Migrate to CMB2

[bearded-avenger]

Last week I discovered that the fork of CMB from Humanmade provides no sanitization out of the box, and instead relies on individual callbacks. Not only is not having default sanitization not secure, but the procedures for writing callback functions are not very good at the moment and cause more time than needed for third party developers.

This is reason enough on it's own to move away from the fork and back to the original by WebDev studios, more specifically CMB2. It's out of the box sanitization techniques far exceed the fork. In the last couple of years this has vastly improved and the feature set now closely matches the fork.

\ Benefits

• safer and more secure
• more aggressively maintained
• better designed UX and UI

\ Drawbacks

• because of the way that each fork stores repeating field data, existing map markers will need to be redone. this shouldn't be as bad as we're looking into bettering this with https://github.com/bearded-avenger/aesop-core/issues/105
• any developers who are utilizing the current metabox implementation by way of filter will no longer work. It is however very easy to upgrade and I'll provide exactly what you'll need to update. It involves at minimum one fix. I know this is terrible, and I apologize, but I'll be here to help in any way I can.

We're looking at putting this change in about six weeks.

[michaelbeil]

better solution overall.

[bearded-avenger]

Yeah so the only drawback is that repeating field group data is stored differently, so although the users meta will not be erased, those values will not show in the repeater fields in admin. We'll need so map those accordingly. Other than that the upgrade on this branch locally went well.

[michaelbeil]

good. seems like the implementation will go better than expected.

[bearded-avenger]

punting to 1.4 CMB2 beta has many bugs with repeating fields and isn't stable enough yet

[bearded-avenger]

closing this completely as we dont' rely on external libs anymore for metabbox creation