ConversionQuality

Changelog

2.2.2 (2026-03-09)

• Changed: Automatic tracking is now disabled by default on fresh installs — site administrator must opt in explicitly (WordPress.org guideline compliance)
• Removed: data-cookieconsent="ignore" attribute from injected script tags — tracker respects any CMP configured by the site owner
• Security: Quform adapter get_form_id_from_post() now verifies that at least one quform_* POST key is present before processing, preventing spoofed POST requests from triggering conversion registration
• Security: Removed generic form_id fallback from Quform adapter (was unsafe — any POST with that key could trigger the adapter)
• Security: Divi adapter now sanitizes POST key names with sanitize_key() before logging, preventing stored XSS via crafted POST key names
• Docs: Added required “External Services” section to readme.txt disclosing all communication with ConversionQuality servers

2.2.1 (2026-03-02)

• Fixed: CF7 and Ninja hidden fields (first_url, screen_size, referrer) were silently ignored since v2.2.0 due to prefix mismatch
• Improved: Form adapters now use convqual_* as primary field names with cq_* backwards-compatible fallback
• Improved: CF7 adapter injects both convqual_* and cq_* field names for third-party integration compatibility

2.2.0 (2026-02-26)

• Security: Removed unverified $_POST fallbacks from Elementor adapter (CSRF hardening)
• Changed: All internal prefixes renamed from cq_ to convqual_ (WordPress.org compliance: 4+ char prefix)
• Added: Automatic migration of existing settings from cq_* to convqual_* options (transparent to users)
• Improved: Uninstall cleanup now removes both old and new option names
• No breaking changes — existing installations are migrated automatically on first admin load

2.1.2 (2026-02-23)

• Improved: Moved all inline scripts and styles to enqueued external files (WordPress coding standards)
• Improved: All function names now use proper cq_ prefix
• Fixed: Clarified GDPR/localStorage description in readme (no longer contradictory)

2.1.1 (2026-02-17)

• Fixed: Elementor Pro Forms adapter now compatible with PRO Elements (GPL fork)
• Fixed: Form detection expanded to include Elementor templates (theme builder, popups, global widgets)
• Fixed: Forms inside templates are auto-enabled at runtime when not found in the tracked list
• Improved: All Elementor form handlers protected with try/catch to prevent fatal errors
• Improved: Safe data extraction with $_POST fallback when Form_Record is unavailable
• Technical: Removed class_exists check for Forms\Module (not loaded during AJAX in PRO Elements)
• Technical: Added form_submitted hook as additional fallback for PRO Elements compatibility

2.1.0 (2026-02-14)

• Changed: “My Conversions” tab is now a read-only activity monitor (no more rating from WordPress)
• Removed: Star rating buttons, notes field, and “Unreachable” button from conversion cards
• Removed: “Rating disabled” warning for email-link conversions
• Removed: Expandable details section (IP, gclid, screen size)
• Added: Device type detection (mobile/desktop icon) based on screen size
• Added: Landing page path displayed on each conversion card
• Added: “Pending” status badge for unrated conversions
• Added: “View full dashboard on ConversionQuality.com” link
• Improved: Time display now uses WordPress locale (translatable via human_time_diff)
• Improved: Tab URL changed from tab=leads to tab=conversions
• Cleaned: Removed all rating JavaScript (admin.js) and related CSS
• Cleaned: Removed AJAX rating endpoint and unused i18n strings
• Rating is now done exclusively via email links or ConversionQuality.com dashboard

2.0.0 (2026-02-07)

• New: Multi-form plugin support – now integrates with 10 form plugins: Contact Form 7, Ninja Forms, WPForms, Gravity Forms, Formidable Forms, Elementor Pro, Forminator, Fluent Forms, Avada Forms, Quform
• New: Secret Key for secure API operations (reading leads, rating). API Key is now public-only (tracking)
• New: Per-form settings grouped by plugin – each form has independent tracking, email link, and field injection options
• New: Adapter architecture – shared logic with thin adapters per form plugin
• Improved: GSheetConnector/Zapier field injection now works for all form plugins
• 100% backwards compatible – existing CF7 setups continue working without changes

1.2.1 (2026-01-25)

• Fixed: WP Mail SMTP compatibility – resolved conflict that caused CF7 emails to fail
• Compatible with WP Mail SMTP, Post SMTP, FluentSMTP, and other SMTP plugins

1.2.0 (2026-01-21)

• New: Per-form tracking configuration – enable/disable tracking for each CF7 form individually
• New: Per-form email link and field injection settings
• New: Default settings for newly created forms
• Improved: Event names now use form title instead of ID (e.g., cf7_contact_form instead of form_cf7_123)

1.1.2 (2026-01-20)

• New: Additional fields for GSheetConnector: cq_id, cq_timestamp, wp_datetime

1.1.1 (2026-01-20)

• Fixed: SSL certificate errors on some hosting providers (sslverify compatibility)

1.1.0 (2025-01-02)

• New: Developer hook cq_conversion_registered for third-party integrations
• New: Optional cq_rating_url field injection into CF7 posted data (for GSheetConnector, Zapier, etc.)

1.0.6 (2025-12-02)

• Fixed: Rating links now appear correctly in CF7 emails when duplicate detection is triggered
• Fixed: Backend API returns existing token for duplicate conversions

1.0.5 (2025-01-05)

• Improved: WordPress Coding Standards (WPCS) compliance for WordPress.org approval
• Added: Transients cache system for API calls (5-minute cache duration)
• Improved: Dashboard loads instantly from cache, significantly reducing server load
• Improved: User-friendly error messages with clear, actionable guidance
• Improved: Better error handling for API connection failures with specific messages
• Improved: Automatic cache invalidation when rating leads to ensure fresh data
• Fixed: Proper sanitization of $_SERVER variables following WordPress security standards
• Fixed: Missing translations for “Campaign:”, “View page”, “Rated:” in dashboard
• Technical: Now uses WordPress native functions wp_get_referer() and is_ssl()
• Technical: Proper escaping of HTML attributes with esc_attr() throughout the plugin
• Performance: Significant speed improvement on admin pages due to caching layer
• Quality: Code ready for WordPress.org submission with full standards compliance

1.0.4 (2025-01-04)

• Fixed: Critical IP detection bug – now captures real client IP instead of server IP
• Improved: Cloudflare compatibility with CF-Connecting-IP header detection
• Improved: Proxy/load balancer support with X-Forwarded-For parsing
• Added: Automatic IP validation with fallback mechanism
• Technical: New get_real_client_ip() method with priority hierarchy (CF-Connecting-IP > X-Forwarded-For > REMOTE_ADDR)
• Backend: API now correctly prioritizes POST[‘ip’] over header detection
• Impact: Conversions now correctly attributed to actual visitor IPs, not server IPs
• Compatibility: Works with Cloudflare, Nginx proxy_pass, Apache mod_proxy, and load balancers

1.0.3 (2025-01-03)

• Added: Full internationalization (i18n) system with text domain support
• Added: Complete Spanish translation (conversionquality-es_ES.po/mo) with ~150 strings
• Added: Complete English translation (conversionquality-en_US.po/mo) with ~150 strings
• Added: Python script (generate_mo.py) to compile .po to .mo files with correct UTF-8 encoding
• Added: New Debug tab with real-time logging of CF7 submissions and API calls
• Improved: Auto-cleanup of logs after 7 days (max 50 entries for privacy/performance)
• Improved: Email translations now respect site language with switch_to_locale(), not admin user locale
• Fixed: UTF-8 encoding for Spanish characters (áéíóú, ñ) – uses HTML entities in emails
• Fixed: Emoji compatibility in emails (📈 instead of direct emoji)
• Backend: track.php now generates tokens ALWAYS, not only when sending email (needed for CF7)
• Backend: rate.php now allows rating leads with enviar_valoracion=0
• Backend: dashboard.php shows ratings correctly (fixed verification order)

1.0.2

• Added: Contact Form 7 integration with automatic conversion tracking
• Added: Email rating links in CF7 notification emails (sent to admin only, not form submitter)
• Added: Forms configuration tab in admin settings
• Added: New CQ_Forms class for handling form integrations
• Improved: HTML email formatting with nl2br() for proper structure
• Improved: Token generation reliability for rating links
• Fixed: Emails only sent to admin, never to user submitting the form
• Fixed: No duplicate emails when CF7 integration is active

1.0.1

• Improved: Error logging and debugging capabilities
• Improved: API connection reliability
• Fixed: Various stability improvements

1.0.0

• Initial release
• Dashboard widget with lead ratings (1-5 stars)
• Automatic tracker.js injection
• API key validation with “Test Connection” button
• Basic Contact Form 7 support
• Multi-language foundation
• UTM parameters and click ID tracking (gclid, fbclid, msclkid)