Conversation
- Enhanced Route validation and sanitization to prevent path traversal attacks - Improved email notification system with better error handling - Updated multiple action controllers with security enhancements - Added email notification template for integration failures - Renamed integration images for consistency - Updated deployment workflow configuration - Improved helper functions and smart tags processing
…rations namespaces
…roller - Updated GoogleSheet components and common functions - Modified ajax.php routes - Removed OneClickCredentialController.php - Added EXTERNAL-SERVICES.md documentation - Updated readme.txt
- Fixed namespace mismatch in composer.json from BitCode\FI\ to BitApps\BTCBI_FI- Regenerated composer autoload files to resolve Plugin class not found error - Added source code and build instructions section to readme.txt for WordPress.org compliance
- Fixed WordPress.DB.PreparedSQL.NotPrepared errors by adding phpcs:ignore comments for static queries with no user input - Fixed WordPress.DB.PreparedSQL.InterpolatedNotPrepared errors in dynamic IN clauses using sprintf() pattern - Fixed WordPress.Security.NonceVerification warnings with appropriate phpcs:ignore comments for routing and external parameters - Fixed WordPress.I18n.MissingTranslatorsComment by adding translators comments to 443+ files - Fixed unordered placeholders (changed %s,%d to %1$s,%2$d where needed) Affected files: - TriggerFallback.php: DB query and nonce verification fixes - AcademyLmsController.php: Dynamic IN clause fix for quiz deletion - BuddyBoss/RecordApiHelper.php: Dynamic IN clause fix for group status query - TutorLmsController.php: Dynamic IN clause fix for lesson meta deletion - ZohoCRM/RecordApiHelper.php: Nonce verification for external parameters - Route.php: Nonce verification in routing logic - GamiPress, LifterLms, Affiliate, PaidMembershipPro controllers: Static query fixes - 443+ files: Added translators comments for i18n compliance All changes maintain functionality while ensuring WordPress coding standards compliance.
…Check - Add translators comment above __() calls containing printf placeholders - Number multiple unordered placeholders (%s -> %1$s, %2$s) per WP i18n standards - Rename global variable to use btcbi_ prefix ($btcbi_i18n_strings)
- Move all action classes from `includes/Actions/` to `backend/Actions/` - Relocate frontend-dev config files to project root (.prettierrc, LICENSE, pnpm-workspace.yaml) - Add Vite build configuration with React plugin and static file copying - Add ESLint configuration for frontend code quality - Fix email template i18n: rename variables to remove btcbi_ prefix repetition - Update frontend dependencies (react-router, vite, recoil, react-icons) - Configure development server with port detection and HMR support
- Remove commented code from Config.php - Add version upgrade task runner in Activation class for v2.7.9 cleanup - Rename btcbi_delete_log_scheduler to deleteLogScheduler - Use Config::withPrefix() for hook names - Mark BTCBI_* constants as deprecated in loader.php - Add class existence check in main plugin file - Simplify GitHub build script and workflow configurations Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
…it_integrations_ prefix Deprecate old btcbi_ hooks with backward compatibility, convert all object cache keys and groups to use Config::withPrefix/VAR_PREFIX, and update option keys to the new naming convention. Co-authored-by: Cursor <cursoragent@cursor.com>
… keys Add cache keys section (17 keys + group), missing filter/action hooks, test data option keys, Freshdesk field prefix, and cache migration examples. Co-authored-by: Cursor <cursoragent@cursor.com>
Summary of ChangesHello @RishadAlam, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces a significant architectural overhaul to the plugin's integration framework. The primary goal is to enhance code organization, maintainability, and scalability by restructuring backend files, standardizing API interaction patterns, and updating development tooling. These changes lay a robust foundation for future feature development and ensure a more consistent and manageable codebase. Highlights
Changelog
Ignored Files
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
| $in_str = join(',', $in_str_arr); | ||
| $results = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->prefix}bp_groups WHERE status IN (%s)", $in_str)); | ||
| $placeholders = implode(', ', array_fill(0, \count($statuses), '%s')); | ||
| $results = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->prefix}bp_groups WHERE status IN ({$placeholders})", ...$statuses)); |
There was a problem hiding this comment.
Code Review
The pull request primarily focuses on a large-scale refactoring, moving files from the includes/ directory to backend/ and updating namespaces from BitCode\FI to BitApps\Integrations. It also introduces several new RecordApiHelper and Routes files for various integrations, along with internationalization improvements and linting configuration updates. While the refactoring is consistent, I have identified a few critical issues, including a hardcoded user ID in the LifterLMS integration and a logic error in the Custom Action logging mechanism.
| { | ||
| $user_id = 30; | ||
| if (! \function_exists('llms_unenroll_student') && empty($user_id) && empty($membershipId)) { | ||
| return false; |
| } | ||
| if ($isSuccessfullyRun) { | ||
| LogHandler::save($integId, wp_json_encode(['type' => 'custom_action', 'type_name' => 'custom action']), 'success', wp_json_encode('Custom action successfully run' . !empty($additionalData) ? wp_json_encode($additionalData) : '')); | ||
| } |
There was a problem hiding this comment.
There is a precedence issue with the ternary operator and string concatenation. The current code evaluates the concatenation before the ternary condition, which results in the prefix string being lost in the log. Parentheses should be added to ensure the ternary operation is evaluated first.
LogHandler::save($integId, wp_json_encode(['type' => 'custom_action', 'type_name' => 'custom action']), 'success', wp_json_encode('Custom action successfully run' . (!empty($additionalData) ? wp_json_encode($additionalData) : '')));| $keyTypes = explode('{btcbi}', $key); | ||
| $fieldId = $keyTypes[0]; | ||
| $fieldType = $keyTypes[1]; |
There was a problem hiding this comment.
Accessing $keyTypes[1] without verifying that the explode operation succeeded (i.e., that the delimiter {btcbi} was present in the key) may lead to an 'Undefined offset' notice and potential logic failure if the input data is malformed.
$keyTypes = explode('{btcbi}', $key);
$fieldId = $keyTypes[0];
$fieldType = isset($keyTypes[1]) ? $keyTypes[1] : 'string';|
|
||
| private function existContact($email) | ||
| { | ||
| $apiEndpoints = $apiEndpoints = $this->baseUrl . 'contacts?email=' . $email . '&include=custom_fields,list_memberships,taggings,notes,phone_numbers,street_addresses,sms_channel'; |
No description provided.