Major Refactoring v2.0.0: PSR-4, PHP 8 Support, Shortcode & Admin-Page#21
Open
tommmy-ctrl wants to merge 38 commits intohesstobi:masterfrom
Open
Major Refactoring v2.0.0: PSR-4, PHP 8 Support, Shortcode & Admin-Page#21tommmy-ctrl wants to merge 38 commits intohesstobi:masterfrom
tommmy-ctrl wants to merge 38 commits intohesstobi:masterfrom
Conversation
- Wraps the expensive XML file loading and parsing in `HerrnhuterLosungenPlugin_Xml::getVerse` with WordPress transient caching.
- Uses a unique cache key based on the year and day of the year (`hhl_verse_{year}_{yday}`).
- Sets the cache expiration to 24 hours (`DAY_IN_SECONDS`).
- Reduces File I/O and XML processing on repeated requests for the same day.
…5080912553227 Bolt: Cache XML parsing in getVerse
- Wraps `simplexml_load_file` with `libxml_disable_entity_loader(true)` to prevent XML External Entity attacks. - Ensures the previous libxml loader state is restored after parsing. - Checks for function existence to maintain compatibility with PHP versions where the function is deprecated or removed. - Created `.jules/sentinel.md` as per Sentinel instructions.
…-3362010877589531852 Sentinel: [CRITICAL/HIGH] Fix XXE vulnerability in XML file reader
- Modify `lib/xml_automatic_updater.php` to support background updates via Cron. - Update storage location to plugin directory as requested. - Add silent mode to `doUpdate` and `_setup_WP_Filesystem` to suppress UI output during background processing. - Register daily WP-Cron event `herrnhuter_daily_update_check` in `index.php`. - Add activation/deactivation hooks to manage the cron schedule.
…5607587332093262 Implement automatic background updates for Losungen XML
- Modify `lib/xml_automatic_updater.php` to support background updates via Cron. - Update storage location to plugin directory as requested. - Add silent mode to `doUpdate` and `_setup_WP_Filesystem` to suppress UI output during background processing. - Add `cleanupOldFiles` method to remove Losungen files from previous years. - Register daily WP-Cron event `herrnhuter_daily_update_check` in `index.php`. - Add activation/deactivation hooks to manage the cron schedule. - Ensure `wp-admin/includes/file.php` is loaded in background tasks to prevent fatal errors.
…5607587332093262 Implement automatic background updates and file cleanup for Losungen XML
Implements the missing cleanupOldFiles method in HerrnhuterLosungenPlugin_Xml_Automatic_Update to delete XML files from previous years after an update, ensuring only current and future year files are kept.
…162727409339074 Fix: Delete old Losungen XML files after update
Modified the regex in `lib/xml_automatic_updater.php` to include the case-insensitive flag (`i`). This ensures that files with uppercase characters (e.g., `Losungen2025.xml`) are correctly identified and deleted during the cleanup process.
…580484633 Fix cleanup of old Losungen XML files being case-sensitive
1. Update `lib/xml_automatic_updater.php`: Modify the file cleanup regex to be case-insensitive (`/i`). This ensures old files named `Losungen2025.xml` (uppercase) are correctly identified and deleted. 2. Update `lib/xmlfilereader.php`: Enhance error handling when loading XML files. - Explicitly check if `simplexml_load_file` returns false and throw a detailed exception with libxml errors. - Check if the requested day index (`yday`) exists in the XML structure before accessing it to prevent runtime errors and provide a clearer error message.
…580484633 Fix case-insensitive XML cleanup and improve error handling
1. Update `lib/xml_automatic_updater.php`: Modify the file cleanup regex to be case-insensitive (`/i`). This ensures old files named `Losungen2025.xml` (uppercase) are correctly identified and deleted. 2. Update `lib/xmlfilereader.php`: Enhance error handling when loading XML files. - Check if the file is empty and throw a specific exception. - Implement a fallback mechanism using `file_get_contents` + `simplexml_load_string` if `simplexml_load_file` fails. - Explicitly capture and report `libxml` errors if parsing fails. - Check if the requested day index (`yday`) exists in the XML structure before accessing it to prevent runtime errors.
…580484633 Fix case-insensitive XML cleanup and robustify XML loading
…60165846 Sentinel: [HIGH] Fix CSRF in update mechanism
Implements a performance optimization by caching the HTML-formatted version of the daily verses. This reduces the CPU overhead of running `preg_replace` on every page load for the widget. - Updates `HerrnhuterLosungenPlugin_Xml::getVerse` to pre-calculate and store `text_html`. - Updates `Losung_Widget::showLosungen` to use `text_html` from cache if available. - Ensures backward compatibility and respects `herrnhuterlosung_vers` filters by falling back to dynamic conversion if filters are present.
…9378277183170180 Bolt: Cache formatted HTML text to reduce regex overhead
- Complete rewrite using PSR-4 namespaces (`HerrnhuterLosung`) and strict types. - Move storage of XML files to `wp-content/uploads/herrnhuter-losung/` with automatic migration. - Add dedicated Admin Settings page and `[losung]` shortcode. - Refactor XML parsing and update logic to be more robust (recursive search, improved error handling). - Ensure backward compatibility for widget IDs and CSS classes. - Preserve original copyright and license headers.
- Rewrite code with PSR-4 namespaces (`HerrnhuterLosung`) and strict types. - Move storage to `wp-content/uploads/herrnhuter-losung/` with auto-migration. - Add Admin Settings page and `[losung]` shortcode. - Implement explicit "Search for Updates" button. - Ensure old XML files (previous years) are cleaned up during manual and auto updates. - Refactor update logic to find XML recursively in ZIP archives. - Preserve all original copyright and license headers.
- Modernize: PSR-4 namespaces, strict types, Service architecture. - Storage: Move XMLs to `wp-content/uploads/herrnhuter-losung/`. - Feature: Add `[losung]` shortcode and Settings Page. - UX: Add "Search for Updates" button in Admin. - Fix: Ensure reliable cleanup of old files (case-insensitive search). - Docs: Update Readme.md with new features and storage info. - Legal: Preserve original Copyright/License headers.
…1067571794578 Modernize refactor v2 18420131067571794578
- Added `HerrnhuterLosung\Service\Logger` for database logging. - Created `wp_herrnhuter_log` table with 10k entry limit. - Added "Debug Mode" toggle in Settings Page. - Added Debug Window in Settings Page (visible only in Debug Mode). - Implemented Error Codes (HL-XXXX). - Integrated logging into `UpdateService` and `LosungenService`. - Added `uninstall.php` for cleanup. - Updated Documentation.
…025699632 Feature debug mode 5190841423025699632
- Added `htmlspecialchars($text, ENT_QUOTES, 'UTF-8')` to `LosungenService::formatText` to sanitize input before processing. - Created `.jules/sentinel.md` to document the security finding and fix.
- Fixed Stored XSS vulnerability in `LosungenService` by sanitizing input text with `htmlspecialchars`. - Hardened `Shortcode` and `Widget` render logic to escape fallback text using `esc_html`. - Added `.jules/audit_report.md` detailing the security review findings. - Added `.jules/sentinel.md` documenting the Stored XSS vulnerability.
Updated description text for debug mode.
…15145900082771154 Sentinel fix xss losungen 17515145900082771154
- Clean up code to follow PSR-12 (add visibility to constants).
- Remove debris comments and unused code.
- Update `Readme.md` to match specific formatting requirements:
- Header uses requested metadata block (Donate link, Tags, Requirements).
- License section uses specific verbatim legal text provided by user.
- Structure organized as Header -> Description -> Legal Block -> Features -> Installation.
- Verify version is 2.0.0.
- Ensure automatic updates remain on daily schedule as requested.
Finish plugin for main branch: cleanup code and update documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hallo,
ich habe das Plugin umfassend überarbeitet, um es auf den aktuellen Stand der Technik (Modern PHP) zu bringen und neue Funktionen hinzuzufügen. Hier ist eine Zusammenfassung der Änderungen für Version 2.0.0:
Architektur & Technik
HerrnhuterLosung\...) und einer sauberensrc/-Struktur.UpdateService,LosungenService,FileSystem).Neue Features
[losung], um die Losungen flexibel in Posts/Pages zu nutzen.Datenhaltung (Wichtig)
wp-content/uploads/herrnhuter-losung/gespeichert statt im Plugin-Ordner.Sicherheit
Ich habe darauf geachtet, die Rückwärtskompatibilität des Widgets zu wahren. Die Migration der Dateien sollte beim ersten Aufruf automatisch erfolgen.
Viele Grüße
Tom