Merged
Conversation
- Enhanced Route validation and sanitization to prevent path traversal attacks - Improved email notification system with better error handling - Updated multiple action controllers with security enhancements - Added email notification template for integration failures - Renamed integration images for consistency - Updated deployment workflow configuration - Improved helper functions and smart tags processing
…rations namespaces
…roller - Updated GoogleSheet components and common functions - Modified ajax.php routes - Removed OneClickCredentialController.php - Added EXTERNAL-SERVICES.md documentation - Updated readme.txt
- Fixed namespace mismatch in composer.json from BitCode\FI\ to BitApps\BTCBI_FI- Regenerated composer autoload files to resolve Plugin class not found error - Added source code and build instructions section to readme.txt for WordPress.org compliance
- Fixed WordPress.DB.PreparedSQL.NotPrepared errors by adding phpcs:ignore comments for static queries with no user input - Fixed WordPress.DB.PreparedSQL.InterpolatedNotPrepared errors in dynamic IN clauses using sprintf() pattern - Fixed WordPress.Security.NonceVerification warnings with appropriate phpcs:ignore comments for routing and external parameters - Fixed WordPress.I18n.MissingTranslatorsComment by adding translators comments to 443+ files - Fixed unordered placeholders (changed %s,%d to %1$s,%2$d where needed) Affected files: - TriggerFallback.php: DB query and nonce verification fixes - AcademyLmsController.php: Dynamic IN clause fix for quiz deletion - BuddyBoss/RecordApiHelper.php: Dynamic IN clause fix for group status query - TutorLmsController.php: Dynamic IN clause fix for lesson meta deletion - ZohoCRM/RecordApiHelper.php: Nonce verification for external parameters - Route.php: Nonce verification in routing logic - GamiPress, LifterLms, Affiliate, PaidMembershipPro controllers: Static query fixes - 443+ files: Added translators comments for i18n compliance All changes maintain functionality while ensuring WordPress coding standards compliance.
…Check - Add translators comment above __() calls containing printf placeholders - Number multiple unordered placeholders (%s -> %1$s, %2$s) per WP i18n standards - Rename global variable to use btcbi_ prefix ($btcbi_i18n_strings)
- Move all action classes from `includes/Actions/` to `backend/Actions/` - Relocate frontend-dev config files to project root (.prettierrc, LICENSE, pnpm-workspace.yaml) - Add Vite build configuration with React plugin and static file copying - Add ESLint configuration for frontend code quality - Fix email template i18n: rename variables to remove btcbi_ prefix repetition - Update frontend dependencies (react-router, vite, recoil, react-icons) - Configure development server with port detection and HMR support
- Remove commented code from Config.php - Add version upgrade task runner in Activation class for v2.7.9 cleanup - Rename btcbi_delete_log_scheduler to deleteLogScheduler - Use Config::withPrefix() for hook names - Mark BTCBI_* constants as deprecated in loader.php - Add class existence check in main plugin file - Simplify GitHub build script and workflow configurations Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
…it_integrations_ prefix Deprecate old btcbi_ hooks with backward compatibility, convert all object cache keys and groups to use Config::withPrefix/VAR_PREFIX, and update option keys to the new naming convention. Co-authored-by: Cursor <cursoragent@cursor.com>
… keys Add cache keys section (17 keys + group), missing filter/action hooks, test data option keys, Freshdesk field prefix, and cache migration examples. Co-authored-by: Cursor <cursoragent@cursor.com>
Summary of ChangesHello @RishadAlam, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces a significant architectural overhaul to the plugin's integration framework. The primary goal is to enhance code organization, maintainability, and scalability by restructuring backend files, standardizing API interaction patterns, and updating development tooling. These changes lay a robust foundation for future feature development and ensure a more consistent and manageable codebase. Highlights
Changelog
Ignored Files
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
abdul-kaioum
requested changes
Feb 20, 2026
| $in_str = join(',', $in_str_arr); | ||
| $results = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->prefix}bp_groups WHERE status IN (%s)", $in_str)); | ||
| $placeholders = implode(', ', array_fill(0, \count($statuses), '%s')); | ||
| $results = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->prefix}bp_groups WHERE status IN ({$placeholders})", ...$statuses)); |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
The pull request primarily focuses on a large-scale refactoring, moving files from the includes/ directory to backend/ and updating namespaces from BitCode\FI to BitApps\Integrations. It also introduces several new RecordApiHelper and Routes files for various integrations, along with internationalization improvements and linting configuration updates. While the refactoring is consistent, I have identified a few critical issues, including a hardcoded user ID in the LifterLMS integration and a logic error in the Custom Action logging mechanism.
| { | ||
| $user_id = 30; | ||
| if (! \function_exists('llms_unenroll_student') && empty($user_id) && empty($membershipId)) { | ||
| return false; |
There was a problem hiding this comment.
The user ID is hardcoded to 30. This appears to be a debugging leftover and will cause the unenrollment action to target the wrong user in production. It should be replaced with a dynamic call to get the current user ID.
$user_id = get_current_user_id();| } | ||
| if ($isSuccessfullyRun) { | ||
| LogHandler::save($integId, wp_json_encode(['type' => 'custom_action', 'type_name' => 'custom action']), 'success', wp_json_encode('Custom action successfully run' . !empty($additionalData) ? wp_json_encode($additionalData) : '')); | ||
| } |
There was a problem hiding this comment.
There is a precedence issue with the ternary operator and string concatenation. The current code evaluates the concatenation before the ternary condition, which results in the prefix string being lost in the log. Parentheses should be added to ensure the ternary operation is evaluated first.
LogHandler::save($integId, wp_json_encode(['type' => 'custom_action', 'type_name' => 'custom action']), 'success', wp_json_encode('Custom action successfully run' . (!empty($additionalData) ? wp_json_encode($additionalData) : '')));
Comment on lines
+44
to
+46
| $keyTypes = explode('{btcbi}', $key); | ||
| $fieldId = $keyTypes[0]; | ||
| $fieldType = $keyTypes[1]; |
There was a problem hiding this comment.
Accessing $keyTypes[1] without verifying that the explode operation succeeded (i.e., that the delimiter {btcbi} was present in the key) may lead to an 'Undefined offset' notice and potential logic failure if the input data is malformed.
$keyTypes = explode('{btcbi}', $key);
$fieldId = $keyTypes[0];
$fieldType = isset($keyTypes[1]) ? $keyTypes[1] : 'string';|
|
||
| private function existContact($email) | ||
| { | ||
| $apiEndpoints = $apiEndpoints = $this->baseUrl . 'contacts?email=' . $email . '&include=custom_fields,list_memberships,taggings,notes,phone_numbers,street_addresses,sms_channel'; |
There was a problem hiding this comment.
There is a redundant double assignment to the $apiEndpoints variable.
$apiEndpoints = $this->baseUrl . 'contacts?email=' . $email . '&include=custom_fields,list_memberships,taggings,notes,phone_numbers,street_addresses,sms_channel';
abdul-kaioum
approved these changes
Feb 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.