Revoker for WooCommerce

更新日志

1.0.21

• Removed: The “Legal text updates / automatic updates for regulatory changes” Pro feature was advertised in the upsell and readmes although it is not active. The claim has been removed so the plugin no longer promises a feature it does not currently provide.

1.0.20

• Changed: Removed unsubstantiated legal claims from the Pro feature overview and the plugin description (e.g. “lawyer reviewed”, “legally compliant texts/translations”). The wording now describes what the plugin does without asserting that the texts are legally vetted. Revoker provides withdrawal/return text templates and does not constitute legal advice — please have your texts reviewed by your own legal counsel.

1.0.19

• Fixed: In the guest withdrawal flow (the [revoker_withdrawal_search] form), the order overview, the success message and the confirmation email could appear untranslated (in the site’s default language) on multilingual sites — while the search form itself was translated. These parts are rendered via AJAX, where WordPress loses the front-end/multilingual language and falls back to the admin or default language. The plugin now carries the storefront language into the AJAX request and switches to it before rendering and sending the email.

1.0.18

• Added: Polish (pl_PL) translation — the plugin is now fully translated into Polish (front-end, emails and admin).

1.0.17

• Added: Polylang support for the customizable texts. The button labels, withdrawal reasons, “next steps” and custom box text you set under WooCommerce → Withdrawal Button now appear under Languages → String translations, so you can translate them per language. Fields left empty keep using the plugin’s built-in per-language defaults.

1.0.16

• Fixed: After a withdrawal, the order could stay on its previous status (e.g. “Completed”) instead of moving to “Withdrawal requested”. WooCommerce’s update_status() silently swallows errors during a status transition; the plugin now verifies the transition took effect, re-applies it directly if it did not, and logs the reason when WP_DEBUG is on — so merchants get a reliable status-based way to track pending withdrawals.

1.0.15

• Fixed: The “Documentation” link in the settings footer pointed to a URL that returned an error. It now links to the plugin page at https://kommers.io/plugins/revoker.

1.0.14

• Added: A “To my orders” link toggle — hide the link shown after a withdrawal. Useful for shops that mostly handle guest withdrawals, where the link only leads to the (empty) account/login page.
• Improved: Withdrawal admin notifications now add an order note recording exactly which address(es) the notification was sent to, and log a clear message (plus an order note) when wp_mail fails — so a notification dropped by the mail server/SMTP is no longer silently invisible.
• Improved: Translations updated and completed for German, French, Italian, Spanish and Dutch.

1.0.13

• Fixed: The configurable button/label texts (withdrawal, confirm, cancel) were stored as English defaults, so they stayed English on non-English sites. They now fall back to a translatable default that follows the site language (until the merchant sets a custom value).
• Improved: Translations updated and completed for German, French, Italian, Spanish and Dutch — all current strings are now translated.
• Tested up to WordPress 7.0.

1.0.12

• Security: the guest withdrawal search is now rate-limited per IP (default 10 attempts / 5 minutes, filterable) to prevent brute-forcing order number + email combinations.

1.0.11

• Fixed: On the guest withdrawal search form, a failed search (wrong details or network error) reset the button label to a hardcoded German string (“Bestellung suchen”) on non-German sites. The button now restores its original, localized label.

1.0.10

• Fixed: Bundled translations (German, French, Italian, Spanish, Dutch) were never loaded, so the storefront always showed English. The plugin now loads its /languages folder via load_plugin_textdomain() on init, so the front-end strings follow the site language.

1.0.9

• Security: the withdrawal-confirmation PDF download now requires admin rights, the logged-in order owner, or a valid order key — closing an access-control gap where guest-order PDFs (containing personal data) could be downloaded by enumerating withdrawal IDs.
• Hardening: the withdrawal log database layer now whitelists the order-by column/direction and the updatable columns, so SQL identifiers can never originate from request input.
• Hardening: client IP detection now uses REMOTE_ADDR by default and only trusts proxy/forwarding headers when explicitly enabled via the revoker_trust_proxy_headers filter (prevents IP spoofing in the audit log).

1.0.8

• Security: the guest withdrawal search now only succeeds when the order number AND email belong to the same order. The entered order number is re-checked against the resolved order (preventing a wrong number from resolving to a different order via ID coercion with custom order-number plugins), and a single generic error message no longer reveals whether an order number or email exists.

1.0.7

• Added: “Position in email” setting — show the withdrawal section at the bottom of the order confirmation email (below the address, now the default) or directly under the order items.
• Improved: Heading spacing in the withdrawal form, policy and model-form output is now normalized so themes with large default heading margins no longer add excessive top spacing.

1.0.6

• Added: Box position setting — show the withdrawal box below the billing/shipping address on the order page (now the default) or directly under the order items.
• Added: Configurable admin notification recipient(s) — choose which email address(es) receive withdrawal notifications, with comma-separated support.
• Added: Order lookup now matches custom order numbers from Sequential Order Numbers / Sequential Order Numbers Pro and similar plugins (both _order_number and _order_number_formatted), plus a revoker_find_order_by_number filter.
• Added: Show/hide toggles for the return address and the “next steps” section across the form, modal and confirmation email — useful for merchants who send a return label instead of receiving returns at their address.
• Added: Custom “next steps” text and a custom free-text block in the withdrawal box.
• Added: Withdrawal reasons are now configurable — toggle the reason selector and edit the list of reasons.

1.0.5

• Fixed: Withdrawal log table was never created on activation, causing “Error saving the withdrawal.” for all withdrawals. The activation hook was registered too late (on plugins_loaded) to fire during plugin activation.
• Added: Self-healing database check that creates the table on existing installs affected by the activation bug, with no manual reactivation required.

1.0.4

• Changed: Source language switched from German to English for WordPress.org GlotPress compatibility
• Added: German (de_DE) translation file with 100% coverage
• Updated: French (fr_FR), Spanish (es_ES), Italian (it_IT), Dutch (nl_NL) translations to 100% coverage
• Improved: All translatable strings now use English as source language (msgid)

1.0.3

• Fixed: Database insert failure when saving withdrawals (NULL datetime handling)
• Fixed: Modal on order confirmation page now shows item checkboxes for selection
• Fixed: Modal withdrawal submission now correctly sends selected items
• Added: Dedicated return address settings (company name, address, postcode, city)
• Improved: Return address in forms, emails, and withdrawal policy uses custom settings with WooCommerce fallback
• Improved: Error logging for failed database operations when WP_DEBUG is enabled

1.0.2

• Fixed: Escape all $withdrawal_period variables with absint()
• Fixed: Escape all $days_remaining variables with absint()
• Fixed: Escape $deadline and $withdrawal_url in plain text emails
• Fixed: Move PDF styles to external CSS file to avoid inline tag

1.0.1

• Fixed: Proper escaping of date_i18n() outputs
• Fixed: Use wp_enqueue functions for scripts and styles
• Fixed: Plugin URI now points to valid URL
• Added: Requires Plugins header for WooCommerce dependency
• Removed: WordPress.org directory assets from plugin package

1.0.0

• Initial stable release
• Withdrawal button on order details page
• Two-step withdrawal process
• Partial withdrawal of individual items
• Guest support via order search
• Email notifications (customer & admin)
• Withdrawal log in backend
• Product and category exceptions
• Exclude digital downloads
• Customizable button style (standard, outline, text link)
• Configurable withdrawal period (7-365 days)
• PDF generation for withdrawal confirmations
• Gutenberg block for withdrawal policy
• Withdrawal reason selection
• HPOS compatibility
• Translations for 6 languages