commit 39690e125092ff1392326a7738a6a815a41f0880
Author: Tim Nolte <tim.nolte@ndigitals.com>
Date: Sat Apr 10 16:41:14 2021 -0400
Preparation for New Maintenance Release
- Updates Version to 3.8.4.
- Updates Changelogs.
commit 1e1b84cfcc
Author: Tim Nolte <tnolte@forumone.com>
Date: Sat Apr 10 12:00:40 2021 -0400
Local Dev/Composer Scripts/Transient Redirection Fixes (#295)
- Fixes local Docker wp-env environment setup w/ cleanup.
- Fixes Composer scripts for linting and static analysis.
- Fixes invalid State transient object handling for redirection.
commit 40e60474ab
Author: Tim Nolte <tnolte@forumone.com>
Date: Thu Apr 8 22:10:53 2021 -0400
Preparation for Maintenance Release (#291)
commit 8a963301ab
Author: Tim Nolte <tnolte@forumone.com>
Date: Thu Apr 8 08:06:33 2021 -0400
Fixes Broken Redirect URL Handling & Moves Away from Cookies (#289)
* Initial Changes to Move Away from Cookies for Redirects
* Add Redirection via State Transient Support
- Adds adding the login redirection to the state transient.
- Deprecates the use of cookies to handle login redirection.
- Fixes Login button shortcode authentication URL encoding.
- Fixes some broken wp-env local Docker environment issues.
- Fixes make_authentication_url attributes usage.
- Removes error_log calls used for debugging.
* Fixes Missed WordPress Coding Standards Issues
- Updates PHP_CodeSniffer configuration to properly support all checks.
* Fixes Login Button Output for Proper Escaping
commit c839083cf1
Merge: 76c824a14dbc06
Author: Tim Nolte <tnolte@forumone.com>
Date: Wed Mar 24 10:10:09 2021 -0400
Merges branch 'main' into dev
commit 76c824ab32
Author: Tim Nolte <tnolte@forumone.com>
Date: Wed Mar 24 09:42:51 2021 -0400
Fixes Login Page XSS Issue (#283)
- Adds escaping to the errot output message.
- Adds escaping to the login button output.
commit 2c7c21d3bb
Author: Tim Nolte <tnolte@forumone.com>
Date: Mon Mar 22 12:53:01 2021 -0400
Feature/travis ci to GitHub actions (#282)
* Updates Composer/NPM Dependencies & Adds New GitHub Actions
* Moves All CI/CI Functionality to GitHub Actions
- Updates Composer & NPM dependencies to newer versions.
- Updates default development environment WordPress version to 5.6.x.
- Fixes missing updated to the language POT file.
- Moves to using a GitHub Release for WordPress.org deployment.
- Removes TravisCI configuration.
* Feature/travis ci to GitHub actions (#282)
* Updates Composer/NPM Dependencies & Adds New GitHub Actions
* Moves All CI/CI Functionality to GitHub Actions
- Updates Composer & NPM dependencies to newer versions.
- Updates default development environment WordPress version to 5.6.x.
- Fixes missing updated to the language POT file.
- Moves to using a GitHub Release for WordPress.org deployment.
- Removes TravisCI configuration.
* Fixes Login Page XSS Issue (#283)
- Adds escaping to the errot output message.
- Adds escaping to the login button output.
* Fixes Broken Redirect URL Handling & Moves Away from Cookies (#289)
* Initial Changes to Move Away from Cookies for Redirects
* Add Redirection via State Transient Support
- Adds adding the login redirection to the state transient.
- Deprecates the use of cookies to handle login redirection.
- Fixes Login button shortcode authentication URL encoding.
- Fixes some broken wp-env local Docker environment issues.
- Fixes make_authentication_url attributes usage.
- Removes error_log calls used for debugging.
* Fixes Missed WordPress Coding Standards Issues
- Updates PHP_CodeSniffer configuration to properly support all checks.
* Fixes Login Button Output for Proper Escaping
* Preparation for Maintenance Release
* Feature/travis ci to GitHub actions (#282)
* Updates Composer/NPM Dependencies & Adds New GitHub Actions
* Moves All CI/CI Functionality to GitHub Actions
- Updates Composer & NPM dependencies to newer versions.
- Updates default development environment WordPress version to 5.6.x.
- Fixes missing updated to the language POT file.
- Moves to using a GitHub Release for WordPress.org deployment.
- Removes TravisCI configuration.
* Fixes Login Page XSS Issue (#283)
- Adds escaping to the errot output message.
- Adds escaping to the login button output.
* Patch Version Bump & Changelog Updates for Release
- Fixes an issue with post password submission results in SSO
authentication when "auto" mode is enabled.
- Fixes issues with TravisCI builds failing due to Composer updates
occurring incorrectly during builds.
- Fixes to allow for WP version changes according to build matrix.
- Updates TravisCI build matrix.
- Reads from defined constants on plugin bootstrap.
- Disabled plugin settings fields when defined constants are used.
_ Prevents savings plugin settings that are using defined constants.
* Ensures PHP Code Sniffs continue to pass.
* Fixes all code base issues to pass a level 5 PHP static analysis.
* Updates PHPStan configurations to use a level 5 baseline.
* Adds support for setting the redirect cookie when shortcodes are used.
* Adds support for overriding some attributes for authentication URLs
and login buttons when using the shortcodes.
* Fixes code formatting.
Before: a missing state error could be returned for 3 reasons: a token was not provided, the token provided was invalid, or the token provided had expired.
There was no way of knowing which of these was the cause of any single missing state error.
Now: if no token is provided, a missing state error is returned, and the "openid-connect-generic-no-state-provided" action is called.
If the token provided is invalid, an "Invalid state" error is thrown and the "openid-connect-generic-state-not-found" action is called.
If the token provided has expired, an "Invalid state" error is returned and the "openid-connect-generic-state-expired" action is called.
This should allow for more granular error logging around state token errors.
Tim Nolte
Tim Nolte
Jonathan Daggerhart
Eersink.Michael
Rob Skilling
James Collier
Simon Costea
GeorgB
SYLVAIN PAILLASSE
Karlo Šimunović
Moritz Bellach
benoit
Stephanie
gguseynov
Dan Fredell
Gassan Gousseinov
Sarah Lewis