<?php

$acf_plugin_name      = acf_is_pro() ? 'ACF PRO' : 'ACF';
$acf_plugin_name      = '<strong>' . $acf_plugin_name . ' &mdash;</strong>';
$acf_learn_how_to_fix = '<a href="' . acf_add_url_utm_tags( 'https://www.advancedcustomfields.com/escaping-the-field/', 'docs', '6-2-5-security-changes' ) . '" target="_blank">' . __( 'Learn how to fix this', 'acf' ) . '</a>';
$acf_class            = 'notice-error';
$acf_user_can_acf     = false;

if ( current_user_can( acf_get_setting( 'capability' ) ) ) {
	$acf_user_can_acf = true;
	$acf_show_details = ' <a class="acf-show-more-details" href="#">' . __( 'Show&nbsp;details', 'acf' ) . '</a>';
	$acf_class       .= ' is-dismissible';
} else {
	$acf_show_details = __( 'Please contact your site administrator or developer for more details.', 'acf' );
}

$acf_error_msg = sprintf(
/* translators: %1$s - name of the ACF plugin. %2$s - Link to documentation. %3$s - Link to show more details about the error */
	__( '%1$s ACF now automatically escapes unsafe HTML when rendered by <code>the_field</code> or the ACF shortcode. We\'ve detected the output of some of your fields has been modified by this change, but this may not be a breaking change. %2$s. %3$s.', 'acf' ),
	$acf_plugin_name,
	$acf_learn_how_to_fix,
	$acf_show_details
);

?>
<div class="acf-admin-notice notice acf-escaped-html-notice <?php echo esc_attr( $acf_class ); ?>">
	<p><?php echo acf_esc_html( $acf_error_msg ); ?></p>
	<?php if ( $acf_user_can_acf && ! empty( $acf_escaped ) ) : ?>
	<ul class="acf-error-details" style="display: none; list-style: disc; margin-left: 14px;">
		<?php
		foreach ( $acf_escaped as $acf_field_key => $acf_data ) {
			$acf_error = sprintf(
				/* translators: %1$s - The selector used  %2$s The field name  3%$s The parent function name */
				__( '%1$s (%2$s) - rendered via %3$s', 'acf' ),
				$acf_data['selector'],
				$acf_data['field'],
				$acf_data['function']
			);

			echo '<li>' . esc_html( $acf_error ) . '</li>';
		}
		?>
	</ul>
	<?php endif; ?>
</div>