Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3428474

Timestamp:

12/28/2025 05:25:52 AM (2 months ago)

Author:

ishchai

Message:

Release 1.2.1: configurable rate limit and WP 6.9 compatibility (Plugin Check clean)

Location:

bitbloom-chatbot-for-chatkit

Files:

: 6 edited
: 1 copied

tags/1.2.1 (copied) (copied from bitbloom-chatbot-for-chatkit/trunk)
tags/1.2.1/bitbloom-chatbot-for-chatkit.php (modified) (21 diffs)
tags/1.2.1/readme.txt (modified) (6 diffs)
tags/1.2.1/uninstall.php (modified) (1 diff)
trunk/bitbloom-chatbot-for-chatkit.php (modified) (21 diffs)
trunk/readme.txt (modified) (6 diffs)
trunk/uninstall.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

bitbloom-chatbot-for-chatkit/tags/1.2.1/bitbloom-chatbot-for-chatkit.php

-                      r3396302
+                      r3428474
  * Author:            BitBloom
  * Author URI:        https://github.com/BitBloom-HQ
  * Version:           1.2.0
+ * Version:           1.2.1
  * License:           GPLv2 or later
  * License URI:       https://www.gnu.org/licenses/gpl-2.0.html
  * Requires at least: 6.2
  * Tested up to:      6.8
+ * Tested up to:      6.9
  * Requires PHP:      7.4
  * Text Domain:       bitbloom-chatbot-for-chatkit
 …
 class BitBloom_Chatbot_for_Chatkit {
   const OPT = 'bitbloom-chatbot-for-chatkit_options';
+  const VER = '1.2.1';
   public function __construct() {
 …
       $launcher_fg   = $hex($launcher_in['fg'] ?? '#FFFFFF', '#FFFFFF');
+      $rate_limit = isset($in['rate_limit_per_hour']) ? absint($in['rate_limit_per_hour']) : 20;
+      if ($rate_limit < 1) { $rate_limit = 1; }
+      if ($rate_limit > 99999) { $rate_limit = 99999; }
       return [
         'workflow_id' => sanitize_text_field($in['workflow_id'] ?? ''),
 …
         'greeting'    => sanitize_text_field($in['greeting']    ?? ''),
         'auto_inject' => !empty($in['auto_inject']) ? '1' : '0',
+        'rate_limit_per_hour' => $rate_limit,
         'theme'       => [
           'color_scheme' => $color_scheme,
 …
           <td>
             <input id="bboaa_workflow_id" type="text" class="regular-text"
                    name="<?php echo self::OPT; ?>[workflow_id]"
+                   name="<?php echo esc_attr( self::OPT ); ?>[workflow_id]"
                    value="<?php echo esc_attr($o['workflow_id'] ?? ''); ?>"
                    placeholder="wf_xxx..." />
 …
           <td>
             <input id="bboaa_domain_pk" type="text" class="regular-text"
                    name="<?php echo self::OPT; ?>[domain_pk]"
+                   name="<?php echo esc_attr( self::OPT ); ?>[domain_pk]"
                    value="<?php echo esc_attr($o['domain_pk'] ?? ''); ?>"
                    placeholder="pk-live-..." />
 …
           <td>
             <input id="bboaa_greeting" type="text" class="regular-text"
                    name="<?php echo self::OPT; ?>[greeting]"
+                   name="<?php echo esc_attr( self::OPT ); ?>[greeting]"
                    value="<?php echo esc_attr($o['greeting'] ?? ''); ?>"
                    placeholder="What can I help with today?" />
 …
         <tr>
+          <th scope="row">
+            <label for="bboaa_rate_limit_per_hour">Rate limit (per IP / hour)</label>
+          </th>
+          <td>
+            <input
+              id="bboaa_rate_limit_per_hour"
+              type="number"
+              class="small-text"
+              name="<?php echo esc_attr( self::OPT ); ?>[rate_limit_per_hour]"
+              value="<?php echo esc_attr((int)($o['rate_limit_per_hour'] ?? 20)); ?>"
+              min="1"
+              max="99999"
+              step="1"
+            />
+            <p class="description">
+              Limits how many ChatKit session requests a single IP can make per hour. Default: 20.
+            </p>
+          </td>
+        </tr>
+        <tr>
           <th scope="row">Theme</th>
           <td>
 …
               <p><strong>Color scheme</strong></p>
               <label style="margin-right:16px;">
                 <input type="radio" name="<?php echo self::OPT; ?>[theme][color_scheme]" value="light" <?php checked($color_scheme==='light'); ?>> Light
+                <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][color_scheme]" value="light" <?php checked($color_scheme==='light'); ?>> Light
               </label>
               <label>
                 <input type="radio" name="<?php echo self::OPT; ?>[theme][color_scheme]" value="dark" <?php checked($color_scheme==='dark'); ?>> Dark
+                <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][color_scheme]" value="dark" <?php checked($color_scheme==='dark'); ?>> Dark
               </label>
 …
                 <?php foreach ($accents as $hex => $label): ?>
                   <label style="display:flex; align-items:center; gap:6px; cursor:pointer;">
                     <input type="radio" name="<?php echo self::OPT; ?>[theme][accent]" value="<?php echo esc_attr($hex); ?>" <?php checked($accent===$hex); ?>>
+                    <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][accent]" value="<?php echo esc_attr($hex); ?>" <?php checked($accent===$hex); ?>>
                     <span style="display:inline-block; width:18px; height:18px; border-radius:50%; background:<?php echo esc_attr($hex); ?>; border:1px solid rgba(0,0,0,.12);"></span>
                     <span><?php echo esc_html($label); ?></span>
 …
             <p style="margin-top:14px;"><strong>Corner radius</strong></p>
             <label style="margin-right:16px;">
             <input type="radio" name="<?php echo self::OPT; ?>[theme][radius]" value="pill"  <?php checked($radius==='pill');  ?>> Pill
+            <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][radius]" value="pill"  <?php checked($radius==='pill');  ?>> Pill
             </label>
             <label style="margin-right:16px;">
             <input type="radio" name="<?php echo self::OPT; ?>[theme][radius]" value="round" <?php checked($radius==='round'); ?>> Round
+            <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][radius]" value="round" <?php checked($radius==='round'); ?>> Round
             </label>
             <label style="margin-right:16px;">
             <input type="radio" name="<?php echo self::OPT; ?>[theme][radius]" value="soft"  <?php checked($radius==='soft');  ?>> Soft
+            <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][radius]" value="soft"  <?php checked($radius==='soft');  ?>> Soft
             </label>
             <label>
             <input type="radio" name="<?php echo self::OPT; ?>[theme][radius]" value="sharp" <?php checked($radius==='sharp'); ?>> Sharp
+            <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][radius]" value="sharp" <?php checked($radius==='sharp'); ?>> Sharp
             </label>
 …
             <p style="margin-top:14px;"><strong>Density</strong></p>
             <label style="margin-right:16px;">
             <input type="radio" name="<?php echo self::OPT; ?>[theme][density]" value="compact"  <?php checked($density==='compact');  ?>> Compact
+            <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][density]" value="compact"  <?php checked($density==='compact');  ?>> Compact
             </label>
             <label style="margin-right:16px;">
             <input type="radio" name="<?php echo self::OPT; ?>[theme][density]" value="normal"   <?php checked($density==='normal');   ?>> Normal
+            <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][density]" value="normal"   <?php checked($density==='normal');   ?>> Normal
             </label>
             <label>
             <input type="radio" name="<?php echo self::OPT; ?>[theme][density]" value="spacious" <?php checked($density==='spacious'); ?>> Spacious
+            <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][density]" value="spacious" <?php checked($density==='spacious'); ?>> Spacious
             </label>
             <p style="margin-top:14px;"><strong>Font</strong></p>
             <select name="<?php echo self::OPT; ?>[theme][font]">
+            <select name="<?php echo esc_attr( self::OPT ); ?>[theme][font]">
                 <?php foreach ($fonts as $token => $label): ?>
                     <option value="<?php echo esc_attr($token); ?>" <?php selected($font===$token); ?>>
 …
                 <label style="display:block; margin-bottom:6px;">Text</label>
                 <input type="text" class="regular-text"
                         name="<?php echo self::OPT; ?>[launcher][text]"
+                        name="<?php echo esc_attr( self::OPT ); ?>[launcher][text]"
                         value="<?php echo esc_attr($l_text); ?>"
                         placeholder="Chat with our AI" />
 …
                     <label style="display:block; margin-bottom:6px;">Background</label>
                     <input type="color" value="<?php echo esc_attr($l_bg); ?>"
                         name="<?php echo self::OPT; ?>[launcher][bg]" />
+                        name="<?php echo esc_attr( self::OPT ); ?>[launcher][bg]" />
                 </span>
                 <span>
                     <label style="display:block; margin-bottom:6px;">Text color</label>
                     <input type="color" value="<?php echo esc_attr($l_fg); ?>"
                         name="<?php echo self::OPT; ?>[launcher][fg]" />
+                        name="<?php echo esc_attr( self::OPT ); ?>[launcher][fg]" />
                 </span>
                 </p>
 …
           <td>
             <label>
               <input type="checkbox" name="<?php echo self::OPT; ?>[auto_inject]" value="1" <?php checked(($o['auto_inject'] ?? '') === '1'); ?> />
+              <input type="checkbox" name="<?php echo esc_attr( self::OPT ); ?>[auto_inject]" value="1" <?php checked(($o['auto_inject'] ?? '') === '1'); ?> />
               Enable floating chat launcher globally
             </label>
 …
           'https://cdn.platform.openai.com/deployments/chatkit/chatkit.js',
           [],
           null,
+          self::VER,
           true
       );
 …
           plugins_url('assets/bitbloom-agent.js', __FILE__),
           ['openai-chatkit'],
           '1.3.1',
+          self::VER,
           true
       );
 …
         $o = get_option(self::OPT, []);
         if (($o['auto_inject'] ?? '') === '1') {
+            // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- embed_markup escapes dynamic values; output is controlled markup.
             echo $this->embed_markup();
             $printed = true;
+        }
 …
       <?php
         $title_msg = __('Configure workflow & domain key in Settings → BitBloom Chatbot for Chatkit', 'bitbloom-chatbot-for-chatkit');
+        $btn_attrs = sprintf('title="%s"%s',
+          esc_attr($title_msg),
+          $ready ? '' : ' disabled'
+        );
+      ?>
+        <button id="bitbloom-agent-launcher" aria-haspopup="dialog" <?php echo $btn_attrs; ?>>
+          <?php echo esc_html($l_text); ?>
+        ?>
+        <button
+          id="bitbloom-agent-launcher"
+          aria-haspopup="dialog"
+          title="<?php echo esc_attr( $title_msg ); ?>"
+          <?php disabled( $ready, false ); ?>
+        >
+          <?php echo esc_html( $l_text ); ?>
         </button>
+      <?php
+        <?php
       return ob_get_clean();
+    }
 …
                     return new \WP_Error('forbidden', 'Invalid REST nonce', ['status' => 403]);
+                }
+                // Basic rate-limit per IP (20/hour):
+                $ip = $_SERVER['REMOTE_ADDR'] ?? 'na';
+                $key  = 'bitbchfo_rl_' . md5($ip);
+                // Basic rate-limit per IP (configurable, per hour)
+                $o = get_option(self::OPT, []);
+                $limit = absint($o['rate_limit_per_hour'] ?? 20);
+                if ($limit < 1) { $limit = 1; }
+                if ($limit > 99999) { $limit = 99999; }
+                // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- $_SERVER value is immediately unslashed and sanitized below.
+                $ip_raw = isset( $_SERVER['REMOTE_ADDR'] ) ? wp_unslash( $_SERVER['REMOTE_ADDR'] ) : '';
+                $ip     = sanitize_text_field( $ip_raw );
+                if ( $ip === '' ) {
+                    $ip = 'na';
+                }
+                $key = 'bitbchfo_rl_' . md5( $ip );
                 $count = (int) get_transient($key);
+                if ($count > 20) {
+                if ($count >= $limit) {
                     return new \WP_Error('rate_limited', 'Too Many Requests', ['status' => 429]);
+                }
                 set_transient($key, $count + 1, HOUR_IN_SECONDS);
                 return true;
             },
         ]);
 …
         // Create a stable-but-anonymous "user" string (no PII)
         $site_salt = wp_salt('auth');
+        $ua_raw    = isset($_SERVER['HTTP_USER_AGENT']) ? wp_unslash($_SERVER['HTTP_USER_AGENT']) : '';
+        $ua_clean  = sanitize_text_field($ua_raw);
+        $ua_clean = isset( $_SERVER['HTTP_USER_AGENT'] )
+        ? sanitize_text_field( wp_unslash( $_SERVER['HTTP_USER_AGENT'] ) )
+        : '';
         $user      = substr(hash('sha256', $site_salt . '|' . $ua_clean), 0, 64);

bitbloom-chatbot-for-chatkit/tags/1.2.1/readme.txt

-                      r3396311
+                      r3428474
 Tags: openai, chatkit, chat, embed, ai
 Requires at least: 6.2
 Tested up to: 6.8
+Tested up to: 6.9
 Requires PHP: 7.4
 Stable tag: 1.2.0
+Stable tag: 1.2.1
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 …
 - Theme controls: color scheme, accent, radius, density, font.
 - Secure: session created on the server; REST calls nonce-protected.
+- Rate limiting: configurable per-IP hourly limit for session requests (default 20/hour).
 - Privacy-friendly: user ID is a salted hash (no IP stored or sent by the plugin).
 …
 == Installation ==
 For a full video walkthrough of the installation and setup process:
 https://youtu.be/PstZVUaumw8
+https://youtu.be/Kd0WxODDdYc
 . Download the ZIP and upload it via **Plugins → Add New → Upload Plugin**,
 …
    [bitbloom_chatbot_for_chatkit]
+. (Optional) Adjust **Rate limit** (per IP / hour). Default is 20/hour.
 …
 Yes. You can change the color scheme (light/dark), accent color, radius, density, and font.
+= Is there a usage/rate limit in the plugin? =
+Yes. By default, the plugin limits session requests to 20 per hour per IP.
+You can change this in the plugin settings (Rate limit per IP / hour) to any value between 1 and 99999.
 = The chat window shows an error when loading. What causes this? =
 Usually one of the following:
 …
 == Changelog ==
+= 1.2.1 =
+* Added an admin setting to configure the per-IP hourly rate limit for session requests (default: 20/hour).
 = 1.2.0 =
 * Initial public release under the name “BitBloom ChatKit Embed”.
 == Upgrade Notice ==
+= 1.2.1 =
+Adds a configurable rate limit setting (default 20/hour).
 = 1.2.0 =
 First stable release.

bitbloom-chatbot-for-chatkit/tags/1.2.1/uninstall.php

-                      r3396302
+                      r3428474
 <?php
 if ( ! defined('WP_UNINSTALL_PLUGIN') ) {
+if ( ! defined( 'WP_UNINSTALL_PLUGIN' ) ) {
     exit;
+}
+$option = 'bitbloom-chatbot-for-chatkit_options';
+(function () {
+    $option_name = 'bitbloom-chatbot-for-chatkit_options';
+// Delete options (single site)
 delete_option($option);
+    // Delete options (single site).
+    delete_option( $option_name );
+// Delete network (multisite) options if present
 if ( is_multisite() ) {
     delete_site_option($option);
+}
+    // Delete network (multisite) options if present.
+    if ( is_multisite() ) {
+        delete_site_option( $option_name );
+    }
+// Clean up transient-based rate limits: bba_rl_*
+// This removes both the transient and its timeout rows.
+global $wpdb;
+$like1 = $wpdb->esc_like('_transient_bitbchfo_rl_') . '%';
+$like2 = $wpdb->esc_like('_transient_timeout_bitbchfo_rl_') . '%';
+$wpdb->query( $wpdb->prepare(
+    "DELETE FROM {$wpdb->options} WHERE option_name LIKE %s OR option_name LIKE %s",
+    $like1, $like2
+) );
+    // Clean up transient-based rate limits: bitbchfo_rl_*
+    // This removes both the transient and its timeout rows.
+    global $wpdb;
+    $like1 = $wpdb->esc_like( '_transient_bitbchfo_rl_' ) . '%';
+    $like2 = $wpdb->esc_like( '_transient_timeout_bitbchfo_rl_' ) . '%';
+    // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- uninstall cleanup for transients.
+    $wpdb->query(
+        $wpdb->prepare(
+            "DELETE FROM {$wpdb->options} WHERE option_name LIKE %s OR option_name LIKE %s",
+            $like1,
+            $like2
+        )
+    );
+})();

bitbloom-chatbot-for-chatkit/trunk/bitbloom-chatbot-for-chatkit.php

-                      r3396302
+                      r3428474
  * Author:            BitBloom
  * Author URI:        https://github.com/BitBloom-HQ
  * Version:           1.2.0
+ * Version:           1.2.1
  * License:           GPLv2 or later
  * License URI:       https://www.gnu.org/licenses/gpl-2.0.html
  * Requires at least: 6.2
  * Tested up to:      6.8
+ * Tested up to:      6.9
  * Requires PHP:      7.4
  * Text Domain:       bitbloom-chatbot-for-chatkit
 …
 class BitBloom_Chatbot_for_Chatkit {
   const OPT = 'bitbloom-chatbot-for-chatkit_options';
+  const VER = '1.2.1';
   public function __construct() {
 …
       $launcher_fg   = $hex($launcher_in['fg'] ?? '#FFFFFF', '#FFFFFF');
+      $rate_limit = isset($in['rate_limit_per_hour']) ? absint($in['rate_limit_per_hour']) : 20;
+      if ($rate_limit < 1) { $rate_limit = 1; }
+      if ($rate_limit > 99999) { $rate_limit = 99999; }
       return [
         'workflow_id' => sanitize_text_field($in['workflow_id'] ?? ''),
 …
         'greeting'    => sanitize_text_field($in['greeting']    ?? ''),
         'auto_inject' => !empty($in['auto_inject']) ? '1' : '0',
+        'rate_limit_per_hour' => $rate_limit,
         'theme'       => [
           'color_scheme' => $color_scheme,
 …
           <td>
             <input id="bboaa_workflow_id" type="text" class="regular-text"
                    name="<?php echo self::OPT; ?>[workflow_id]"
+                   name="<?php echo esc_attr( self::OPT ); ?>[workflow_id]"
                    value="<?php echo esc_attr($o['workflow_id'] ?? ''); ?>"
                    placeholder="wf_xxx..." />
 …
           <td>
             <input id="bboaa_domain_pk" type="text" class="regular-text"
                    name="<?php echo self::OPT; ?>[domain_pk]"
+                   name="<?php echo esc_attr( self::OPT ); ?>[domain_pk]"
                    value="<?php echo esc_attr($o['domain_pk'] ?? ''); ?>"
                    placeholder="pk-live-..." />
 …
           <td>
             <input id="bboaa_greeting" type="text" class="regular-text"
                    name="<?php echo self::OPT; ?>[greeting]"
+                   name="<?php echo esc_attr( self::OPT ); ?>[greeting]"
                    value="<?php echo esc_attr($o['greeting'] ?? ''); ?>"
                    placeholder="What can I help with today?" />
 …
         <tr>
+          <th scope="row">
+            <label for="bboaa_rate_limit_per_hour">Rate limit (per IP / hour)</label>
+          </th>
+          <td>
+            <input
+              id="bboaa_rate_limit_per_hour"
+              type="number"
+              class="small-text"
+              name="<?php echo esc_attr( self::OPT ); ?>[rate_limit_per_hour]"
+              value="<?php echo esc_attr((int)($o['rate_limit_per_hour'] ?? 20)); ?>"
+              min="1"
+              max="99999"
+              step="1"
+            />
+            <p class="description">
+              Limits how many ChatKit session requests a single IP can make per hour. Default: 20.
+            </p>
+          </td>
+        </tr>
+        <tr>
           <th scope="row">Theme</th>
           <td>
 …
               <p><strong>Color scheme</strong></p>
               <label style="margin-right:16px;">
                 <input type="radio" name="<?php echo self::OPT; ?>[theme][color_scheme]" value="light" <?php checked($color_scheme==='light'); ?>> Light
+                <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][color_scheme]" value="light" <?php checked($color_scheme==='light'); ?>> Light
               </label>
               <label>
                 <input type="radio" name="<?php echo self::OPT; ?>[theme][color_scheme]" value="dark" <?php checked($color_scheme==='dark'); ?>> Dark
+                <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][color_scheme]" value="dark" <?php checked($color_scheme==='dark'); ?>> Dark
               </label>
 …
                 <?php foreach ($accents as $hex => $label): ?>
                   <label style="display:flex; align-items:center; gap:6px; cursor:pointer;">
                     <input type="radio" name="<?php echo self::OPT; ?>[theme][accent]" value="<?php echo esc_attr($hex); ?>" <?php checked($accent===$hex); ?>>
+                    <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][accent]" value="<?php echo esc_attr($hex); ?>" <?php checked($accent===$hex); ?>>
                     <span style="display:inline-block; width:18px; height:18px; border-radius:50%; background:<?php echo esc_attr($hex); ?>; border:1px solid rgba(0,0,0,.12);"></span>
                     <span><?php echo esc_html($label); ?></span>
 …
             <p style="margin-top:14px;"><strong>Corner radius</strong></p>
             <label style="margin-right:16px;">
             <input type="radio" name="<?php echo self::OPT; ?>[theme][radius]" value="pill"  <?php checked($radius==='pill');  ?>> Pill
+            <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][radius]" value="pill"  <?php checked($radius==='pill');  ?>> Pill
             </label>
             <label style="margin-right:16px;">
             <input type="radio" name="<?php echo self::OPT; ?>[theme][radius]" value="round" <?php checked($radius==='round'); ?>> Round
+            <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][radius]" value="round" <?php checked($radius==='round'); ?>> Round
             </label>
             <label style="margin-right:16px;">
             <input type="radio" name="<?php echo self::OPT; ?>[theme][radius]" value="soft"  <?php checked($radius==='soft');  ?>> Soft
+            <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][radius]" value="soft"  <?php checked($radius==='soft');  ?>> Soft
             </label>
             <label>
             <input type="radio" name="<?php echo self::OPT; ?>[theme][radius]" value="sharp" <?php checked($radius==='sharp'); ?>> Sharp
+            <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][radius]" value="sharp" <?php checked($radius==='sharp'); ?>> Sharp
             </label>
 …
             <p style="margin-top:14px;"><strong>Density</strong></p>
             <label style="margin-right:16px;">
             <input type="radio" name="<?php echo self::OPT; ?>[theme][density]" value="compact"  <?php checked($density==='compact');  ?>> Compact
+            <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][density]" value="compact"  <?php checked($density==='compact');  ?>> Compact
             </label>
             <label style="margin-right:16px;">
             <input type="radio" name="<?php echo self::OPT; ?>[theme][density]" value="normal"   <?php checked($density==='normal');   ?>> Normal
+            <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][density]" value="normal"   <?php checked($density==='normal');   ?>> Normal
             </label>
             <label>
             <input type="radio" name="<?php echo self::OPT; ?>[theme][density]" value="spacious" <?php checked($density==='spacious'); ?>> Spacious
+            <input type="radio" name="<?php echo esc_attr( self::OPT ); ?>[theme][density]" value="spacious" <?php checked($density==='spacious'); ?>> Spacious
             </label>
             <p style="margin-top:14px;"><strong>Font</strong></p>
             <select name="<?php echo self::OPT; ?>[theme][font]">
+            <select name="<?php echo esc_attr( self::OPT ); ?>[theme][font]">
                 <?php foreach ($fonts as $token => $label): ?>
                     <option value="<?php echo esc_attr($token); ?>" <?php selected($font===$token); ?>>
 …
                 <label style="display:block; margin-bottom:6px;">Text</label>
                 <input type="text" class="regular-text"
                         name="<?php echo self::OPT; ?>[launcher][text]"
+                        name="<?php echo esc_attr( self::OPT ); ?>[launcher][text]"
                         value="<?php echo esc_attr($l_text); ?>"
                         placeholder="Chat with our AI" />
 …
                     <label style="display:block; margin-bottom:6px;">Background</label>
                     <input type="color" value="<?php echo esc_attr($l_bg); ?>"
                         name="<?php echo self::OPT; ?>[launcher][bg]" />
+                        name="<?php echo esc_attr( self::OPT ); ?>[launcher][bg]" />
                 </span>
                 <span>
                     <label style="display:block; margin-bottom:6px;">Text color</label>
                     <input type="color" value="<?php echo esc_attr($l_fg); ?>"
                         name="<?php echo self::OPT; ?>[launcher][fg]" />
+                        name="<?php echo esc_attr( self::OPT ); ?>[launcher][fg]" />
                 </span>
                 </p>
 …
           <td>
             <label>
               <input type="checkbox" name="<?php echo self::OPT; ?>[auto_inject]" value="1" <?php checked(($o['auto_inject'] ?? '') === '1'); ?> />
+              <input type="checkbox" name="<?php echo esc_attr( self::OPT ); ?>[auto_inject]" value="1" <?php checked(($o['auto_inject'] ?? '') === '1'); ?> />
               Enable floating chat launcher globally
             </label>
 …
           'https://cdn.platform.openai.com/deployments/chatkit/chatkit.js',
           [],
           null,
+          self::VER,
           true
       );
 …
           plugins_url('assets/bitbloom-agent.js', __FILE__),
           ['openai-chatkit'],
           '1.3.1',
+          self::VER,
           true
       );
 …
         $o = get_option(self::OPT, []);
         if (($o['auto_inject'] ?? '') === '1') {
+            // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- embed_markup escapes dynamic values; output is controlled markup.
             echo $this->embed_markup();
             $printed = true;
+        }
 …
       <?php
         $title_msg = __('Configure workflow & domain key in Settings → BitBloom Chatbot for Chatkit', 'bitbloom-chatbot-for-chatkit');
+        $btn_attrs = sprintf('title="%s"%s',
+          esc_attr($title_msg),
+          $ready ? '' : ' disabled'
+        );
+      ?>
+        <button id="bitbloom-agent-launcher" aria-haspopup="dialog" <?php echo $btn_attrs; ?>>
+          <?php echo esc_html($l_text); ?>
+        ?>
+        <button
+          id="bitbloom-agent-launcher"
+          aria-haspopup="dialog"
+          title="<?php echo esc_attr( $title_msg ); ?>"
+          <?php disabled( $ready, false ); ?>
+        >
+          <?php echo esc_html( $l_text ); ?>
         </button>
+      <?php
+        <?php
       return ob_get_clean();
+    }
 …
                     return new \WP_Error('forbidden', 'Invalid REST nonce', ['status' => 403]);
+                }
+                // Basic rate-limit per IP (20/hour):
+                $ip = $_SERVER['REMOTE_ADDR'] ?? 'na';
+                $key  = 'bitbchfo_rl_' . md5($ip);
+                // Basic rate-limit per IP (configurable, per hour)
+                $o = get_option(self::OPT, []);
+                $limit = absint($o['rate_limit_per_hour'] ?? 20);
+                if ($limit < 1) { $limit = 1; }
+                if ($limit > 99999) { $limit = 99999; }
+                // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- $_SERVER value is immediately unslashed and sanitized below.
+                $ip_raw = isset( $_SERVER['REMOTE_ADDR'] ) ? wp_unslash( $_SERVER['REMOTE_ADDR'] ) : '';
+                $ip     = sanitize_text_field( $ip_raw );
+                if ( $ip === '' ) {
+                    $ip = 'na';
+                }
+                $key = 'bitbchfo_rl_' . md5( $ip );
                 $count = (int) get_transient($key);
+                if ($count > 20) {
+                if ($count >= $limit) {
                     return new \WP_Error('rate_limited', 'Too Many Requests', ['status' => 429]);
+                }
                 set_transient($key, $count + 1, HOUR_IN_SECONDS);
                 return true;
             },
         ]);
 …
         // Create a stable-but-anonymous "user" string (no PII)
         $site_salt = wp_salt('auth');
+        $ua_raw    = isset($_SERVER['HTTP_USER_AGENT']) ? wp_unslash($_SERVER['HTTP_USER_AGENT']) : '';
+        $ua_clean  = sanitize_text_field($ua_raw);
+        $ua_clean = isset( $_SERVER['HTTP_USER_AGENT'] )
+        ? sanitize_text_field( wp_unslash( $_SERVER['HTTP_USER_AGENT'] ) )
+        : '';
         $user      = substr(hash('sha256', $site_salt . '|' . $ua_clean), 0, 64);

bitbloom-chatbot-for-chatkit/trunk/readme.txt

-                      r3396311
+                      r3428474
 Tags: openai, chatkit, chat, embed, ai
 Requires at least: 6.2
 Tested up to: 6.8
+Tested up to: 6.9
 Requires PHP: 7.4
 Stable tag: 1.2.0
+Stable tag: 1.2.1
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 …
 - Theme controls: color scheme, accent, radius, density, font.
 - Secure: session created on the server; REST calls nonce-protected.
+- Rate limiting: configurable per-IP hourly limit for session requests (default 20/hour).
 - Privacy-friendly: user ID is a salted hash (no IP stored or sent by the plugin).
 …
 == Installation ==
 For a full video walkthrough of the installation and setup process:
 https://youtu.be/PstZVUaumw8
+https://youtu.be/Kd0WxODDdYc
 . Download the ZIP and upload it via **Plugins → Add New → Upload Plugin**,
 …
    [bitbloom_chatbot_for_chatkit]
+. (Optional) Adjust **Rate limit** (per IP / hour). Default is 20/hour.
 …
 Yes. You can change the color scheme (light/dark), accent color, radius, density, and font.
+= Is there a usage/rate limit in the plugin? =
+Yes. By default, the plugin limits session requests to 20 per hour per IP.
+You can change this in the plugin settings (Rate limit per IP / hour) to any value between 1 and 99999.
 = The chat window shows an error when loading. What causes this? =
 Usually one of the following:
 …
 == Changelog ==
+= 1.2.1 =
+* Added an admin setting to configure the per-IP hourly rate limit for session requests (default: 20/hour).
 = 1.2.0 =
 * Initial public release under the name “BitBloom ChatKit Embed”.
 == Upgrade Notice ==
+= 1.2.1 =
+Adds a configurable rate limit setting (default 20/hour).
 = 1.2.0 =
 First stable release.

bitbloom-chatbot-for-chatkit/trunk/uninstall.php

-                      r3396302
+                      r3428474
 <?php
 if ( ! defined('WP_UNINSTALL_PLUGIN') ) {
+if ( ! defined( 'WP_UNINSTALL_PLUGIN' ) ) {
     exit;
+}
+$option = 'bitbloom-chatbot-for-chatkit_options';
+(function () {
+    $option_name = 'bitbloom-chatbot-for-chatkit_options';
+// Delete options (single site)
 delete_option($option);
+    // Delete options (single site).
+    delete_option( $option_name );
+// Delete network (multisite) options if present
 if ( is_multisite() ) {
     delete_site_option($option);
+}
+    // Delete network (multisite) options if present.
+    if ( is_multisite() ) {
+        delete_site_option( $option_name );
+    }
+// Clean up transient-based rate limits: bba_rl_*
+// This removes both the transient and its timeout rows.
+global $wpdb;
+$like1 = $wpdb->esc_like('_transient_bitbchfo_rl_') . '%';
+$like2 = $wpdb->esc_like('_transient_timeout_bitbchfo_rl_') . '%';
+$wpdb->query( $wpdb->prepare(
+    "DELETE FROM {$wpdb->options} WHERE option_name LIKE %s OR option_name LIKE %s",
+    $like1, $like2
+) );
+    // Clean up transient-based rate limits: bitbchfo_rl_*
+    // This removes both the transient and its timeout rows.
+    global $wpdb;
+    $like1 = $wpdb->esc_like( '_transient_bitbchfo_rl_' ) . '%';
+    $like2 = $wpdb->esc_like( '_transient_timeout_bitbchfo_rl_' ) . '%';
+    // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- uninstall cleanup for transients.
+    $wpdb->query(
+        $wpdb->prepare(
+            "DELETE FROM {$wpdb->options} WHERE option_name LIKE %s OR option_name LIKE %s",
+            $like1,
+            $like2
+        )
+    );
+})();

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: