| 开发者 |
mredodos
webwakeup anideaforbusiness |
|---|---|
| 更新时间 | 2026年7月3日 05:43 |
| PHP版本: | 8.1 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPL-3.0-or-later |
| 版权网址: | 版权信息 |
[webwakeupwdb_policy] shortcode, an auto-created page (one click to recreate it if you delete it) or a downloadable PDF — all managed from Compliance → "Informativa sul diritto di recesso" (preview / create / open / freeze to static HTML / download). Optionally, two opt-in toggles append the same clauses to your Complianz Privacy Policy and Terms & Conditions (EU-only, off by default, with a live preview). It complements — it does not replace — your own legal texts./wp-content/plugins/ and activate it.Any trader concluding distance B2C contracts via an online interface with EU/EEA consumers, regardless of the trader's own country (Rome I Art. 6). Switzerland-resident consumers are out of scope (voluntary mode).
No. The button is additional to the Annex I-B model form, which remains mandatory in pre-contractual information. The plugin generates both.
Yes. Since 1.3.0 the plugin assembles one consolidated Right-of-withdrawal notice from your live settings and the Art. 59 exceptions you selected. Publish it with the [webwakeupwdb_policy] shortcode, let the plugin auto-create a page for it (one click to recreate if you delete it), or download it as a PDF — all from Compliance → "Informativa sul diritto di recesso", where you can also freeze it to static HTML. Optionally, two opt-in toggles add the same clauses to your Complianz Privacy Policy and Terms & Conditions (EU-only, off by default). It complements — it does not replace — your own Terms.
No. The right of withdrawal applies by default, including to digital products. It is removed only for the two conditional Art. 59 exemptions (digital content with immediate access; a service fully performed) and only when the consumer gives prior express consent + acknowledgement at checkout. The plugin captures that on the WooCommerce checkout (a required tick-box), stores it as evidence, and only then hides the button — otherwise the button stays (fail-safe). Physical products never need consent. For the digital exemption the plugin also e-mails the consumer a durable-medium confirmation, as the law requires.
The law does not name a "register", but the burden of proof is on you (Art. 6(9) Dir. 2011/83/EU; GDPR accountability Art. 5(2)) — you must be able to prove the consent. The plugin keeps it for you: the agreed wording, a SHA-256 hash, the date/time and (optionally) the IP are stored on the order and anchored in the tamper-evident log; a Consent records admin screen lists and exports them. The IP is anonymised automatically after the retention period.
Yes — and we recommend you do. A trusted timestamp gives you an independent "data certa": proof of the exact moment a withdrawal was received, which is the fact the statutory 14-day deadline turns on and the hardest thing to prove after the fact. OpenTimestamps is free, needs no account, and provides an independently-verifiable Bitcoin-anchored proof; a pluggable RFC 3161 / eIDAS qualified-timestamp provider is available for the strongest "data certa". It is off by default (WordPress.org requires external connections to be opt-in) and only an anonymous one-way hash is ever sent — never personal data — so turn it on in Settings → Receipt & evidence (the Dashboard checklist links you straight there).
The build in the WordPress.org directory requires PHP 8.1+ (it bundles the latest Dompdf 3.x PDF engine, whose dependencies need 8.1). If your host still runs PHP 7.4 or 8.0, the directory simply will not offer you this update — install the PHP 7.4-compatible build from our GitHub releases instead (identical features, Dompdf pinned to the 2.x line). That legacy build is a courtesy bridge and will not be maintained forever: PHP 7.4 reached end-of-life in November 2022, so please plan to move your store to PHP 8.1+ (it is faster and more secure), after which you get the directory version with automatic updates.
[webwakeupwdb_model_form], replacing the generic "[the trader inserts here …]" placeholder. Leave a field empty to fall back to your site name / admin e-mail; the geographical address is required by law, so add it there. The rest of that form remains the official, unmodifiable statutory wording. (From a merchant support question.)[webwakeupwdb_policy] shortcode, an auto-created page (one click to recreate if you delete it), and a downloadable PDF. Manage it under Compliance → "Informativa sul diritto di recesso" — preview it, create/open the page, freeze it to static HTML, or download the PDF. It complements — it does not replace — your Terms; a disclaimer says so on every surface.wwu prefix to the distinct webwakeupwdb prefix (constants, options, hooks & filters, shortcodes, the PHP namespace, the REST namespace, classes and the JS data object), as requested by the Plugins Team review. Existing installs migrate automatically on upgrade — settings, exemption-consent evidence, the immutable log/timestamp tables and the auto-created pages are all preserved — and a clean install is unaffected. Developers: custom code using the old names (wwu_wb_* hooks/filters, the [wwu_wb_*] shortcodes) must switch to the new webwakeupwdb_* names.products data is unchanged — a new additive product_quantities field carries the amounts. Requested in issue #47.wp_unslash() to the inputs read by the settings-save handler — the values were already sanitised (custom sanitisers, integer casts, sanitize_* / esc_url_raw), this just adds the WordPress-canonical unslash step the Plugin Check tool expects. Silenced a false-positive "query not prepared" error on the integrity-check read (it has no user input: the table name comes from $wpdb->prefix and the row limit is an integer cast, so there is nothing to prepare). Trimmed three over-long upgrade notices to the 300-character limit. No change to the withdrawal flow, your data or the evidence log.[webwakeupwdb_button] / [webwakeupwdb_form] shortcodes and the WooCommerce order-actions link now also route guests (customers without an account) to the public withdrawal page instead of the login-gated account area — a shared helper builds the URL the same way everywhere, so a guest is never sent to the login screen regardless of which surface shows the link (some themes render the order-actions on the order-received page). Logged-in customers are unaffected; no change to the flow, your data or the evidence log.wp_mail() by an SMTP plugin (for example WP Mail SMTP or FluentSMTP), or a PDF/Dompdf error on PHP 8, could escape and crash the whole request with a fatal "critical error" even though the withdrawal itself was already recorded. The e-mail path is now exception-safe on both delivery routes (the standalone mailer and the WooCommerce e-mail) and for the optional PDF: a send failure degrades gracefully (it is logged, the admin gets a "resend" notice, the consumer still sees their confirmation page) instead of taking down the page. After updating, check your SMTP plugin's settings or log for the underlying cause.webwakeupwdb_fluentcart_native_active filter) so only one flow shows. Automatic detection of FluentCart's add-on will arrive in a later update. Your WooCommerce and EDD handling is unaffected.[webwakeupwdb_info] shortcode is used (and the "sample text" note is dropped). Leave a field empty to keep the built-in template; a "Show the built-in default" toggle lets you copy the original as a starting point. Developers can also override programmatically with the new webwakeupwdb_clause_text filter. The built-in clauses are sample templates — adapt them to your business and have your counsel review them.clipboard.js from the package entirely (its filename collided with a WordPress-core library; it was never loaded — only the accordion, badge and utilities components are), and moves the documentation link out of the short-description block. No functional change.clipboard.js UI-kit asset is no longer shipped, composer.json is now included alongside the bundled library, the SSRF smoke-test no longer uses a literal localhost host, and "Tested up to" is current. Plus minor hardening from a full security audit: the OpenTimestamps calls now pass through the same SSRF guard as the webhook / RFC 3161 callers (and never follow redirects), and two admin credential fields gain wp_unslash(). No functional change to the withdrawal flow.{{wwu.recesso_url}} shortcode into your FluentCart receipt template (copy-ready, 3 steps). Nothing invasive, nothing required — the withdrawal is always reachable from the account/portal and the public page regardless.use import made an unqualified Settings::main() resolve to the wrong namespace. Fixed, and a scan of all 91 source files confirmed there were no other cases. This release also carries a small mail-safety fix (the HTML mailer now always removes its wp_mail_content_type filter, so a third-party email error can't turn other plugins' plain-text emails into HTML) and a WooCommerce-surface + plugin-conflict audit (0 critical / 0 high). Recommended for all installs.{{wwu.recesso_url}} — you can now drop the per-order withdrawal link into FluentCart's own transactional e-mails (the FluentCart team confirmed the value-resolver hook + its data context on 2026-06-15). It's registered in the FluentCart e-mail-editor picker and resolves safely (renders empty when there's no order in context). Needs a live FluentCart test. Note: FluentCart has told us they are shipping a native EU withdrawal feature soon, which may overlap this.before_payment_methods (covers the standard, modal and block checkout), FluentCart exemptions are now category-aware (via the product-categories taxonomy, matching WooCommerce and EDD), and withdrawal/refund notes appear in the FluentCart order activity timeline (fluent_cart_add_log). Also adds 3 shareable live-test checklists (WooCommerce block, FluentCart, EDD) under docs/testing/. No change to the consumer-facing button.webwakeupwdb_consent_text. Classic WooCommerce checkout; the block Checkout and FluentCart capture are tracked follow-ups.