ROBOTSTXT/robotstxt-og
ROBOTSTXT/robotstxt-og
1
0
Fork 0
Code Issues Pull requests Releases 3 Activity
3 releases 3 tags
  • 1.1.0 ddaaff71ad

    v1.1.0 Stable

    javier released this 2026-03-28 07:59:56 +00:00 | 0 commits to main since this release

    1.1.0

    Release date: 2026-03-28

    Fixed

    • Fatal TypeError in handle_thumbnail_change(): the deleted_post_meta action passes an array of meta IDs as its first argument (unlike updated_post_meta, which passes a single int). The method signature now accepts int|array to handle both actions correctly.

    Security

    • Added SSRF protection in Robotstxt_OG_Image_Resolver::is_safe_url(): all outbound HTTP HEAD requests now validate that the target host resolves to a public IP address. Private (RFC 1918), loopback, link-local, and reserved ranges are blocked.
    • Replaced deprecated FILTER_SANITIZE_SPECIAL_CHARS with FILTER_SANITIZE_FULL_SPECIAL_CHARS in nonce and input handling throughout admin and meta box classes.

    Added

    • GDPR Privacy API: registered wp_privacy_personal_data_exporters and wp_privacy_personal_data_erasers filters. Custom _og_title and _og_description post meta are now included in WordPress personal data export and erase requests.
    • PHPUnit 10 test suite using Brain\Monkey for WordPress function mocking. Covers SSRF IP validation, image format detection (ensure_compatible_format()), external URL detection, and cache clearing. No WordPress installation required to run tests (vendor/bin/phpunit).

    Changed

    • Settings page and REST API permission check changed from manage_options to edit_others_posts. Editors and above can now access OG settings and trigger fallback image resolution. The WordPress Settings API form is unlocked via the option_page_capability_robotstxt_og_settings filter.
    • REST API check_permission() now also verifies edit_post for the specific post ID requested.
    • Minimum supported WordPress version raised from 6.7 to 6.8 (two previous major versions back from WordPress 7.0).
    • Added Network: true plugin header, formally documenting Multisite compatibility.

    Tests

    • WordPress: 6.8, 6.9, 7.0
    • PHP: 8.2, 8.5
    • PHP_CodeSniffer: 3.13.5
    • WordPress Coding Standards: 3.3.0
    • PHPCompatibility: 9.3.5
    • PHPStan: level 9
    • PHPUnit: 10.5
    Downloads
  • 1.0.1 9b856d1c3d

    v1.0.1 Stable

    javier released this 2026-03-28 07:51:30 +00:00 | 1 commits to main since this release

    1.0.1

    Release date: 2026-03-05

    Compatibility

    • Confirmed compatibility with WordPress 7.0. Supported range is now WordPress 6.7 – 7.0.

    Tests

    • PHP_CodeSniffer: 3.13.5
    • WordPress Coding Standards: 3.3.0
    • PHPCompatibility: 9.3.5
    Downloads
  • 1.0.0 f7702f2872

    v1.0.0 Stable

    javier released this 2026-02-19 11:17:11 +00:00 | 2 commits to main since this release

    1.0.0

    Release date: 2026-02-18

    Highlights

    • Initial stable release of OpenGraph (by ROBOTSTXT).
    • Outputs a complete set of Open Graph and Twitter Card meta tags, with automatic detection of incompatible image formats (AVIF, WebP, GIF, BMP, SVG, TIFF) and HTTP-based resolution of JPEG/PNG alternatives.

    Added

    • Full Open Graph meta tag output: og:title, og:type, og:url, og:description, og:site_name, og:locale, og:image, og:image:width, og:image:height, og:image:type, og:image:alt.
    • Article-specific tags for singular posts: article:published_time, article:modified_time, article:section, article:tag.
    • Twitter Card meta tag output: twitter:card, twitter:site, twitter:image.
    • Direct tag injection via wp_head when no SEO plugin is active.
    • Yoast SEO integration via wpseo_opengraph_image filter.
    • RankMath integration via rank_math/opengraph/facebook/og_image filter.
    • Automatic format detection for AVIF, WebP, GIF, BMP, SVG, and TIFF featured images.
    • HTTP HEAD-based resolution of compatible JPEG/PNG alternatives.
    • Postmeta caching (_og_image_fallback_url) with automatic invalidation when the featured image is changed or removed.
    • Negative caching via transients (1-hour TTL) to avoid repeated failed HEAD requests.
    • Global fallback image URL setting (Settings > OpenGraph).
    • Homepage-specific image URL setting (Settings > OpenGraph).
    • Image URL validation at save time: incompatible formats are auto-resolved to JPEG/PNG; invalid or unresolvable URLs are rejected with an admin notice.
    • Twitter/X site handle setting for the twitter:site meta tag.
    • Per-post Open Graph overrides: custom title and description via meta box in the post editor.
    • Taxonomy archive image support via robotstxt_og_taxonomy_image filter.
    • Admin settings page (Settings > OpenGraph) with three tabs: Settings, Tools, Diagnostics.
    • Tools tab: Clear All Caches, Re-resolve All Images, Plugin Information.
    • Diagnostics tab: statistics (cached count, coverage), URL tester with HTTP header display, paginated cached entries table with per-row clear action.
    • WP-CLI command wp og-fallback resolve with --all, --dry-run, --post-type options.
    • WP-CLI command wp og-fallback clear-cache with --all and --dry-run options.
    • REST API: POST /wp-json/robotstxt-og/v1/resolve/{post_id} and GET /wp-json/robotstxt-og/v1/status/{post_id}.
    • Developer filters: robotstxt_og_external_image_enabled, robotstxt_og_external_image_timeout, robotstxt_og_taxonomy_image, robotstxt_og_enable_logging.
    • Auto-updater integration via Gitea (robotstxt-updater.php).
    • Full internationalization (text domain: robotstxt-og, POT file included). Spanish (es_ES) translation included.
    • uninstall.php with optional data deletion on plugin removal (opt-in, off by default).
    • Multisite compatible with per-site configuration.

    Security

    • Nonce verification on all forms and state-changing GET actions.
    • manage_options capability check on all admin pages, REST endpoints, and WP-CLI commands.
    • Input sanitization via WordPress APIs (sanitize_key, sanitize_text_field, esc_url_raw, filter_input) throughout.
    • Output escaping on all dynamic HTML (esc_html, esc_attr, esc_url, absint).
    • Prepared statements ($wpdb->prepare()) for all raw database queries; no direct SQL writes.
    • CSRF protection on all state-changing actions via wp_nonce_url / wp_verify_nonce.
    • HTTP requests use wp_remote_head() with configurable timeout — no file_get_contents or curl directly.

    Compatibility

    • WordPress: 6.7 - 6.9
    • PHP: 8.2 - 8.5
    • WP-CLI: 2.x
    • MariaDB: 10.6+

    Tests

    • PHP_CodeSniffer: 3.13.5
    • WordPress Coding Standards: 3.3.0
    • PHPCompatibility: 9.3.5
    Downloads