Skip to content

Antispam Bee 3#506

Draft
florianbrinkmann wants to merge 237 commits into
masterfrom
v3
Draft

Antispam Bee 3#506
florianbrinkmann wants to merge 237 commits into
masterfrom
v3

Conversation

@florianbrinkmann

Copy link
Copy Markdown
Member

No description provided.

Bernhard Kau and others added 30 commits March 19, 2022 20:55
…tion call, as the translations are loaded from translate.wordpress.org
2ndkauboy and others added 18 commits June 28, 2026 20:02
#735)

* fix: resolve PHPCS error and deprecation warnings; remove unused e2e fixture

- Remove trailing blank line in UpgradeNotice.php doc comment (PHPCS error)
- Update phpcs.xml array properties to use <element> nodes (deprecated syntax)
- Drop unused cli fixture destructure in more.spec.ts

* fix: move language API container from port 3000 to 8080 for WP 5.6 compatibility

`http_allowed_safe_ports` was introduced in WordPress 5.9.0, so registering
port 3000 as safe had no effect on WP 5.6. This caused `wp_safe_remote_post`
to silently fail, the language rule to skip detection, and the e2e language
tests to fail on the PHP 7.4 / WP 5.6 matrix entry. Port 8080 is in
WordPress's built-in safe-port list on all supported versions.
* feat: add PHPStan static analysis and fix all reported issues

* chore: gitignore test-results and e2e report directories

* chore: add @Package tag to bootstrap file and PHPStan CI job

* chore: use actions/checkout@v7 and PHP 8.5 in PHPStan CI job

* chore: align all CI jobs to latest versions

* fix: bump PHPStan memory limit to 1G for CI runner

* fix: add return type declarations to Field methods

* test: disable WP auto-updates and cron during E2E tests
…#722)

* feat: render all tabs in a single form with client-side switching

Replaces full-page-reload tab navigation with a JS-driven tabbed
interface. All tab panels are now rendered inside one <form>, so
unsaved changes on one tab are preserved when switching to another.
Saving from any tab submits settings for all tabs at once.

- SettingsPage: populate and register sections for all tabs; render
  all panels inside one form with <button> tab controls and ARIA roles
- Section: register each section under a per-tab page slug so
  do_settings_sections() can target individual tab panels
- Sanitize: derive all valid tab slugs from registered controllables
  and sanitize every tab on each save (removes GET-tab dependency)
- assets/js/admin-tabs.js: new file for tab show/hide, ARIA state,
  URL sync via history.replaceState, and keyboard navigation

* fix: resolve PHPCS embedded PHP tag indentation issues in SettingsPage

* fix: align array properties indentation in RegexpSpam rule
* chore: add AI agent contribution guidelines

Add AGENTS.md as the single source of truth for AI agent contribution
rules (code quality checks, git workflow, conventional commits, PR
format). Tool-specific stub files point to it so each tool's native
config file is covered without duplicating content.

| File | AI agent |
|------|----------|
| `AGENTS.md` | OpenAI Codex (native), any agent that reads it |
| `CLAUDE.md` | Claude Code (references AGENTS.md) |
| `.github/copilot-instructions.md` | GitHub Copilot |
| `.cursor/rules/agents.mdc` | Cursor |
| `.windsurfrules` | Windsurf |
| `CONVENTIONS.md` | Aider |

* chore: add CLAUDE.md with Claude Code specific guidelines

Add CLAUDE.md for Claude Code, referencing AGENTS.md and adding
Claude-specific rules (no Co-Authored-By trailer, v3 PR workflow).

* chore: exclude AI agent guideline files from dist

* chore: document .distignore conventions in AGENTS.md

* chore: ignore local AI agent config and instruction files

* chore: normalise directory entries across .gitignore, .distignore, .gitattributes

- .gitignore: remove duplicate /node_modules/ and /vendor/ entries (covered by
  the /**/  variants already present); sort directories alphabetically
- .distignore: remove /**/node_modules and /**/vendor (WP-CLI does not support
  glob syntax, making them no-ops); /node_modules and /vendor remain
- .gitattributes: add / prefix to all directory entries to match the root-anchored
  convention already used in the # Files section

* chore: document .gitignore, .distignore, .gitattributes conventions in AGENTS.md

* chore: update .distignore

Co-authored-by: Christopher Ross <122108986+thisismyurl@users.noreply.github.com>

* chore: update .gitignore

Co-authored-by: Christopher Ross <122108986+thisismyurl@users.noreply.github.com>

* chore: update AGENTS.md

Co-authored-by: Christopher Ross <122108986+thisismyurl@users.noreply.github.com>

* chore: add PHP version target and WordPress security conventions to AGENTS.md

* chore: streamline .distignore and .gitattributes

- Remove unused directories and files like `/node_modules`, `/vendor`, and local config artifacts.
- Refine export-ignore rules for consistency.

---------

Co-authored-by: Christopher Ross <122108986+thisismyurl@users.noreply.github.com>
* docs: fix spelling and grammar in comments, docblocks and interfaces

* fix: require PHP 7.2 in version guard to match documented requirement

The bootstrap guard checked for PHP 5.6, but composer.json, readme.txt
and the admin notice itself all state 7.2 as the minimum. Sites on PHP
7.0/7.1 passed the guard and then hit code requiring 7.2.

* chore: remove TODO comments now tracked as GitHub issues

Removes the feature/refactor TODOs that were moved to issues #737-#743,
deletes a stale PHP 7 compatibility TODO, and replaces the two 'out of
beta' markers in the uninstall routine with a reference to issue #744
(keeping the commented-out cleanup code in place).

* chore: remove remaining feature and doc TODO comments

Moves the remaining actionable TODOs to GitHub issues #745-#747 (h2
section ids, custom item type docs, LinkbackFromMyself remote-server
verification) and removes them from the code. The two naming-related
TODOs are intentionally kept pending the separate naming discussion.

* chore: deduplicate WPCS dev dependency in composer.json
The commented-out post-3.0 cleanup lines (`// delete_option( ... );` and
`// $wpdb->query( ... )`) ended each inline-comment block, and end in `;`/`)`,
tripping Squiz.Commenting.InlineComment.InvalidEndChar (a phpcs error that
was failing the `quality` CI check on v3).

Reorder each block so the explanatory sentence (ending in a full stop) is
the last comment, keeping the commented-out code intact for the post-beta
cleanup tracked in #744.
Scope the `push` trigger in `tests.yml` to the `master` and `v3`
branches so pushes to a feature branch with an open PR no longer fire
both `push` and `pull_request`, running every job twice.
* refactor: disambiguate component_type vs reaction_type naming

Two distinct concepts shared the name "type", flagged by TODOs in
SettingsPage and Handlers/Rules:

- Component kind (rule/post_processor/general): Controllable::get_type()
  and the $type property are renamed to get_component_type() and
  $component_type.
- Reaction/content type (comment/linkback/general): standardised on
  $reaction_type everywhere (handler properties, is_active(), the Rules
  getters, Settings::get_option(), Section, Field, etc.).

Rules::get_spam_rules() is renamed to get_spam_reason_rules() (it returns
rules implementing the SpamReason interface); its parameter is $reaction_type.

Stored option keys and DB values are unchanged - this is a code-level
rename only. Renaming the public Controllable::get_type() interface method
is a breaking change for third-party components, done now while v3 is
still pre-beta.

* refactor: rename get_type_name to get_reaction_type_name

Complete the reaction_type disambiguation from 39f8979, which renamed the
`$item_type` parameter but left the surrounding "item type" vocabulary in
`ContentTypeHelper`:

- `get_type_name()` -> `get_reaction_type_name()` (and call sites in
  `SettingsPage` and `SendEmail`)
- filter hook `antispam_bee_item_types` -> `antispam_bee_reaction_types`,
  consistent with the sibling `antispam_bee_reaction_is_one_of`
- docblock wording "item type" -> "reaction type"

Renaming the public filter is a breaking change for third-party code, done
now while v3 is pre-beta. It is undocumented and unused internally.
Agents were treating vendor/ (dev-only, gitignored, composer-installed
code-quality tools) as project code, producing false findings. Add a
"What is project code" section pointing agents at src/, tests/, and the
root PHP files and telling them to ignore vendor/ and node_modules/.
* feat: add support links next to Save button on General tab

Replaces the bare submit_button() call on the General tab with a custom
footer row that places Donate, FAQ, Manual and Support text links to the
right of the Save Changes button, separated by a vertical rule.

* feat: add support links next to Save button on General tab

- Add support links (Donate, FAQ, Manual, Support) to the right of the
  Save Changes button on the General tab, separated by a vertical rule
- Move all admin styles to src/Admin/assets/admin.css, enqueued via
  wp_enqueue_style() on the settings page only
- Add PLUGIN_VERSION constant for stylesheet cache busting
- Use get_submit_button() instead of a raw input element

* feat: redesign action row layout and improve responsiveness

- Replace `.ab-form-footer` with `.ab-action-row` for a more flexible and responsive layout
- Add `.ab-help-links` to display plugin resources (Donate, FAQ, Manual, Support) with enhanced styling and accessibility
- Implement media queries for improved layout on small, medium, and large screens
- Refactor settings page to adopt the new responsive layout structure

* refactor: combine `admin_enqueue_scripts` callbacks

* refactor: move CSS file and fix button cursor style

* fix: add new constant to the `phpstan-bootstrap.php`
2ndkauboy added a commit that referenced this pull request Jul 2, 2026
The new code is using a `foreach` to get the two fields, but requires them to be in the correct order.

This change uses a code similar to v2 which would get the parameters, independent of the order.

Fixes: #506 (review)
2ndkauboy and others added 11 commits July 2, 2026 23:19
Add the `antispam_bee_post_processor_supported_types` filter to
`PostProcessors\Base::get_supported_types()`, mirroring the existing
`antispam_bee_rule_supported_types` filter on `Rules\Base`. This lets
third parties adjust the reaction types a post processor supports,
bringing the post processor extension API in line with rules.

Closes #741
* Get hidden and plugin field correctly

The new code is using a `foreach` to get the two fields, but requires them to be in the correct order.

This change uses a code similar to v2 which would get the parameters, independent of the order.

Fixes: #506 (review)

* Prevent a "Only variables should be passed by reference" notice

* chore: remove "asb" prefix from PHPCS globals rule

We do not use this prefix and a new rule now fails because it is too
short. Remove it from the configuration.

# Conflicts:
#	composer.json
#	phpcs.xml

* Fixing tests

---------

Co-authored-by: Stefan Kalscheuer <stefan@stklcode.de>
Every existing honeypot e2e test fills the hidden trap to force a spam
verdict; none covered the ham path. Add a test that submits a genuine
comment with the trap left empty and asserts it is held for moderation
and absent from the spam list.

This behaviour is identical on `v3` and the `feature/honeypot-extended-validation`
branch, so it also serves as a stable regression guard for PR #656.
)

* Add `ab_spam__invalid_request` logic back to `precheck()` function

* test: cover honeypot precheck when hidden field is absent

The reworked `precheck()` treats a missing `comment` honeypot field
(`is_null($hidden_field)`) as spam, but that branch had no test. Add a
scenario where the secret field is present and the honeypot field is
entirely absent, asserting `ab_spam__hidden_field` is set.
* ci: add spell-checking workflow

* chore: add spellchecker config and update related ignore files

* chore: fix typos in comments, documentation, and configuration files

* chore: update comments for spellchecker directives in LangHelper
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

v3 This issue is for the new version (v3) of the plugin

Projects

None yet

Development

Successfully merging this pull request may close these issues.

9 participants