Split the “eval() is unavailable” admin notice into three distinct, actionable messages – incomplete plugin install (helper file empty or missing), eval blocked by host hardening, and eval running but returning the wrong value – so the suggested remediation matches the actual failure mode. New CVDB_VERSION constant defined at plugin-file scope. Thanks to @helpmelisa for the help with testing this release!
5.02
Fix Call to undefined function cvdb_eval_expression() errors and the false-positive “eval() appears to be disabled” admin notice on hosts that shadow the plugin’s relative bootstrap require. Thanks to @helpmelisa and @cantonbecker for the bug reports!
5.01
Fix blank content visibility expressions causing PHP errors in Divi 5. Thanks to @ighulme and @beachmat for the bug reports!
5.00
Visibility expressions are now evaluated against an allowlist of known-safe callables (default: WordPress conditional tags). Function calls and static method calls not on the allowlist are rejected with a “Contact the site administrator” error. new, instance method chains (Foo::bar()->baz()), variable functions, string-as-callable, and bare identifiers are hard errors and cannot be allowlisted – rewrite as a static helper. New installs have validation enabled by default; existing installs ship with validation off and a persistent admin notice prompting the migration workflow.
The Expression Validation tab now generates a copy-paste add_filter(‘content_visibility_for_divi_builder_allowed_callables’, …) snippet pre-populated with every custom callable found in current content (with first-sighting context: post id, module name, admin label, file:line via Reflection when available). Non-allowlistable patterns (instance methods, etc.) are listed separately as “must be rewritten.”
Posts whose content contains expressions failing validation cannot be published while the toggle is on. The REST flow (Gutenberg / Divi 5 VB / API clients) returns WP_Error with a structured error message; the classic editor and the Divi 3 & 4 builders abort the save before any database write so an already-published page stays published with its previous content, and the in-progress edits remain in the editor for you to fix and re-save.
After every save, validation findings are stored as private post meta and surfaced as a yellow (validation off) or red (validation on) admin notice on the post’s edit screen.
New REST endpoints under cvdb/v1/: security/scan, security/validate-expression (server-truth validator for the inline UI), notices/rating/dismiss (replaces an AJAX action).
Persistent red admin notice on every admin page when PHP eval() is unavailable on the host (e.g. Suhosin’s executor.disable_eval, custom hardening). Detected via runtime smoke probe.
New filter: content_visibility_for_divi_builder_allowed_callables. Extension point for admins to allowlist custom callables. Accepts function names and Class::method static-method entries; namespace-qualified names are normalized (leading , namespace prefix stripped, lowercased).
New “Expression Validation Filters” tab** on the API Reference page documenting all four expression-validation filters (blocked_functions, allowed_tokens, allowed_chars, allowed_callables) with paste-ready examples.
4.02
Add Plugin URI.
4.01
Fix undefined variable in cvdb-et-builder-element.class.php. Thanks to @kindred for the quick bug report!
4.00
Refactor the code for performance and maintainability.
Add Divi 5 public alpha support!
Drop Divi 2.x support.
3.23
Catch errors in visibility expression evaluation; this allows the rest of the page to load while only hiding the module or section that triggered the error.
Email site admin when errors in visibility expression evalution occur with helpful debugging information (i.e. the error that occured, the URL on which it occured, and the full shortcode contents of the relevant module or section as an attachment).
3.22
Fix compatibility with Stop Spammers plugin. Thanks to @kindred for providing access to a test environment exhibiting the issue!
3.21
Fix compatibility with the Divi Library.
3.20
Fix compatibility with the Divi Theme Builder.
3.19
Restore support for DiviExtension modules in Divi 4.10.x.
3.18
Fix the backend documentation page so that currently-available modules are shown.
Fix the rating link image’s styles.
3.17
Restore support for lazy-loaded modules in Divi 4.10.x. Special thanks to @chaostica, @jgarces and @sthaney for contributing information which helped lead to the fix!
3.16
Fix extraneous inclusion of builder.js, which in turn fixes various backend/classic editor logic. Thanks to Bernard Lemieux of bernardlemieux.ca!
3.15
Fix the behavior of content_visibility_for_divi_builder_shortcode_* filters.
3.14
Emergency hotfix for crash introduced in 3.13.
3.13
Fix PHP v7.4.x notice spam with recent Divi versions.
3.12
Fix interoperability issues with newer WordPress versions.
Fix issues with Divi Builder 4.x releases.
3.11
Remove hold harmless agreement.
3.10
Remove usage tracking entirely.
Fix request parameter sanitization.
3.09
Fix optional usage tracking.
Fix an interoperability issue with other Divi module extender plugins.
3.08
Fix deprecation notice spam. Thanks to Ben Harper of 3dtek.xyz!
3.07
Fix missing ET_BUILDER_DIR . ‘layouts.php’.
3.06
Fix version checker options.
3.05
Update license terms.
3.04
Fix the issue wherein builder-fixes.js forces builder.js to be loaded in the header instead of in the footer. Special thanks to @kihoshin for helping to locate this error!
3.03
Better multisite support.
Remove the need to clear local storage in modern browsers to see the “Content Visibility” settings on Sections / Modules.
3.02
Fix distributable…
3.01
Fix “Currently Available Module-Specific Actions and Filters” tab not displaying available actions and filters in the Module Extender API Reference.
3.00
Add support for Visual Builder in Divi 3.x.
2.02
Fix Builder UI to handle ‘]’ characters in Content Visibility expressions.
2.0.0
Add Module Extender for Divi Builder functionality; see API page after upgrading under Tools -> Module Extender API Reference.
Add usage tracking. If you prefer not to submit your usage data, this can be disabled on the plugins page by clicking “Disable anonymous usage tracking”.
1.0.4
Add links to ratings and reviews to help spread the word.
1.0.3
Call load_plugin_textdomain().
1.0.2
Added i18n support.
1.0.1
Fix handling of double quotes in Content Visibility expression. Thanks to Dave Bullock of memberium.com!
