Multi-Form Anti-Spam Image CAPTCHA

Változási napló

2.0.0 – Jun 5, 2026

• New – Merged every feature from the former Multi-Form Anti-Spam Image CAPTCHA Pro add-on into the free plugin: Gravity Forms field, Elementor Pro Forms validation, WooCommerce login/registration/checkout, WordPress login/registration/lost-password/reset, native WordPress comments, audio accessibility, 780+ bundled SVG icons, full styling controls, custom-icon picker, reverse honeypot, submission speed check, AJAX lazy loading and JSON settings export/import.
• New – Added a per-render tamper token that blocks stripped or modified CAPTCHA fields.
• New – Added the pbmfasic_skip_wp_login_option, pbmfasic_skip_validation and pbmfasic_force_synchronous_render developer filters.
• Enhancement – Standardized every plugin option under the pbmfasic_ prefix and removed the global pre_option_* filter shim used by the legacy Pro plugin.
• Enhancement – Rebuilt the settings page with a dedicated Styling tab and a grouped General tab (Form Integrations, Spam Protection, Loading and Difficulty, Icon Set, Custom Messages, Credit Link) alongside Installation Instructions and Tools.
• Enhancement – Replaced the „—” placeholder rows on the Styling dropdowns with real defaults (Display Style: Full width, Icon Alignment: Left, Icon Border: Show, Border Style: Solid, Text Align: Left, Icon Title Style: Normal, Text Location: Above icons).
• Enhancement – Selected captcha icons now get a visible default border highlight (WP-admin blue) so clicks register without first configuring the color pickers.
• Enhancement – Submission Speed Check threshold defaults to 2000 ms; enabling the check no longer silently passes every submission when the value was never saved.
• Enhancement – Replaced the inverted „Disable Honeypot” toggle with a positive-sense „Enable honeypot fields (recommended)” checkbox.
• Enhancement – Comment-form CAPTCHA failures now render WordPress’s standard „Comment Submission Failure” page (with native Back-button recovery) instead of a custom error screen.
• Enhancement – Hardened output escaping, input sanitization, nonce verification and $wpdb prepared statements across the codebase.
• Enhancement – Made the „Powered by” footer link opt-in and disabled by default.
• Fix – Audio AJAX endpoint URL now includes the missing = after t, so the per-radio audio file loads correctly in every browser.
• Fix – Gravity Forms editor shows a CAPTCHA placeholder instead of attempting to render the live challenge inside the form builder.
• Fix – Contact Form 7 validation errors are now anchored to the CAPTCHA field instead of falling back to the generic „One or more fields have an error” tip.
• Security – Capped the audio AJAX endpoint to one response per captcha key so bots cannot enumerate which radio is correct by comparing response sizes between probes.
• Security – Public [pbmfasic-svg] shortcode now sanitizes inline SVG output with wp_kses() for every caller, not just the captcha renderer.
• Security – Wrapped the translatable „Select the %s to verify.” prompt in wp_kses_post() so a hostile translation cannot inject HTML or JavaScript.
• Security – Validator::sanitize_post_value() rejects array values so a pbmfasic_captcha[]=foo payload no longer feeds sanitize_text_field() an array.
• i18n – Display name updated to „Multi-Form Anti-Spam Image CAPTCHA”. Plugin slug, text domain and stored option keys are unchanged.

1.0.2 – Mar 5, 2026

• Fix – Contact Form 7 validation errors now correctly highlight the CAPTCHA field instead of displaying generically.
• Fix – Multiple CAPTCHAs on the same page now work independently with correct screen-reader associations.
• Enhancement – Improved compatibility with form plugin stylesheets for icon radio-button display.

1.0.1 – Dec 11, 2025

• Enhancement – Rebranded plugin to MultiForm Anti-Spam Image CAPTCHA.
• Fix – Corrected database table prefixes preventing validation on some installs.

1.0.0 – Dec 3, 2025

• New – Initial release.