magdev/wp-bootstrap
1
Fork 0
Code Issues Pull Requests Actions Releases 24 Activity

24 Releases 24 Tags

  • v1.1.3 6c8526d2a5
    Compare

    WP Bootstrap 1.1.3
    All checks were successful
    Create Release Package / PHP Lint (push) Successful in 50s
    Details
    Create Release Package / PHPUnit Tests (push) Successful in 44s
    Details
    Create Release Package / Build Release (push) Successful in 2m17s
    Details
    Stable

    magdev released this 2026-03-07 09:34:46 +00:00 | 0 commits to main since this release

    Security

    • Template output escaping: Added |esc_url filter to all unescaped URL outputs across 8 Twig template partials — header.html.twig, header-offcanvas.html.twig, header-transparent.html.twig, header-centered.html.twig, footer.html.twig, footer-columns.html.twig, search-form.html.twig, comment-item.html.twig. Covers site.url, item.url, child.url, user.account_url, comment.author_url, and comment.edit_url.

    Added

    • Twig escape filters (TwigService.php): Registered esc_html, esc_attr, and esc_url as Twig filters with ['is_safe' => ['html']] to prevent double-encoding. Complements existing wpautop and wp_kses_post filters.
    Downloads
  • v1.1.2 17728e81d9
    Compare

    WP Bootstrap 1.1.2
    All checks were successful
    Create Release Package / PHP Lint (push) Successful in 1m32s
    Details
    Create Release Package / PHPUnit Tests (push) Successful in 2m35s
    Details
    Create Release Package / Build Release (push) Successful in 2m36s
    Details
    Stable

    magdev released this 2026-03-01 00:02:21 +00:00 | 2 commits to main since this release

    Security

    • WidgetRenderer regex hardening: Combined two separate preg_replace calls for h2→h4 heading downgrade into a single regex that only matches <h2> elements with the wp-block-heading class. The previous approach replaced all </h2> tags unconditionally, risking mismatched tags if a widget contained non-block h2 elements.

    Performance

    • O(n) comment tree building (ContextBuilder): Replaced O(n²) recursive scan with a parent-indexed lookup map built in a single pass. Each recursion level now iterates only direct children instead of all comments.
    • Consolidated sidebar queries (ContextBuilder): Merged three separate sidebar detection branches (is_home, is_page+sidebar, is_singular post) into a single boolean check with one getSidebarData() call, eliminating up to 2 redundant calls per request.
    • Transient caching for sidebar data (ContextBuilder): getSidebarRecentPosts() and getSidebarTags() results cached in WordPress transients (1 hour TTL). Invalidation hooks on save_post (recent posts) and create/edit/delete_post_tag (tags).

    Changed

    • Hex-to-RGB consolidation (functions.php): wp_bootstrap_hex_to_rgb() now delegates to wp_bootstrap_hex_to_rgb_array() instead of duplicating hex parsing logic. Added ctype_xdigit() validation and return type hints to all color utility functions.
    Downloads
  • v1.1.1 ea2ccef5de
    Compare

    WP Bootstrap 1.1.1
    All checks were successful
    Create Release Package / PHP Lint (push) Successful in 1m13s
    Details
    Create Release Package / PHPUnit Tests (push) Successful in 1m8s
    Details
    Create Release Package / Build Release (push) Successful in 1m58s
    Details
    Stable

    magdev released this 2026-02-28 23:14:34 +00:00 | 3 commits to main since this release

    Added

    • PHPUnit test suite: 64 unit tests covering BlockRenderer, WidgetRenderer, NavWalker, and TemplateController classes with 107 assertions. Uses PHPUnit 11 and Brain\Monkey for WordPress function mocking.
    • Test infrastructure: WP_HTML_Tag_Processor functional stub using DOMDocument for testing block renderer HTML manipulation outside WordPress. Empty stubs for WP_Block and WP_Widget type hints.
    • Build pipeline integration: Tests run automatically before every npm run build via prebuild hook (composer exec -- phpunit).
    • CI test job: New PHPUnit test step in Gitea CI workflow between lint and build-release. Tests must pass before release packages are built.
    • Release package exclusions: tests/, phpunit.xml.dist, and .phpunit.cache/ excluded from release ZIP packages with verification step.
    Downloads
  • v1.1.0 3165e60639
    Compare

    WP Bootstrap 1.1.0
    All checks were successful
    Create Release Package / PHP Lint (push) Successful in 1m7s
    Details
    Create Release Package / Build Release (push) Successful in 1m41s
    Details
    Stable

    magdev released this 2026-02-28 22:44:25 +00:00 | 5 commits to main since this release

    Added

    • Block Renderer (inc/Block/BlockRenderer.php): New class that injects Bootstrap 5 classes into WordPress core block HTML output on the frontend via per-block render_block_{$name} filters. Handles 8 block types:
      • core/table.table on <table>, .table-striped when stripes style is active
      • core/button.btn + .btn-{variant} or .btn-outline-{variant} mapped from WP preset color slugs
      • core/buttons.d-flex .flex-wrap .gap-2 on button group wrapper
      • core/image.img-fluid on <img> for responsive images
      • core/search.input-group on inner wrapper, .form-control on input, .btn .btn-primary on button
      • core/quote.blockquote on <blockquote>, .blockquote-footer on <cite>
      • core/pullquote — Same blockquote treatment inside <figure>
      • core/list.list-group + .list-group-item when is-style-list-group block style is selected
    • Widget Renderer (inc/Block/WidgetRenderer.php): New class that transforms sidebar widgets into Bootstrap 5 card components via dynamic_sidebar_params and widget_block_content filters. Wraps each widget in a .card > .card-body structure with .card-title headings. Downgrades block widget <h2> headings to <h4> for proper sidebar visual hierarchy.
    • Widget SCSS (src/scss/_widgets.scss): New stylesheet for sidebar widget Bootstrap styling — list-group-style list items with border separators, flush-to-card-edge list positioning, Bootstrap form-control styling for select dropdowns, search form input-group layout, tag cloud with pill badges, and secondary-color post dates.
    • List Group block style: New "List Group" style registered for core/list blocks — applies Bootstrap .list-group and .list-group-item classes when selected in the editor.
    • Single post sidebar template (views/pages/single-sidebar.html.twig): New two-column layout for blog posts with col-lg-8 content area and col-lg-4 sidebar. Includes all single post features (meta, thumbnail, tags, post navigation, comments, more posts). "More posts" section uses row-cols-md-2 to fit the narrower column.
    • Extensibility: wp_bootstrap_block_renderer_blocks filter allows child themes to add/remove block handler mappings.

    Changed

    • Post template default (inc/Template/TemplateController.php): Blog posts now render with the sidebar layout by default (single-sidebar.html.twig). Posts assigned the "Full Width" template use single.html.twig instead. Template selection uses get_page_template_slug() with a match expression.
    • Sidebar data for posts (inc/Template/ContextBuilder.php): Posts always receive sidebar data (recent posts, tags, widgets) regardless of template selection, ensuring the sidebar partial always has data available.
    • Widget SCSS import (src/scss/style.scss): Added _widgets partial import between Bootstrap Icons and custom styles.
    Downloads
  • v1.0.12 9904bf508a
    Compare

    WP Bootstrap 1.0.12
    All checks were successful
    Create Release Package / PHP Lint (push) Successful in 1m8s
    Details
    Create Release Package / Build Release (push) Successful in 1m44s
    Details
    Stable

    magdev released this 2026-02-28 20:43:41 +00:00 | 6 commits to main since this release

    Fixed

    • Admin bar offcanvas padding on desktop (functions.php): Scoped the admin bar offcanvas padding fix to mobile viewports only (max-width: 991.98px) so the extra padding does not appear on wide screens where the offcanvas renders inline as a regular navbar.
    Downloads
  • v1.0.11 77778860ab
    Compare

    WP Bootstrap 1.0.11
    All checks were successful
    Create Release Package / PHP Lint (push) Successful in 1m13s
    Details
    Create Release Package / Build Release (push) Successful in 1m56s
    Details
    Stable

    magdev released this 2026-02-28 20:38:55 +00:00 | 7 commits to main since this release

    Changed

    • Offcanvas mobile navigation: Default header now uses header-offcanvas.html.twig instead of header.html.twig. Mobile navigation slides in as an offcanvas panel from the right instead of collapsing downward.
    • User avatar in offcanvas header: When logged in, the offcanvas header displays the user's Gravatar and display name linking to the WooCommerce My Account page (or WP admin profile as fallback). Falls back to the site name when logged out.
    • Dark mode toggle repositioned: Moved from the offcanvas body to the offcanvas footer on mobile. Desktop toggle remains in the navbar.

    Added

    • User context data (inc/Template/ContextBuilder.php): New getUserData() method exposing user.logged_in, user.display_name, user.avatar, and user.account_url to all Twig templates.

    Fixed

    • Admin bar overlapping offcanvas (functions.php): Inline CSS via wp_add_inline_style() adds padding-top matching the admin bar height to .offcanvas when the admin bar is visible, preventing content overlap.
    Downloads
  • v1.0.10 0902c5e1a5
    Compare

    WP Bootstrap 1.0.10
    All checks were successful
    Create Release Package / PHP Lint (push) Successful in 1m10s
    Details
    Create Release Package / Build Release (push) Successful in 1m50s
    Details
    Stable

    magdev released this 2026-02-25 19:20:36 +00:00 | 8 commits to main since this release

    Fixed

    • Title double-encoding in Twig templates (inc/Template/ContextBuilder.php): WordPress's get_the_title() pre-encodes & as &#038;. When passed to Twig with autoescape enabled, the & in &#038; was escaped again to &amp;#038;, rendering as literal &#038; in the browser (e.g. "Bewerbungen & Nachrichten" instead of "Bewerbungen & Nachrichten"). Fixed by wrapping all 6 get_the_title() calls with wp_specialchars_decode() to decode WordPress entities before Twig. Twig autoescape then properly re-encodes &&amp;. This is XSS-safe because Twig still escapes all output.
    Downloads
  • v1.0.9 576922160e
    Compare

    WP Bootstrap 1.0.9
    All checks were successful
    Create Release Package / PHP Lint (push) Successful in 2m3s
    Details
    Create Release Package / Build Release (push) Successful in 2m5s
    Details
    Stable

    magdev released this 2026-02-19 17:26:45 +00:00 | 10 commits to main since this release

    Performance

    • Color variation CSS transient caching (functions.php): wp_bootstrap_variation_colors() now caches the generated inline CSS in a 24-hour WordPress transient keyed by wp_bootstrap_variation_css_ + an MD5 of the active stylesheet slug. Previously the palette iteration and CSS string building ran on every frontend page load. The transient is immediately invalidated on switch_theme and save_post_wp_global_styles, so changes made via the Design Editor are reflected instantly.
    • Twig template recompilation gated behind WP_DEBUG (inc/Twig/TwigService.php): auto_reload in the Twig Environment constructor was hardcoded to true, causing Twig to stat every compiled template file on every request to check for source changes. Changed to WP_DEBUG so template recompilation only occurs during development. In production (WP_DEBUG = false) compiled Twig templates are served from cache without filesystem mtime checks.
    Downloads
  • v1.0.8 89afa00678
    Compare

    WP Bootstrap 1.0.8
    All checks were successful
    Create Release Package / PHP Lint (push) Successful in 1m8s
    Details
    Create Release Package / Build Release (push) Successful in 1m53s
    Details
    Stable

    magdev released this 2026-02-19 12:23:40 +00:00 | 11 commits to main since this release

    Security

    • Archive XSS hardening: ContextBuilder::getArchiveData() now wraps get_the_archive_title() and get_the_archive_description() with wp_kses_post(). Term descriptions are user-editable by Editors and above; without sanitization an injected <script> tag would execute via the |raw filter in archive.html.twig
    • Comment author XSS hardening: ContextBuilder::buildCommentTree() now applies esc_html() to comment_author and esc_url() to comment_author_url at the data source, preventing injection via user-supplied comment fields
    • Dark mode localStorage whitelist: getPreferredTheme() in dark-mode.js now validates the stored theme value against ['dark', 'light'] before use, preventing attribute injection from a tampered localStorage value written by a third-party script
    • Twig escaping functions marked safe: esc_html(), esc_attr(), and esc_url() registered in TwigService are now declared with ['is_safe' => ['html']], preventing double-encoding if Twig autoescape is ever enabled

    Changed

    • views/partials/comment-item.html.twig: Comment author URL now output via {{ comment.author_url|raw }} (escaped in PHP) instead of calling esc_url() from the template, keeping escaping logic in one place
    Downloads
  • v1.0.7 876be4a041
    Compare

    WP Bootstrap 1.0.7
    All checks were successful
    Create Release Package / PHP Lint (push) Successful in 1m4s
    Details
    Create Release Package / Build Release (push) Successful in 1m51s
    Details
    Stable

    magdev released this 2026-02-18 14:06:21 +00:00 | 12 commits to main since this release

    Added

    • do_shortcode() registered as a Twig function in TwigService, allowing shortcodes to be rendered directly from Twig templates via {{ do_shortcode('[shortcode]') }}
    Downloads