Changeset 3446671
- Timestamp:
- 01/25/2026 08:22:32 PM (2 months ago)
- Location:
- idevelop-floating-circle-button
- Files:
-
- 2 deleted
- 4 edited
- 1 copied
-
tags/1.4.2 (copied) (copied from idevelop-floating-circle-button/trunk)
-
tags/1.4.2/idevelop-floating-circle-button.php (modified) (5 diffs)
-
tags/1.4.2/idevelop-floating-circle-button.zip (deleted)
-
tags/1.4.2/readme.txt (modified) (3 diffs)
-
trunk/idevelop-floating-circle-button.php (modified) (5 diffs)
-
trunk/idevelop-floating-circle-button.zip (deleted)
-
trunk/readme.txt (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
idevelop-floating-circle-button/tags/1.4.2/idevelop-floating-circle-button.php
r3446666 r3446671 4 4 * Plugin URI: https://idevelop.vip/plugins/plugin/idevelop-floating-circle-button/ 5 5 * Description: Adds a sticky Floating Circle button to your WordPress site with customizable options. 6 * Version: 1.4. 16 * Version: 1.4.2 7 7 * Author: iDevelop 8 8 * Author URI: https://idevelop.vip/plugins … … 678 678 public function ajax_save_settings() { 679 679 // Check nonce 680 if ( ! isset( $_POST['idevelop_ajax_nonce'] ) || ! wp_verify_nonce( $_POST['idevelop_ajax_nonce'], 'idevelop_ajax_save_action' ) ) { 680 $nonce = isset( $_POST['idevelop_ajax_nonce'] ) ? wp_unslash( $_POST['idevelop_ajax_nonce'] ) : ''; 681 if ( ! wp_verify_nonce( $nonce, 'idevelop_ajax_save_action' ) ) { 681 682 wp_send_json_error( array( 'message' => __( 'Security check failed. Please reload the page.', 'idevelop-floating-circle-button' ) ) ); 682 683 } … … 888 889 } 889 890 890 // The Master Toggle button - Decoupled from "icon1/2" styles, uses generic style 891 // CHANGED: Use a DIV instead of BUTTON to avoid theme styles override 891 // The Master Toggle button 892 892 echo '<div role="button" tabindex="0" class="idevelop-fcb-hub-toggle">'; 893 893 // Use Generic Hub Icon 894 echo $this-> get_channel_icon_svg( 'hub');895 echo '</div>'; // Was button894 echo $this->esc_svg( $this->get_channel_icon_svg( 'hub' ) ); 895 echo '</div>'; 896 896 897 897 echo '</div>'; // End wrapper … … 947 947 echo '<span class="idevelop-fcb-tooltip ' . esc_attr( $side_class ) . '">' . esc_html( $label ) . '</span>'; 948 948 } 949 // We trust our own local SVGs, and wp_kses strips essential tags like <defs> and <g> from complex icons.950 echo $this-> get_channel_icon_svg( $type);949 // Use SVG kses helper for security 950 echo $this->esc_svg( $this->get_channel_icon_svg( $type ) ); 951 951 echo '</a>'; 952 952 } … … 979 979 */ 980 980 public function reset_stats_check() { 981 if ( isset( $_GET['idevelop_fcb_reset_stats'] ) && $_GET['idevelop_fcb_reset_stats'] == 1 && isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $_GET['_wpnonce'], 'idevelop_fcb_reset_stats' ) ) { 982 update_option( 'idevelop_fcb_total_clicks', 0 ); 983 wp_redirect( remove_query_arg( array( 'idevelop_fcb_reset_stats', '_wpnonce' ) ) ); 984 exit; 985 } 981 if ( isset( $_GET['idevelop_fcb_reset_stats'] ) && $_GET['idevelop_fcb_reset_stats'] == 1 ) { 982 $nonce = isset( $_GET['_wpnonce'] ) ? wp_unslash( $_GET['_wpnonce'] ) : ''; 983 if ( wp_verify_nonce( $nonce, 'idevelop_fcb_reset_stats' ) ) { 984 update_option( 'idevelop_fcb_total_clicks', 0 ); 985 wp_safe_redirect( remove_query_arg( array( 'idevelop_fcb_reset_stats', '_wpnonce' ) ) ); 986 exit; 987 } 988 } 989 } 990 991 /** 992 * SVG KSES helper for secure output 993 */ 994 private function esc_svg( $svg ) { 995 $allowed_tags = array( 996 'svg' => array( 997 'xmlns' => true, 998 'viewbox' => true, 999 'style' => true, 1000 'width' => true, 1001 'height' => true, 1002 'version' => true, 1003 'enable-background' => true, 1004 ), 1005 'g' => array( 1006 'enable-background' => true, 1007 ), 1008 'defs' => array(), 1009 'path' => array( 1010 'fill' => true, 1011 'd' => true, 1012 'id' => true, 1013 ), 1014 'linearGradient' => array( 1015 'id' => true, 1016 'x1' => true, 1017 'x2' => true, 1018 'y1' => true, 1019 'y2' => true, 1020 'gradientUnits' => true, 1021 ), 1022 'stop' => array( 1023 'stop-color' => true, 1024 'offset' => true, 1025 ), 1026 'use' => array( 1027 'xlink:href' => true, 1028 'overflow' => true, 1029 'fill' => true, 1030 ), 1031 'clipPath' => array(), 1032 ); 1033 1034 return wp_kses( $svg, $allowed_tags ); 986 1035 } 987 1036 -
idevelop-floating-circle-button/tags/1.4.2/readme.txt
r3446666 r3446671 2 2 Plugin Name: Floating Circle Button 3 3 Plugin URI: https://idevelop.vip/ 4 Description: A premium, multi-channel floating contact hub for WordPress. Includes WhatsApp fanning buttons, Office Hours, Smart Nudge, and GDPR-compliant analytics.5 Version: 1.4. 14 Description: Premium Multi-Channel Floating Contact Button for WhatsApp, Email, Phone, and Telegram. Features Office Hours, Smart Nudge, and Analytics. 5 Version: 1.4.2 6 6 Author: iDevelop 7 7 Author URI: https://idevelop.vip/ … … 10 10 Requires at least: 5.0 11 11 Tested up to: 7.0 12 Stable tag: 1.4. 112 Stable tag: 1.4.2 13 13 License: GPLv2 or later 14 14 License URI: http://www.gnu.org/licenses/gpl-2.0.html 15 16 == Short Description ==17 Premium, multi-channel floating button for WhatsApp, Email, Phone, and Telegram. Features Office Hours, Smart Nudge, and Analytics.18 15 19 16 == Description == … … 52 49 == Changelog == 53 50 51 = 1.4.1 = 52 * Security: Improved input sanitization and output escaping for better compliance. 53 * Feature: Custom colors for Hub toggle and active state. 54 * UI: Dynamic tooltip positioning. 55 54 56 = 1.3.4 = 55 57 * Bug Fix: Corrected PHP sanitization logic to properly handle disabled checkboxes (0/false) from AJAX requests. 56 58 57 = 1.3.3 =58 * Bug Fix: Fixed "Settings Not Saving" issue where unchecked boxes (like disabled office hours) would revert to enabled defaults.59 60 = 1.3.2 =61 * Debug Mode: Added deep inspection logging to the browser console for settings save diagnosis.62 63 = 1.3.1 =64 * Bug Fix: Inlined SVG icons to guarantee display even on servers with strict file permission policies.65 66 = 1.3.0 =67 * Bug Fix: Restored missing Premium Icons on frontend by loading assets directly.68 69 = 1.2.9 =70 * Architecture Change: Switched to AJAX Save Handler to completely bypass Cloudflare/WAF 403 blocks on admin pages.71 72 = 1.2.8 =73 * Workflow Optimization: Switched to native GitHub Script for reliable artifact cleanup.74 75 = 1.2.7 =76 * Storage Optimization: Aggressively pruning old artifacts and cleaning up space before/after each run.77 78 = 1.2.6 =79 * CI/CD Compliance: Added wp_unslash() to all inputs.80 * Readme: Added required Short Description section.81 * Workflow: Improved resilient deployment even when GitHub artifact storage is full.82 83 = 1.2.5 =84 * Bulletproof Stealth Settings Handler: Fixes "Link expired" errors on high-security servers and Cloudflare Zero Trust.85 86 = 1.2.4 =87 * Visual Fix: Ensuring icon styles (Black/Green) correctly override theme defaults.88 * Robustness: Added initial settings save fallback.89 90 = 1.1.0 =91 * Added Smart Nudge (Speech bubble).92 * Added GDPR-compliant click tracking.93 * Improved Office Hours logic.94 95 59 = 1.0.0 = 96 60 * Initial release. -
idevelop-floating-circle-button/trunk/idevelop-floating-circle-button.php
r3446666 r3446671 4 4 * Plugin URI: https://idevelop.vip/plugins/plugin/idevelop-floating-circle-button/ 5 5 * Description: Adds a sticky Floating Circle button to your WordPress site with customizable options. 6 * Version: 1.4. 16 * Version: 1.4.2 7 7 * Author: iDevelop 8 8 * Author URI: https://idevelop.vip/plugins … … 678 678 public function ajax_save_settings() { 679 679 // Check nonce 680 if ( ! isset( $_POST['idevelop_ajax_nonce'] ) || ! wp_verify_nonce( $_POST['idevelop_ajax_nonce'], 'idevelop_ajax_save_action' ) ) { 680 $nonce = isset( $_POST['idevelop_ajax_nonce'] ) ? wp_unslash( $_POST['idevelop_ajax_nonce'] ) : ''; 681 if ( ! wp_verify_nonce( $nonce, 'idevelop_ajax_save_action' ) ) { 681 682 wp_send_json_error( array( 'message' => __( 'Security check failed. Please reload the page.', 'idevelop-floating-circle-button' ) ) ); 682 683 } … … 888 889 } 889 890 890 // The Master Toggle button - Decoupled from "icon1/2" styles, uses generic style 891 // CHANGED: Use a DIV instead of BUTTON to avoid theme styles override 891 // The Master Toggle button 892 892 echo '<div role="button" tabindex="0" class="idevelop-fcb-hub-toggle">'; 893 893 // Use Generic Hub Icon 894 echo $this-> get_channel_icon_svg( 'hub');895 echo '</div>'; // Was button894 echo $this->esc_svg( $this->get_channel_icon_svg( 'hub' ) ); 895 echo '</div>'; 896 896 897 897 echo '</div>'; // End wrapper … … 947 947 echo '<span class="idevelop-fcb-tooltip ' . esc_attr( $side_class ) . '">' . esc_html( $label ) . '</span>'; 948 948 } 949 // We trust our own local SVGs, and wp_kses strips essential tags like <defs> and <g> from complex icons.950 echo $this-> get_channel_icon_svg( $type);949 // Use SVG kses helper for security 950 echo $this->esc_svg( $this->get_channel_icon_svg( $type ) ); 951 951 echo '</a>'; 952 952 } … … 979 979 */ 980 980 public function reset_stats_check() { 981 if ( isset( $_GET['idevelop_fcb_reset_stats'] ) && $_GET['idevelop_fcb_reset_stats'] == 1 && isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $_GET['_wpnonce'], 'idevelop_fcb_reset_stats' ) ) { 982 update_option( 'idevelop_fcb_total_clicks', 0 ); 983 wp_redirect( remove_query_arg( array( 'idevelop_fcb_reset_stats', '_wpnonce' ) ) ); 984 exit; 985 } 981 if ( isset( $_GET['idevelop_fcb_reset_stats'] ) && $_GET['idevelop_fcb_reset_stats'] == 1 ) { 982 $nonce = isset( $_GET['_wpnonce'] ) ? wp_unslash( $_GET['_wpnonce'] ) : ''; 983 if ( wp_verify_nonce( $nonce, 'idevelop_fcb_reset_stats' ) ) { 984 update_option( 'idevelop_fcb_total_clicks', 0 ); 985 wp_safe_redirect( remove_query_arg( array( 'idevelop_fcb_reset_stats', '_wpnonce' ) ) ); 986 exit; 987 } 988 } 989 } 990 991 /** 992 * SVG KSES helper for secure output 993 */ 994 private function esc_svg( $svg ) { 995 $allowed_tags = array( 996 'svg' => array( 997 'xmlns' => true, 998 'viewbox' => true, 999 'style' => true, 1000 'width' => true, 1001 'height' => true, 1002 'version' => true, 1003 'enable-background' => true, 1004 ), 1005 'g' => array( 1006 'enable-background' => true, 1007 ), 1008 'defs' => array(), 1009 'path' => array( 1010 'fill' => true, 1011 'd' => true, 1012 'id' => true, 1013 ), 1014 'linearGradient' => array( 1015 'id' => true, 1016 'x1' => true, 1017 'x2' => true, 1018 'y1' => true, 1019 'y2' => true, 1020 'gradientUnits' => true, 1021 ), 1022 'stop' => array( 1023 'stop-color' => true, 1024 'offset' => true, 1025 ), 1026 'use' => array( 1027 'xlink:href' => true, 1028 'overflow' => true, 1029 'fill' => true, 1030 ), 1031 'clipPath' => array(), 1032 ); 1033 1034 return wp_kses( $svg, $allowed_tags ); 986 1035 } 987 1036 -
idevelop-floating-circle-button/trunk/readme.txt
r3446666 r3446671 2 2 Plugin Name: Floating Circle Button 3 3 Plugin URI: https://idevelop.vip/ 4 Description: A premium, multi-channel floating contact hub for WordPress. Includes WhatsApp fanning buttons, Office Hours, Smart Nudge, and GDPR-compliant analytics.5 Version: 1.4. 14 Description: Premium Multi-Channel Floating Contact Button for WhatsApp, Email, Phone, and Telegram. Features Office Hours, Smart Nudge, and Analytics. 5 Version: 1.4.2 6 6 Author: iDevelop 7 7 Author URI: https://idevelop.vip/ … … 10 10 Requires at least: 5.0 11 11 Tested up to: 7.0 12 Stable tag: 1.4. 112 Stable tag: 1.4.2 13 13 License: GPLv2 or later 14 14 License URI: http://www.gnu.org/licenses/gpl-2.0.html 15 16 == Short Description ==17 Premium, multi-channel floating button for WhatsApp, Email, Phone, and Telegram. Features Office Hours, Smart Nudge, and Analytics.18 15 19 16 == Description == … … 52 49 == Changelog == 53 50 51 = 1.4.1 = 52 * Security: Improved input sanitization and output escaping for better compliance. 53 * Feature: Custom colors for Hub toggle and active state. 54 * UI: Dynamic tooltip positioning. 55 54 56 = 1.3.4 = 55 57 * Bug Fix: Corrected PHP sanitization logic to properly handle disabled checkboxes (0/false) from AJAX requests. 56 58 57 = 1.3.3 =58 * Bug Fix: Fixed "Settings Not Saving" issue where unchecked boxes (like disabled office hours) would revert to enabled defaults.59 60 = 1.3.2 =61 * Debug Mode: Added deep inspection logging to the browser console for settings save diagnosis.62 63 = 1.3.1 =64 * Bug Fix: Inlined SVG icons to guarantee display even on servers with strict file permission policies.65 66 = 1.3.0 =67 * Bug Fix: Restored missing Premium Icons on frontend by loading assets directly.68 69 = 1.2.9 =70 * Architecture Change: Switched to AJAX Save Handler to completely bypass Cloudflare/WAF 403 blocks on admin pages.71 72 = 1.2.8 =73 * Workflow Optimization: Switched to native GitHub Script for reliable artifact cleanup.74 75 = 1.2.7 =76 * Storage Optimization: Aggressively pruning old artifacts and cleaning up space before/after each run.77 78 = 1.2.6 =79 * CI/CD Compliance: Added wp_unslash() to all inputs.80 * Readme: Added required Short Description section.81 * Workflow: Improved resilient deployment even when GitHub artifact storage is full.82 83 = 1.2.5 =84 * Bulletproof Stealth Settings Handler: Fixes "Link expired" errors on high-security servers and Cloudflare Zero Trust.85 86 = 1.2.4 =87 * Visual Fix: Ensuring icon styles (Black/Green) correctly override theme defaults.88 * Robustness: Added initial settings save fallback.89 90 = 1.1.0 =91 * Added Smart Nudge (Speech bubble).92 * Added GDPR-compliant click tracking.93 * Improved Office Hours logic.94 95 59 = 1.0.0 = 96 60 * Initial release.
Note: See TracChangeset
for help on using the changeset viewer.