Conversation
✅ WordPress Plugin Check Report
📊 ReportAll checks passed! No errors or warnings found. 🤖 Generated by WordPress Plugin Check Action • Learn more about Plugin Check |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the plugin to version 2.8.1, adding support for multiple post categories during creation and fixing multi-line email formatting. It introduces new routes, controllers, and frontend UI components for category management. Review feedback identifies several critical improvements: reversing the order of mail body processing functions, merging rather than overwriting category results in the backend loop, sanitizing category ID inputs, and correcting variable naming and success logic in the frontend helpers.
frontend/src/components/AllIntegrations/PostCreation/PostHelperFunction.js
Show resolved
Hide resolved
There was a problem hiding this comment.
Pull request overview
Bumps the plugin to v2.8.1 and updates release notes, while adding WP Post Creation category assignment support and improving Mail action handling (including multi-line body formatting and dedicated save/update routes).
Changes:
- Bump plugin version references to 2.8.1 and add 2.8.1 changelog entries (WP Post Creation categories, GiveWP donation type, Mail formatting fix).
- Add “Post Categories” selection UI + AJAX endpoint, and apply selected categories during post creation.
- Add dedicated Mail action save/update AJAX routes and adjust mail body formatting with
wpautop().
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| readme.txt | Updates stable tag and adds 2.8.1 changelog entry. |
| frontend/src/pages/ChangelogToggle.jsx | Updates in-app changelog content and release date. |
| frontend/src/components/AllIntegrations/PostCreation/PostHelperFunction.js | Adds helper to fetch post categories via AJAX. |
| frontend/src/components/AllIntegrations/PostCreation/PostEdit.jsx | Adds multi-select UI for categories in edit flow and refresh behavior. |
| frontend/src/components/AllIntegrations/PostCreation/Post.jsx | Adds multi-select UI for categories in create flow and config field. |
| frontend/src/components/AllIntegrations/IntegrationHelpers/IntegrationHelpers.js | Routes Mail action saves/updates to new endpoints. |
| bitwpfi.php | Bumps plugin header version + BTCBI_VERSION constant. |
| backend/controller/PostController.php | Adds AJAX handler to list categories/terms for a post type. |
| backend/Routes/ajax.php | Registers new Mail save/update endpoints and post-categories listing endpoint. |
| backend/Config.php | Bumps backend VERSION constant. |
| backend/Actions/UserRegistrationMembership/RecordApiHelper.php | Adds translator comment for an i18n string. |
| backend/Actions/PostCreation/PostCreationController.php | Applies selected categories after successful post creation. |
| backend/Actions/Mail/MailController.php | Uses wpautop() to render multi-line mail bodies as HTML. |
| .github/workflows/plugin-check.yml | Uses .github/build for building and adjusts plugin-check configuration. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
frontend/src/components/AllIntegrations/PostCreation/PostHelperFunction.js
Outdated
Show resolved
Hide resolved
frontend/src/components/AllIntegrations/PostCreation/PostHelperFunction.js
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 15 out of 15 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| return self::$_sanitize_post_content ? wp_kses_post($value) : sanitize_text_field($value); | ||
| } |
There was a problem hiding this comment.
sanitize_post_content() currently switches sanitizeValue() to wp_kses_post() for every string in the request payload (not just the mail body). For Mail routes this means fields like integration name, subject, email addresses, etc. may now retain HTML/newlines, which can lead to unexpected stored values and increases XSS/header-format risk if any of those fields are ever rendered without escaping. Consider limiting KSES sanitization to the specific field(s) that need HTML (e.g., sanitize flow_details.body inside the Flow/Mail save path), or enhancing the sanitizer to be path-aware so only the message body uses wp_kses_post().
| return; | ||
| } | ||
|
|
||
| wp_set_post_categories($postId, array_unique($categoryIds), false); |
There was a problem hiding this comment.
setPostCategories() uses wp_set_post_categories(), which only assigns terms in the built-in category taxonomy. However, the categories list endpoint returns terms from all hierarchical taxonomies for the selected post type, so selections for CPT taxonomies (e.g. product_cat or custom taxonomies) won’t be applied correctly and may silently fail / assign wrong terms. Either restrict the list endpoint to the category taxonomy only, or include taxonomy information in the saved value and call wp_set_post_terms() per taxonomy.
| wp_set_post_categories($postId, array_unique($categoryIds), false); | |
| // Ensure we only assign terms from the built-in "category" taxonomy. | |
| $categoryTermIds = []; | |
| foreach ($categoryIds as $termId) { | |
| $term = get_term($termId); | |
| if ($term instanceof \WP_Term && $term->taxonomy === 'category') { | |
| $categoryTermIds[] = $term->term_id; | |
| } | |
| } | |
| $categoryTermIds = array_unique(array_filter($categoryTermIds)); | |
| if (empty($categoryTermIds)) { | |
| return; | |
| } | |
| wp_set_post_categories($postId, $categoryTermIds, false); |
| } | ||
| $mailBody = stripcslashes($mailBody); | ||
|
|
||
| $mailBody = stripcslashes(wpautop($mailBody)); |
There was a problem hiding this comment.
wpautop() is being applied to $mailBody, but the Mail action body is authored via TinyMCE (HTML). Running wpautop() on already-HTML content can introduce extra <p>/<br> tags and change the rendered output unexpectedly. Consider only applying wpautop() (or nl2br) when the body is plain text (e.g., no HTML tags), or make this formatting behavior configurable so HTML templates aren’t modified.
| $mailBody = stripcslashes(wpautop($mailBody)); | |
| // Only auto-format when the body is plain text (no HTML tags). | |
| if ($mailBody === strip_tags($mailBody)) { | |
| $mailBody = wpautop($mailBody); | |
| } | |
| $mailBody = stripcslashes($mailBody); |
| key={`post-categories-${postConf?.post_type || 'default'}-${postConf?.post_categories || ''}`} | ||
| className="mt-2 w-5" | ||
| defaultValue={postConf?.post_categories || ''} | ||
| options={postCategories} |
There was a problem hiding this comment.
refreshPostCategories() populates postCategories with { label, value } where value comes from the API as an integer, but MultiSelect’s defaultValue/onChange use a comma-separated string of selected values. If the component compares values as strings, passing numeric option values can prevent selections from being displayed/rehydrated correctly. To avoid a type mismatch (and to match the edit screen’s behavior), normalize value to toString() when building the options list.
| options={postCategories} | |
| options={ | |
| postCategories?.map(cat => ({ | |
| ...cat, | |
| value: cat?.value != null ? cat.value.toString() : '' | |
| })) || [] | |
| } |
No description provided.