Release

Author: PDowney

.github/workflows/wp-compatibility-test.yml

@@ -1,3 +1,14 @@
+# This workflow performs comprehensive WordPress plugin compatibility and quality checks.Add commentMore actions
+# It runs multiple validation processes including:
+# - WordPress Plugin Check for WordPress.org compatibility
+# - PHP compatibility testing across multiple PHP versions (7.4, 8.0, 8.1, 8.2, 8.3)
+# - WordPress compatibility testing across multiple WP versions (6.4, 6.5, 6.6, 6.7, 6.8)
+# - PHPStan static analysis for WordPress-specific code quality
+# - WordPress security vulnerability scanning using pattern analysis
+# - PHPCS code standards validation for WordPress coding standards
+# - Code quality analysis and automated issue creation for failures
+# The workflow ensures the plugin meets WordPress.org standards and maintains compatibility.
+
 name: WordPress Compatibility & Plugin Check
 
 on:

.github/workflows/wp-tested-updater.yml

@@ -1,3 +1,10 @@
+
+# This workflow automatically monitors WordPress version compatibility for the plugin.
+# It checks if the "Tested up to" version in readme.txt matches the latest WordPress release.
+# The workflow runs weekly and on pushes to main branch to ensure compatibility information
+# stays current. When a newer WordPress version is available, it creates an issue or pull request
+# to update the compatibility information, helping maintain plugin currency with WordPress releases.
+
 name: WordPress Version Checker
 
 on:

CHANGELOG.md

@@ -1,5 +1,34 @@
 # Changelog for Simple WP Site Exporter
 
+## 1.6.6 - June 9, 2025
+### Security & Best Practices Improvements
+- **CRITICAL**: Added missing secure download and delete handlers for export files
+- **Text Domain Consistency**: Fixed all text domain inconsistencies to use 'simple-wp-site-exporter'
+- **Enhanced Shell Security**: Improved WP-CLI path validation with comprehensive security checks
+- **Path Traversal Protection**: Enhanced file path validation with better edge case handling
+- **Global Variable Handling**: Improved WordPress filesystem API initialization and error handling
+- **Rate Limiting**: Added download rate limiting (1 download per minute per user)
+- **Scheduled Deletion Security**: Added validation to scheduled file deletion to prevent unauthorized deletions
+- **Information Disclosure**: Sanitized error messages to prevent server path exposure
+- **Code Quality**: Removed duplicate function definitions and improved error handling
+
+### New Security Features
+- Enhanced WP-CLI binary validation with version checking
+- Proper filesystem API error handling throughout
+- User capability verification for all download/delete operations
+- Secure file serving with appropriate headers for large files
+- Request source validation and nonce verification
+
+## 1.6.5 - June 8, 2025
+### Code Quality Improvements
+- **PHPMD Compliance**: Refactored entire codebase to address PHP Mess Detector warnings and improve code quality
+- **Function Complexity**: Broke down large functions into smaller, single-responsibility functions for better maintainability
+- **Variable Naming**: Converted variable names to camelCase format to comply with PHPMD standards
+- **Error Handling**: Removed unnecessary error control operators (@) and improved error handling
+- **Code Structure**: Eliminated unnecessary else expressions and duplicate code
+- **Global Variables**: Fixed naming conventions for WordPress global variables
+- **Function Splitting**: Split complex boolean-flag functions into separate, dedicated functions
+
 ## 1.6.4 - June 6, 2025
 ### Bug Fixes
 - **Text Domain Fix**: Fixed mismatched text domain to properly use 'Simple-WP-Site-Exporter' instead of 'simple-wp-site-exporter' for WordPress plugin compliance

README.md

@@ -6,7 +6,7 @@
 [![PHP Compatible](https://img.shields.io/badge/PHP-7.4%2B-purple.svg?logo=php)](https://www.php.net/)
 
 ## Current Version
-[![Version](https://img.shields.io/badge/Version-1.6.4-orange.svg?logo=github)](https://github.com/EngineScript/Simple-WP-Site-Exporter/releases/latest/download/simple-wp-site-exporter-1.6.4.zip)
+[![Version](https://img.shields.io/badge/Version-1.6.6-orange.svg?logo=github)](https://github.com/EngineScript/Simple-WP-Site-Exporter/releases/latest/download/simple-wp-site-exporter-1.6.6.zip)
 
 ## Description
 A WordPress plugin that exports your entire site, including files and database, as a secure, downloadable ZIP archive.

readme.txt

@@ -3,7 +3,7 @@ Contributors: enginescript
 Tags: backup, export, migration, site export, database export
 Requires at least: 5.8
 Tested up to: 6.8
-Stable tag: 1.6.4
+Stable tag: 1.6.6
 Requires PHP: 7.4
 License: GPLv3 or later
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -72,6 +72,28 @@ Yes, the plugin is designed to be compatible with most shared hosting environmen
 
 == Changelog ==
 
+= 1.6.6 =
+* CRITICAL: Added missing secure download and delete handlers for export files
+* Fixed all text domain inconsistencies to use 'simple-wp-site-exporter'
+* Enhanced shell security with improved WP-CLI path validation and security checks
+* Improved path traversal protection with better edge case handling
+* Enhanced global variable handling for WordPress filesystem API
+* Added download rate limiting (1 download per minute per user)
+* Improved scheduled deletion security with proper file validation
+* Sanitized error messages to prevent server information disclosure
+* Removed duplicate function definitions and improved error handling
+* Added comprehensive security features including user capability verification
+
+= 1.6.5 =
+* Code quality improvements and PHPMD compliance
+* Refactored entire codebase to address PHP Mess Detector warnings
+* Broke down large functions into smaller, single-responsibility functions
+* Converted variable names to camelCase format for better code standards
+* Removed unnecessary error control operators and improved error handling
+* Eliminated unnecessary else expressions and duplicate code
+* Fixed naming conventions for WordPress global variables
+* Split complex boolean-flag functions into separate, dedicated functions
+
 = 1.6.4 =
 * Fixed text domain mismatch to use 'Simple-WP-Site-Exporter' for WordPress plugin compliance
 * Updated plugin header text domain to match expected slug format for WordPress.org directory standards