Changeset 3362936 for wpvulnerability/trunk/wpvulnerability.php

Timestamp:

09/17/2025 06:49:03 AM (6 months ago)

Author:

JavierCasares

Message:

[4.1.0] - 2025-09-16

Added

• "Never" send notifications.
• Choose notification day and time.
• Configurable cache expiration (1, 6, 12 or 24 hours).
• WP-CLI command to configure cache expiration.
• Constants to set hiding components.
• WP-CLI command to manage hidden components.
• WP-CLI command to configure notification email and period.
• Add notifications for Slack and Teams.
• Disable mail notifications from mails.
• WordPress Playground blueprint (in test).

Changed

• Cache is always the same eveywhere.
• Options for notifications.
• Schedule fields only appear for selected periods.
• Placeholder and conditional display for Slack and Teams notification fields.
• Added links to documentation.

Fixed

• When a plugin is updated, hide the vulnerabilities.
• Display of schedule fields based on period.
• Conditional display for email, Slack, and Teams notification fields.
• When save, there where two saving messages.
• wp_get_update_php_url() for WordPress 5.1.0+ (fallback)
• wp_timezone() for WordPress 5.1.0+ (fallback)
• wp_doing_cron() for WordPress 4.8.0+ (fallback)
• Application Passwords / REST API after WordPress 5.6.0

Compatibility

• WordPress: 4.7 - 6.9
• PHP: 5.6 - 8.4
• WP-CLI: 2.3.0 - 2.11.0

Tests

• PHP Coding Standards: 3.13.4
• WordPress Coding Standards: 3.2.0
• Plugin Check (PCP): 1.6.0
• SonarCloud Code Review
• Amplify Code Check

File:

• wpvulnerability/trunk/wpvulnerability.php (modified) (6 diffs)

wpvulnerability/trunk/wpvulnerability.php

@@ -4 +4 @@
  * Plugin URI: https://www.wpvulnerability.com/
  * Description: Receive information about possible vulnerabilities in your WordPress from WordPress Vulnerability Database API.
- * Requires at least: 4.1
+ * Requires at least: 4.7
  * Requires PHP: 5.6
- * Version: 4.0.4
+ * Version: 4.1.0
  * Author: Javier Casares
  * Author URI: https://www.javiercasares.com/
@@ -24 +24 @@
  * Set some constants that I can change in future versions.
  */
-define( 'WPVULNERABILITY_PLUGIN_VERSION', '4.0.4' );
+define( 'WPVULNERABILITY_PLUGIN_VERSION', '4.1.0' );
 define( 'WPVULNERABILITY_API_HOST', 'https://www.wpvulnerability.net/' );
-define( 'WPVULNERABILITY_CACHE_HOURS', 12 );
 
 /**
@@ -36 +35 @@
 define( 'WPVULNERABILITY_PLUGIN_PATH', plugin_dir_path( __FILE__ ) );
 
+// Handle front-end email opt-out requests early.
+if ( isset( $_GET['wpvulnerability_disable_email'] ) ) { // phpcs:ignore
+        // Load pluggable functions so wp_verify_nonce() is available.
+    if ( ! function_exists( 'wp_verify_nonce' ) ) {
+            require_once ABSPATH . WPINC . '/pluggable.php';
+    }
+
+        require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-notifications.php';
+        wpvulnerability_disable_email_handler();
+}
+
 /**
  * Initialize the plugin.
@@ -44 +54 @@
  */
 function wpvulnerability_plugin_init() {
-    /*
-     * Load the plugin's localization files.
-     *
-     * @since 2.0.0
-     */
-    load_plugin_textdomain( 'wpvulnerability', false, dirname( WPVULNERABILITY_PLUGIN_BASE ) . '/languages' );
-
     wpvulnerability_activation();
 
@@ -89 +92 @@
     require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-notifications.php';
     require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-sitehealth.php';
-    require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-cli.php';
+        require_once WPVULNERABILITY_PLUGIN_PATH . '/class-wpvulnerability-cli.php';
+        require_once WPVULNERABILITY_PLUGIN_PATH . '/class-wpvulnerability-config-cli.php';
 
-    // Update non-cached data.
-    wpvulnerability_expired_database_data();
+        // Update non-cached data.
+        wpvulnerability_expired_database_data();
+}
+
+/*
+ * Backward compatibility for wp_doing_cron().
+ *
+ * wp_doing_cron() was introduced in WordPress 4.8. This plugin supports
+ * versions as old as WordPress 4.7, so define the function when it does not
+ * exist in core.
+ *
+ * @since 4.1.1
+ */
+if ( ! function_exists( 'wp_doing_cron' ) ) {
+        /**
+         * Determines whether the current request is a WordPress cron request.
+         *
+         * Mirrors the core wp_doing_cron() function available since 4.8.0.
+         *
+         * @since 4.1.1
+         *
+         * @return bool Whether the current request is a WordPress cron request.
+         */
+    function wp_doing_cron() {
+            return apply_filters( 'wp_doing_cron', defined( 'DOING_CRON' ) && DOING_CRON );
+    }
 }
 
@@ -99 +127 @@
  */
 if (
-        ( ! is_multisite() && is_admin() ) ||
+                ( ! is_multisite() && is_admin() ) ||
         ( is_multisite() && ( is_network_admin() || is_main_site() ) ) ||
         ( defined( 'WP_CLI' ) && WP_CLI ) ||