Security Fixes:
- Fixed XSS vulnerability in checkout blocks DOM injection (replaced innerHTML with safe DOM methods)
- Unified IP detection for rate limiting across all API endpoints (new IpDetectionTrait)
- Added rate limiting to license transfers (5/hour) and downloads (30/hour) (new RateLimitTrait)
- Added file size limit (2MB), row limit (1000), and rate limiting to CSV import
- Added JSON decode error handling in StoreApiExtension
- Added license ID validation in frontend.js to prevent selector injection
New Files:
- src/Api/IpDetectionTrait.php - Shared IP detection with proxy support
- src/Common/RateLimitTrait.php - Reusable rate limiting for frontend operations
Breaking Changes:
- None
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix admin license test popup showing empty product field
- Display product name in bold in test license modal
- Split auto-update settings into notification and auto-install options
- Add filter functionality to customer account licenses page
- Update translations (402 strings)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Simplified JavaScript to avoid conflicts with WooCommerce's native show/hide logic
- Removed conflicting CSS rule for .hide_if_licensed
- License Settings tab uses CSS class toggle for proper display
- Variations tab properly shows for licensed-variable via woocommerce_product_data_tabs filter
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Product Versions meta box now always added to product pages, visibility controlled via CSS/JavaScript
- Added Installer::registerProductTypes() to create product type terms in the product_type taxonomy
- Product type terms are now ensured to exist on woocommerce_init hook for existing installations
- Fixed License Settings tab and Product Versions visibility toggling when changing product types
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix OrderLicenseController to use isLicensedProduct() for consistent product type detection
- Fixed expected licenses calculation for variable product orders
- Fixed manual license generation from admin order page for variable products
- Remove debug logging from all source files (PHP and JavaScript)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Customers can now purchase licenses with different durations (monthly,
yearly, lifetime) through WooCommerce product variations. Each variation
can have its own license validity settings.
New features:
- LicensedVariableProduct class for variable licensed products
- LicensedProductVariation class for individual variations
- Per-variation license duration and max activations settings
- Duration labels in checkout (Monthly, Quarterly, Yearly, etc.)
- Full support for WooCommerce Blocks checkout with variations
- Updated translations for German (de_CH)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add static methods to ResponseSigner for deriving customer-specific secrets
- Display "API Verification Secret" in customer account licenses page
- Add collapsible secret section with copy button
- Update server-implementation.md with per-license secret documentation
- Update translations with new strings
Each customer now gets a unique verification secret derived from their
license key, eliminating the need to share the master server secret.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Sort product versions by version DESC when adding via AJAX
- Make license actions always visible in admin overview
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add multi-domain checkout support for WooCommerce Blocks
- Fix domain field rendering using ExperimentalOrderMeta slot
- Add DOM injection fallback for checkout field rendering
- Update translations with new multi-domain strings (de_CH)
- Update email templates for grouped license display
- Refactor account page to group licenses by product/order
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add 'Generate Licenses' button to order meta box for admin-created orders
- Add AJAX handler for manual license generation
- Show warning when domain is not set or order is not paid
- Handle partial license generation (when some products already have licenses)
- Update German translations for new strings (365 translated)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Downloads now displayed in two-row format per entry
- First row: file download link
- Second row: metadata (version, date, checksum)
- Better visual separation and readability
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Display current version under product title for licensed products
- Add frontend CSS styling for version badge
- Update translations for new "Version:" string
- Bump version to 0.3.4
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Wrap filename link and media-archive icon in a flex container
with white-space: nowrap to keep them on a single line.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Features:
- Add SHA256 column to admin product versions table
- Display file hash in customer account downloads section
- Style checksum file upload field consistently with package upload
Changes:
- Admin versions table shows truncated hash with full hash on hover
- Customer downloads show hash with shield icon indicator
- Updated German translations
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Changed plain file input to styled button with filename display
- Added Select/Remove buttons for checksum file upload
- Updated JavaScript handlers for styled checksum file input
- Updated German translation for new button text
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace SHA256 text input with file upload field for checksum files
- Add readChecksumFile() JavaScript function using FileReader API
- Support .sha256 and .txt checksum file formats
- Add Promise-based async handling for file reading
- Add localized error messages for checksum file validation
- Update translations (de_CH) with new strings
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add REST API response signing using HMAC-SHA256
- Add SHA256 hash validation for version file uploads
- Add ResponseSigner class for automatic API response signing
- Add file_hash column to database schema
- Remove external URL support from version uploads
- Update translations with all fuzzy strings resolved
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add inline editing for status, expiry date, and domain fields
- Add copy-to-clipboard button for license keys
- Add AJAX handlers for inline editing with nonce verification
- Update LicenseManager with updateLicenseExpiry method
- Add new translations for inline editing strings (de_CH)
- Compile updated German translations to .mo file
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add AJAX handler for real-time license search
- Create admin-licenses.js with debounced search and keyboard navigation
- Display search results with highlighted matches
- Support navigation with arrow keys and Enter to select
- Add CSS for dropdown results styling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Frontend CSS now inherits theme design settings automatically:
- Colors: --wp--preset--color--base, --wp--preset--color--contrast, etc.
- Typography: --wp--preset--font-family--body, --wp--preset--font-size--*
- Spacing: --wp--preset--spacing--20/30/40
All values have sensible fallbacks for non-block themes.
Status badges use color-mix() to blend with theme colors.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add license meta box on WooCommerce order edit pages
- Add editable order domain field with AJAX inline editing
- Add editable license domains directly from order page
- Add licenses table showing all licenses for an order
- Support both classic orders and HPOS
New files:
- src/Admin/OrderLicenseController.php
- assets/js/order-licenses.js
New method: LicenseManager::getLicensesByOrder()
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add WooCommerce Checkout Blocks support for domain field
- Create CheckoutBlocksIntegration for block-based checkout
- Create StoreApiExtension for Store API domain handling
- Add checkout-blocks.js for frontend domain field in blocks
- Fix LicenseManager product type check in generateLicense()
- Add multiple order status hooks for reliable license generation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add product version management:
- ProductVersion model and VersionManager class
- VersionAdminController with meta box on product edit page
- AJAX-based version CRUD (add, delete, toggle status)
- JavaScript for version management UI
Add email notifications:
- LicenseEmailController for order emails
- License keys included in order completed emails
- Support for both HTML and plain text emails
Add REST API rate limiting:
- 30 requests per minute per IP
- Cloudflare and proxy-aware IP detection
- HTTP 429 response with Retry-After header
Other changes:
- Bump version to 0.0.2
- Update CHANGELOG.md
- Add version status styles to admin.css
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add complete plugin infrastructure for selling software with license keys:
- New "Licensed Product" WooCommerce product type
- License key generation (XXXX-XXXX-XXXX-XXXX format) on order completion
- Domain-based license validation system
- REST API endpoints (validate, status, activate, deactivate)
- Customer My Account "Licenses" page
- Admin license management under WooCommerce > Licenses
- Checkout domain field for licensed products
- Custom database tables for licenses and product versions
- Twig template engine integration
- Full i18n support with German (de_CH) translation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
