Version 1.4.10 - security hardening, empty fallback, and reCAPTCHA improvements

- Harden XSS protection with escapeHtml on all rendered output values - Add empty_fallback support for empty cell display across all view types - Fix reCAPTCHA default action to 'submit' matching JS side - Move reCAPTCHA token generation from inline PHP to public.js - Lower default reCAPTCHA min score from 0.5 to 0.3 - Improve reCAPTCHA token age check and preload error handling - Add form submit handler for enter key support - Increase waitForRecaptcha timeout to 10 seconds - Show button/color settings only for button output types - Remove debug console.log and error_log statements - Bump version to 1.4.10
2026-05-28 10:29:02 +07:00
parent a2717d56d9
commit 39bb5e2331
7 changed files with 248 additions and 184 deletions
--- a/templates/editor/js-template-setting-output.php
+++ b/templates/editor/js-template-setting-output.php
@@ -23,32 +23,36 @@
                    </select>
                </div>
            </div>
-            <div class="row mb-2 type-button-link" {{#ifCond type '==' 'text'}}style="display:none;"{{/ifCond}}>
+            <div class="row mb-2 type-button-link">
                <div class="col-3"><label class="form-label fw-bold mb-0">Button Text</label></div>
                <div class="col-9">
                    <input type="text" id="output-buttontext-{{id}}" name="checker[output][{{id}}][button_text]" value="{{button_text}}" class="w-100"/>
                </div>
            </div>
+            <div class="row mb-2 type-button-link">
+                <div class="col-3"><label class="form-label fw-bold mb-0">BG Color</label></div>
+                <div class="col-9">
+                    <input type="color" id="output-bg_color-{{id}}" name="checker[output][{{id}}][bg_color]" value="{{bg_color}}" class="w-100"/>
+                </div>
+            </div>
+            <div class="row mb-2 type-button-link">
+                <div class="col-3"><label class="form-label fw-bold mb-0">Text Color</label></div>
+                <div class="col-9">
+                    <input type="color" id="output-text_color-{{id}}" name="checker[output][{{id}}][text_color]" value="{{text_color}}" class="w-100"/>
+                </div>
+            </div>
            <div class="row mb-2">
                <div class="col-3"><label class="form-label fw-bold mb-0">Prefix</label></div>
                <div class="col-9">
                    <input type="text" id="output-prefix-{{id}}" name="checker[output][{{id}}][prefix]" value="{{prefix}}" class="w-100"/>
                </div>
            </div>
-            {{#if display}}
            <div class="row mb-2">
-                <div class="col-3"><label class="form-label fw-bold mb-0">BG Color</label></div>
+                <div class="col-3"><label class="form-label fw-bold mb-0">Empty Fallback</label></div>
                <div class="col-9">
-                    <input type="color" id="output-bg_color-{{id}}" name="checker[output][{{id}}][bg_color]" value="{{bg_color}}" class="w-100"/>
+                    <input type="text" id="output-empty_fallback-{{id}}" name="checker[output][{{id}}][empty_fallback]" value="{{empty_fallback}}" class="w-100" placeholder="e.g. N/A, —, Not available"/>
                </div>
            </div>
-            <div class="row">
-                <div class="col-3"><label class="form-label fw-bold mb-0">Text Color</label></div>
-                <div class="col-9">
-                    <input type="color" id="output-text_color-{{id}}" name="checker[output][{{id}}][text_color]" value="{{text_color}}" class="w-100"/>
-                </div>
-            </div>
-            {{/if}}
        </div>
    </div>
    {{/each}}