| 开发者 | tommybordas |
|---|---|
| 更新时间 | 2026年7月16日 02:27 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
vizproof-timeline folder to /wp-content/plugins/.https://vizproof.com) and API token.vrt_).Network Admin -> Settings -> VizProof Timeline.Per-site or Network-wide mode.Yes. Sign up at vizproof.com, create a project, then generate an API token from Account → API Tokens. See the Installation section for step-by-step instructions.
If post-update scan is enabled, VizProof Timeline queues a scan after the update completes and exposes status/results in wp-admin.
Yes. WP-CLI update commands run through the same updater hooks used by this plugin.
Yes.
Per-site: each subsite keeps its own configuration.Network-wide: one shared network-level configuration.wp-admin/includes/misc.php (no function from that file was used) and gated remaining require_once ABSPATH . 'wp-admin/includes/...' calls with function_exists() / class_exists() guards. Each guarded include is followed immediately by a call to a function/class from that file, per WP.org guidelines.WP_PLUGIN_DIR and WP_CONTENT_DIR constants in the rollback service with paths derived from plugin_dir_path( __FILE__ ) via new VIZPROOF_TIMELINE_PLUGIN_FILE / VIZPROOF_TIMELINE_PLUGIN_DIR / VIZPROOF_TIMELINE_PLUGIN_URL constants. Local backup path validation now reuses the existing wp_upload_dir()-based get_local_backup_root() helper for consistency.can_access_timeline, can_launch_runs) perform an explicit current_user_can( 'manage_options' ) capability check (previously delegated only via can_manage_plugin()), so static analysis can confirm protection on all 23 endpoints.enqueue_inline_admin_style() / enqueue_inline_admin_script(): CSS now goes through wp_strip_all_tags() before wp_add_inline_style(), and inline JS is rejected if it contains a </script> sequence that could break out of the inline <script> block.vizproof_adminbar_regressions_* to vizproof_timeline_adminbar_regressions_* for prefix consistency with the rest of the plugin.<style>/<script> blocks with wp_add_inline_style() / wp_add_inline_script() attached to enqueued handles.admin_enqueue_scripts.update-core.php, themes.php, and plugins.php.vizproof_after_update_scan, vizproof_before_update_baseline) and enforced nonce+capability checks before honoring explicit request overrides.