8 Releases 8 Tags

• v0.1.4 98359d4cfb

  Compare

  WooCommerce Bootstrap 0.1.4 Pre-Release

  magdev released this 2026-03-01 00:02:53 +00:00 | 2 commits to main since this release

  Security

  • fn() function whitelist (WooCommerceExtension): The callFunction() method (exposed as fn() in Twig templates) now restricts callable functions to an explicit ALLOWED_FUNCTIONS whitelist. Previously any PHP function could be called, risking arbitrary code execution if template context were compromised. Only the 6 functions actually used in templates are permitted.
  • Notice data attribute escaping: Changed {{ notice.data|raw }} to {{ notice.data|wp_kses_post }} in success, error, and notice Twig templates. Defense-in-depth against potential XSS via data attributes.
  • Search query escaping (product-searchform.html.twig): Added |esc_attr filter to get_search_query() output in the search input value attribute.

  Performance

  • Per-request ContextBuilder caching: New wc_bootstrap_get_theme_context() function with static variable caching eliminates redundant ContextBuilder::build() calls (10-20 DB queries each) when multiple WooCommerce render functions fire in the same request.

  Changed

  • Shared page shell helper: New wc_bootstrap_render_in_page_shell() function extracts the duplicated context-injection-and-render pattern from wc_bootstrap_render_page(), wc_bootstrap_render_product_archive(), and wc_bootstrap_render_single_product().
  • Removed unused constants: Removed WC_BOOTSTRAP_VERSION and WC_BOOTSTRAP_URL constants that were defined but never referenced.

  Downloads

  • wc-bootstrap-0.1.4.zip
    822 KiB

    2026-03-01 00:06:35 +00:00
  • wc-bootstrap-0.1.4.zip.sha256
    89 B

    2026-03-01 00:06:35 +00:00
  • Source Code (ZIP)
  • Source Code (TAR.GZ)