feat: add custom cron schedules workflow

[RaduCristianPopescu]

Summary

Added a new tab in Settings, allowing users to create custom cron schedules.

Will affect visual aspect of the product

YES

Screenshots

Closes https://github.com/Codeinwp/feedzy-rss-feeds-pro/issues/913

[pirate-bot]

Plugin build for 8b553ae is ready 🛎️!

• Download build

Note

You can preview the changes in the Playground

[Copilot]

Pull Request Overview

This PR adds a new "Schedules" tab to the Feedzy RSS Feeds settings page, allowing users to create and manage custom cron schedules. The feature provides a UI for adding schedules with interval (in seconds), display name, and internal name, along with the ability to delete existing schedules.

Key Changes:

• Added a new "Schedules" tab with form inputs for creating custom cron schedules
• Implemented JavaScript functionality for adding/removing schedules dynamically
• Added backend processing to save custom schedules and integrate them with WordPress cron system

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
includes/layouts/settings.php	Added the schedules tab UI with form inputs and table display
js/feedzy-setting.js	Added JavaScript handlers for adding and deleting custom schedules
includes/admin/feedzy-rss-feeds-admin.php	Added backend processing for saving schedules and WordPress cron integration
includes/feedzy-rss-feeds.php	Registered the custom cron schedules filter hook
css/settings.css	Added styling for the schedules table and form elements

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

The logical operator should be && instead of ||. Currently, the condition will always be true because ! empty($saved_settings['custom_schedules']) and ! is_array($saved_settings['custom_schedules']) cannot both be false simultaneously. This means the code will execute even when custom_schedules is empty or not an array.

Suggested change

	if ( ! empty( $saved_settings['custom_schedules'] ) || ! is_array( $saved_settings['custom_schedules'] ) ) {
	if ( ! empty( $saved_settings['custom_schedules'] ) && is_array( $saved_settings['custom_schedules'] ) ) {

[Copilot]

The validation only checks for truthy values but doesn't validate that the interval is a positive number or that the name doesn't contain special characters that could cause issues with HTML attributes or form names.

Suggested change

	if (!interval || !display || !name) {
	// Validate interval is a positive number
	const intervalNum = Number(interval);
	const nameIsValid = /^[A-Za-z0-9_]+$/.test(name);
	if (
	!interval ||
	!display ||
	!name ||
	isNaN(intervalNum) ||
	intervalNum <= 0 ||
	!nameIsValid
	) {
	// Optionally, show a user-friendly error message here

[Copilot]

The name variable is inserted directly into HTML without escaping, which could lead to XSS vulnerabilities if the name contains malicious content. The values should be escaped before being inserted into the HTML.

Suggested change

	<input type="hidden" value="${display}" name="fz-custom-schedule-interval[${name}][display]">
	<tr data-schedule="${escapeHtml(name)}">
	<td class="fz-schedule-attributes">
	<strong>${escapeHtml(name)}</strong>
	</td>
	<td class="fz-schedule-attributes">
	${escapeHtml(interval)}
	</td>
	<td class="fz-schedule-attributes">
	${escapeHtml(display)}
	</td>
	<td class="fz-schedule-attributes">
	<button type="button" class="btn btn-outline-primary fz-delete-schedule fz-is-destructive" data-schedule="${escapeHtml(name)}">
	Delete
	</button>
	</td>
	<input type="hidden" value="${escapeHtml(interval)}" name="fz-custom-schedule-interval[${escapeHtml(name)}][interval]">
	<input type="hidden" value="${escapeHtml(display)}" name="fz-custom-schedule-interval[${escapeHtml(name)}][display]">

[Copilot]

The name variable is inserted directly into the data-schedule attribute without escaping, which could lead to attribute injection vulnerabilities.

Suggested change

	<input type="hidden" value="${display}" name="fz-custom-schedule-interval[${name}][display]">
	<button type="button" class="btn btn-outline-primary fz-delete-schedule fz-is-destructive" data-schedule="${escapedName}">
	Delete
	</button>
	</td>
	<input type="hidden" value="${interval}" name="fz-custom-schedule-interval[${escapedName}][interval]">
	<input type="hidden" value="${display}" name="fz-custom-schedule-interval[${escapedName}][display]">

[Copilot]

There's an extra space before the CSS selector .fz-schedules-table which should be removed for consistency.

Suggested change

	.fz-schedules-table {
	.fz-schedules-table {

[pirate-bot]

🎉 This PR is included in version 5.1.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀