ROBOTSTXT/robotstxt-documentation-markdown
ROBOTSTXT/robotstxt-documentation-markdown
1
0
Fork 0
Code Issues Pull requests Releases 2 Activity
2 releases 2 tags
  • 1.1.0 92d56fe84d

    v1.1.0 Stable

    javier released this 2026-03-28 15:38:49 +00:00 | 0 commits to main since this release

    1.1.0

    Release date: 2026-03-28

    Highlights

    • Editor-level access: editors can now manage documentation mappings without administrator privileges
    • Full PHPStan level 9 compliance — zero errors across all plugin files
    • Security patch for two CVEs in league/commonmark
    • target_order (menu_order) field fully implemented end-to-end

    Security

    • Patched CVE-2026-33347 and CVE-2026-30838 by upgrading league/commonmark to 2.8.2

    Changed

    • Access level changed from manage_options (administrator) to edit_pages (editor) across all admin pages, form handlers, and debug functions
    • robotstxt_docmd_debug_run_cron() now has a typed int $mapping_id parameter

    Fixed

    • PHPStan level 9: replaced all implicit mixed casts with proper type-narrowing via is_string(), is_int(), and is_numeric() guards
    • New robotstxt_docmd_input_string() and robotstxt_docmd_input_int() helpers used for all superglobal ($_POST, $_GET) access
    • MappingData and MappingInput global type aliases defined in phpstan.neon — file-level @phpstan-type aliases do not propagate between files in PHPStan 2.x procedural code
    • target_order field was rendered in the form UI but never saved to post meta or applied during sync — now fully implemented
    • openssl_decrypt() false return properly handled in token decryption
    • get_edit_post_link() null return handled safely in debug run-cron output
    • Redundant isset() guards removed on statically-typed array shapes
    • Uninstall handler narrows get_option() mixed return before array access
    • size_format() false return handled in discover-page file list
    • Settings and debug functions use is_array() narrowing on get_option() before accessing keys
    • json_decode() results in GitHub debug functions fully type-narrowed before key access

    Developer Features

    • PHPStan level 9: 0 errors (down from 104 in v1.0.0)
    • phpstan.neon now includes global MappingData and MappingInput type aliases
    • robotstxt-updater.php moved to bootstrapFiles in PHPStan config to avoid strict analysis of shared utility
    • $default parameter renamed to $fallback in helpers (reserved keyword warning)
    • Short ternary (?:) replaced with explicit false !== check (PHPCS rule)

    Compatibility

    • WordPress: 6.7 - 7.0
    • PHP: 8.2 - 8.4 (verified on PHP 8.4.x)
    • MariaDB: 10.6 or newer

    Dependencies

    • league/commonmark: 2.8.0 → 2.8.2 (security patch)
    • eduardovillao/wp-since: 1.3.0 → 1.4.0
    • phpunit/phpunit held at ^10.5 (v13.x available; pending test suite migration)
    • squizlabs/php_codesniffer held at ^3.13 (v4.x available; pending WPCS 4.x confirmation)

    Tests

    • PHP Coding Standards: PHPCS 3.x with WordPress-Extra ruleset — 0 errors, 0 warnings
    • WordPress Coding Standards: WPCS 3.3
    • PHPStan: level 9, 0 errors (szepeviktor/phpstan-wordpress extension)
    • PHPCompatibility: PHP 8.2 - 8.4 validated
    • Manual testing: WordPress 6.8, 7.0
    Downloads