V4.6.4

[apinto-uc]

User description

Improvements

• Added support for 9-character Settings IDs in the account connection field

Bugfixes

• Fixed form change detection on the settings page to track all input types

---

CodeAnt-AI Description

Add 9-character Settings ID support and fix settings form change detection

What Changed

• Account connection fields and messages now accept Settings IDs of 9, 14, or 36 characters (placeholders, validation, and error text updated) so 9-character IDs are accepted without error.
• Client-side validation on network and settings pages updated to treat 9-character IDs as valid, showing the ruleset selector and enabling connect when appropriate.
• Settings page form-change detection now monitors all input elements (not only text inputs) so the Save/Connect button correctly enables when any form field changes.
• Package metadata bumped to version 4.6.4 and changelog/readme updated to reflect these changes.

Impact

✅ Can connect accounts using 9-character Settings ID
✅ Fewer missed form change detections on the settings page
✅ Clearer ID validation errors preventing false negatives

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

CodeAnt AI is reviewing your PR.

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[qodo-code-review]

Review Summary by Qodo

Add 9-character Settings ID support and fix form change detection

✨ Enhancement 🐞 Bug fix

Walkthroughs

Description

• Added support for 9-character Settings IDs in account connection field
• Fixed form change detection to track all input types correctly
• Updated version to 4.6.4 across all configuration files

Diagram

flowchart LR
  A["Settings ID Validation"] -->|"Support 9, 14, 36 chars"| B["Updated Validation Logic"]
  C["Form Change Detection"] -->|"Track all input types"| D["Fixed jQuery Selectors"]
  E["Version Update"] -->|"4.6.3 to 4.6.4"| F["Plugin Metadata"]

Loading

File Changes

1. cookiebot.php ⚙️ Configuration changes +1/-1

Update plugin version to 4.6.4

cookiebot.php

---

2. src/lib/Cookiebot_WP.php ⚙️ Configuration changes +1/-1

Update COOKIEBOT_PLUGIN_VERSION constant

src/lib/Cookiebot_WP.php

---

3. src/view/admin/cb_frame/settings/general-page.php ✨ Enhancement +1/-1

Update Settings ID validation error message

src/view/admin/cb_frame/settings/general-page.php

---

View more (6)

4. src/view/admin/common/network-settings-page.php ✨ Enhancement +2/-2

Update placeholder and error message for Settings ID

src/view/admin/common/network-settings-page.php

---

5. src/view/admin/common/settings-page.php ✨ Enhancement +2/-2

Update placeholder and error message for Settings ID

src/view/admin/common/settings-page.php

---

6. src/view/admin/uc_frame/settings/general-page.php ✨ Enhancement +1/-1

Update Settings ID validation error message

src/view/admin/uc_frame/settings/general-page.php

---

7. assets/js/backend/network-settings-page.js ✨ Enhancement +2/-2

Add 9-character length validation for Settings ID

assets/js/backend/network-settings-page.js

---

8. assets/js/backend/settings-page.js 🐞 Bug fix +6/-6

Add 9-char validation and fix form change detection

assets/js/backend/settings-page.js

---

9. readme.txt 📝 Documentation +14/-1

Update stable tag and add changelog entry

readme.txt

---

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
12.5% Duplication on New Code

See analysis details on SonarQube Cloud

[codeant-ai]

Nitpicks 🔍

🔒 No security issues identified

⚡ Recommended areas for review Backend validation The UI was updated to accept 9-character Settings IDs (placeholders and error messages). Verify that server-side validation and saving logic have been updated to permit 9-character Settings IDs (and still allow 14 and 36). If validation remains length-restricted to 14/36 it will reject valid input from the updated UI. Length-only validation The new ruleset ID validation checks only the string length (9, 14 or 36) but does not validate allowed characters or patterns for the new 9-character Settings ID. That can allow malformed IDs (wrong characters) to pass the length check and cause downstream errors when IDs are used in requests or UI logic. Case-sensitive UUID check The UUID detection regex in check_id_frame() only matches lowercase hex characters. If a 36-character frame ID contains uppercase hex, the function will return false and the UI will treat a valid UUID as non-UUID (changing available controls). Consider making the regex case-insensitive or normalizing input before testing. Length-only validation (network) The same length-only validation was added in the network settings page. Ensure the character set/pattern for 9-character IDs is validated consistently across both files to avoid inconsistent behavior between network and site settings. Consistent user feedback The error message text was changed to include 9-character IDs. Confirm the same message and validation behaviour exist across all places where CBIDs are entered (single-site, network, CB frame) and that JS client-side validation (if any) has been updated so messages match actual checks.

[codeant-ai]

CodeAnt AI finished reviewing your PR.

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (1) 📘 Rule violations (0) 📎 Requirement gaps (0)

1. No backend CBID validation 🐞 Bug ⛯ Reliability

Description

JS now validates CBID length (9/14/36), but backend save paths store whatever is posted with no
length/format validation (and in multisite network settings, without sanitization). This can lead to
invalid IDs being persisted (e.g., when JS is disabled or via direct POST/AJAX), causing broken
banner injection and difficult-to-debug misconfiguration.

Code

assets/js/backend/settings-page.js[R67-72]

+    // Validate that the field has exactly 9, 14 or 36 characters
    const fieldLength = cbidField.val().length;
-    if(fieldLength !== 14 && fieldLength !== 36){
+    if(fieldLength !== 9 && fieldLength !== 14 && fieldLength !== 36){
        cbidCheck.removeClass('check-pass');
        cbidRulesetSelector.addClass('hidden');
        cbidError.removeClass('hidden');

Evidence

The PR adds/updates client-side length checks, but WordPress option registration and network
settings save do not enforce any validation. Additionally, the AJAX endpoint persists the CBID after
only a non-empty check, so incorrect lengths can be stored outside the UI flow.

assets/js/backend/settings-page.js[67-74]
src/settings/Menu_Settings.php[62-66]
src/settings/Network_Menu_Settings.php[68-74]
src/lib/Account_Service.php[107-121]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
CBID/Settings ID validation is currently enforced only in JavaScript. Backend handlers (`register_setting` / options save, multisite network save, and AJAX store) accept and persist any value, so invalid IDs can be saved when JS is bypassed or via direct POST/AJAX.

### Issue Context
The PR expands the set of valid lengths to include 9-character Settings IDs, which makes it even more important that server-side validation matches the UI rules.

### Fix Focus Areas
- Add a `sanitize_callback` / validation hook for the `cookiebot-cbid` option so invalid values are rejected or normalized:
 - src/settings/Menu_Settings.php[62-66]
- Sanitize and validate network CBID before calling `update_site_option`:
 - src/settings/Network_Menu_Settings.php[68-74]
- Validate CBID length/format in the AJAX store endpoint (return 400 on invalid values):
 - src/lib/Account_Service.php[107-121]
- (Optional) Reuse a single helper method for CBID validation to keep rules consistent across all entry points:
 - assets/js/backend/settings-page.js[67-74]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

ⓘ The new review experience is currently in Beta. Learn more