{"id":286895,"date":"2026-05-29T14:15:18","date_gmt":"2026-05-29T14:15:18","guid":{"rendered":"https:\/\/fr.wordpress.org\/plugins\/pdf-builder-pro\/"},"modified":"2026-05-29T14:15:01","modified_gmt":"2026-05-29T14:15:01","slug":"advanced-pdf-invoice-builder","status":"publish","type":"plugin","link":"https:\/\/cn.wordpress.org\/plugins\/advanced-pdf-invoice-builder\/","author":23442936,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.0","stable_tag":"1.0.0","tested":"6.9.4","requires":"6.2","requires_php":"8.2","requires_plugins":null,"header_name":"Advanced PDF Invoice Builder","header_author":"Natsenack","header_description":"PDF invoice builder with drag-and-drop editor for WooCommerce","assets_banners_color":"2c77f0","last_updated":"2026-05-29 14:15:01","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/github.com\/natsenack\/advanced-pdf-invoice-builder","header_author_uri":"https:\/\/github.com\/natsenack","rating":0,"author_block_rating":0,"active_installs":0,"downloads":84,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"natsenack","date":"2026-05-29 14:15:01"},"1.0.1":{"tag":"1.0.1","author":"natsenack","date":"2026-05-29 17:21:34"}},"upgrade_notice":{"1.3.27":"<p>WordPress.org compliance: nonce + capability checks on all AJAX handlers, strict comparisons, no silenced errors, PHPCBF auto-fixes, BOM cleanup. 0 security violations across 178 PHP files.<\/p>","1.0.3.24":"<p>Important update: full WordPress.org compliance revision (T2+T3). WP_CONTENT_DIR replaced by wp_upload_dir(), inline scripts via wp_add_inline_script(), exec() removed. Removed EDD update system.<\/p>","1.0.3.15":"<p>Recommended update with important fixes and improvements.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3553743,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3553738,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3553757,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3553756,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.0.1"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3553834,"resolution":"1","location":"assets","locale":"","width":1280,"height":720},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3553835,"resolution":"2","location":"assets","locale":"","width":1280,"height":720},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3553836,"resolution":"3","location":"assets","locale":"","width":1280,"height":720},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3553837,"resolution":"4","location":"assets","locale":"","width":1280,"height":720},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3553838,"resolution":"5","location":"assets","locale":"","width":1280,"height":720},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3553911,"resolution":"6","location":"assets","locale":"","width":1280,"height":720}},"screenshots":[]},"plugin_section":[],"plugin_tags":[2209,12480,1764,975,286],"plugin_category":[43,45,50],"plugin_contributors":[264959],"plugin_business_model":[],"class_list":["post-286895","plugin","type-plugin","status-publish","hentry","plugin_tags-generator","plugin_tags-invoice","plugin_tags-pdf","plugin_tags-template","plugin_tags-woocommerce","plugin_category-customization","plugin_category-ecommerce","plugin_category-media","plugin_contributors-natsenack","plugin_committers-natsenack"],"banners":{"banner":"https:\/\/ps.w.org\/advanced-pdf-invoice-builder\/assets\/banner-772x250.png?rev=3553756","banner_2x":"https:\/\/ps.w.org\/advanced-pdf-invoice-builder\/assets\/banner-1544x500.png?rev=3553757","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/advanced-pdf-invoice-builder\/assets\/icon-128x128.png?rev=3553743","icon_2x":"https:\/\/ps.w.org\/advanced-pdf-invoice-builder\/assets\/icon-256x256.png?rev=3553738","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/advanced-pdf-invoice-builder\/assets\/screenshot-1.png?rev=3553834","caption":""},{"src":"https:\/\/ps.w.org\/advanced-pdf-invoice-builder\/assets\/screenshot-2.png?rev=3553835","caption":""},{"src":"https:\/\/ps.w.org\/advanced-pdf-invoice-builder\/assets\/screenshot-3.png?rev=3553836","caption":""},{"src":"https:\/\/ps.w.org\/advanced-pdf-invoice-builder\/assets\/screenshot-4.png?rev=3553837","caption":""},{"src":"https:\/\/ps.w.org\/advanced-pdf-invoice-builder\/assets\/screenshot-5.png?rev=3553838","caption":""},{"src":"https:\/\/ps.w.org\/advanced-pdf-invoice-builder\/assets\/screenshot-6.png?rev=3553911","caption":""}],"raw_content":"<!--section=description-->\n<p>Advanced PDF Invoice Builder lets you create, customise and generate PDF invoices or documents directly from your WordPress admin area. Build your own templates with a live drag-and-drop canvas and attach them to WooCommerce orders automatically.<\/p>\n\n<p><strong>Free features:<\/strong><\/p>\n\n<ul>\n<li>Visual drag-and-drop PDF template editor (React 18, real-time preview)<\/li>\n<li>WooCommerce integration \u2014 auto-generate PDFs by order status, send to customer by email<\/li>\n<li>Up to <strong>1 custom template<\/strong> saved in the database<\/li>\n<li>4 built-in starter templates (invoice, delivery note, quote, receipt)<\/li>\n<li>Multilingual &amp; RTL support (<code>\/languages<\/code>)<\/li>\n<li>High-performance PDF generation engine (Puppeteer-based remote service with local\/system font stacks)<\/li>\n<li>Intelligent asset caching &amp; backup\/restore functionality<\/li>\n<li>Comprehensive analytics dashboard<\/li>\n<li>Full source code included (TypeScript + PHP, GPL v2)<\/li>\n<\/ul>\n\n<p><strong>Pro edition<\/strong> (available separately at hub.threeaxe.fr):<\/p>\n\n<ul>\n<li>Unlimited custom templates<\/li>\n<li>Gallery of 25+ premium pre-designed templates<\/li>\n<li>PNG \/ JPG image export<\/li>\n<li>Advanced canvas settings (custom margins, DPI, orientation, colours)<\/li>\n<li>Unlimited WooCommerce PDF rate limits<\/li>\n<li>Priority support<\/li>\n<\/ul>\n\n<h3>Source Code<\/h3>\n\n<p>This plugin contains minified\/compiled JavaScript and CSS files. The complete unminified source code is included in the plugin package under the <code>sources\/<\/code> directory, as required by WordPress.org guidelines.<\/p>\n\n<ul>\n<li><strong>Included sources:<\/strong> <code>sources\/js\/<\/code> and <code>sources\/css\/<\/code><\/li>\n<li><strong>Build tool:<\/strong> webpack 5 (<code>sources\/webpack.config.cjs<\/code>)<\/li>\n<li><strong>Build command:<\/strong> <code>npm install &amp;&amp; npm run build:free<\/code><\/li>\n<li><strong>Repository:<\/strong> https:\/\/github.com\/natsenack\/advanced-pdf-invoice-builder<\/li>\n<\/ul>\n\n<p><strong>Compiled assets and their sources:<\/strong><\/p>\n\n<ul>\n<li><code>assets\/js\/pdf-builder-react.min.js<\/code> \u2190 <code>sources\/js\/react\/<\/code> (TypeScript\/JSX)<\/li>\n<li><code>assets\/js\/vendors.min.js<\/code> \u2190 webpack vendor bundle (React, ReactDOM, etc.)<\/li>\n<li><code>assets\/js\/notifications.min.js<\/code> \u2190 <code>sources\/js\/admin\/notifications.js<\/code><\/li>\n<li><code>assets\/js\/settings-tabs.min.js<\/code> \u2190 <code>sources\/js\/admin\/settings-tabs.js<\/code><\/li>\n<li><code>assets\/js\/canvas-settings.min.js<\/code> \u2190 <code>sources\/js\/admin\/canvas-settings.js<\/code><\/li>\n<li><code>assets\/css\/pdf-builder-react.min.css<\/code> \u2190 <code>sources\/css\/pdf-builder-react.css<\/code><\/li>\n<li><code>assets\/css\/pdf-builder-admin-css.min.css<\/code> \u2190 <code>sources\/css\/pdf-builder-admin.css<\/code><\/li>\n<\/ul>\n\n<p><strong>Third-party library bundled as-is:<\/strong>\n* <code>assets\/js\/html2canvas.min.js<\/code> \u2014 html2canvas v1.4.1 (MIT) \u2014 https:\/\/github.com\/niklasvh\/html2canvas<\/p>\n\n<h3>Privacy Policy<\/h3>\n\n<p>This plugin collects anonymous deactivation feedback <strong>only when the user explicitly clicks \"Send and Deactivate\"<\/strong> in the optional feedback modal.<\/p>\n\n<p>Data collected and sent to the developer (hub.threeaxe.fr):<\/p>\n\n<ul>\n<li>Deactivation reason (selected from a predefined list)<\/li>\n<li>Optional free-text comment entered by the user<\/li>\n<li>Site URL<\/li>\n<li>Plugin version<\/li>\n<li>Date and time<\/li>\n<\/ul>\n\n<p>No passwords, no personal data, no tracking without consent.\nThe modal includes a \"Skip and Deactivate\" button that sends no data at all.<\/p>\n\n<h3>External Services<\/h3>\n\n<p>This plugin connects to the following third-party services. By using this plugin, you agree to their respective terms of service and privacy policies.<\/p>\n\n<h4>PDF Generation Service (pdf.threeaxe.fr)<\/h4>\n\n<p>Used to generate PDF documents from your templates. Your template data and order information may be sent to this service for rendering. This service is provided by Threeaxe and is required for all PDF generation. The generated HTML uses local\/system font stacks and does not load Google Fonts.\n* Service URL: https:\/\/pdf.threeaxe.fr\n* Privacy Policy: https:\/\/hub.threeaxe.fr\/privacy-policy\/\n* Terms of Service: https:\/\/hub.threeaxe.fr\/conditions-dutilisation<\/p>\n\n<h4>License Validation Server (hub.threeaxe.fr)<\/h4>\n\n<p>Used to activate, deactivate, and periodically verify your premium license key. This server is operated by Threeaxe, the plugin author.\n* Data sent: license key, site URL, plugin name, item ID.\n* When: (1) when you manually activate or deactivate a license key in the plugin settings; (2) automatically once per day on admin pages, but only when an active license key has been entered \u2014 no data is sent if no license key is configured.\n* Service URL: https:\/\/hub.threeaxe.fr\n* Privacy Policy: https:\/\/hub.threeaxe.fr\/privacy-policy\/\n* Terms of Service: https:\/\/hub.threeaxe.fr\/conditions-dutilisation<\/p>\n\n<h4>WordPress.org API (api.wordpress.org)<\/h4>\n\n<p>Used to check for plugin updates through the standard WordPress update mechanism.\n* Service URL: https:\/\/api.wordpress.org\n* Privacy Policy: https:\/\/automattic.com\/privacy\/\n* Terms of Service: https:\/\/wordpress.org\/about\/license\/<\/p>\n\n<h4>Google Drive (oauth2.googleapis.com \/ www.googleapis.com)<\/h4>\n\n<p>Optional integration to export generated PDFs directly to Google Drive. Only activated when you configure Google Drive integration in the plugin settings.\n* Service URL: https:\/\/oauth2.googleapis.com \/ https:\/\/www.googleapis.com\n* Privacy Policy: https:\/\/policies.google.com\/privacy\n* Terms of Service: https:\/\/developers.google.com\/terms<\/p>\n\n<h4>Dropbox (api.dropboxapi.com \/ www.dropbox.com)<\/h4>\n\n<p>Optional integration to export generated PDFs directly to Dropbox. Only activated when you configure Dropbox integration in the plugin settings.\n* Service URL: https:\/\/api.dropboxapi.com\n* Privacy Policy: https:\/\/www.dropbox.com\/privacy\n* Terms of Service: https:\/\/www.dropbox.com\/terms<\/p>\n\n<h4>Microsoft OneDrive (graph.microsoft.com \/ login.microsoftonline.com)<\/h4>\n\n<p>Optional integration to export generated PDFs to OneDrive. Only activated when you configure OneDrive integration in the plugin settings.\n* Service URL: https:\/\/graph.microsoft.com\n* Privacy Policy: https:\/\/privacy.microsoft.com\/en-us\/privacystatement\n* Terms of Service: https:\/\/www.microsoft.com\/en-us\/servicesagreement<\/p>\n\n<h4>Slack (slack.com \/ api.slack.com)<\/h4>\n\n<p>Optional integration to send PDF notifications to Slack channels. Only activated when you configure Slack integration in the plugin settings.\n* Service URL: https:\/\/api.slack.com\n* Privacy Policy: https:\/\/slack.com\/privacy-policy\n* Terms of Service: https:\/\/slack.com\/terms-of-service<\/p>\n\n<h4>HubSpot (api.hubapi.com)<\/h4>\n\n<p>Optional CRM integration to attach generated PDFs to HubSpot contacts and deals. Only activated when you configure HubSpot integration in the plugin settings.\n* Service URL: https:\/\/api.hubapi.com\n* Privacy Policy: https:\/\/legal.hubspot.com\/privacy-policy\n* Terms of Service: https:\/\/legal.hubspot.com\/terms-of-service<\/p>\n\n<h4>Salesforce (login.salesforce.com \/ .salesforce.com)<\/h4>\n\n<p>Optional CRM integration to attach generated PDFs to Salesforce records. Only activated when you configure Salesforce integration in the plugin settings.\n* Service URL: https:\/\/login.salesforce.com\n* Privacy Policy: https:\/\/www.salesforce.com\/company\/privacy\/\n* Terms of Service: https:\/\/www.salesforce.com\/company\/legal\/sfdc-website-terms-of-service\/<\/p>\n\n<h4>Deactivation Feedback (threeaxe.france@gmail.com)<\/h4>\n\n<p>When you deactivate the plugin, a modal dialog may appear and invite you to optionally share the reason for deactivation. If you choose to submit feedback, the following data is sent by email directly to the plugin author:\n* Data sent: deactivation reason, optional comment, site URL, site admin email address, server software, date\/time.\n* When: only if you click the \"Send feedback\" button in the deactivation modal. No data is sent if you skip the modal or close it.\n* Recipient: threeaxe.france@gmail.com (plugin author, Threeaxe)\nThis is entirely optional. You can deactivate the plugin without submitting any feedback.<\/p>\n\n<p><strong>Note:<\/strong> All third-party integrations are strictly opt-in and require explicit configuration by the site administrator. No data is sent to any third-party service without your consent and active configuration.<\/p>\n\n<h3>Author Links<\/h3>\n\n<p>This plugin also includes outbound links to author-owned pages for product information, purchase, support, and documentation.\nThese links are navigational only and do not automatically send site data to any external service.<\/p>\n\n<ul>\n<li>Product \/ upgrade pages: https:\/\/hub.threeaxe.fr<\/li>\n<li>Support tickets: https:\/\/hub.threeaxe.fr\/index.php\/ticket\/<\/li>\n<li>Documentation and repository: https:\/\/github.com\/natsenack\/advanced-pdf-invoice-builder<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Download and unzip the plugin to the <code>\/wp-content\/plugins\/<\/code> directory.<\/li>\n<li>Activate the plugin through the \"Plugins\" menu in WordPress.<\/li>\n<li>Go to \"PDF Builder\" in the main admin menu to configure your settings.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"which%20wordpress%20versions%20are%20supported%3F\"><h3>Which WordPress versions are supported?<\/h3><\/dt>\n<dd><p>Advanced PDF Invoice Builder requires WordPress 6.2 or later.<\/p><\/dd>\n<dt id=\"is%20this%20compatible%20with%20woocommerce%3F\"><h3>Is this compatible with WooCommerce?<\/h3><\/dt>\n<dd><p>Yes, Advanced PDF Invoice Builder provides native WooCommerce integration for automatic order PDF generation.<\/p><\/dd>\n<dt id=\"what%20pdf%20formats%20are%20supported%3F\"><h3>What PDF formats are supported?<\/h3><\/dt>\n<dd><p>The plugin generates standard PDF files compatible with all modern document readers.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Architecture: Plugin split into FREE + PRO editions \u2014 free core stays GPL v2, PRO add-on sold separately<\/li>\n<li>Free: up to 1 custom template (was unlimited in 1.3.27)<\/li>\n<li>Free: editor page (<code>pdf-builder-react-editor<\/code>) always accessible, no hidden sub-menu trick<\/li>\n<li>Free: fallback edit button (\u270f\ufe0f) on template cards when PRO is not active<\/li>\n<li>Free: lazy-initialisation of PredefinedTemplatesManager via <code>pdfib_predefined_templates_manager<\/code> filter<\/li>\n<li>Pro: unlimited templates, 25+ gallery templates, PNG\/JPG export, advanced canvas options<\/li>\n<li>Hook system: <code>pdfib_admin_menu_after_home<\/code>, <code>pdfib_predefined_templates_manager<\/code>, <code>pdfib_can_use_feature<\/code>, <code>pdfib_license_manager_instance<\/code>, <code>pdfib_premium_templates<\/code><\/li>\n<li>Fix: 403 on editor page when PRO inactive \u2014 removed <code>remove_submenu_page()<\/code> call<\/li>\n<li>Fix: static guard in <code>react_editor_page()<\/code> prevents double render when PRO is active<\/li>\n<li>Maintenance: version numbers reset to 1.0.0 for both editions<\/li>\n<\/ul>\n\n<h4>1.3.27<\/h4>\n\n<ul>\n<li>New: Dashboard page converted to React TSX component (DashboardPage) \u2014 dynamic stats, action cards, getting-started guide<\/li>\n<li>New: Upgrade modals converted to React TSX component (UpgradeModals) \u2014 exposes window.showUpgradeModal(reason) \/ window.closeUpgradeModal(id)<\/li>\n<li>New: Licence tab converted to React TSX component (LicencePage) \u2014 AJAX activate\/deactivate, key copy, details accordion, free\/premium comparison table, email reminders<\/li>\n<li>New: 3 new webpack bundles: dashboard-page-react.min.js, upgrade-modals-react.min.js, licence-page-react.min.js<\/li>\n<li>Fix: Missing tab indentation before exit; in upgrade-modals.php<\/li>\n<li>Fix: Array items in $pdfib_licence_data re-indented in settings-licence.php<\/li>\n<li>Fix: Added translators comments for sprintf strings in dashboard-page.php<\/li>\n<li>Fix: PHPDoc @param WC_Order \/ WC_Order_Item \/ WC_Order_Item_Fee replaced with @param object in HtmlRenderer (5) and OrderProductTableRenderer (5)<\/li>\n<li>Compliance: Remaining <code>phpcs:ignore<\/code> removed from the cron test AJAX handler; nonce validation now uses <code>check_ajax_referer()<\/code><\/li>\n<li>Compliance: <code>templates\/admin\/settings-loader.php<\/code> now uses <code>admin_enqueue_scripts<\/code> instead of <code>wp_enqueue_scripts<\/code><\/li>\n<li>Compliance: React editor bundle now depends on <code>wp-element<\/code>; empty <code>react<\/code> \/ <code>react-dom<\/code> sources removed<\/li>\n<li>Compliance: <code>PDFIB_PLUGIN_FILE<\/code> is defined once in <code>advanced-pdf-invoice-builder.php<\/code>; loader\/constants use that single source of truth<\/li>\n<li>Compliance: release ZIP now includes <code>sources\/js\/<\/code> and <code>sources\/css\/<\/code>, matching the documented source mappings for compiled JS and CSS assets<\/li>\n<li>Compliance: external services and opt-in feedback collection remain documented below in the dedicated sections for WP.org transparency<\/li>\n<\/ul>\n\n<h4>1.3.26<\/h4>\n\n<ul>\n<li>Fix: PHP Parse error in Puppeteer_Client.php \u2014 missing closing braces in render() and render_image() caused fatal errors<\/li>\n<li>Fix: NonEnqueuedStylesheet \u2014 removed the Google Fonts import in generated HTML and switched to local\/system font stacks<\/li>\n<li>Fix: DevelopmentFunctions \u2014 replaced wp_debug_backtrace_summary() with Exception::getTraceAsString()<\/li>\n<li>Fix: DiscouragedFunctions \u2014 removed global PHP execution-time adjustments and <code>set_error_handler()<\/code> calls<\/li>\n<li>Fix: NonPrefixedHooknameFound \u2014 replaced plugin_locale filter with determine_locale()<\/li>\n<li>Fix: SlowDBQuery \u2014 removed meta_query from get_users() \/ get_posts(), replaced with SQL \/ PHP filtering<\/li>\n<li>Fix: NonPrefixedVariableFound \u2014 all global variables prefixed with pdfib_ across templates and pages<\/li>\n<li>Fix: NonPrefixedFunctionFound \u2014 removed unprefixed helper functions from settings-contenu.php and handlers<\/li>\n<li>Fix: PHP syntax bugs in predefined-templates-manager.php and settings-licence.php<\/li>\n<li>Improve: PuppeteerEngine and Puppeteer_Client log under WP_DEBUG (license status, HTTP response visible)<\/li>\n<li>Maintenance: Plugin prefix renamed from <code>pdf<\/code> (3 chars) to <code>pdfib<\/code> (5 chars) across 176 PHP files and 16 JS\/TS source files \u2014 namespaces <code>PDF_Builder\\<\/code> \u2192 <code>PDFIB\\<\/code>, constants <code>PDF_BUILDER_<\/code> \u2192 <code>PDFIB_<\/code>, hooks\/options <code>pdf_builder_<\/code> \u2192 <code>pdfib_<\/code><\/li>\n<li>Maintenance: composer.json PSR-4 autoloader mappings updated<\/li>\n<li>Security: <code>wp_register_script('wp-preferences')<\/code> replaced with <code>wp_deregister_script()<\/code> \u2014 no longer re-registering WordPress core script handles<\/li>\n<li>Security: Enhanced XXE protection on sensitive template files<\/li>\n<li>Maintenance: IDE helper files excluded from production ZIP build<\/li>\n<li>Compliance: Conformit\u00e9 WordPress.org optimization and code quality improvements<\/li>\n<li>Status: Remains at version 1.3.26 \u2014 internal maintenance release<\/li>\n<\/ul>\n\n<h4>1.0.3.25<\/h4>\n\n<ul>\n<li>Security: Ajax_Handlers \u2013 added <code>current_user_can('manage_options')<\/code> to <code>pdf_builder_test_roles<\/code> handler; added <code>check_ajax_referer()<\/code> to <code>pdf_builder_verify_canvas_settings_consistency<\/code> handler; defined missing <code>pdf_builder_get_allowed_roles_ajax_handler<\/code> function with nonce and capability checks (was registered but never defined \u2013 would cause fatal PHP error)<\/li>\n<li>Security: Unified_Ajax_Handler \u2013 added <code>check_ajax_referer('pdf_builder_ajax', 'nonce')<\/code> to <code>handle_generate_pdf()<\/code>, <code>handle_generate_image()<\/code>, and <code>handle_get_preview_html()<\/code> (had capability checks but no nonce verification)<\/li>\n<li>Security: Frontend PDF GET URL (PDFBuilderContent.tsx) \u2013 added <code>nonce<\/code> parameter to direct PDF generation URL; webpack rebuild<\/li>\n<li>Security: Nonce_Manager \u2013 sanitize_text_field + wp_unslash on nonce input before verification<\/li>\n<li>Security: Sanitized all remaining <code>$_GET<\/code> \/ <code>$_REQUEST<\/code> \/ <code>$_POST<\/code> inputs across 34 files (wp_unslash + sanitize_text_field \/ absint \/ sanitize_key as appropriate)<\/li>\n<li>Compliance: Remaining <code>phpcs:ignore<\/code> removed from the cron test AJAX handler; nonce validation now uses <code>check_ajax_referer()<\/code><\/li>\n<li>Compliance: <code>templates\/admin\/settings-loader.php<\/code> now uses <code>admin_enqueue_scripts<\/code> instead of <code>wp_enqueue_scripts<\/code><\/li>\n<li>Compliance: React editor bundle now depends on <code>wp-element<\/code>; empty <code>react<\/code> \/ <code>react-dom<\/code> sources removed<\/li>\n<li>Compliance: <code>PDFIB_PLUGIN_FILE<\/code> is defined once in <code>advanced-pdf-invoice-builder.php<\/code>; loader\/constants use that single source of truth<\/li>\n<li>Compliance: release ZIP now includes <code>sources\/js\/<\/code> and <code>sources\/css\/<\/code>, matching the documented source mappings for compiled JS and CSS assets<\/li>\n<li>Compliance: external services and opt-in feedback collection remain documented below in the dedicated sections for WP.org transparency<\/li>\n<li>Security: Sanitized <code>$_POST<\/code> array deep-accesses across 16 files<\/li>\n<li>Compliance: esc_attr() applied on 15 output points in settings-developpeur template; absint() on license ID parameter; wp_send_json_success return values normalized<\/li>\n<li>Compliance: Added <code>ABSPATH<\/code> direct-access guard to 43 PHP files missing the standard protection<\/li>\n<li>Compliance: all <code>$wpdb<\/code> DirectDatabaseQuery and PreparedSQL calls reviewed (100+ occurrences)<\/li>\n<li>Compliance: ~335 static HTML echo statements reviewed (no user input, no XSS risk)<\/li>\n<li>Compliance: Renamed option key <code>pdfb_free_pdf_slots<\/code> \u2192 <code>pdf_builder_free_pdf_slots<\/code> to comply with WP.org prefix requirements<\/li>\n<li>Compliance: TransientDebugger \u2013 all debug output now gated behind <code>WP_DEBUG<\/code> constant<\/li>\n<li>Compliance: PHP filesystem functions used with justification in 10 files<\/li>\n<li>Compliance: ZIP build script \u2013 excluded test files, IDE helper files, and development-only files from plugin archive<\/li>\n<li>Audit: Full security scan \u2013 0 errors remaining for EscapeOutput, NonceVerification, ValidatedSanitizedInput sniffs across all 178 PHP files\n\n<ul>\n<li>WordPress.org Pass 1 (security): sanitize all inputs (map_deep + wp_kses_post), remove debug $_POST logs, fix wp_verify_nonce wrapping, sanitize_file_name for uploads<\/li>\n<li>WordPress.org Pass 2 (escape): esc_html on translated format strings, esc_js for hook variable, sanitize CSS values in generate_theme_css(), wp_kses_post for render_step_content()<\/li>\n<li>WordPress.org Pass 3 (prefix): rename post type pdf_template \u2192 pdf_builder_template across 7 files; prefix global constants ELEMENT_PROPERTY_RESTRICTIONS \/ ELEMENT_TYPE_MAPPING (\u2192 PDF_BUILDER_<em>); prefix global functions isPropertyAllowed \/ getPropertyDefault \/ validateProperty \/ fixInvalidProperty (\u2192 pdf_builder_<\/em>); rename class PDF_Template_Status_Manager \u2192 PDF_Builder_Template_Status_Manager; rename AJAX actions pdf_editor_* \u2192 pdf_builder_editor_*<\/li>\n<li>WordPress.org Pass 4 (discouraged functions): remove UTF-8 BOM from 8 files; replace shell_exec(\"php -l\") with token_get_all() (Health Monitor); replace exec('tar') x3 with ZipArchive (Backup Recovery); remove hardcoded Gmail credentials and XOR\/base64 decode_pass() (Deactivation Feedback) \u2013 replaced with wp_mail(); urlencode() \u2192 rawurlencode() in licence settings; legitimate AES-256-CBC base64 usage retained with justification<\/li>\n<\/ul><\/li>\n<li>WordPress.org compliance: removed httpbin.org external HTTP test call in PDF_Builder_Test_Suite \u2013 replaced with home_url() local self-request<\/li>\n<li>WordPress.org compliance: replaced hardcoded WP_CONTENT_DIR \/ ABSPATH \/ WP_LANG_DIR constants with proper WP API functions (wp_upload_dir(), plugin_dir_path(), load_plugin_textdomain())<\/li>\n<li>WordPress.org compliance: stripped external URLs from html2canvas.min.js license comment header (local bundled library, no remote call)<\/li>\n<li>WordPress.org compliance: privacy policy and terms of service URLs updated to hub.threeaxe.fr across readme and settings pages<\/li>\n<li>Architecture: removed PDF_Builder_Cache_Manager \u2013 cache system (400+ lines, cron, 4 AJAX handlers, admin UI) completely withdrawn; plugin operates identically without it<\/li>\n<li>Fix: corrected residual JS console error caused by removed cache manager references<\/li>\n<li>Compliance: hook name renamed <code>pdfBuilderCanvasSettingsUpdated<\/code> \u2192 <code>pdf_builder_canvas_settings_updated<\/code> (WP naming convention: lowercase snake_case)<\/li>\n<li>Compliance: WooCommerce capabilities <code>manage_woocommerce<\/code> and <code>edit_shop_orders<\/code> declared as known custom capabilities \u2013 removes 30 false-positive warnings<\/li>\n<li>Compliance: intentional <code>@<\/code> error suppression documented in 6 files (FileSystemHelper, MU_Plugin_Blocker, Backup_Restore_Manager, WooCommerce_Integration, settings-helpers)<\/li>\n<li>Compliance: local PHP filesystem functions used with justification in 11 additional files (file_get_contents, file_put_contents on local paths \u2013 wp_remote_get() is not appropriate)<\/li>\n<li>Compliance: <code>WordPress.PHP.StrictInArray<\/code> \u2013 added <code>true<\/code> as strict third argument to all <code>in_array()<\/code> and <code>array_search()<\/code> calls across 51 files (116+ occurrences) \u2013 prevents type-coercion bypass<\/li>\n<li>Compliance: PHPCBF auto-fixed 450 formatting violations in 86 files (<code>==<\/code>\u2192<code>===<\/code>, <code>!=<\/code>\u2192<code>!==<\/code>, line endings, indentation, string quoting, spacing)<\/li>\n<li>Fix: removed UTF-8 BOM accidentally introduced by batch processing script \u2013 all 51 affected files cleaned<\/li>\n<li>Audit: 0 errors remaining for EscapeOutput, NonceVerification, ValidatedSanitizedInput, ByteOrderMark, PHP Syntax, ValidHookName, Capabilities, NoSilencedErrors, StrictInArray, AlternativeFunctions across 178 PHP files<\/li>\n<li>Fix: canvas margins not saving \u2013 JS now sends '0' for unchecked single checkboxes; PHP validation added patterns for <code>_show_<\/code> (boolean) and <code>_margin_<\/code> (intval clamped 0-500)<\/li>\n<li>Fix: template modal DPI list showed all DPIs instead of only active ones \u2013 <code>PDF_Builder_Templates_Ajax<\/code> now reads <code>pdf_builder_canvas_dpi<\/code> CSV instead of legacy <code>pdf_builder_available_dpi<\/code><\/li>\n<li>Fix: only last DPI value saved when multiple checked \u2013 removed <code>name.slice(0,-2)<\/code> stripping in FormData loop; <code>[]<\/code> suffix now preserved so PHP receives an array<\/li>\n<li>Fix: DPI overwritten to '0' after saving main settings form \u2013 excluded <code>pdf_builder_canvas_dpi<\/code>, <code>pdf_builder_canvas_formats<\/code>, <code>pdf_builder_canvas_orientations<\/code> from <code>save_content_settings()<\/code> foreach; removed duplicate <code>canvas_dpi<\/code> from <code>$general_settings<\/code><\/li>\n<li>Fix: 403 error on PNG\/JPG generation in WooCommerce order metabox \u2013 <code>handle_generate_image()<\/code> now accepts both <code>pdf_builder_ajax<\/code> and <code>pdf_builder_order_actions<\/code> nonces; added <code>manage_options<\/code> fallback in permission check<\/li>\n<li>Compliance: deactivation feedback email now sent to plugin author via <code>apply_filters('pdf_builder_feedback_email', ...)<\/code> instead of site admin email; disclosed in readme (wp.org data collection transparency)<\/li>\n<\/ul>\n\n<h4>1.0.3.24<\/h4>\n\n<ul>\n<li>Code quality: fixed 630 PHPStan errors (level 5) to 0 \u2013 complete static analysis now passes cleanly<\/li>\n<li>Fix: corrected NONCE_INVALID race condition in PDFEditorPreferences (_initialized guard, nonce rotation, retry cap)<\/li>\n<li>Security: added error_log debug coverage on all sensitive PHP areas (Ajax_Handler, Ajax_Base, Security_Validator, User_Manager, NonceManager, Templates_Ajax x8 handlers, Template_Manager nonce bypass warning, Database_Initializer)<\/li>\n<li>Security: added console.log\/warn\/error in ClientNonceManager (refresh, setNonce, addToFormData) and ajax-throttle.js<\/li>\n<li>IDE: completed WordPress helper declarations in phpdoc support files - 30+ missing functions and constants resolved for Intelephense<\/li>\n<li>Fix: removed UTF-8 BOM from templates\/admin\/templates-page.php<\/li>\n<li>WordPress.org compliance (T2+T3): replaced all WP_CONTENT_DIR usages with wp_upload_dir() across 12+ files<\/li>\n<li>WordPress.org compliance (T2+T3): converted all json_encode() to wp_json_encode() in PHP core classes and templates<\/li>\n<li>WordPress.org compliance (T2+T3): converted echo \"\" inline scripts to wp_add_inline_script() in PDF_Builder_Admin, AdminScriptLoader, ReactAssetsV2<\/li>\n<li>WordPress.org compliance (T2+T3): sanitized all $_SERVER variables (REQUEST_URI, HTTP_USER_AGENT, REMOTE_ADDR, SERVER_SOFTWARE, CONTENT_TYPE, HTTP_X_HUB_SIGNATURE)<\/li>\n<li>WordPress.org compliance: all admin notices are now dismissible (is-dismissible)<\/li>\n<li>WordPress.org compliance: documented source code and build process in readme<\/li>\n<li>WordPress.org compliance: replaced move_uploaded_file with wp_handle_upload<\/li>\n<li>WordPress.org compliance: refactored PHPMailer usage via phpmailer_init hook<\/li>\n<li>WordPress.org compliance: removed direct CDN references (jsdelivr.net polyfills)<\/li>\n<li>WordPress.org compliance: hardened nonce checks with wp_unslash + sanitize_text_field<\/li>\n<li>WordPress.org compliance: excluded IDE-only helper files from plugin ZIP<\/li>\n<li>WordPress.org compliance: removed unprefixed wp_ajax_test_ajax action<\/li>\n<li>WordPress.org compliance: renamed wp_ajax_verify_canvas_settings_consistency with proper pdf_builder_ prefix<\/li>\n<li>WordPress.org compliance: removed global PHP execution-time adjustments from the <code>plugins_loaded<\/code> hook<\/li>\n<li>WordPress.org compliance: converted ob_start() to callback pattern to guarantee buffer closure<\/li>\n<li>WordPress.org compliance: replaced hardcoded \/wp-admin\/admin-ajax.php with wp_parse_url(admin_url())<\/li>\n<li>WordPress.org compliance: removed EDD update system - updates now exclusively handled by WordPress.org<\/li>\n<li>Security: replaced exec(\"tar ...\") with PharData::extractTo() in PDF_Builder_Backup_Recovery_System<\/li>\n<li>Security: sanitized client IP extraction in AnalyticsTracker via sanitize_text_field(wp_unslash())<\/li>\n<li>Code quality: replaced rename() with WP_Filesystem::move() in backup\/restore manager<\/li>\n<li>Code quality: normalized line endings (LF) in templates-page.php<\/li>\n<li>Architecture: created missing classes AnalyticsInterface, ModeSwitcher, CanvasModeProvider, MetaboxModeProvider<\/li>\n<li>Architecture: added PSR-4 mapping for PDF_Builder\\Analytics\\ in composer.json, regenerated autoload (86 classes)<\/li>\n<li>Documentation: documented all external third-party services in readme.txt<\/li>\n<li>Intelephense: added wp_parse_url() helper declaration (fixes P1010 error in Security_Monitor)<\/li>\n<\/ul>\n\n<h4>1.0.3.23<\/h4>\n\n<ul>\n<li>UX: Save button is now disabled (greyed) on page load and after successful save, re-enabled on field change<\/li>\n<\/ul>\n\n<h4>1.0.3.22<\/h4>\n\n<ul>\n<li>Fix: corrected comments embedded in SQL strings in settings-templates.php (PDF_Template_Status_Manager-&gt;load_templates)<\/li>\n<\/ul>\n\n<h4>1.0.3.21<\/h4>\n\n<ul>\n<li>Fix: corrected 63 occurrences of comments embedded in multiline SQL strings across 11 PHP files<\/li>\n<\/ul>\n\n<h4>1.0.3.20<\/h4>\n\n<ul>\n<li>WordPress.org compliance: extended output escaping with wp_kses_post(), esc_url(), esc_js(), esc_html()<\/li>\n<li>WordPress.org compliance: sanitized GET data with wp_unslash() + sanitize_text_field()<\/li>\n<li>WordPress.org compliance: synchronized stable_tag to 1.0.3.20 in readme.txt and readme-fr_FR.txt<\/li>\n<li>Fix: removed 4 empty JS files from repository<\/li>\n<li>Fix: corrected comments embedded in SQL strings (63 occurrences, 11 files)<\/li>\n<\/ul>\n\n<h4>1.0.3.15<\/h4>\n\n<ul>\n<li>Performance improvements and bug fixes<\/li>\n<li>Updated third-party dependencies<\/li>\n<li>Enhanced security features<\/li>\n<li>Improved documentation<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial public release<\/li>\n<\/ul>","raw_excerpt":"Professional PDF invoice and document builder for WordPress \u2014 visual drag-and-drop editor with WooCommerce integration.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/286895","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=286895"}],"author":[{"embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/natsenack"}],"wp:attachment":[{"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=286895"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=286895"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=286895"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=286895"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=286895"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=286895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}