This week, while working on the Centralised Dashboard (I can’t wait for you guys to see it!), we took a little step back to inspect everything that we’ve done so far to re-inspect the code and make sure everything is at the highest quality and with 0 security risks for you and your clients. Next up are translations!
Those who were kind enough to offer to translate have already been notified and by this time next week we should have French, German, Spanish, Italian, Dutch, Hebrew (inc RTL support), Romanian and Danish.
Here’s what we added this week:
(You can click to update from within your WP dashboard)
- Temporarily drag stickers – By default our “Stickers” (the circular task tag) is placed at the center of the chosen element. But sometimes this is disrupting the flow as it might hide some essential text or aspect of the page. Now, you can simply grab the sticker and drag it around the page so that you can view and inspect anything below it. Once you reload, the sticker will revert back to its original position at the center of the chosen element.
- Code optimisations – Removed some excess code as we rapidly developed and evolved over the last couple of months. Which resulted in increased security and better compatibility with other tools in the WordPress ecosystem.
- Security optimisations – We dove deep to try and find any security risks. While we couldn’t find any significant issues (good for all of us), there were still a few things we could improve:
- Added nonce to all the ajax requests to make sure that only request coming from the users own websites are served.
- Added the User role-based security in the function, so only selected role-based users can update details related to the tasks
- Email notifications (Report) will only be sent if the request is generated from own website or if the request is coming from wpfeedback.co server (For auto Report notifications).
- File uploads – Users were not able to upload the same file once they received the error on uploading the file without creating a comment. This was due to us saving the file temporarily as soon it was uploaded (for increased speed). We created a rule to allow you to upload the same file, even after you’ve seen the error. In any case, you still need to comment before uploading a file as the comment function is creating the task that will be the container of any file that you upload.
- FontAwesome conflict – Some users had pre-defined CSS for font awesome icons that conflicted with our CSS (additional padding, colors and margins). This is now fixed.
- Admin being locked of using the plugin after the initial backend wizard – This happened because the “admin” user role was not chosen in the “user roles allowed to comment” box as users simply clicked Next Next without checking the options on the wizard. We now added the admin user roles as a default. You can still disable the use for admins on the settings screen if needed.
- Email notifications – the “From” name was set as “WP Feedback” by default. Now all the notifications will come from the name of the website as defined in the WordPress settings.
- User Role Editor – In the instance of allowing a single user to use 2 user roles using the “User Role Editor” plugin, our plugin got confused. It will now check each of the user roles assigned to the user against the allowed user roles set on the backend wizard or the settings screen and will allow the user to comment even if just one of the user roles are allowed to comment.