Antispam Bee 3#506
Draft
florianbrinkmann wants to merge 237 commits into
Draft
Conversation
…d build processes
…tion call, as the translations are loaded from translate.wordpress.org
…nquoted attributes (#731)
#735) * fix: resolve PHPCS error and deprecation warnings; remove unused e2e fixture - Remove trailing blank line in UpgradeNotice.php doc comment (PHPCS error) - Update phpcs.xml array properties to use <element> nodes (deprecated syntax) - Drop unused cli fixture destructure in more.spec.ts * fix: move language API container from port 3000 to 8080 for WP 5.6 compatibility `http_allowed_safe_ports` was introduced in WordPress 5.9.0, so registering port 3000 as safe had no effect on WP 5.6. This caused `wp_safe_remote_post` to silently fail, the language rule to skip detection, and the e2e language tests to fail on the PHP 7.4 / WP 5.6 matrix entry. Port 8080 is in WordPress's built-in safe-port list on all supported versions.
* feat: add PHPStan static analysis and fix all reported issues * chore: gitignore test-results and e2e report directories * chore: add @Package tag to bootstrap file and PHPStan CI job * chore: use actions/checkout@v7 and PHP 8.5 in PHPStan CI job * chore: align all CI jobs to latest versions * fix: bump PHPStan memory limit to 1G for CI runner * fix: add return type declarations to Field methods * test: disable WP auto-updates and cron during E2E tests
…#722) * feat: render all tabs in a single form with client-side switching Replaces full-page-reload tab navigation with a JS-driven tabbed interface. All tab panels are now rendered inside one <form>, so unsaved changes on one tab are preserved when switching to another. Saving from any tab submits settings for all tabs at once. - SettingsPage: populate and register sections for all tabs; render all panels inside one form with <button> tab controls and ARIA roles - Section: register each section under a per-tab page slug so do_settings_sections() can target individual tab panels - Sanitize: derive all valid tab slugs from registered controllables and sanitize every tab on each save (removes GET-tab dependency) - assets/js/admin-tabs.js: new file for tab show/hide, ARIA state, URL sync via history.replaceState, and keyboard navigation * fix: resolve PHPCS embedded PHP tag indentation issues in SettingsPage * fix: align array properties indentation in RegexpSpam rule
* chore: add AI agent contribution guidelines Add AGENTS.md as the single source of truth for AI agent contribution rules (code quality checks, git workflow, conventional commits, PR format). Tool-specific stub files point to it so each tool's native config file is covered without duplicating content. | File | AI agent | |------|----------| | `AGENTS.md` | OpenAI Codex (native), any agent that reads it | | `CLAUDE.md` | Claude Code (references AGENTS.md) | | `.github/copilot-instructions.md` | GitHub Copilot | | `.cursor/rules/agents.mdc` | Cursor | | `.windsurfrules` | Windsurf | | `CONVENTIONS.md` | Aider | * chore: add CLAUDE.md with Claude Code specific guidelines Add CLAUDE.md for Claude Code, referencing AGENTS.md and adding Claude-specific rules (no Co-Authored-By trailer, v3 PR workflow). * chore: exclude AI agent guideline files from dist * chore: document .distignore conventions in AGENTS.md * chore: ignore local AI agent config and instruction files * chore: normalise directory entries across .gitignore, .distignore, .gitattributes - .gitignore: remove duplicate /node_modules/ and /vendor/ entries (covered by the /**/ variants already present); sort directories alphabetically - .distignore: remove /**/node_modules and /**/vendor (WP-CLI does not support glob syntax, making them no-ops); /node_modules and /vendor remain - .gitattributes: add / prefix to all directory entries to match the root-anchored convention already used in the # Files section * chore: document .gitignore, .distignore, .gitattributes conventions in AGENTS.md * chore: update .distignore Co-authored-by: Christopher Ross <122108986+thisismyurl@users.noreply.github.com> * chore: update .gitignore Co-authored-by: Christopher Ross <122108986+thisismyurl@users.noreply.github.com> * chore: update AGENTS.md Co-authored-by: Christopher Ross <122108986+thisismyurl@users.noreply.github.com> * chore: add PHP version target and WordPress security conventions to AGENTS.md * chore: streamline .distignore and .gitattributes - Remove unused directories and files like `/node_modules`, `/vendor`, and local config artifacts. - Refine export-ignore rules for consistency. --------- Co-authored-by: Christopher Ross <122108986+thisismyurl@users.noreply.github.com>
* docs: fix spelling and grammar in comments, docblocks and interfaces * fix: require PHP 7.2 in version guard to match documented requirement The bootstrap guard checked for PHP 5.6, but composer.json, readme.txt and the admin notice itself all state 7.2 as the minimum. Sites on PHP 7.0/7.1 passed the guard and then hit code requiring 7.2. * chore: remove TODO comments now tracked as GitHub issues Removes the feature/refactor TODOs that were moved to issues #737-#743, deletes a stale PHP 7 compatibility TODO, and replaces the two 'out of beta' markers in the uninstall routine with a reference to issue #744 (keeping the commented-out cleanup code in place). * chore: remove remaining feature and doc TODO comments Moves the remaining actionable TODOs to GitHub issues #745-#747 (h2 section ids, custom item type docs, LinkbackFromMyself remote-server verification) and removes them from the code. The two naming-related TODOs are intentionally kept pending the separate naming discussion. * chore: deduplicate WPCS dev dependency in composer.json
The commented-out post-3.0 cleanup lines (`// delete_option( ... );` and `// $wpdb->query( ... )`) ended each inline-comment block, and end in `;`/`)`, tripping Squiz.Commenting.InlineComment.InvalidEndChar (a phpcs error that was failing the `quality` CI check on v3). Reorder each block so the explanatory sentence (ending in a full stop) is the last comment, keeping the commented-out code intact for the post-beta cleanup tracked in #744.
Scope the `push` trigger in `tests.yml` to the `master` and `v3` branches so pushes to a feature branch with an open PR no longer fire both `push` and `pull_request`, running every job twice.
* refactor: disambiguate component_type vs reaction_type naming Two distinct concepts shared the name "type", flagged by TODOs in SettingsPage and Handlers/Rules: - Component kind (rule/post_processor/general): Controllable::get_type() and the $type property are renamed to get_component_type() and $component_type. - Reaction/content type (comment/linkback/general): standardised on $reaction_type everywhere (handler properties, is_active(), the Rules getters, Settings::get_option(), Section, Field, etc.). Rules::get_spam_rules() is renamed to get_spam_reason_rules() (it returns rules implementing the SpamReason interface); its parameter is $reaction_type. Stored option keys and DB values are unchanged - this is a code-level rename only. Renaming the public Controllable::get_type() interface method is a breaking change for third-party components, done now while v3 is still pre-beta. * refactor: rename get_type_name to get_reaction_type_name Complete the reaction_type disambiguation from 39f8979, which renamed the `$item_type` parameter but left the surrounding "item type" vocabulary in `ContentTypeHelper`: - `get_type_name()` -> `get_reaction_type_name()` (and call sites in `SettingsPage` and `SendEmail`) - filter hook `antispam_bee_item_types` -> `antispam_bee_reaction_types`, consistent with the sibling `antispam_bee_reaction_is_one_of` - docblock wording "item type" -> "reaction type" Renaming the public filter is a breaking change for third-party code, done now while v3 is pre-beta. It is undocumented and unused internally.
Agents were treating vendor/ (dev-only, gitignored, composer-installed code-quality tools) as project code, producing false findings. Add a "What is project code" section pointing agents at src/, tests/, and the root PHP files and telling them to ignore vendor/ and node_modules/.
* feat: add support links next to Save button on General tab Replaces the bare submit_button() call on the General tab with a custom footer row that places Donate, FAQ, Manual and Support text links to the right of the Save Changes button, separated by a vertical rule. * feat: add support links next to Save button on General tab - Add support links (Donate, FAQ, Manual, Support) to the right of the Save Changes button on the General tab, separated by a vertical rule - Move all admin styles to src/Admin/assets/admin.css, enqueued via wp_enqueue_style() on the settings page only - Add PLUGIN_VERSION constant for stylesheet cache busting - Use get_submit_button() instead of a raw input element * feat: redesign action row layout and improve responsiveness - Replace `.ab-form-footer` with `.ab-action-row` for a more flexible and responsive layout - Add `.ab-help-links` to display plugin resources (Donate, FAQ, Manual, Support) with enhanced styling and accessibility - Implement media queries for improved layout on small, medium, and large screens - Refactor settings page to adopt the new responsive layout structure * refactor: combine `admin_enqueue_scripts` callbacks * refactor: move CSS file and fix button cursor style * fix: add new constant to the `phpstan-bootstrap.php`
2ndkauboy
added a commit
that referenced
this pull request
Jul 2, 2026
The new code is using a `foreach` to get the two fields, but requires them to be in the correct order. This change uses a code similar to v2 which would get the parameters, independent of the order. Fixes: #506 (review)
Add the `antispam_bee_post_processor_supported_types` filter to `PostProcessors\Base::get_supported_types()`, mirroring the existing `antispam_bee_rule_supported_types` filter on `Rules\Base`. This lets third parties adjust the reaction types a post processor supports, bringing the post processor extension API in line with rules. Closes #741
* Get hidden and plugin field correctly The new code is using a `foreach` to get the two fields, but requires them to be in the correct order. This change uses a code similar to v2 which would get the parameters, independent of the order. Fixes: #506 (review) * Prevent a "Only variables should be passed by reference" notice * chore: remove "asb" prefix from PHPCS globals rule We do not use this prefix and a new rule now fails because it is too short. Remove it from the configuration. # Conflicts: # composer.json # phpcs.xml * Fixing tests --------- Co-authored-by: Stefan Kalscheuer <stefan@stklcode.de>
Every existing honeypot e2e test fills the hidden trap to force a spam verdict; none covered the ham path. Add a test that submits a genuine comment with the trap left empty and asserts it is held for moderation and absent from the spam list. This behaviour is identical on `v3` and the `feature/honeypot-extended-validation` branch, so it also serves as a stable regression guard for PR #656.
) * Add `ab_spam__invalid_request` logic back to `precheck()` function * test: cover honeypot precheck when hidden field is absent The reworked `precheck()` treats a missing `comment` honeypot field (`is_null($hidden_field)`) as spam, but that branch had no test. Add a scenario where the secret field is present and the honeypot field is entirely absent, asserting `ab_spam__hidden_field` is set.
* ci: add spell-checking workflow * chore: add spellchecker config and update related ignore files * chore: fix typos in comments, documentation, and configuration files * chore: update comments for spellchecker directives in LangHelper
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.