| 开发者 |
tiger12
gteigland |
|---|---|
| 更新时间 | 2026年7月14日 19:48 |
| 捐献地址: | 去捐款 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
Yes. The core plugin is free.
Roobely works with most modern block editor compatible themes.
Yes. Google Fonts are disabled by default.
Go to Roobely → Settings → Advanced and set "Load Google Fonts" to Yes.
Bugfix: Fixed a typo in an internal function name (roobely_resigter_rest_order_by_fields → roobely_register_rest_order_by_fields) and its hook registration
Security/Compliance: Removed remaining class_exists() self-guards around the plugin's own classes (ROOBELY_Options, ROOBELY_Initial_Setup) — these guards are only appropriate for shared libraries, and the classes are already uniquely named
Bugfix: Moved a helper function (roobely_excerpt_max_charlength) that was being redeclared inside the Post Grid block's render callback (guarded by function_exists()) out to a proper top-level declaration, so it's defined once per request instead of relying on a redeclare guard - fixes a latent fatal-error risk when multiple Post Grid blocks appear on one page
Security/Compliance: Renamed two internal post meta keys that used a double-underscore (__) prefix, which is reserved for WordPress core, to single-underscore/no-underscore equivalents consistent with the rest of the plugin: __roobely_available_blocks → _roobely_available_blocks, and __roobely_global_settings → roobely_global_settings (this also fixes the "saved preset" lookup, which was silently reading the wrong meta key and always returning empty)
Security: check_ajax_referer() is now used for the Settings AJAX handler's nonce check, in place of a manual wp_verify_nonce() call, for consistency with WordPress's recommended AJAX security pattern
Security: Dynamic CSS generation in CssEngine.php now runs numeric values through an additional sanitization step before they're inserted into generated CSS rules, as defense-in-depth against a malformed/tampered stored attribute value breaking out of its declaration
Documentation: Updated WPML config to match the renamed post meta key
Security/Compliance: Renamed the AJAX action and handler used by the Settings page from wp_ajax_update_roobely_options / ajax_update_roobely_options to wp_ajax_roobely_update_options / roobely_ajax_update_options, so the action name no longer starts with the generic word "update" and is unique to the plugin
Security/Compliance: Renamed the localized block-editor script object from wpApiSettings to roobelyApiSettings, since the wp prefix is reserved for WordPress core
Cleanup: Removed if (!function_exists()) guards around the plugin's own functions in roobely.php; all function names are already uniquely prefixed, and this pattern is only appropriate for shared libraries, not a plugin's own always-loaded functions
Bugfix: Animated Heading block now enqueues the minified jquery.animatedheadline.min.js asset instead of the unminified source file, consistent with how the rest of the plugin's scripts are loaded
Security: Google Maps API key is now entirely omitted from the data sent to the block editor for Editors/Authors (not just blanked) - only Administrators (manage_options) receive the key at all; other roles see the existing "please configure an API key" notice
Security: Removed the Mailchimp API key from the data sent to the block editor - it was never read by any editor script
Documentation: Added Contact Form to the Included Blocks list
Compatibility: align-wide theme support is now declared as a fallback on after_setup_theme instead of unconditionally at plugin load, so themes that opt out are respected
Bugfix: Minimum PHP/WordPress version checks in code now match the readme/plugin header (PHP 7.4, WordPress 6.1) instead of long-outdated values
Cleanup: Excluded build-tools/ from the release package
Cleanup: Removed unused sanitize_interaction_json() method
Documentation: Noted that assets/reactjs/src/ is the primary editable source, since assets/js/roobely.js is a generated build output
Cleanup: Removed the read-only fallback that checked for a legacy roobely-json-{id}.json file in the uploads directory; interaction data is now read exclusively from the _roobely_interaction_json post meta, which has been the sole write path since 1.0.2
Cleanup: Removed the unused roobely_interactions REST post meta registration, which was never read from or written to; _roobely_interaction_json is the single, consistent meta key for interaction data end-to-end
Security: Fixed .htaccess rule that was blocking the plugin's own generated stylesheets on Apache (previously denied .css as well as .json in the uploads/roobely directory)
Security: Hardened roobely_global_settings post meta with auth and sanitize callbacks
Bugfix: Block preview now generates CSS and interaction data live from the post's current content instead of relying on static preview files that were never populated
Bugfix: Interaction (scroll/mouse animation) data is now regenerated from saved block attributes on every post save, instead of only being read from a field nothing wrote to
Bugfix: The "File System" CSS location setting now actually writes/removes the per-post CSS file it relies on
Cleanup: Removed unused legacy roobely-preview.css/json file-writer and a stray undefined-variable reference in the Google Fonts loader
Documentation: Corrected readme Third-Party Libraries entry (custom video modal, not a Magnific Popup fork) and added the missing Vimeo external service disclosure
Documentation: Improved Source Code section in readme.txt with clear public repository link (Bitbucket)
Security: Strengthened REST API permission callbacks Privacy: Google Fonts disabled by default Security: Improved CSS and JSON sanitization Security: Better escaping in Post Grid block Documentation: Full external services and source code disclosure Maintenance: Updated Font Awesome to 7.2.0 Compatibility: Tested up to WordPress 7.0
Initial release