WP Bannerize Pro

Protokol změnow

1.12.0

Security, Bug Fixes & Improvements

🔒 Security
* Fixed SQL injection vulnerabilities in analytics queries (impressions, clicks, CTR trends)
* Fixed SQL injection in the legacy importer controller
* Fixed XSS in banner rendering: added proper escaping for image src, alt, title, link href, and target attributes
* Fixed XSS in text banner rendering: added escaping for width/height style attributes
* Fixed stored XSS risk: sanitized IP address and User-Agent before saving to the database
* Fixed SSRF in image size detection: replaced raw cURL and getimagesize() with wp_remote_get()
* Fixed SSRF in remote image validation: replaced raw cURL with wp_remote_head()
* Hardened options update endpoint with schema validation, key whitelist, and sanitize_file_name() for template paths
* Hardened wp_loaded banner endpoint: added post type check, ID validation, null safety, and wp_kses_post() output filtering
* Removed full plugin options exposure from public frontend: only impressions/clicks enabled and nonce are now output
* Removed unnecessary options dump from analytics admin page script localization
* Used wp_json_encode() for all inline script output to prevent script injection

🐛 Bug Fixes
* Fixed Gutenberg block not filtering by campaign: campaigns attribute was not passed to the render function
* Fixed banner layout always forced to vertical regardless of the layout parameter
* Fixed banner preview meta box not appearing in the editor due to deprecated registerMetaBoxCallback
* Fixed analytics data (impressions and clicks) not deleted when a banner is permanently removed
* Fixed cron cleanup events not cleared when tracking is disabled or plugin is deactivated
* Fixed N+1 query issue: banner click/impression counts with value 0 no longer trigger unnecessary COUNT queries
* Fixed undefined variable warning in wp_bannerize_pro_sanitize_mysql_datetime()
* Fixed resetOptions calling a non-existent AJAX action
* Fixed DataTable crash when a banner has no campaigns assigned (null campaigns field)
* Fixed manage_analytics permission check using .length on a boolean value
* Fixed CSV export using incorrect escape sequence (\“) instead of RFC 4180 standard („“)

🚀 Improvements
* Replaced remove_all_filters(‚parse_query‘) with explicit suppress_filters in banner query methods
* Replaced deprecated get_terms() positional arguments with array syntax
* Replaced date() with gmdate() throughout analytics trait for WordPress coding standards
* Aligned all SQL queries in analytics trait to use %i placeholder for table identifiers
* Removed redundant esc_attr() wrapping on values already cast with absint()
* Removed duplicate wp_set_script_translations registration
* Removed all debug error_log() calls and console.log() statements from production code
* Migrated CPT meta box registration from deprecated registerMetaBoxCallback to registerMetaBoxes()

1.11.0

Security & Enhancement Updates

🔒 Security
* SSRF Protection: Added Server-Side Request Forgery (SSRF) protection for external banner image URLs
* Added wp_bannerize_is_remote_image() method to validate remote image URLs
* Only allows JPEG, PNG, and GIF image formats from external sources
* Returns HTTP 200 status validation for remote images
* Prevents malicious URL exploitation through banner uploads
* Added admin error notice when invalid image URLs are submitted

🎨 Code Quality
* Code Formatting: Standardized code indentation and formatting in WPBannerizeServiceProvider.php
* Improved readability and consistency across the codebase
* Fixed indentation issues throughout the service provider class

🚨 User Experience
* Error Handling: Added user-friendly error messages
* Display admin notice when invalid banner image URLs are entered
* Clear feedback for users when external image URLs fail validation

1.10.0

• Added max impressions and max clicks for single banner
• Minor improvements

1.9.1

• Improved data security on the banner
• Now you can view a banner as a Post
• Now you can view Campaigns as categories
• Added views for the top 5 most viewed campaigns and the top 5 most clicked campaigns

1.9.0

• Added the ability to select one or more Campaigns in the Report view
• Added the ability to select one or more Banners in the Report view
• Added the Bannerize Users Role: Banners Manager, Campaigns Manager, and Campaigns viewer
• Create the Bannerize Website with the documentation
• Minor bug fixes
• New Website
• Documentation

1.8.0

• Redesigned the Settings page
• Redesigned the Analytics page
• Introducing Campaigns in place of Categories
• Added the ability to delete the clicks and impressions when they exceed a certain number
• Minor bug fixes

1.7.0

• Fixed security issues