Merge pull request #466 from codepress/release/7.0.19

Release 7.0.19

Author: DGStefan

assets/css/admin-general.css

@@ -3,7 +3,7 @@
   font-style: normal;
   font-weight: 400;
   font-display: block;
-  src: url('../material/material-symbols-outlined.woff2?v=1769590933') format('woff2');
+  src: url('../material/material-symbols-outlined.woff2?v=1779880414') format('woff2');
 }
 
 .ac-material-symbols {

assets/css/material/material-symbols-outlined.css

@@ -1,5 +1,10 @@
 == Changelog ==
 
+= 7.0.19 =
+Release Date: May 29th, 2026
+
+* [Fixed] Hardened custom field value deserialization to improve validation of serialized data handling.
+
 = 7.0.18 =
 Release Date: May 19th, 2026
 

assets/css/material/material-symbols-outlined.woff2

@@ -24,6 +24,7 @@ class FieldGroupCache implements Registerable
 
     private const TRANSIENT_KEY = '_ac_acf_field_counts';
     private const TRANSIENT_KEY_TABLE_SCREENS = '_ac_acf_group_table_screens';
+    private const TRANSIENT_KEY_META_KEYS_BY_TYPE = '_ac_acf_meta_keys_by_type';
     private const TTL_SECONDS = WEEK_IN_SECONDS;
 
     private QueryFactory $query_factory;
@@ -150,11 +151,80 @@ public function get_count_for_table_screen(TableScreen $table_screen): int
         return $this->get_count_for_query((string)$table_screen->get_id(), $query);
     }
 
+    /**
+     * @return array<string, string[]> field type => list of meta_keys (field names)
+     */
+    public function get_meta_keys_grouped_by_type(): array
+    {
+        $cached = get_transient(self::TRANSIENT_KEY_META_KEYS_BY_TYPE);
+
+        if (is_array($cached)) {
+            return $cached;
+        }
+
+        if ( ! $this->is_acf_available()) {
+            return [];
+        }
+
+        $result = [];
+        $seen_groups = [];
+
+        foreach ($this->table_ids_factory->create() as $table_id) {
+            if ( ! $this->table_screen_factory->can_create($table_id)) {
+                continue;
+            }
+
+            $table_screen = $this->table_screen_factory->create($table_id);
+            $query = $this->query_factory->create($table_screen);
+
+            if ( ! $query) {
+                continue;
+            }
+
+            foreach ($query->get_groups() as $group) {
+                $group_key = (string)($group['key'] ?? '');
+
+                if ('' === $group_key || isset($seen_groups[$group_key])) {
+                    continue;
+                }
+
+                $seen_groups[$group_key] = true;
+
+                $fields = acf_get_fields($group_key);
+
+                if ( ! is_array($fields)) {
+                    continue;
+                }
+
+                foreach ($fields as $field) {
+                    if ( ! is_array($field) || empty($field['name']) || empty($field['type'])) {
+                        continue;
+                    }
+
+                    $type = (string)$field['type'];
+                    $name = (string)$field['name'];
+
+                    if ( ! isset($result[$type])) {
+                        $result[$type] = [];
+                    }
+
+                    if ( ! in_array($name, $result[$type], true)) {
+                        $result[$type][] = $name;
+                    }
+                }
+            }
+        }
+
+        set_transient(self::TRANSIENT_KEY_META_KEYS_BY_TYPE, $result, self::TTL_SECONDS);
+
+        return $result;
+    }
+
     private function is_acf_available(): bool
     {
         return function_exists('acf_get_field_groups')
-            && function_exists('acf_get_fields')
-            && function_exists('acf_get_store');
+               && function_exists('acf_get_fields')
+               && function_exists('acf_get_store');
     }
 
     private function get_count_for_query(string $cache_key, Query $query): int
@@ -185,6 +255,7 @@ public function invalidate(): void
     {
         delete_transient(self::TRANSIENT_KEY);
         delete_transient(self::TRANSIENT_KEY_TABLE_SCREENS);
+        delete_transient(self::TRANSIENT_KEY_META_KEYS_BY_TYPE);
     }
 
     private function count_fields(Query $query): int

assets/css/table.css

@@ -39,7 +39,7 @@ private function get_ids_from_string(string $value): ?array
         }
 
         if (is_serialized($value)) {
-            $ids = @unserialize($value);
+            $ids = @unserialize($value, ['allowed_classes' => false]);
 
             if (is_array($ids)) {
                 return $this->sanitise_ids($ids);

changelog.txt

@@ -40,7 +40,7 @@ protected function get_input(Config $config): Input
         return OptionFactory::create_select(
             self::NAME,
             OptionCollection::from_array([
-                'image'      => __('Image'),
+                'image'      => __('Image', 'codepress-admin-columns'),
                 'filesize'   => __('Filesize', 'codepress-admin-columns'),
                 'dimensions' => __('Dimensions', 'codepress-admin-columns'),
             ]),

classes/Acf/FieldGroupCache.php

@@ -1,7 +1,7 @@
 <?php
 /*
 Plugin Name: Admin Columns
-Version: 7.0.18
+Version: 7.0.19
 Description: Add, reorder, and customize columns in your WordPress admin table for any post type, users, and media - no code required.
 Author: AdminColumns.com
 Author URI: https://www.admincolumns.com
@@ -41,7 +41,7 @@
 }
 
 define('AC_FILE', __FILE__);
-define('AC_VERSION', '7.0.18');
+define('AC_VERSION', '7.0.19');
 
 require_once ABSPATH . 'wp-admin/includes/plugin.php';