pFacturas for WooCommerce

Changelog

1.0.27.63

• Security: Fixed AJAX nonce verification order – nonce is now verified BEFORE extracting order_id from $_POST
• Security: Changed to static nonce verification using check_ajax_referer() instead of order-specific nonces
• Security: Nonce now uses static action name ‘pfwc_emit_cfe’ instead of dynamic ‘pf_emit_’ . $order_id
• Fix: Separated ob_start() and ob_get_clean() calls on individual lines for explicit buffer management
• Improvement: AJAX handler now uses wp_localize_script() to pass nonce and ajaxUrl to JavaScript
• Compliance: All security fixes follow WordPress.org Plugin Directory requirements

1.0.27.62

• Fix: Renamed all helper functions from pf_ to pfwc_ prefix (4+ characters required by WordPress.org)
• Fix: Added phpcs:ignore comments for $_GET usage in admin script enqueueing (display only, not processing)
• Compliance: All function names now meet WordPress.org naming standards

1.0.27.61

• Fix: Changed all class prefixes from PF_ to PFWC_ (4+ characters as required by WordPress.org)
• Fix: Changed constants PF_PLUGIN_DIR and PF_PLUGIN_URL to PFWC_PLUGIN_DIR and PFWC_PLUGIN_URL
• Fix: Converted all inline tags to wp_add_inline_script() for proper script enqueueing
• Security: Added nonce verification and capability checks to ajax_emit() method
• Security: Added permission checks to emit_if_needed() method and removed direct $_POST processing
• Security: Removed unsafe var_export() and print_r() of $_POST data from logging
• Security: Added proper output escaping with esc_html() to all echoed variables
• Compliance: All scripts now properly enqueued following WordPress coding standards

1.0.27.60

• Fix: Translated all plugin descriptions to English (readme.txt and plugin headers)
• Documentation: Added comprehensive Third Party Services section documenting pFacturas API integration
• Compliance: Full documentation of data transmission, privacy policy and terms of service

1.0.27.59

• Fix: Corrected ZIP compression method (changed to Compress-Archive for WordPress.org compatibility)

1.0.27.58

• Fix: Corrected plugin name in readme.txt to match pFacturas.php (both now use “pFacturas for WooCommerce”)

1.0.27.57

• Fix: Corrected Plugin URI to meet WordPress.org requirements (cannot be WordPress.org URL, must be developer’s site)

1.0.27.56

• Fix: Corrected author name from “Punto Exe Consultores” to “PuntoExe Consultores” (single word)

1.0.27.55

• Fix: Header completely rewritten following exact format from official WordPress.org documentation (name in English, required additional fields, License in exact format)

1.0.27.54

• Fix: Removed accents from plugin header to avoid encoding issues (WordPress.org requires pure ASCII in headers)

1.0.27.53

• Fix: Added Plugin URI and Author URI fields to header (required by WordPress.org)

1.0.27.52

• Fix: Changed comment block format from /* to /** (PHPDoc DocBlock standard)

1.0.27.51

• Fix: Corrected plugin header format (added asterisk * at the beginning of each line per WordPress.org standard)

1.0.27.50

• Fix: Corrected plugin header format (internal changelog removed, only maintained in readme.txt)

1.0.27.49

• Fix: Restored accents in Plugin Name and Description

1.0.27.48

• Fix: Restored accents in readme.txt tags

1.0.27.47

• Fix: Changed approach from inline phpcs:ignore to phpcs:disable/enable block in class-pf-emitter.php lines 588-590

1.0.27.46

• Fix: Updated inline phpcs:ignore comment in class-pf-emitter.php line 589

1.0.27.45

• Fix: Added inline phpcs:ignore comment in class-pf-emitter.php line 589 for NonceVerification.Missing

1.0.27.44

• Fix: Changed plugin slug from “woocommerce-pfacturas” to “pfacturas-for-woocommerce”
• Fix: Complies with WordPress.org trademark rules (ends with “for-woocommerce”)
• Fix: Added sanitize_text_field() in class-pf-emitter.php line 606 for nonce
• IMPORTANT: Requires plugin uninstall and reinstall (slug change)

1.0.27.43

• Fix: Corrected plugin name to comply with WordPress.org trademark rules
• Fix: Name now ends with “for WooCommerce” instead of “para WooCommerce”
• Fix: Removed accented characters from name and description to avoid encoding issues
• Fix: readme.txt reduced to 5 tags maximum and short description to less than 150 characters
• Fix: Added wp_unslash() in class-pf-emitter.php line 606 for $_POST[‘_wpnonce’]

1.0.27.42

• Fix: Updated Stable tag in readme.txt to 1.0.27.42
• Fix: Completed missing phpcs:ignore comments in class-pf-checkout.php (lines 18-20, 37-39)
• Fix: Added phpcs:ignore for var_export in class-pf-emitter.php line 155
• Fix: Added phpcs:ignore for $_POST in class-pf-emitter.php lines 588, 592, 605
• Fix: Added phpcs:ignore for var_export and print_r in class-pf-mapper.php lines 17, 20, 25

1.0.27.41

• Fix: Added sanitize_callback to register_setting() to comply with WordPress standards
• Fix: Updated “Tested up to” to WordPress 6.8
• Fix: Added phpcs:ignore comments for nonce verification warnings in WooCommerce hooks
• Fix: Added phpcs:ignore comments for debug functions (var_export, print_r) used only for logging

1.0.27.39

• Architecture: Implemented dual build system (official vs development)
• New file: class-pf-manual-updater.php with manual update functionality
• Fix: Manual update moved to separate file to avoid errors in Plugin Check
• Official builds: Exclude class-pf-manual-updater.php to pass Plugin Check without errors
• Development builds: Include class-pf-manual-updater.php for full functionality
• Documentation: Updated in _dev/ to explain dual build system

1.0.27.38

• Fix: Added phpcs:ignore comments to all print_r() and var_export() used in logging
• Fix: Manual update functionality now requires flag file _dev/enable-manual-updates.flag
• Improvement: Manual update disabled by default in official versions to comply with WordPress.org standards
• Plugin Check: Resolved all DevelopmentFunctions warnings in class-pf-blocks.php and class-pf-emitter.php

1.0.27.37

• Fix: Replaced all uses of date() with gmdate() to avoid timezone issues
• Fix: Added esc_html() to error message in wp_die() in class-pf-settings.php
• WordPress.DateTime.RestrictedFunctions: All date() changed to gmdate() in helpers.php, class-pf-client.php and class-pf-mapper.php

1.0.27.36

• Fix: Third round of corrections for WordPress.org Plugin Check
• Applied esc_attr() to all outputs of self::OPTION_KEY in class-pf-settings.php
• Applied esc_html(), esc_attr(), esc_textarea() to dynamic parameters in function f()
• Added phpcs:ignore comments for print_r() and var_export() used in logging
• Changed date() to current_time(‘mysql’) in helpers.php for WordPress consistency
• Improved in_array() function with strict comparison parameter

1.0.27.35

• Fix: Additional corrections for WordPress.org Plugin Check (second round)
• Added phpcs:ignore comments with justification for safe variables
• Fixed 15 output escaping errors in class-pf-checkout.php, class-pf-emitter.php and class-pf-settings.php

1.0.27.34

• Fix: Corrections to comply with WordPress.org Plugin Check
• Converted heredoc to string concatenation (WordPress.org does not allow heredoc)
• Added output escaping with esc_attr(), esc_js(), esc_url() where appropriate
• Changed wp_redirect() to wp_safe_redirect() for better security

1.0.27

• New feature: Demo Mode that allows testing the plugin without credentials
• New feature: Automatic detection and renewal of expired Demo credentials
• Improvement: Logging system with user preference
• Improvement: Full compatibility with WooCommerce Blocks
• Improvement: Enhanced RUT and CI validation with check digit
• Improvement: Indexed Units threshold handling based on subtotal
• Fix: Multiple fixes to comply with WordPress.org Plugin Check
• Fix: Security improvements with data sanitization and escaping

1.0.16

• Checkout fields simplification: Now only “Document Type” and “Document” are requested when total exceeds identification threshold. Other data (name, address, city, country) is automatically taken from order billing information.
• Improved CI validation: Added JavaScript check digit validation for Uruguayan Identity Card (type 3) in both classic checkout and WooCommerce Blocks.
• Required fields: All billing fields are now required when applicable (Tax ID/Business Name if invoicing with Tax ID, Type and Document if threshold exceeded).
• WooCommerce Blocks updated: Removed redundant fields from Store API and blocks.js, now uses billing address data directly.
• Optimized mapper: The mapper now uses get_billing_first_name(), get_billing_last_name(), get_billing_address_1(), get_billing_city() and get_billing_country() from order object.

1.0.15

• Simplified dropdowns: Options in dropdowns now show only descriptions without values (e.g. “Testing” instead of “TES – Testing”).
• Extended Individual Person fields: Added “Address” and “City” fields to comply with identification threshold requirements.
• Corrected options: “Cédula Mercosur” changed to “DNI Mercosur”, “Otro” changed to “Otros”.
• Improved threshold logic: When total exceeds configured threshold and not invoicing with Tax ID, all required Individual Person fields are now requested.
• Improved validation: Validation now verifies that all Individual Person fields are complete when required.