ES Football Bypass for Cloudflare

更新日志

1.9.6

• NEW: “Is there football now?” subpage under Operation — a plain YES/NO status panel based on the hayahora.futbol feed, with a short note about the data source. Designed for non-technical users to check at a glance whether there are active La Liga IP blocks
• NEW: Optional “Notifications recipient” email field — leave empty to use the site administrator (default), or set a different address to route notifications to a support mailbox or to the final client
• UX: Settings page reorganized into clearer sections: Interface mode, Cloudflare Credentials, Bypass behavior (with “Force Proxy OFF during football” now at the top), Email notifications, Uninstall, and Advanced options (only visible in Advanced mode)
• UX: Technical options (Staleness threshold, Action logging, Log retention, External cron token) are now grouped under “Advanced options” and hidden in Simple mode to reduce noise for client sites
• UX: “Advanced” mode label now explicitly mentions cron settings so users know where to find them
• I18N: Plugin now calls load_plugin_textdomain() so the bundled .mo files in /languages/ are picked up when installing from the release zip (previously only translations published on translate.wordpress.org were applied)
• I18N: All five bundled languages (es_ES, ca, eu, fr_FR, gl_ES) are now at 100% translation coverage — machine-assisted translations for ca/eu/fr_FR/gl_ES will be refined by the GlotPress community over time

1.9.5

• NEW: Feed diagnostics panel on the Operation page (local data.json age and size, last remote fetch status, active blocked IPs count)
• NEW: “Clear local cache (data.json)” button to force a clean re-fetch on the next check
• NEW: Staleness threshold setting (1-72h, default 6h) — “blocked” states whose last stateChange is older than this are treated as unblocked, preventing orphan entries from keeping the bypass active indefinitely. Overridable via cfbcolorvivo_stale_threshold_seconds filter
• NEW: Minimum-ISPs-with-blocks setting (1-20, default 2) — general bypass only triggers when at least N distinct ISPs report blocks simultaneously, reducing false positives from isolated single-ISP outages. Falls back to classic behavior if the feed has no per-ISP information. Overridable via cfbcolorvivo_min_isps_blocked filter
• NEW: Feed diagnostics panel now lists the ISPs with active blocks and whether they meet the minimum-ISPs gate
• NEW: Optional email notifications to the site admin when the bypass turns on/off automatically, with a 2-minute throttle to prevent bursts. Off by default. Overridable via cfbcolorvivo_email_throttle_seconds filter
• NEW: Interface mode setting — “Simple” hides the diagnostics panel, the logs tab and the technical console for non-technical users, leaving only the block status and the manual proxy ON/OFF buttons. “Advanced” shows everything as before. New installs default to Simple; upgrades from 1.9.x and earlier keep the Advanced experience automatically
• NEW: External cron settings now show the full request URL and a ready-to-paste crontab example using your current check interval
• NEW: “Delete data on uninstall” setting — uncheck it to keep settings, credentials and logs across reinstalls. Cron hook and ephemeral transients are always cleaned up regardless of this setting
• SECURITY: Update URI header added to lock updates to WordPress.org (prevents slug hijacking by external sources)
• PERF: get_settings() memoized per request, avoiding repeated normalization on the same page load
• FIX: Explicit logging when dns_get_record() fails for the site domain
• FIX: DateTime parse errors when comparing lastUpdate are now logged instead of silenced
• FIX: Warning logged when hayahora.futbol JSON has unexpected structure (no lastUpdate nor known IP keys)
• CODE: stateChanges parsing deduplicated across three call sites into a single latest_state_from_changes() helper
• UI: “Reset settings” option removed — uninstalling the plugin (with “Delete data on uninstall” checked, which is the default) gives the same clean slate and avoids duplicating the destructive action

1.9.2

• I18N: Source language refactored to English (was Spanish), aligning with the WordPress.org translation convention
• I18N: New es_ES.po with 100% Spanish translations bundled (no functionality change for Spanish users)
• I18N: ca, eu, fr_FR and gl_ES translations completed to 100% (23 new strings added)
• I18N: en_US.po removed (source IS English now, no longer needed)
• I18N: .pot regenerated from current code with English msgids and accurate line references
• DOCS: Plugin header Description rewritten in English to match the new source language

1.9.1

• FIX: Text domain changed to match new WP.org slug (es-football-bypass-for-cloudflare)
• FIX: All file paths now use wp_upload_dir() instead of hardcoded WP_CONTENT_DIR
• FIX: File operations migrated to WP_Filesystem API (no more file_put_contents)
• FIX: register_setting() uses proper array format with sanitize_callback
• FIX: Stricter sanitization for selected_records, bypass_blocked_ips and state fields
• FIX: Inline JavaScript no longer uses PHP interpolation, uses wp_localize_script data
• FIX: Plugin data directory renamed to es-football-bypass-for-cloudflare in uploads
• FIX: Contributors field corrected in readme.txt
• DOCS: External services section updated with hayahora.futbol information links

1.9.0

• RENAME: Plugin renamed from “CF Football Bypass” to “ES Football Bypass for Cloudflare” (WordPress.org trademark compliance)
• DOCS: External services section expanded with server IP detection services documentation
• DOCS: Enhanced privacy and data transmission details for all external services

1.8.6

• CODE: Full WordPress Coding Standards compliance (PHPCS): tabs, spacing, Yoda conditions, snake_case variables, PHPDoc comments
• UX: Plugin version now displayed on all plugin pages (Operation, Settings, Logs)
• I18N: All remaining hardcoded Spanish strings wrapped in __() for consistent translations
• CODE: Short ternary operators replaced with full ternary for WP standards
• CODE: in_array() calls now use strict mode
• CODE: Assignment-in-condition patterns refactored

1.8.5

• NEW: Support for Cloudflare Account-owned API Tokens (in addition to User API Tokens and Global API Key)
• NEW: Account ID field shown when Account Token is selected
• UX: Auth type selector now offers three options: Global API Key, User Token, Account Token
• UX: Email and Account ID fields show/hide dynamically based on selected auth type

1.8.2

• NEW: Server outgoing IP detection shown in Settings to help restrict Cloudflare API Token by IP
• UX: IP is cached for 1 hour and detected from multiple sources for reliability

1.8.1

• SECURITY: External cron token comparison now uses hash_equals() to prevent timing attacks
• PERFORMANCE: Log pruning throttled to once per day instead of on every log event
• UX: Confirmation dialogs before destructive actions (Force OFF, Force ON, Reset)
• UX: Action buttons are disabled during AJAX operations to prevent double-click
• UX: Local environment detection with friendly warning on Operation page
• CODE: Added uninstall.php for complete cleanup on plugin removal (WP_Filesystem)
• CODE: Replaced deprecated current_time(‘timestamp’) with time() (WP 5.3+)

1.8.0

• IMPROVEMENT: Changed all prefixes from cfb_ to cfbcolorvivo_ to avoid conflicts with other plugins
• IMPROVEMENT: Changed all CSS/JS identifiers from cfb- to cfbcolorvivo- for uniqueness
• CODE: Settings option renamed to cfbcolorvivo_settings
• CODE: Cron hook renamed to cfbcolorvivo_check_football_status
• CODE: Log directory renamed to cfbcolorvivo-logs
• CODE: All AJAX actions, transients, and filters updated with new prefix

1.7.1

• FIX: Fixed critical bug in configuration checkboxes that prevented unchecking options once activated
• FIX: “Force Proxy OFF during football” option can now be properly disabled
• FIX: “Action logging” option can now be properly disabled
• FIX: Improved code compliance with WordPress.org plugin guidelines

1.7.0

• IMPROVEMENT: JavaScript now uses wp_enqueue_script() and wp_add_inline_script() per WordPress.org directory guidelines
• IMPROVEMENT: Removed all inline script blocks from PHP code
• IMPROVEMENT: Dynamic data passed via wp_localize_script() for better code separation
• IMPROVEMENT: admin_enqueue_scripts hook properly implemented with page filtering
• CODE: Complete refactoring of admin assets system

1.6.0

• SECURITY: Log file moved to wp-content/uploads/cfbcolorvivo-logs/ with .htaccess protection
• SECURITY: IP anonymization in logs for GDPR compliance
• SECURITY: Removed error suppression operators (@) with explicit checks
• SECURITY: Added index.php files to prevent directory listing
• IMPROVEMENT: Full internationalization (i18n) support with cf-football-bypass text domain
• IMPROVEMENT: Plugin header updated with all fields required by WordPress.org
• IMPROVEMENT: Automatic log directory creation with protection
• IMPROVEMENT: Better error handling for file writing
• FIX: Version sync between plugin header and readme.txt

1.0.1

• Added Cloudflare API Token support
• Improved manual control button with confirmation
• Sidebar with recommended links
• Minor bug fixes
• Better error handling and logging

1.0.0

• Initial version
• Automatic hayahora.futbol monitoring
• Automatic Cloudflare DNS record management
• Global API Key support
• Admin dashboard
• Integrated cron system