Fix/v3 security#225
Merged
Merged
Conversation
New resources/css/sp-layout.css compiled into components.css: - Brand tokens (--sp-brand orange, surface, border, text vars) - Page layout: sp-layout wrapper, sp-page-head with breadcrumb/title/actions - Filter tabs: pill style with count badge (sp-filter-tab) - Toolbar: search input, filter selects, filter button (sp-toolbar) - Table: sp-table-card card wrapper, sp-table with WP override resets - Checkbox: fully custom styled sp-checkbox with checked/indeterminate states - Bulk bar: sp-bulk-bar, appears when rows selected - Customer cell: sp-customer with avatar + name + email - Avatar: sp-avatar with 8 deterministic data-color variants - Status badges: active/pastdue/failed/pending/expired/trial + risk low/med/high - Row actions: sp-row-actions trigger + sp-dropdown with animation - Pagination: sp-pagination with buttons - Stat cards: sp-stat for dashboard KPIs with change indicator - Detail page: sp-detail two-column grid + sp-panel + sp-kv rows - Settings layout: sp-settings-section + sp-settings-row two-column form - Empty state: sp-empty with icon/title/desc New resources/js/admin/sp-layout.js: - initSpCheckboxes(): select-all, row check, indeterminate, bulk bar counter - initSpDropdowns(): row-action dropdown toggle + click-outside + Escape close - initSpLayout(): init both, call after table renders Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace DataTable + Card wrappers with native sp-layout components: - sp-toolbar with debounced search input and Add Product button - sp-table-card + sp-table with WP admin style resets - sp-checkbox select-all (indeterminate) + per-row row selection - sp-bulk-bar with Delete selected action - sp-avatar initials with deterministic color from product title - sp-badge--dot for billing type (Single=green, Subscription=purple) - sp-row-actions dropdown: Preview / Edit / Delete per row - sp-empty state with icon for no results and no-search variants - sp-pagination with prev/next and X of Y info Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- max-width: 80rem (matches smartpay-page-header__inner — was 1400px) - margin: 0 auto (was missing — caused left-flush/off-center appearance) - padding: 20px 1rem 32px (top gap below header, 1rem sides match header, 32px bottom instead of 48px to avoid excess blank space) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Checkbox: - Add !important on all properties to override WP admin input styles - Fix checkmark geometry: translate(-60%, -60%) rotate(45deg) centers it - Fix indeterminate: translate(-50%, -50%) for perfect dash centering Layout shift: - Remove sp-bulk-bar from inside table card (caused height jump on select) - Move selection state to toolbar: count pill + armed delete button - Toolbar height stays constant regardless of selection state Button consistency: - Delete selected always visible via sp-btn--outline-destructive - sp-btn--armed class activates red border/color when rows selected - Clicking with no selection shows alert instead of silent no-op - sp-toolbar .sp-btn rule locks all toolbar buttons to height: 36px - Selection count pill with clear (×) button replaces bulk bar count Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Checkbox: - Replace border-trick ::after with SVG background-image (solid white checkmark) - Checked: white checkmark SVG 11×11 centered on brand bg - Indeterminate: white dash SVG 11×11 centered on brand bg - Focus: double-ring (white gap + brand color) instead of blurry shadow Toolbar actions: - Replace 'Delete selected' button with 'Select Action' dropdown - Dropdown always visible, opens on click, closes on outside click - 'Delete selected' item inside dropdown executes bulkDelete if rows checked - Alerts user to select rows first if nothing is selected - Dropdown uses sp-dropdown--left alignment below trigger Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Brand tokens: orange → indigo (#293c81 / #1e2f6e / #eef0f9) - Selection count pill: hardcoded orange → brand token colors - sp-layout padding: 20px → 28px top, 32px → 48px bottom - Toolbar margin-bottom: 14px → 20px - Table th padding: 10px 14px → 13px 18px - Table td padding: 13px 14px → 18px 18px - Avatar size: 32px → 36px Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…, per-page selector Header: - Compact nav bar: logo left, Help button right, 10px padding (was 16px), logo 120px - Title/subtitle removed from header bar — rendered inside sp-layout at top - sp-page-title__inner: margin-bottom 20px, dashed bottom border Products list: - Page title + subtitle moved into sp-layout above toolbar - Per-page selector (10/20/50/100) in pagination bar - billing_type filter support added to ProductController (LIKE match on extra JSON) - GetProducts accepts billingType param; filter tabs removed after review - Checkbox ::before suppressed to remove WP admin blue SVG overlay - Indeterminate ::before suppressed too CSS (sp-layout.css): - Brand tokens updated to #293c81 (indigo) - Spacing increased: layout 28px top, toolbar 20px gap, td 18px, th 13px, avatar 36px - Selection count pill colours updated to indigo brand tokens Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
All four list pages now use the unified sp-layout design system: debounced search, per-page select, row checkboxes with bulk delete, sp-avatar initials, sp-badge status dots, and action dropdowns. Also adds missing sp-btn / sp-btn--outline / sp-btn--icon CSS base classes, and form-data gets print-on-select toolbar + DOM quick-view overlay. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Legacy forms list now uses sp-layout: avatar initials, debounced search, bulk delete, per-page pagination, action dropdown with Preview/Edit/Delete. Removes the old .smartpay-page-header block from form-builder.php — the React Header component renders the compact nav bar instead. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
form-builder/pages/index.js was updated to sp-layout but the compiled output (public/form-builder/index.js) was not regenerated — it uses wp-scripts (build:form), not mix. Now rebuilt and committed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- PaymentDetailPage: back button, hero amount+status, horizontal fields, two-column grid (main + sidebar), sp-kv-table for transaction/product/form data - ActivityLogSection: sp-timeline with colored dots, add-note form - sp-layout.css: detail page classes (sp-detail-*, sp-kv-table, sp-timeline, sp-note-form, sp-back-btn) + base button classes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- settings.php: replace form-table/Tailwind layout with sp-layout cards grouped by `header` type fields, sp-settings-row for each field, sp-filter-tabs for tab + subsection navigation, sp-settings-actions footer - sp-layout.css: add sp-settings-* classes (cards, row, row--fullwidth, row--last, label, desc, control, actions) + WP native input overrides Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- antispam tab: render <table><tr> structure so antispam-settings.js
can locate rows via .closest('tr') for the icon card selector
- emails tab: render bare #sp-email-templates div; skip WP Settings
form and sub-tab nav entirely — email-settings.js owns this page
- suppress sub-section nav for emails tab (count check + tab guard)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…mponent Logo moves to __logo slot (direct child of __inner); removes non-existent __text/__title/__subtitle elements that had no CSS backing. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Matches the React Header component's help button — same CSS class, same SVG icon, same text. Links to docs since PHP has no HelpDrawer. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Support page: sp-filter-tabs nav, sp-detail-card doc link cards, sp-kv-table and sp-btn in SystemInfo/DebugLog; removed all inline style objects - Customer detail: sp-layout container, sp-back-btn, sp-detail-card for payments; customer-stats hero uses CSS vars instead of WPSmartPayUI Card components - Settings header: margin-left -20px to align with WP admin edge - sp-layout: margin-top on .sp-settings-actions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace Tailwind/Bootstrap card grid with sp-layout design system: - sp-integ-toolbar: category + tier filter tabs (sp-filter-tab pills) - sp-integ-grid: responsive 4→3→2 column CSS grid - sp-integ-card: sp-surface card with logo, name, desc, badges, footer - Upgrade button: Bootstrap → sp-btn sp-btn--outline - Add sp-integ-* token block to sp-layout.css Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Split Debug tab into System Info + Debug Log tabs (3 tabs total) - Support tab: sp-detail-grid two-column layout (resources list + sidebar) - Resource links: clean sp-support-link row pattern replacing inline card grid - Sidebar: plugin version card (sp-kv-table + badge) + quick links card - SystemInfo accordion: sp-accordion-btn CSS class, table padding fix (0 20px) - sp-layout.css: add sp-support-link, sp-version-tag, sp-accordion-btn classes - Admin.php: enqueue components.css on support page (was missing sp-layout tokens) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace react-bootstrap Button, shadcn Card/CardContent from WPSmartPayUI, and Tailwind classes with sp-detail-card, sp-btn, sp-layout tokens. ProductForm component internals untouched. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…m builder to original UI Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…layout body - integrations.php: correct header to logo-left / help-right pattern (matches settings.php) - admin.scss: add padding-left: 20px to header to offset the -20px margin bleed - integrations.js: sp-layout + sp-page-title__inner + sp-grid--cards (SPA route) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…3.0.0) - Move native form CPT, REST endpoints, shortcode, and sidebar to free plugin - Add form template library (18 templates, 6 categories) with NewFormModal - Add NativeFormList with search, pagination, bulk delete - Add SetupWizard (3-step onboarding modal, currency/gateway/form CTAs) - Add OnboardingChecklist on dashboard and support page - Expose Subscriptions and Reports routes when Pro is not active - Bump version to 3.0.0; update readme.txt stable tag and changelog Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Gulp release now runs composer install --no-dev before packaging, removing PHPCS/WPCS/PHPCompatibility dev deps and cutting ZIP from 4.6MB to 1.2MB. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Toolbar: add Forms → #/native-forms, add Integrations → smartpay-integrations, remove Customers, keep Dashboard / Payments / Settings. Dashboard nav: Forms first, Subscriptions added, Products removed. Also: strip .js extension from sweetalert2 imports; remove hardcoded height:28 from per-page select controls. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Update all user-facing product name references in plugin header, admin menu labels, UI strings, JS components, and log messages. Code identifiers (namespaces, hooks, function prefixes) unchanged. Also: add show_title attribute to form shortcode. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
WordPress derives subpage hook prefix from sanitize_title(menu_title). Renaming title to 'WPSmartPay' would yield 'wpsmartpay_page_*' hooks, breaking all conditional asset enqueues. Override $admin_page_hooks to keep 'smartpay' prefix stable regardless of display name. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…(640px) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add :disabled CSS rule to .sp-btn and disabled={!hasSelection} to
Select Action trigger in payments, customers, coupons, products pages.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Same disabled={!hasSelection} pattern applied to native-forms list page.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… steps Both checklist and wizard now follow the same order: 1. Configure settings 2. Create a form 3. Connect gateway 4. First payment Removed product link from checklist. Wizard step counter now reads "of 4". Gateway step moved last with skip option so users can preview forms first. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Dashboard checklist: reorder to settings → form → gateway → first payment - Dashboard items now clickable (toggle + localStorage) matching support page - GettingStartedBanner: same new order, removed product link - SetupWizard: 4 steps (added form step, gateway moved last, counter reads "of 4") Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
SMARTPAY_PLUGIN_ASSETS is a URL — file_exists() on it always returns false, so form-editor-sidebar.css and .js were never enqueued on smartpay_form edit pages. Switch to plugin_dir_path() for existence checks. feat(onboarding): reorder steps — settings → form → gateway; wizard 4 steps Both dashboard checklist and setup wizard now follow the same order: 1. Configure settings 2. Create a form 3. Connect gateway 4. First payment Dashboard items now clickable (toggle + localStorage). Removed product link. Wizard step counter reads "of 4". Gateway moved last with skip option. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ndlers
- FormController: sanitize_text_field(title), wp_kses_post(body), enum
validation on status, sanitize_amounts() + sanitize_recursive() helpers
- ProductController: sanitize text/textarea fields, max(0,float) on prices,
sanitize_files/covers() helpers, generic exception messages + error_log()
- CouponController: sanitize all fields, enum on discount_type,
sanitize_date() helper for expiry validation
- PaymentController: enum validation on status update, column whitelist on
sort_by to prevent SQL column-name injection
- Integration: add current_user_can('manage_options') before nonce check,
replace plain echo with wp_send_json_error/success()
- Coupon AJAX: wrap all error strings in __() for i18n
- customer_dashboard: fix PHP precedence bug — esc_html() now wraps file size
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…locked screen - Remove pro-active guard — Subscriptions, Invoices, Reports now always registered regardless of pro plugin state or license - Add InvoicesLockedPage component matching Reports/Subscriptions pattern - Show locked overlay on invoice routes when pro not active or unlicensed - Reorder menu: Invoices after Subscriptions, Reports before Integrations Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- New PricingField block (parent + option child) for the native form builder, replacing the legacy hard-coded amount markup. - Shared _pricing-cards.scss drives both editor and frontend so the builder matches the preview; scoped under .smartpay-pricing to avoid colliding with legacy shortcode/native-form card styles. - Grid (boxes), List (one row each), Compact (inline) layout presets. - Visible card border, min-width:100px, controllable internal padding via native Dimensions support; selected = teal + green check badge. - Suppress duplicate WP block-boundary outline on option blocks in editor. - NativeForm sync of pricing block data to _smartpay_amounts meta. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Import PanelColorSettings from @wordpress/block-editor (it is not exported by @wordpress/components), so enabling "Allow custom amount" no longer crashes the form builder. - Make the custom amount input-group self-contained in _pricing-cards.scss so it renders identically in the editor iframe (no Bootstrap) and on the frontend. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Add supports.listView to the Pricing block so the inspector shows the "List View" tab listing the price options with a built-in appender, matching core/buttons. - Drop the custom ButtonBlockAppender + big dashed "Add option" tile in favour of the default small "+" appender (like core/buttons). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- New "Gap between options" UnitControl in the Pricing/Layout panel, stored in a `gap` attribute and applied via --sp-plan-gap. - .form-plan-grid gap now reads --sp-plan-gap, falling back to native Block Spacing (--wp--style--block-gap), then 12px. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.