wp-bootstrap/CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

[1.1.2] - 2026-03-01

Security

• WidgetRenderer regex hardening: Combined two separate preg_replace calls for h2→h4 heading downgrade into a single regex that only matches <h2> elements with the wp-block-heading class. The previous approach replaced all </h2> tags unconditionally, risking mismatched tags if a widget contained non-block h2 elements.

Performance

• O(n) comment tree building (ContextBuilder): Replaced O(n²) recursive scan with a parent-indexed lookup map built in a single pass. Each recursion level now iterates only direct children instead of all comments.
• Consolidated sidebar queries (ContextBuilder): Merged three separate sidebar detection branches (is_home, is_page+sidebar, is_singular post) into a single boolean check with one getSidebarData() call, eliminating up to 2 redundant calls per request.
• Transient caching for sidebar data (ContextBuilder): getSidebarRecentPosts() and getSidebarTags() results cached in WordPress transients (1 hour TTL). Invalidation hooks on save_post (recent posts) and create/edit/delete_post_tag (tags).

Changed

• Hex-to-RGB consolidation (functions.php): wp_bootstrap_hex_to_rgb() now delegates to wp_bootstrap_hex_to_rgb_array() instead of duplicating hex parsing logic. Added ctype_xdigit() validation and return type hints to all color utility functions.

[1.1.1] - 2026-02-28

Added

• PHPUnit test suite: 64 unit tests covering BlockRenderer, WidgetRenderer, NavWalker, and TemplateController classes with 107 assertions. Uses PHPUnit 11 and Brain\Monkey for WordPress function mocking.
• Test infrastructure: WP_HTML_Tag_Processor functional stub using DOMDocument for testing block renderer HTML manipulation outside WordPress. Empty stubs for WP_Block and WP_Widget type hints.
• Build pipeline integration: Tests run automatically before every npm run build via prebuild hook (composer exec -- phpunit).
• CI test job: New PHPUnit test step in Gitea CI workflow between lint and build-release. Tests must pass before release packages are built.
• Release package exclusions: tests/, phpunit.xml.dist, and .phpunit.cache/ excluded from release ZIP packages with verification step.

[1.1.0] - 2026-02-28

Added

• Block Renderer (inc/Block/BlockRenderer.php): New class that injects Bootstrap 5 classes into WordPress core block HTML output on the frontend via per-block render_block_{$name} filters. Handles 8 block types:
  • core/table — .table on <table>, .table-striped when stripes style is active
  • core/button — .btn + .btn-{variant} or .btn-outline-{variant} mapped from WP preset color slugs
  • core/buttons — .d-flex .flex-wrap .gap-2 on button group wrapper
  • core/image — .img-fluid on <img> for responsive images
  • core/search — .input-group on inner wrapper, .form-control on input, .btn .btn-primary on button
  • core/quote — .blockquote on <blockquote>, .blockquote-footer on <cite>
  • core/pullquote — Same blockquote treatment inside <figure>
  • core/list — .list-group + .list-group-item when is-style-list-group block style is selected
• Widget Renderer (inc/Block/WidgetRenderer.php): New class that transforms sidebar widgets into Bootstrap 5 card components via dynamic_sidebar_params and widget_block_content filters. Wraps each widget in a .card > .card-body structure with .card-title headings. Downgrades block widget <h2> headings to <h4> for proper sidebar visual hierarchy.
• Widget SCSS (src/scss/_widgets.scss): New stylesheet for sidebar widget Bootstrap styling — list-group-style list items with border separators, flush-to-card-edge list positioning, Bootstrap form-control styling for select dropdowns, search form input-group layout, tag cloud with pill badges, and secondary-color post dates.
• List Group block style: New "List Group" style registered for core/list blocks — applies Bootstrap .list-group and .list-group-item classes when selected in the editor.
• Single post sidebar template (views/pages/single-sidebar.html.twig): New two-column layout for blog posts with col-lg-8 content area and col-lg-4 sidebar. Includes all single post features (meta, thumbnail, tags, post navigation, comments, more posts). "More posts" section uses row-cols-md-2 to fit the narrower column.
• Extensibility: wp_bootstrap_block_renderer_blocks filter allows child themes to add/remove block handler mappings.

Changed

• Post template default (inc/Template/TemplateController.php): Blog posts now render with the sidebar layout by default (single-sidebar.html.twig). Posts assigned the "Full Width" template use single.html.twig instead. Template selection uses get_page_template_slug() with a match expression.
• Sidebar data for posts (inc/Template/ContextBuilder.php): Posts always receive sidebar data (recent posts, tags, widgets) regardless of template selection, ensuring the sidebar partial always has data available.
• Widget SCSS import (src/scss/style.scss): Added _widgets partial import between Bootstrap Icons and custom styles.

[1.0.12] - 2026-02-28

Fixed

• Admin bar offcanvas padding on desktop (functions.php): Scoped the admin bar offcanvas padding fix to mobile viewports only (max-width: 991.98px) so the extra padding does not appear on wide screens where the offcanvas renders inline as a regular navbar.

[1.0.11] - 2026-02-28

Changed

• Offcanvas mobile navigation: Default header now uses header-offcanvas.html.twig instead of header.html.twig. Mobile navigation slides in as an offcanvas panel from the right instead of collapsing downward.
• User avatar in offcanvas header: When logged in, the offcanvas header displays the user's Gravatar and display name linking to the WooCommerce My Account page (or WP admin profile as fallback). Falls back to the site name when logged out.
• Dark mode toggle repositioned: Moved from the offcanvas body to the offcanvas footer on mobile. Desktop toggle remains in the navbar.

Added

• User context data (inc/Template/ContextBuilder.php): New getUserData() method exposing user.logged_in, user.display_name, user.avatar, and user.account_url to all Twig templates.

Fixed

• Admin bar overlapping offcanvas (functions.php): Inline CSS via wp_add_inline_style() adds padding-top matching the admin bar height to .offcanvas when the admin bar is visible, preventing content overlap.

[1.0.10] - 2026-02-25

Fixed

• Title double-encoding in Twig templates (inc/Template/ContextBuilder.php): WordPress's get_the_title() pre-encodes & as &. When passed to Twig with autoescape enabled, the & in & was escaped again to &, rendering as literal & in the browser (e.g. "Bewerbungen & Nachrichten" instead of "Bewerbungen & Nachrichten"). Fixed by wrapping all 6 get_the_title() calls with wp_specialchars_decode() to decode WordPress entities before Twig. Twig autoescape then properly re-encodes & → &. This is XSS-safe because Twig still escapes all output.

[1.0.9] - 2026-02-19

Performance

• Color variation CSS transient caching (functions.php): wp_bootstrap_variation_colors() now caches the generated inline CSS in a 24-hour WordPress transient keyed by wp_bootstrap_variation_css_ + an MD5 of the active stylesheet slug. Previously the palette iteration and CSS string building ran on every frontend page load. The transient is immediately invalidated on switch_theme and save_post_wp_global_styles, so changes made via the Design Editor are reflected instantly.
• Twig template recompilation gated behind WP_DEBUG (inc/Twig/TwigService.php): auto_reload in the Twig Environment constructor was hardcoded to true, causing Twig to stat every compiled template file on every request to check for source changes. Changed to WP_DEBUG so template recompilation only occurs during development. In production (WP_DEBUG = false) compiled Twig templates are served from cache without filesystem mtime checks.

[1.0.8] - 2026-02-19

Security

• Archive XSS hardening: ContextBuilder::getArchiveData() now wraps get_the_archive_title() and get_the_archive_description() with wp_kses_post(). Term descriptions are user-editable by Editors and above; without sanitization an injected <script> tag would execute via the |raw filter in archive.html.twig
• Comment author XSS hardening: ContextBuilder::buildCommentTree() now applies esc_html() to comment_author and esc_url() to comment_author_url at the data source, preventing injection via user-supplied comment fields
• Dark mode localStorage whitelist: getPreferredTheme() in dark-mode.js now validates the stored theme value against ['dark', 'light'] before use, preventing attribute injection from a tampered localStorage value written by a third-party script
• Twig escaping functions marked safe: esc_html(), esc_attr(), and esc_url() registered in TwigService are now declared with ['is_safe' => ['html']], preventing double-encoding if Twig autoescape is ever enabled

Changed

• views/partials/comment-item.html.twig: Comment author URL now output via {{ comment.author_url|raw }} (escaped in PHP) instead of calling esc_url() from the template, keeping escaping logic in one place

[1.0.7] - 2026-02-18

Added

• do_shortcode() registered as a Twig function in TwigService, allowing shortcodes to be rendered directly from Twig templates via {{ do_shortcode('[shortcode]') }}

[1.0.6] - 2026-02-14

Fixed

• Sidebar widgets not rendered on pages using the "Page with Sidebar" template — ContextBuilder::build() only populated sidebar context for is_home(), so page-sidebar.html.twig received no widget data

[1.0.5] - 2026-02-11

Added

• 11 new translation files: de_CH_informal, de_DE, de_DE_informal, en_GB, es_ES, fr_CH, it_CH, it_IT, nl_NL, pl_PL, pt_PT (total: 13 locales + en_US base)
• Compiled .mo files for all 13 translations

Changed

• Standardized all .po file names to use wp-bootstrap- prefix (WordPress convention: {text-domain}-{locale}.po)

[1.0.4] - 2026-02-11

Added

• wp_bootstrap_should_render_template filter in TemplateController::render() — allows plugins and child themes to prevent the theme from rendering a specific request, enabling clean separation of concerns when plugins handle their own page rendering

[1.0.3] - 2026-02-11

Fixed

• Double <h1> headings on pages where plugins provide their own titles — page.html.twig now wraps <h1> in {% if post.title is not empty %} guard so plugins can suppress it by passing empty post.title

[1.0.2] - 2026-02-10

Fixed

• Missing HTML <title> tag on all pages — theme never declared add_theme_support('title-tag'), so WordPress's _wp_render_title_tag() hook was inactive during wp_head() output in Twig templates

[1.0.1] - 2026-02-09

Added

• Bootstrap Icons web font integration — all 2,000+ icons available via <i class="bi bi-*"></i> CSS classes
• copy:icons build step to copy icon font files (.woff, .woff2) from node_modules to assets/fonts/
• Bootstrap Icons SCSS imported in both frontend and editor stylesheets for icon support in templates and block editor

[1.0.0] - 2026-02-08

Added

• Sidebar widget area (primary-sidebar) registered via register_sidebar() — manageable in Appearance > Widgets
• Widget area rendering in Twig sidebar with fallback to built-in content (recent posts, search, tags) when no widgets assigned
• Widget area description strings added to all translation files (en_US, de_CH, fr_FR)

Changed

• Updated README.md with accurate feature counts (15 style variations, 41 patterns, 3 translations)
• Added documentation for style variation bridge, widget areas, RTL support, and accessibility features

[0.3.3] - 2026-02-08

Fixed

• Style variation colors not applied to Bootstrap frontend — bridge function checked wrong palette origin (custom instead of theme)
• Variation detection now compares theme origin against base theme.json defaults instead of looking for slugs in custom origin

[0.3.2] - 2026-02-08

Fixed

• Dark mode body colors overridden by WordPress global styles (styles.color in theme.json generated conflicting body CSS)
• Dark mode styling for plugin-generated form elements (select, input, textarea) that lack Bootstrap classes
• Footer columns template used hardcoded bg-dark text-light instead of semantic bg-body-tertiary
• Style variation bridge function ran with default palette when no variation was active, causing unnecessary CSS overrides

Changed

• Removed styles.color from theme.json to prevent WordPress from generating body background/text CSS that conflicts with Bootstrap dark mode
• Added !important override in _custom.scss for html[data-bs-theme="dark"] body to ensure Bootstrap dark mode takes precedence
• Added broad dark mode rules for native form elements in _custom.scss

[0.3.1] - 2026-02-08

Added

• 4 new light style variations: Rose, Sand, Lavender, Mint
• 4 new dark style variations: Slate, Mocha, Nebula, Obsidian
• Total of 15 color palettes available in the Design Editor (7 light, 7 dark, plus default)

[0.3.0] - 2026-02-08

Added

• Skip-to-content link for keyboard navigation accessibility
• ARIA labels on all navigation landmarks (<nav>, <aside>)
• aria-current="page" on active dropdown menu items across all header variants
• Lazy loading (loading="lazy") on all below-fold images (post thumbnails, cards, avatars)
• Screen reader announcement for dark mode toggle via aria-live status region
• Font preload hints for Inter and Lora variable fonts
• RTL language support: conditional RTL stylesheet, logical CSS properties for blockquote and list styles
• French (fr_FR) translation with all ~216 strings translated
• CSS classes for post thumbnails, card thumbnails, sidebar headings, and hero overlays (replacing inline styles)

Fixed

• XSS vulnerability in search results template (search_query now escaped with |e('html'))
• Comment author URLs now explicitly escaped with esc_url() in Twig templates

Changed

• Block style blockquote-accent uses border-inline-start instead of border-left for RTL compatibility
• Block style list-unstyled uses padding-inline-start instead of padding-left for RTL compatibility
• Inline styles in Twig templates replaced with CSS classes for maintainability
• Updated translation files (.pot and de_CH.po) with new accessibility strings
• Build pipeline includes RTL SCSS compilation step

[0.2.0] - 2026-02-08

Added

• Full Design Editor compatibility: Bootstrap JS in block editor, full Bootstrap SCSS in editor stylesheet
• 3 custom block categories: Bootstrap Layout, Bootstrap Components, Bootstrap Navigation
• 3 custom pattern categories: Layout, Components, Navigation
• 4 layout patterns: container, 2-column, 3-column, full-width section
• 2 component patterns: card group, accordion
• 3 full-page patterns: about, services, contact
• 4 custom page templates (FSE + Twig): landing (no header/footer), full-width, hero, sidebar
• 2 header variations (FSE + Twig): centered, transparent
• 2 footer variations (FSE + Twig): minimal, multi-column
• 2 navigation patterns: dark navbar, offcanvas mobile navigation
• Offcanvas navigation Twig partial with Bootstrap offcanvas component
• Editor SCSS overrides for alignment and spacing consistency
• Shadow presets (sm, md, lg), aspect ratio presets, and custom layout values in theme.json
• Header/footer variant support via get_theme_mod() in ContextBuilder
• Twig block inheritance in base.html.twig for header/footer variant overrides
• Custom page template routing via get_page_template_slug() in TemplateController
• Transparent header and offcanvas dark mode SCSS styles

Changed

• Enhanced editor-style.scss to import full Bootstrap for WYSIWYG editor fidelity
• Enhanced theme.json with custom templates and template parts registration
• Enhanced functions.php with block editor assets, block categories, and pattern categories
• Enhanced ContextBuilder with header/footer variant methods
• Enhanced TemplateController with custom page template slug routing
• Updated translation files (.pot and de_CH.po) with all new translatable strings

[0.1.1] - 2026-02-08

Added

• Twig-based frontend rendering via template_redirect hook, bypassing FSE block markup on the frontend while preserving Site Editor functionality
• TemplateController class: resolves and renders Twig templates for all page types (home, single, page, archive, search, 404)
• ContextBuilder class: gathers WordPress data (posts, menus, pagination, comments, sidebar, archive info) into structured arrays for Twig
• NavWalker class: converts flat wp_get_nav_menu_items() into nested tree for Bootstrap dropdown menus
• 20 Twig templates with proper Bootstrap 5 HTML: base layout, 5 page templates, 9 partials (header, footer, pagination, sidebar, comments, search form, dark mode toggle, meta, post navigation), 3 components (post card, post grid card, post loop)
• Bootstrap 5 navbar with responsive collapse, brand, dropdown support, and dark mode toggle
• Bootstrap 5 card components for post listings
• Bootstrap 5 pagination component
• Bootstrap 5 comment section with threaded replies and Bootstrap-styled form fields
• Bootstrap 5 sidebar with recent posts, search, and tag cloud (badges)
• Previous/next post navigation and "More posts" grid on single posts
• WordPress functions in Twig: wp_head, wp_footer, wp_body_open, language_attributes, body_class, home_url, get_bloginfo, get_search_query, wp_kses_post, number_format_i18n, _n
• Twig globals: site_name, site_description, site_url, theme_uri, charset, current_year
• Twig filters: wpautop, wp_kses_post
• primary and footer navigation menu locations
• Comment form fields filter for Bootstrap classes (form-control, form-label, form-check, btn)
• Fallback menu from published pages when no menu is assigned
• Sidebar layout detection for "Blog with Sidebar" template
• README.md with project documentation

Changed

• Enhanced TwigService with WordPress output-buffering functions, globals, and filters

[0.1.0] - 2026-02-08

Added

• Dark mode toggle with Bootstrap 5.3 data-bs-theme attribute, localStorage persistence, and prefers-color-scheme support
• 16 new block patterns: hero (cover, split, centered), features (3-col, icon list, 2-col offset), CTA (banner, newsletter), testimonials (2-col, centered), pricing (3-col), contact info, FAQ, about section, sidebar, dark mode toggle
• 17 custom block styles: cards (2), alerts (4), table variants (3), quote accent, image effects (2), button sizes (2), list styles (2), separator wide
• 4 style variations (color schemes): Ocean, Forest, Sunset, Midnight
• Sidebar template part with recent posts, search, and tag cloud
• "Blog with Sidebar" custom page template
• Inter (sans-serif) and Lora (serif) variable web fonts
• "Display" font size for hero headings
• 7 new pattern categories: hero, CTA, features, testimonials, pricing, contact, text
• Dark mode overrides for alert and card block styles in SCSS

Changed

• Header pattern now includes dark mode toggle button
• Build pipeline adds theme JS copy step (copy:theme-js)

[0.0.1] - 2026-02-08

Added

• Initial theme scaffolding
• Bootstrap 5 CSS and JS integration (served locally via npm)
• SASS build pipeline with Dart Sass, PostCSS, Autoprefixer, cssnano
• Twig 3.0 template engine integration via Composer
• FSE templates: index, home, single, page, archive, search, 404
• Template parts: header, footer
• Block patterns: header, footer, query loop, comments, post navigation, more posts, 404, search, blog heading, written by
• theme.json with Bootstrap 5-aligned design tokens (colors, typography, spacing)
• WordPress i18n support with en_US (base) and de_CH translations
• Gitea CI/CD workflow for automated release packages
• Editor styles for block editor compatibility