V4.10.0 (#382)

* Fix fatal error with the WPForms plugin in rare cases.

* Improve helper text for anonymous collection.

* Improve helper text for anonymous collection.

* Fix an error message at the first entry to the login page when Hide Login Errors in on.

* Bump up the plugin version to 4.10.0-RC2.

* Bump up the plugin version to 4.10.0-RC2.

* Fix scrolling to the message on the General page.

* Improve error messaging for hCaptcha verification.

* Improve comments in Main.

* Fix fatal error on install entity.

* Fix the Integrations page when active plugin was deleted.

* Fix error when hCaptcha is disabled for standard login but enabled for Tutor login.

* Refactor CL login.

* Fix error when hCaptcha is disabled for standard login but enabled for LearnPress login.

* Refactor Profile Builder login.

* Add support for hCaptcha in HTML Gravity Forms fields.

* Update packages.

* Fix default id in hCaptcha form.

* Fix default id in hCaptcha form.

* Add support for custom nonce action and name in the [hcaptcha] shortcode.

* Tests for custom nonce in the [hcaptcha] shortcode.

* Fix bug with changing shortcode args.

* Tests for Autoverify and Gravity.

* Fix bug in GF shortcode (via tests).

* Add compatibility with Cookies and Content Security Policy

* Add auto-verification of arbitrary forms in ajax.

* Fix tests after adding auto-ajax.

* Add support for wp_login_form() function and LoginOut block.

* Bump up to RC4.

* Fix IP detection in WP to sync with hCaptcha events info.

* Add deletion of events on the Forms page.

* Fix tests.

* Add deletion of events on the Events page.

* Fix tests.

* Fix phpcs.

* Fix phpcs.

* Multiple layout fixes for Forms and Events pages on small screens.

* Multiple layout fixes for Forms and Events pages on small screens.

* Remove SVN from the deployment action as it is already included in the 10up action.

* Cover Autoverify 100%.

* Cover DB 100%.

* Bump up to 4.10.0.

* Apply suggestions from code review

* Apply suggestions from code review

---------

Co-authored-by: e271828- <[email protected]>

.github/workflows/deploy-readme-assets-to-wp-org.yml

@@ -11,9 +11,6 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Install SVN
-        run: sudo apt-get update && sudo apt-get install -y subversion
-
       - name: WordPress.org plugin asset/readme update
         uses: 10up/action-wordpress-plugin-asset-update@stable
         env:

.github/workflows/deploy-to-wp-org.yml

@@ -15,9 +15,6 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Install SVN
-        run: sudo apt-get update && sudo apt-get install -y subversion
-
       - name: Install dependencies with caching
         uses: ramsey/composer-install@v3
         with:

.tests/js/assets-js-files/integrations.test.js

@@ -5,6 +5,7 @@ import $ from 'jquery';
 global.jQuery = $;
 global.$ = $;
 
+require( '../../../assets/js/settings-base.js' );
 require( '../../../assets/js/integrations.js' );
 
 // Mock HCaptchaIntegrationsObject

.tests/php/integration/AAAMainTest.php

@@ -34,6 +34,7 @@
 use HCaptcha\WCWishlists\CreateList;
 use HCaptcha\WP\Comment;
 use HCaptcha\WP\Login;
+use HCaptcha\WP\LoginOut;
 use HCaptcha\WP\LostPassword;
 use HCaptcha\WP\PasswordProtected;
 use HCaptcha\WP\Register;
@@ -1295,7 +1296,7 @@ public function dp_test_load_modules(): array {
 			'Login Form'                        => [
 				[ 'wp_status', 'login' ],
 				'',
-				Login::class,
+				[ Login::class, LoginOut::class ],
 			],
 			'Lost Password Form'                => [
 				[ 'wp_status', 'lost_pass' ],

.tests/php/integration/Admin/Events/EventsTest.php

@@ -241,6 +241,7 @@ public function test_get_forms(): void {
 						'source'  => '[]',
 						'form_id' => '0',
 						'served'  => '2',
+						'id'      => '1',
 					],
 				],
 			'total'  => 1,

.tests/php/integration/AutoVerify/AutoVerifyTest.php

@@ -40,7 +40,7 @@ public function test_init_and_init_hooks(): void {
 		$subject = new AutoVerify();
 		$subject->init();
 
-		self::assertSame( -PHP_INT_MAX, has_action( 'init', [ $subject, 'verify_form' ] ) );
+		self::assertSame( -PHP_INT_MAX, has_action( 'init', [ $subject, 'verify' ] ) );
 		self::assertSame( PHP_INT_MAX, has_filter( 'the_content', [ $subject, 'content_filter' ] ) );
 		self::assertSame(
 			PHP_INT_MAX,
@@ -62,8 +62,10 @@ public function test_content_filter(): void {
 
 		$subject = new AutoVerify();
 
+		$subject->init();
+
 		self::assertFalse( get_transient( $subject::TRANSIENT ) );
-		self::assertSame( $content, $subject->content_filter( $content ) );
+		apply_filters( 'the_content', $content );
 		self::assertSame( $expected, get_transient( $subject::TRANSIENT ) );
 	}
 
@@ -82,8 +84,10 @@ public function test_widget_block_content_filter(): void {
 
 		$subject = new AutoVerify();
 
+		$subject->init();
+
 		self::assertFalse( get_transient( $subject::TRANSIENT ) );
-		self::assertSame( $content, $subject->widget_block_content_filter( $content, [], $wp_widget_block ) );
+		apply_filters( 'widget_block_content', $content, [], $wp_widget_block );
 		self::assertSame( $expected, get_transient( $subject::TRANSIENT ) );
 	}
 
@@ -99,14 +103,16 @@ public function test_content_filter_with_action(): void {
 			$content
 		);
 
-		unset( $_SERVER['REQUEST_URI'] );
+		$_SERVER['REQUEST_URI'] = 'some-uri';
 
 		$expected = $this->get_test_registered_forms();
 
 		$subject = new AutoVerify();
 
+		$subject->init();
+
 		self::assertFalse( get_transient( $subject::TRANSIENT ) );
-		self::assertSame( $content, $subject->content_filter( $content ) );
+		apply_filters( 'the_content', $content );
 		self::assertSame( $expected, get_transient( $subject::TRANSIENT ) );
 	}
 
@@ -116,64 +122,15 @@ public function test_content_filter_with_action(): void {
 	public function test_content_filter_without_form_action(): void {
 		$content = $this->get_test_content();
 
-		unset( $_SERVER['REQUEST_URI'] );
-
-		$subject = new AutoVerify();
-
-		self::assertFalse( get_transient( $subject::TRANSIENT ) );
-		self::assertSame( $content, $subject->content_filter( $content ) );
-		self::assertSame( [], get_transient( $subject::TRANSIENT ) );
-	}
-
-	/**
-	 * Test content_filter() when no input in form (really?).
-	 */
-	public function test_content_filter_without_form_inputs(): void {
-		$request_uri = wp_parse_url( $this->get_test_request_uri(), PHP_URL_PATH );
-		$content     = $this->get_test_content();
-		$content     = preg_replace( '#<input[\S\s]+?>#', '', $content );
-		$expected    = $this->get_test_registered_forms();
-
-		$expected[ untrailingslashit( $request_uri ) ][0] = [];
-
-		$_SERVER['REQUEST_URI'] = $request_uri;
+		$_SERVER['REQUEST_URI'] = '';
 
 		$subject = new AutoVerify();
 
-		self::assertFalse( get_transient( $subject::TRANSIENT ) );
-		self::assertSame( $content, $subject->content_filter( $content ) );
-		self::assertSame( $expected, get_transient( $subject::TRANSIENT ) );
-
-		// Test update existing transient.
-		self::assertSame( $content, $subject->content_filter( $content ) );
-		self::assertSame( $expected, get_transient( $subject::TRANSIENT ) );
-	}
-
-	/**
-	 * Test content_filter() when no data-auto in form (really?).
-	 */
-	public function test_content_filter_without_form_data_auto(): void {
-		$request_uri = $this->get_test_request_uri();
-		$content     = $this->get_test_content();
-		$content     = preg_replace( '#data-auto=".*?">#', '', $content );
-
-		$_SERVER['REQUEST_URI'] = $request_uri;
-
-		$subject = new AutoVerify();
+		$subject->init();
 
 		self::assertFalse( get_transient( $subject::TRANSIENT ) );
-		self::assertSame( $content, $subject->content_filter( $content ) );
+		apply_filters( 'the_content', $content );
 		self::assertSame( [], get_transient( $subject::TRANSIENT ) );
-
-		$registered_forms = $this->get_test_registered_forms();
-		$expected         = $registered_forms;
-
-		$expected[ untrailingslashit( wp_parse_url( $request_uri, PHP_URL_PATH ) ) ] = [];
-
-		// Test update existing transient.
-		set_transient( AutoVerify::TRANSIENT, $registered_forms );
-		self::assertSame( $content, $subject->content_filter( $content ) );
-		self::assertSame( $expected, get_transient( $subject::TRANSIENT ) );
 	}
 
 	/**
@@ -216,10 +173,10 @@ static function () {
 	 */
 	public function test_verify_form_when_not_post(): void {
 		$subject = new AutoVerify();
-		$subject->verify_form();
+		$subject->verify();
 
 		$_SERVER['REQUEST_METHOD'] = 'GET';
-		$subject->verify_form();
+		$subject->verify();
 	}
 
 	/**
@@ -231,7 +188,7 @@ public function test_verify_form_when_no_request_uri(): void {
 		unset( $_SERVER['REQUEST_URI'] );
 
 		$subject = new AutoVerify();
-		$subject->verify_form();
+		$subject->verify();
 	}
 
 	/**
@@ -244,7 +201,7 @@ public function test_verify_form_when_no_forms_are_registered(): void {
 		$_SERVER['REQUEST_URI']    = $request_uri;
 
 		$subject = new AutoVerify();
-		$subject->verify_form();
+		$subject->verify();
 	}
 
 	/**
@@ -263,7 +220,7 @@ public function test_verify_form_when_forms_on_another_uri_are_registered(): voi
 		set_transient( AutoVerify::TRANSIENT, $registered_forms );
 
 		$subject = new AutoVerify();
-		$subject->verify_form();
+		$subject->verify();
 	}
 
 	/**
@@ -282,7 +239,7 @@ public function test_verify_form_when_other_forms_on_the_same_uri_are_registered
 		set_transient( AutoVerify::TRANSIENT, $registered_forms );
 
 		$subject = new AutoVerify();
-		$subject->verify_form();
+		$subject->verify();
 	}
 
 	/**
@@ -319,7 +276,7 @@ static function ( $name ) use ( &$die_arr ) {
 		);
 
 		$subject = new AutoVerify();
-		$subject->verify_form();
+		$subject->verify();
 
 		// phpcs:ignore WordPress.Security.NonceVerification.Missing
 		self::assertSame( [], $_POST );
@@ -349,7 +306,7 @@ public function test_verify_form_when_success(): void {
 		$this->prepare_hcaptcha_request_verify( $hcaptcha_response );
 
 		$subject = new AutoVerify();
-		$subject->verify_form();
+		$subject->verify();
 
 		$_POST[ HCAPTCHA_NONCE ] = $this->get_test_nonce();
 
@@ -364,7 +321,7 @@ public function test_verify_form_in_admin(): void {
 		set_current_screen( 'some-screen' );
 
 		$subject = new AutoVerify();
-		$subject->verify_form();
+		$subject->verify();
 	}
 
 	/**
@@ -379,7 +336,7 @@ static function () {
 		);
 
 		$subject = new AutoVerify();
-		$subject->verify_form();
+		$subject->verify();
 	}
 
 	/**
@@ -394,7 +351,7 @@ public function test_verify_form_in_rest_case_3_and_4(): void {
 		$_SERVER['REQUEST_URI'] = rest_url();
 
 		$subject = new AutoVerify();
-		$subject->verify_form();
+		$subject->verify();
 
 		// phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
 		$GLOBALS['wp_rewrite'] = $old_wp_rewrite;
@@ -431,15 +388,7 @@ private function get_test_content(): string {
 <form method="post">
 	<input type="text" name="test_input" id="test_input">
 	<input type="submit" value="Send">
-	<div
-			class="h-captcha"
-			data-sitekey="95d60c5a-68cf-4db1-a583-6a22bdd558f2"
-			data-theme="light"
-			data-size="normal"
-			data-auto="true">
-	</div>
-	<input type="hidden" id="hcaptcha_nonce" name="hcaptcha_nonce" value="' . $nonce . '"/>
-	<input type="hidden" name="_wp_http_referer" value="' . $request_uri . '"/>
+	[hcaptcha auto="true"]
 </form>
 
 <form role="search" method="get" action="http://test.test/"
@@ -463,11 +412,28 @@ class="wp-block-search__input" name="s" value="" placeholder=""
 	private function get_test_registered_forms(): array {
 		$request_uri = $this->get_test_request_uri();
 		$request_uri = wp_parse_url( $request_uri, PHP_URL_PATH );
+		$args        = [
+			'action'  => 'hcaptcha_action',
+			'name'    => 'hcaptcha_nonce',
+			'auto'    => true,
+			'ajax'    => false,
+			'force'   => false,
+			'theme'   => '',
+			'size'    => '',
+			'id'      => [
+				'source'  => [],
+				'form_id' => 0,
+			],
+			'protect' => true,
+		];
 
 		return [
 			untrailingslashit( $request_uri ) =>
 				[
-					[ 'test_input' ],
+					[
+						'inputs' => [ 'test_input' ],
+						'args'   => $args,
+					],
 				],
 		];
 	}

.tests/php/integration/CF7/CF7Test.php

@@ -138,6 +138,7 @@ static function ( $prefix, $more_entropy ) use ( $uniqid ) {
 				data-theme="' . $hcaptcha_theme . '"
 				data-size="' . $hcaptcha_size . '"
 				data-auto="false"
+				data-ajax="false"
 				data-force="false">' . '
 		</span>
 		' . $nonce .