dwindown
66e7b37f92
fix: resolve all Week 2 performance & security issues (F1.10–F1.19)
...
Security:
- Replace maybe_serialize() in cookies with json_encode() (PHP object injection fix)
- Add PayPal webhook signature verification
- Add current_user_can('manage_options') to all 18 admin-ajax handlers
Performance:
- Remove flush_rewrite_rules() from init hooks (Thankyou + Payment)
- Add activation/deactivation hooks for flush_rewrite_rules
- Cache currency, country, flags JSON reads in static variables
- Add server-side pagination to Customer::formipay_tabledata_customers()
- Optimize Order::formipay_tabledata_orders() with COUNT(*) GROUP BY
Cleanup:
- Delete Paypal.phpbak backup file
- Fix timezone hardcode Asia/Jakarta → wp_timezone_string()
- Create uninstall.php for proper cleanup on uninstall
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-04-17 19:52:01 +07:00
dwindown
35569923a5
docs: add comprehensive audit report and architectural recommendation
...
Checkpoint before implementation. Includes audit findings (FINDINGS.md),
architectural recommendation (RECOMMENDATION.md), and existing code changes
to Form, Order, Render, and form-action.js from recent development.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-04-17 17:00:47 +07:00
dwindown
0446eb1064
Admin Settings in all CPTs are already set. Continue to frontend.
2025-10-13 15:20:14 +07:00
dwindown
255da46509
fix wpcfto select and repeater related visibility and validation
2025-08-29 19:27:50 +07:00
dwindown
58c1497171
first commit
2025-08-21 20:39:34 +07:00
