Security Fixes:
- Fixed XSS vulnerability in checkout blocks DOM injection (replaced innerHTML with safe DOM methods)
- Unified IP detection for rate limiting across all API endpoints (new IpDetectionTrait)
- Added rate limiting to license transfers (5/hour) and downloads (30/hour) (new RateLimitTrait)
- Added file size limit (2MB), row limit (1000), and rate limiting to CSV import
- Added JSON decode error handling in StoreApiExtension
- Added license ID validation in frontend.js to prevent selector injection
New Files:
- src/Api/IpDetectionTrait.php - Shared IP detection with proxy support
- src/Common/RateLimitTrait.php - Reusable rate limiting for frontend operations
Breaking Changes:
- None
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix OrderLicenseController to use isLicensedProduct() for consistent product type detection
- Fixed expected licenses calculation for variable product orders
- Fixed manual license generation from admin order page for variable products
- Remove debug logging from all source files (PHP and JavaScript)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Customers can now purchase licenses with different durations (monthly,
yearly, lifetime) through WooCommerce product variations. Each variation
can have its own license validity settings.
New features:
- LicensedVariableProduct class for variable licensed products
- LicensedProductVariation class for individual variations
- Per-variation license duration and max activations settings
- Duration labels in checkout (Monthly, Quarterly, Yearly, etc.)
- Full support for WooCommerce Blocks checkout with variations
- Updated translations for German (de_CH)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add multi-domain checkout support for WooCommerce Blocks
- Fix domain field rendering using ExperimentalOrderMeta slot
- Add DOM injection fallback for checkout field rendering
- Update translations with new multi-domain strings (de_CH)
- Update email templates for grouped license display
- Refactor account page to group licenses by product/order
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add WooCommerce Checkout Blocks support for domain field
- Create CheckoutBlocksIntegration for block-based checkout
- Create StoreApiExtension for Store API domain handling
- Add checkout-blocks.js for frontend domain field in blocks
- Fix LicenseManager product type check in generateLicense()
- Add multiple order status hooks for reliable license generation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
