data-wp-action'   => true,
-				'data-wp-nonce'    => true,
-				'data-wp-endpoint' => true,
-				'data-ts-config'   => true,
+				'data-wp-prefix'       => true,
+				'data-wp-action'       => true,
+				'data-wp-nonce'        => true,
+				'data-wp-endpoint'     => true,
+				'data-ts-config'       => true,
+				'data-wp-extra-fields' => true,
 			),
 			'option'   => array(
 				'value'    => true,

includes/admin/settings/class-settings-sanitize.php

@@ -277,8 +277,13 @@ public function sanitize_sensitive_field( $value, $key ) {
 
 		$stored_encrypted_key = $this->get_option( $key );
 
+		// Empty input clears the stored value.
+		if ( '' === (string) $value ) {
+			return '';
+		}
+
 		// If input is masked, return existing encrypted key.
-		if ( empty( $value ) || strpos( $value, '**' ) !== false ) {
+		if ( is_string( $value ) && strpos( $value, '**' ) !== false ) {
 			return $stored_encrypted_key;
 		}
 
@@ -355,12 +360,18 @@ public function sanitize_repeater_field( $value, $field = array() ) {
 				// Get the field type from the subfield configuration.
 				$field_type = isset( $field_config['type'] ) ? $field_config['type'] : 'text';
 
-				// Preserve existing encrypted sensitive values when form submits masked/empty value.
-				if ( 'sensitive' === $field_type && ( empty( $field_value ) || ( is_string( $field_value ) && false !== strpos( $field_value, '**' ) ) ) ) {
-					if ( $existing_row && isset( $existing_row['fields'][ $field_key ] ) ) {
-						$sanitized_row['fields'][ $field_key ] = $existing_row['fields'][ $field_key ];
+				// For sensitive fields, distinguish empty (clear) from masked (preserve).
+				if ( 'sensitive' === $field_type ) {
+					if ( '' === (string) $field_value ) {
+						$sanitized_row['fields'][ $field_key ] = '';
+						continue;
+					}
+					if ( is_string( $field_value ) && false !== strpos( $field_value, '**' ) ) {
+						if ( $existing_row && isset( $existing_row['fields'][ $field_key ] ) ) {
+							$sanitized_row['fields'][ $field_key ] = $existing_row['fields'][ $field_key ];
+						}
+						continue;
 					}
-					continue;
 				}
 
 				// Call the appropriate sanitization method.

includes/admin/settings/js/tom-select-init.js

@@ -176,16 +176,46 @@
                         return;
                     }
 
+                    // Build base payload.
+                    const payload = {
+                        action: action,
+                        nonce: nonce,
+                        q: query,
+                        endpoint: endpoint
+                    };
+
+                    // Optional: harvest sibling fields from the closest repeater
+                    // row and merge them into the payload. Declared on the input
+                    // as data-wp-extra-fields='{"row_pat":"pat","row_id":"row_id"}'
+                    // — meaning send the closest row's `[pat]` input as `row_pat`
+                    // and `[row_id]` as `row_id`.
+                    const extraAttr = element.getAttribute('data-wp-extra-fields');
+                    if (extraAttr) {
+                        try {
+                            const map = JSON.parse(extraAttr);
+                            const row = element.closest('.wz-repeater-item');
+                            if (row && map && typeof map === 'object') {
+                                Object.keys(map).forEach(function (key) {
+                                    const suffix = map[key];
+                                    if (!suffix) {
+                                        return;
+                                    }
+                                    const sibling = row.querySelector('[name$="[' + suffix + ']"]');
+                                    if (sibling && typeof sibling.value === 'string') {
+                                        payload[key] = sibling.value;
+                                    }
+                                });
+                            }
+                        } catch (e) {
+                            console.error('Error parsing data-wp-extra-fields:', extraAttr, e);
+                        }
+                    }
+
                     $.ajax({
                         url: ajaxurl,
                         type: 'POST',
                         dataType: 'json',
-                        data: {
-                            action: action,
-                            nonce: nonce,
-                            q: query,
-                            endpoint: endpoint
-                        },
+                        data: payload,
                         error: function () {
                             callback();
                         },