{"id":42161,"date":"2016-02-28T06:33:38","date_gmt":"2016-02-28T06:33:38","guid":{"rendered":"https:\/\/wordpress.org\/plugins-wp\/content-visibility-for-divi-builder\/"},"modified":"2026-05-22T20:03:27","modified_gmt":"2026-05-22T20:03:27","slug":"content-visibility-for-divi-builder","status":"publish","type":"plugin","link":"https:\/\/tah.wordpress.org\/plugins\/content-visibility-for-divi-builder\/","author":14534242,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"5.01","stable_tag":"5.01","tested":"7.0","requires":"5.5","requires_php":"7.0","requires_plugins":null,"header_name":"Content Visibility for Divi Builder","header_author":"AoD Technologies LLC","header_description":"","assets_banners_color":"000000","last_updated":"2026-05-22 20:03:27","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/www.aod-tech.com\/donate\/","header_plugin_uri":"https:\/\/aod-tech.com\/","header_author_uri":"https:\/\/aod-tech.com\/","rating":4.8,"author_block_rating":0,"active_installs":2000,"downloads":71404,"num_ratings":100,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.1":{"tag":"1.0.1","author":"jhorowitz","date":"2016-02-28 06:36:23"},"1.0.2":{"tag":"1.0.2","author":"jhorowitz","date":"2016-02-28 07:07:43"},"1.0.3":{"tag":"1.0.3","author":"jhorowitz","date":"2016-03-15 18:55:26"},"1.0.4":{"tag":"1.0.4","author":"jhorowitz","date":"2016-03-15 22:53:45"},"2.0.0":{"tag":"2.0.0","author":"jhorowitz","date":"2016-04-21 19:08:05"},"2.01":{"tag":"2.01","author":"jhorowitz","date":"2016-05-02 21:07:43"},"2.02":{"tag":"2.02","author":"jhorowitz","date":"2016-09-23 08:44:53"},"3.00":{"tag":"3.00","author":"jhorowitz","date":"2017-05-21 22:03:11"},"3.01":{"tag":"3.01","author":"jhorowitz","date":"2017-05-21 23:38:49"},"3.02":{"tag":"3.02","author":"jhorowitz","date":"2017-05-24 20:55:36"},"3.03":{"tag":"3.03","author":"jhorowitz","date":"2017-06-12 17:41:15"},"3.04":{"tag":"3.04","author":"jhorowitz","date":"2017-06-17 21:49:08"},"3.05":{"tag":"3.05","author":"jhorowitz","date":"2017-10-22 01:38:13"},"3.06":{"tag":"3.06","author":"jhorowitz","date":"2017-10-22 03:52:34"},"3.07":{"tag":"3.07","author":"jhorowitz","date":"2018-03-16 08:51:26"},"3.08":{"tag":"3.08","author":"jhorowitz","date":"2018-12-19 08:09:52"},"3.09":{"tag":"3.09","author":"jhorowitz","date":"2019-10-01 03:11:12"},"3.10":{"tag":"3.10","author":"jhorowitz","date":"2019-12-14 00:10:16"},"3.11":{"tag":"3.11","author":"jhorowitz","date":"2019-12-15 04:34:49"},"3.12":{"tag":"3.12","author":"jhorowitz","date":"2019-12-18 00:13:04"},"3.13":{"tag":"3.13","author":"jhorowitz","date":"2020-02-13 23:49:57"},"3.14":{"tag":"3.14","author":"jhorowitz","date":"2020-02-14 00:06:05"},"3.15":{"tag":"3.15","author":"jhorowitz","date":"2021-01-25 22:33:59"},"3.16":{"tag":"3.16","author":"jhorowitz","date":"2021-06-03 21:44:16"},"3.17":{"tag":"3.17","author":"jhorowitz","date":"2021-08-23 09:11:49"},"3.18":{"tag":"3.18","author":"jhorowitz","date":"2021-08-26 19:27:10"},"3.19":{"tag":"3.19","author":"jhorowitz","date":"2021-10-30 21:35:50"},"3.20":{"tag":"3.20","author":"jhorowitz","date":"2021-11-06 01:18:11"},"3.21":{"tag":"3.21","author":"jhorowitz","date":"2021-11-15 21:49:26"},"3.22":{"tag":"3.22","author":"jhorowitz","date":"2023-03-08 22:39:37"},"3.23":{"tag":"3.23","author":"jhorowitz","date":"2025-08-23 21:41:13"},"4.00":{"tag":"4.00","author":"jhorowitz","date":"2025-08-28 02:03:35"},"4.01":{"tag":"4.01","author":"jhorowitz","date":"2025-08-28 19:56:27"},"4.02":{"tag":"4.02","author":"jhorowitz","date":"2026-05-22 11:03:35"},"5.00":{"tag":"5.00","author":"jhorowitz","date":"2026-05-22 11:05:45"},"5.01":{"tag":"5.01","author":"jhorowitz","date":"2026-05-22 20:03:27"}},"upgrade_notice":{"5.00":"<ul>\n<li>Major security release: strict expression validation. Visibility expressions are now checked against an allowlist of safe callables before evaluation, blocking any unknown functions or static methods (including <code>new<\/code> and instance method chains, which cannot be statically analyzed). Existing installs upgrade with validation <strong>disabled<\/strong> to avoid breaking existing content; a persistent admin notice directs you to the Expression Validation tab under Tools &gt; API Reference, where the content scanner generates a copy-paste <code>add_filter(&amp;#039;content_visibility_for_divi_builder_allowed_callables&amp;#039;, ...)<\/code> snippet pre-populated with every custom callable currently in your content. Paste, re-scan, then enable validation. Validation can be disabled afterwards via a <code>DISABLE<\/code>-confirmation form if needed. Publish blocking is enforced at the editor (Gutenberg \/ Divi 5 VB error; classic editor and Divi 3 &amp; 4 builders abort the save before any database write so an already-published page stays published unchanged). Includes inline live validation in the Divi 5 Visual Builder and a new REST API.<\/li>\n<\/ul>","4.00":"<ul>\n<li>This release adds support for Divi 5 public alpha! Yay! Remember, Elegant Themes has said that the public alpha is not intended for use on production sites. So, if they update something in the Divi 5 public alpha in a breaking way and this plugin (used with Divi 5) also breaks, it shouldn&#039;t be a problem since you aren&#039;t using Divi 5 public alpha in production, right? :)<\/li>\n<li>This release also drops support for Divi 2.x, which you probably aren&#039;t using anyway...<\/li>\n<\/ul>","3.19":"<ul>\n<li>This release fixes a major issue with DiviExtension-loaded modules in Divi 4.10.x, wherein the module is always shown regardless of any visibility expression settings. Please upgrade this plugin before upgrading Divi to 4.10.x!<\/li>\n<\/ul>","3.17":"<ul>\n<li>This release fixes a major issue with lazy-loaded modules in Divi 4.10.x, wherein the module is always shown regardless of any visibility expression settings. Please upgrade this plugin before upgrading Divi to 4.10.x!<\/li>\n<\/ul>","3.00":"<ul>\n<li>This release finally adds support for Visual Builder in Divi 3.x!<\/li>\n<\/ul>","2.02":"<ul>\n<li>The workaround for using &#039;]&#039; characters in Content Visibility expressions is no longer required! A javascript fix for builder.js is applied automatically by the plugin, which will automatically escape &#039;]&#039; characters behind the scenes.<\/li>\n<\/ul>","2.0.0":"<ul>\n<li>Now even more developer friendly. Add your own custom attributes and functionality to any Divi Builder module!<\/li>\n<\/ul>","1.0.4":"<ul>\n<li>Please rate and review this plugin if you find it helpful (or even if you don&#039;t!). Links and a one-time notice have been added to help you do so easily from the admin area.<\/li>\n<\/ul>","1.0.3":"<ul>\n<li>load_plugin_textdomain() might be helpful for that i18n support!<\/li>\n<\/ul>","1.0.2":"<ul>\n<li>Now with i18n support!<\/li>\n<\/ul>","1.0.1":"<ul>\n<li>Prior versions did not handle double quotes in Content Visibility expressions correctly. Upgrade if you&#039;d like your Content Visibility expressions to contain double quotes!<\/li>\n<\/ul>","1.0.0":"<ul>\n<li>Initial Release<\/li>\n<\/ul>"},"ratings":{"1":3,"2":2,"3":0,"4":2,"5":93},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":1359961,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":1359961,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":1359961,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":1359961,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.1","1.0.2","1.0.3","1.0.4","2.0.0","2.01","2.02","3.00","3.01","3.02","3.03","3.04","3.05","3.06","3.07","3.08","3.09","3.10","3.11","3.12","3.13","3.14","3.15","3.16","3.17","3.18","3.19","3.20","3.21","3.22","3.23","4.00","4.01","4.02","5.00","5.01"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3351612,"resolution":"1","location":"assets","locale":"","width":1000,"height":805},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3351612,"resolution":"2","location":"assets","locale":"","width":1001,"height":684},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3351612,"resolution":"3","location":"assets","locale":"","width":1028,"height":684},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3351612,"resolution":"4","location":"assets","locale":"","width":1001,"height":603}},"screenshots":{"1":"<p>The Content Visibility option in the Divi 5.x interface.<\/p>","2":"<p>The Content Visibility option in the Divi 4.x interface.<\/p>","3":"<p>The Content Visibility option in the Divi 3.x Visual Builder interface.<\/p>","4":"<p>The Content Visibility option in the Divi 3.x backend interface.<\/p>"}},"plugin_section":[],"plugin_tags":[4060,10731,1244,3922,6309],"plugin_category":[],"plugin_contributors":[87148],"plugin_business_model":[],"class_list":["post-42161","plugin","type-plugin","status-publish","hentry","plugin_tags-conditional","plugin_tags-divi","plugin_tags-hide","plugin_tags-show","plugin_tags-visibility","plugin_contributors-jhorowitz","plugin_committers-jhorowitz","plugin_support_reps-jwalczak23"],"banners":{"banner":"https:\/\/ps.w.org\/content-visibility-for-divi-builder\/assets\/banner-772x250.png?rev=1359961","banner_2x":"https:\/\/ps.w.org\/content-visibility-for-divi-builder\/assets\/banner-1544x500.png?rev=1359961","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/content-visibility-for-divi-builder\/assets\/icon-128x128.png?rev=1359961","icon_2x":"https:\/\/ps.w.org\/content-visibility-for-divi-builder\/assets\/icon-256x256.png?rev=1359961","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/content-visibility-for-divi-builder\/assets\/screenshot-1.png?rev=3351612","caption":"<p>The Content Visibility option in the Divi 5.x interface.<\/p>"},{"src":"https:\/\/ps.w.org\/content-visibility-for-divi-builder\/assets\/screenshot-2.png?rev=3351612","caption":"<p>The Content Visibility option in the Divi 4.x interface.<\/p>"},{"src":"https:\/\/ps.w.org\/content-visibility-for-divi-builder\/assets\/screenshot-3.png?rev=3351612","caption":"<p>The Content Visibility option in the Divi 3.x Visual Builder interface.<\/p>"},{"src":"https:\/\/ps.w.org\/content-visibility-for-divi-builder\/assets\/screenshot-4.png?rev=3351612","caption":"<p>The Content Visibility option in the Divi 3.x backend interface.<\/p>"}],"raw_content":"<!--section=description-->\n<p>Content Visibility for Divi Builder allows Sections and Modules to be displayed\/hidden based on the outcome of a PHP boolean expression.<\/p>\n\n<p>This plugin is for both the standalone Divi theme (or child themes thereof) and the Divi Builder plugin, version 3 or higher!<\/p>\n\n<h3>Developer Filters<\/h3>\n\n<h4>Expression Validation Filters<\/h4>\n\n<p>The following filters allow developers to customize expression validation behavior. Add these filters in your theme's functions.php or in a custom plugin.<\/p>\n\n<p><strong><code>content_visibility_for_divi_builder_blocked_functions<\/code><\/strong><\/p>\n\n<p>Filter the array of blocked function names. Functions in this list will cause an expression to fail validation. All comparisons are case-insensitive.<\/p>\n\n<p>Example \u2014 allow <code>file_get_contents<\/code> (blocked by default):<\/p>\n\n<pre><code>add_filter( 'content_visibility_for_divi_builder_blocked_functions', function( $functions ) {\n    return array_diff( $functions, array( 'file_get_contents' ) );\n} );\n<\/code><\/pre>\n\n<p>Example \u2014 block an additional function:<\/p>\n\n<pre><code>add_filter( 'content_visibility_for_divi_builder_blocked_functions', function( $functions ) {\n    $functions[] = 'my_dangerous_function';\n    return $functions;\n} );\n<\/code><\/pre>\n\n<p><strong><code>content_visibility_for_divi_builder_allowed_tokens<\/code><\/strong><\/p>\n\n<p>Filter the array of allowed PHP token types (T_* constants). Tokens not in this list will cause an expression to fail validation. This is an advanced filter \u2014 consult the PHP tokenizer documentation before modifying.<\/p>\n\n<p>Example \u2014 allow the T_VARIABLE token type (blocked by default, use with caution):<\/p>\n\n<pre><code>add_filter( 'content_visibility_for_divi_builder_allowed_tokens', function( $tokens ) {\n    $tokens[] = T_VARIABLE;\n    return $tokens;\n} );\n<\/code><\/pre>\n\n<p><strong><code>content_visibility_for_divi_builder_allowed_chars<\/code><\/strong><\/p>\n\n<p>Filter the array of allowed single-character tokens. Characters not in this list (such as <code>=<\/code>, <code>;<\/code>, <code>{<\/code>, <code>}<\/code>, <code>`<\/code>, <code>@<\/code>, <code>&amp;<\/code>, <code>|<\/code>, <code>~<\/code>, <code>^<\/code>) will cause an expression to fail validation.<\/p>\n\n<p>Example \u2014 allow the <code>&amp;<\/code> character for bitwise operations:<\/p>\n\n<pre><code>add_filter( 'content_visibility_for_divi_builder_allowed_chars', function( $chars ) {\n    $chars[] = '&amp;';\n    return $chars;\n} );\n<\/code><\/pre>\n\n<p><strong><code>content_visibility_for_divi_builder_allowed_callables<\/code><\/strong><\/p>\n\n<p>Filter the array of callables (function names and <code>Class::method<\/code> static-method entries) the validator considers known-safe. Anything not on the allowlist (and not on the <code>blocked_functions<\/code> denylist) is treated as an \"Unknown callable\" error. Names are normalized (leading <code>\\<\/code> stripped, <code>namespace\\<\/code> keyword prefix stripped, lowercased) before comparison, so <code>\\My\\Namespace\\Class::method<\/code>, <code>My\\Namespace\\Class::method<\/code>, and <code>namespace\\My\\Namespace\\Class::method<\/code> all match the same allowlist entry. The default list ships with WordPress conditional tags (<code>is_user_logged_in<\/code>, <code>current_user_can<\/code>, <code>is_admin<\/code>, etc.). The Expression Validation tab's content scanner generates a ready-to-paste snippet for this filter pre-populated with every custom callable currently in your content.<\/p>\n\n<p>Example \u2014 allowlist a theme helper and a static service method:<\/p>\n\n<pre><code>add_filter( 'content_visibility_for_divi_builder_allowed_callables', function( $callables ) {\n    $callables[] = 'mytheme_should_be_visible';\n    $callables[] = 'MyTheme\\Visibility\\Service::checkUser';\n    return $callables;\n} );\n<\/code><\/pre>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin files to the <code>\/wp-content\/plugins\/content-visibility-for-divi-builder<\/code> directory, or install the plugin through the WordPress plugins screen directly.<\/li>\n<li>Activate the plugin through the 'Plugins' screen in WordPress<\/li>\n<li>You're Done! You will notice that Section and Module settings dialogs will now have \"Content Visibility\" as a configurable setting.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"will%20this%20work%20for%20any%20module%2C%20even%20custom%20ones%3F\"><h3>Will this work for any module, even custom ones?<\/h3><\/dt>\n<dd><p>Yes!<\/p>\n\n<p>In Divi 4 and below:\nThis plugin detects and modifies Modules and Sections by class inheritance.\nAs long as Elegant Themes continues to have a single root class for everything, this plugin should detect all of them, including third party ones!<\/p>\n\n<p>In Divi 5:\nThis plugin detects and modifies Modules and Sections by instrumenting all Gutenberg block render callbacks.\nAs long as Elegant Themes continues to utilize Gutenberg blocks with render callbacks for everything, this plugin should detect all of them, including third party ones!<\/p><\/dd>\n<dt id=\"what%20if%20i%20deactivate%20this%20plugin%3F%20will%20all%20of%20my%20content%20reappear%20automatically%3F\"><h3>What if I deactivate this plugin? Will all of my content reappear automatically?<\/h3><\/dt>\n<dd><p>Yes. If you decide to deactivate or uninstall this plugin, the \"Content Visibility\" configuration option will disappear from the Divi Builder, and will not have any effect on the frontend output.<\/p>\n\n<p>Of course, the \"Content Visibility\" settings that were defined for a particular Section or Module will continue to persist in the database, until that post\/page is updated. \nThis can be a good thing, however, as you may want to reinstall\/reactivate in the future and not have to re-enter all of your \"Content Visibility\" expressions!<\/p><\/dd>\n<dt id=\"how%20do%20i%20use%20it%21%3F\"><h3>How do I use it!?<\/h3><\/dt>\n<dd><p>Once the plugin is installed and activated, a \"Content Visibility\" option will appear in each Section or Module's settings on either the Advanced tab under Visibility (for Divi 4.x or higher) or the General Settings \/ Content tab (for Divi 3.x or lower.)<\/p>\n\n<p>You may enter any PHP boolean expression you would like, (e.g. is_user_logged_in()), and the Section or Module will only display if the expression evaluates to true.<\/p>\n\n<p>NOTE: Complex expressions are usually best entered as a custom function call defined in a child theme or plugin!\nSo, for example, you could enter my_custom_function() in the Content Visibility option, and then define that function (returning true or false) in your child theme's functions.php.\nIf there are several common boolean expressions you use, this also has the added benefit of allowing you to change the behavior of your content by simply modifying the function body once instead of re-entering Content Visibility options all over the place.<\/p><\/dd>\n<dt id=\"what%20is%20expression%20validation%3F\"><h3>What is Expression Validation?<\/h3><\/dt>\n<dd><p>Starting in version 5.00, the plugin includes expression validation that checks visibility expressions before they are evaluated. This prevents potentially dangerous PHP code (such as system commands, file operations, or network calls) from being executed via visibility expressions.<\/p>\n\n<p>Expression validation works by:<\/p>\n\n<ol>\n<li>Tokenizing the expression using PHP's built-in tokenizer.<\/li>\n<li>Checking each token against an allowlist of safe token types (function calls, literals, operators, etc.).<\/li>\n<li>Checking function names against a denylist of dangerous functions (e.g. exec, system, file_put_contents, eval, etc.).<\/li>\n<li>Detecting attempts to use strings as callable functions (e.g. 'system'('ls')).<\/li>\n<\/ol>\n\n<p><strong>New installs<\/strong> have validation enabled automatically.<\/p>\n\n<p><strong>Existing installs<\/strong> upgrading to 5.00 will see a non-dismissible admin notice directing them to the Expression Validation tab under Tools &gt; Content Visibility for Divi Builder API Reference. That tab provides a content scanner that checks all existing posts for expressions that would be blocked, plus a copy-paste filter snippet that pre-allowlists every custom callable found in current content. Paste the snippet into a site-specific plugin or your theme's <code>functions.php<\/code>, re-scan to verify zero remaining errors, then click \"Enable Validation\".<\/p>\n\n<p>Validation can be disabled later (a \"Disable Validation\" form appears once it is enabled, requiring you to type <code>DISABLE<\/code> to confirm). Use this if validation causes unexpected behavior on your site while you investigate.<\/p>\n\n<p>When validation is enabled and an expression is blocked, the content will be <strong>shown<\/strong> (not hidden) and an email notification is sent to the site admin with details about the blocked expression. Publishing posts whose content contains expressions that fail validation is blocked at the editor \u2014 Gutenberg \/ the Divi 5 Visual Builder surface a clear error, and the classic editor and the Divi 3 &amp; 4 builders abort the save before any database write so the existing post is left exactly as it was (a published page stays published with its previous content; in-progress edits remain in the editor for you to fix and re-save).<\/p><\/dd>\n<dt id=\"what%20expressions%20are%20allowed%20with%20validation%20enabled%3F\"><h3>What expressions are allowed with validation enabled?<\/h3><\/dt>\n<dd><p>Validation uses a curated allowlist of safe callables (WordPress conditional tags) plus an extension filter for adding your own. Out of the box the following work:<\/p>\n\n<ul>\n<li><code>is_user_logged_in()<\/code><\/li>\n<li><code>current_user_can('editor')<\/code><\/li>\n<li><code>is_admin() &amp;&amp; is_singular()<\/code><\/li>\n<li><code>is_page() || is_archive()<\/code><\/li>\n<li>Comparison and logical operators: <code>==<\/code>, <code>!=<\/code>, <code>===<\/code>, <code>!==<\/code>, <code>&lt;<\/code>, <code>&gt;<\/code>, <code>&amp;&amp;<\/code>, <code>||<\/code>, <code>!<\/code>, <code>?:<\/code>, <code>??<\/code><\/li>\n<li>Numeric \/ string literals, <code>true<\/code> \/ <code>false<\/code> \/ <code>null<\/code><\/li>\n<\/ul>\n\n<p>Custom callables (e.g. <code>my_custom_helper()<\/code> or <code>MyTheme::shouldBeVisible()<\/code>) are NOT allowlisted by default \u2014 admins explicitly add them via the <code>content_visibility_for_divi_builder_allowed_callables<\/code> filter (a ready-to-paste snippet is generated by the content scanner on the Expression Validation tab).<\/p>\n\n<p>The following types of expressions are blocked:<\/p>\n\n<ul>\n<li>Unknown callables: function or static-method calls not on the allowlist \u2014 fix by adding to the allowlist filter or removing from content<\/li>\n<li>Bare identifiers: <code>wtf<\/code> (without parens) \u2014 must be a function call, static method, class constant access, or a <code>true<\/code>\/<code>false<\/code>\/<code>null<\/code> literal<\/li>\n<li>Dangerous functions: <code>system('ls')<\/code>, <code>update_option(...)<\/code>, <code>wp_mail(...)<\/code>, etc. \u2014 built-in denylist (filterable)<\/li>\n<li>Variable access: <code>$_GET['cmd']<\/code> \u2014 <code>$<\/code> and <code>T_VARIABLE<\/code> are not allowed<\/li>\n<li>String-as-callable: <code>'system'('ls')<\/code> \u2014 string literal followed by <code>(<\/code><\/li>\n<li>Object instantiation: <code>new ReflectionFunction(...)<\/code> \u2014 <code>new<\/code> keyword blocked (write a static helper that does the <code>new<\/code> internally instead)<\/li>\n<li>Instance method chains: <code>Foo::bar()-&gt;baz()<\/code> \u2014 cannot be reliably analyzed; rewrite as a static helper<\/li>\n<li>Code execution keywords: <code>eval(...)<\/code>, <code>include(...)<\/code> \u2014 blocked token types<\/li>\n<li>Backtick execution: <code>`ls`<\/code> \u2014 backtick character blocked<\/li>\n<li>Assignment: <code>$x = 1<\/code> \u2014 both <code>$<\/code> and <code>=<\/code> are blocked characters<\/li>\n<\/ul><\/dd>\n<dt id=\"can%20i%20customize%20the%20validation%20rules%3F\"><h3>Can I customize the validation rules?<\/h3><\/dt>\n<dd><p>Yes! Three filters are available for developers to customize validation behavior. See the \"Developer Filters\" section below for details.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>5.01<\/h4>\n\n<ul>\n<li>Fix blank content visibility expressions causing PHP errors in Divi 5. Thanks to @ighulme and @beachmat for the bug reports!<\/li>\n<\/ul>\n\n<h4>5.00<\/h4>\n\n<ul>\n<li>Visibility expressions are now evaluated against an allowlist of known-safe callables (default: WordPress conditional tags). Function calls and static method calls not on the allowlist are rejected with a \"Contact the site administrator\" error. <code>new<\/code>, instance method chains (<code>Foo::bar()-&gt;baz()<\/code>), variable functions, string-as-callable, and bare identifiers are hard errors and cannot be allowlisted \u2014 rewrite as a static helper. New installs have validation enabled by default; existing installs ship with validation off and a persistent admin notice prompting the migration workflow.<\/li>\n<li>The Expression Validation tab now generates a copy-paste <code>add_filter('content_visibility_for_divi_builder_allowed_callables', ...)<\/code> snippet pre-populated with every custom callable found in current content (with first-sighting context: post id, module name, admin label, file:line via Reflection when available). Non-allowlistable patterns (instance methods, etc.) are listed separately as \"must be rewritten.\"<\/li>\n<li>Posts whose content contains expressions failing validation cannot be published while the toggle is on. The REST flow (Gutenberg \/ Divi 5 VB \/ API clients) returns <code>WP_Error<\/code> with a structured error message; the classic editor and the Divi 3 &amp; 4 builders abort the save before any database write so an already-published page stays published with its previous content, and the in-progress edits remain in the editor for you to fix and re-save.<\/li>\n<li>After every save, validation findings are stored as private post meta and surfaced as a yellow (validation off) or red (validation on) admin notice on the post's edit screen.<\/li>\n<li>New REST endpoints under <code>cvdb\/v1\/<\/code>: <code>security\/scan<\/code>, <code>security\/validate-expression<\/code> (server-truth validator for the inline UI), <code>notices\/rating\/dismiss<\/code> (replaces an AJAX action).<\/li>\n<li>Persistent red admin notice on every admin page when PHP <code>eval()<\/code> is unavailable on the host (e.g. Suhosin's <code>executor.disable_eval<\/code>, custom hardening). Detected via runtime smoke probe.<\/li>\n<li>New filter: <code>content_visibility_for_divi_builder_allowed_callables<\/code>. Extension point for admins to allowlist custom callables. Accepts function names and <code>Class::method<\/code> static-method entries; namespace-qualified names are normalized (leading <code>\\<\/code>, <code>namespace\\<\/code> prefix stripped, lowercased).<\/li>\n<li>New \"Expression Validation Filters\" tab** on the API Reference page documenting all four expression-validation filters (<code>blocked_functions<\/code>, <code>allowed_tokens<\/code>, <code>allowed_chars<\/code>, <code>allowed_callables<\/code>) with paste-ready examples.<\/li>\n<\/ul>\n\n<h4>4.02<\/h4>\n\n<ul>\n<li>Add Plugin URI.<\/li>\n<\/ul>\n\n<h4>4.01<\/h4>\n\n<ul>\n<li>Fix undefined variable in cvdb-et-builder-element.class.php. Thanks to @kindred for the quick bug report!<\/li>\n<\/ul>\n\n<h4>4.00<\/h4>\n\n<ul>\n<li>Refactor the code for performance and maintainability.<\/li>\n<li>Add Divi 5 public alpha support!<\/li>\n<li>Drop Divi 2.x support.<\/li>\n<\/ul>\n\n<h4>3.23<\/h4>\n\n<ul>\n<li>Catch errors in visibility expression evaluation; this allows the rest of the page to load while only hiding the module or section that triggered the error.<\/li>\n<li>Email site admin when errors in visibility expression evalution occur with helpful debugging information (i.e. the error that occured, the URL on which it occured, and the full shortcode contents of the relevant module or section as an attachment).<\/li>\n<\/ul>\n\n<h4>3.22<\/h4>\n\n<ul>\n<li>Fix compatibility with Stop Spammers plugin. Thanks to @kindred for providing access to a test environment exhibiting the issue!<\/li>\n<\/ul>\n\n<h4>3.21<\/h4>\n\n<ul>\n<li>Fix compatibility with the Divi Library.<\/li>\n<\/ul>\n\n<h4>3.20<\/h4>\n\n<ul>\n<li>Fix compatibility with the Divi Theme Builder.<\/li>\n<\/ul>\n\n<h4>3.19<\/h4>\n\n<ul>\n<li>Restore support for DiviExtension modules in Divi 4.10.x.<\/li>\n<\/ul>\n\n<h4>3.18<\/h4>\n\n<ul>\n<li>Fix the backend documentation page so that currently-available modules are shown.<\/li>\n<li>Fix the rating link image's styles.<\/li>\n<\/ul>\n\n<h4>3.17<\/h4>\n\n<ul>\n<li>Restore support for lazy-loaded modules in Divi 4.10.x. Special thanks to @chaostica, @jgarces and @sthaney for contributing information which helped lead to the fix!<\/li>\n<\/ul>\n\n<h4>3.16<\/h4>\n\n<ul>\n<li>Fix extraneous inclusion of builder.js, which in turn fixes various backend\/classic editor logic. Thanks to Bernard Lemieux of bernardlemieux.ca!<\/li>\n<\/ul>\n\n<h4>3.15<\/h4>\n\n<ul>\n<li>Fix the behavior of content_visibility_for_divi_builder_shortcode_* filters.<\/li>\n<\/ul>\n\n<h4>3.14<\/h4>\n\n<ul>\n<li>Emergency hotfix for crash introduced in 3.13.<\/li>\n<\/ul>\n\n<h4>3.13<\/h4>\n\n<ul>\n<li>Fix PHP v7.4.x notice spam with recent Divi versions.<\/li>\n<\/ul>\n\n<h4>3.12<\/h4>\n\n<ul>\n<li>Fix interoperability issues with newer WordPress versions.<\/li>\n<li>Fix issues with Divi Builder 4.x releases.<\/li>\n<\/ul>\n\n<h4>3.11<\/h4>\n\n<ul>\n<li>Remove hold harmless agreement.<\/li>\n<\/ul>\n\n<h4>3.10<\/h4>\n\n<ul>\n<li>Remove usage tracking entirely.<\/li>\n<li>Fix request parameter sanitization.<\/li>\n<\/ul>\n\n<h4>3.09<\/h4>\n\n<ul>\n<li>Fix optional usage tracking.<\/li>\n<li>Fix an interoperability issue with other Divi module extender plugins.<\/li>\n<\/ul>\n\n<h4>3.08<\/h4>\n\n<ul>\n<li>Fix deprecation notice spam. Thanks to Ben Harper of 3dtek.xyz!<\/li>\n<\/ul>\n\n<h4>3.07<\/h4>\n\n<ul>\n<li>Fix missing ET_BUILDER_DIR . 'layouts.php'.<\/li>\n<\/ul>\n\n<h4>3.06<\/h4>\n\n<ul>\n<li>Fix version checker options.<\/li>\n<\/ul>\n\n<h4>3.05<\/h4>\n\n<ul>\n<li>Update license terms.<\/li>\n<\/ul>\n\n<h4>3.04<\/h4>\n\n<ul>\n<li>Fix the issue wherein builder-fixes.js forces builder.js to be loaded in the header instead of in the footer. Special thanks to @kihoshin for helping to locate this error!<\/li>\n<\/ul>\n\n<h4>3.03<\/h4>\n\n<ul>\n<li>Better multisite support.<\/li>\n<li>Remove the need to clear local storage in modern browsers to see the \"Content Visibility\" settings on Sections \/ Modules.<\/li>\n<\/ul>\n\n<h4>3.02<\/h4>\n\n<ul>\n<li>Fix distributable...<\/li>\n<\/ul>\n\n<h4>3.01<\/h4>\n\n<ul>\n<li>Fix \"Currently Available Module-Specific Actions and Filters\" tab not displaying available actions and filters in the Module Extender API Reference.<\/li>\n<\/ul>\n\n<h4>3.00<\/h4>\n\n<ul>\n<li>Add support for Visual Builder in Divi 3.x.<\/li>\n<\/ul>\n\n<h4>2.02<\/h4>\n\n<ul>\n<li>Fix Builder UI to handle ']' characters in Content Visibility expressions.<\/li>\n<\/ul>\n\n<h4>2.0.0<\/h4>\n\n<ul>\n<li>Add Module Extender for Divi Builder functionality; see API page after upgrading under Tools -&gt; Module Extender API Reference.<\/li>\n<li>Add usage tracking. If you prefer not to submit your usage data, this can be disabled on the plugins page by clicking \"Disable anonymous usage tracking\".<\/li>\n<\/ul>\n\n<h4>1.0.4<\/h4>\n\n<ul>\n<li>Add links to ratings and reviews to help spread the word.<\/li>\n<\/ul>\n\n<h4>1.0.3<\/h4>\n\n<ul>\n<li>Call load_plugin_textdomain().<\/li>\n<\/ul>\n\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Added i18n support.<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Fix handling of double quotes in Content Visibility expression. Thanks to Dave Bullock of memberium.com!<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial Release<\/li>\n<\/ul>","raw_excerpt":"Content Visibility for Divi Builder.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/42161","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=42161"}],"author":[{"embeddable":true,"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/jhorowitz"}],"wp:attachment":[{"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=42161"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=42161"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=42161"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=42161"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=42161"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/tah.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=42161"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}