Update readme.txt: bump stable tag to 4.2.3, expand changelog with Pro features and security improvements

Author: ajaydsouza

README.md

@@ -132,8 +132,8 @@ Contextual Related Posts is available for [translation directly on WordPress.org
 
 ## Screenshots
 
-![General Options](https://raw.github.com/WebberZone/contextual-related-posts/master/wporg-assets/screenshot-1.png)
-_Contextual Related Posts - General Options_
+![Frontend View](https://raw.github.com/WebberZone/contextual-related-posts/master/wporg-assets/screenshot-1.png)
+_Contextual Related Posts - Frontend View_
 
 More screenshots are available on the [WordPress plugin page](https://wordpress.org/plugins/contextual-related-posts/screenshots/)
 

readme.txt

@@ -2,7 +2,7 @@
 Tags: related posts, related, contextual related posts, similar posts, seo
 Contributors: webberzone, ajay
 Donate link: https://wzn.io/donate-crp
-Stable tag: 4.2.2
+Stable tag: 4.2.3
 Requires at least: 6.6
 Tested up to: 6.9
 Requires PHP: 7.4
@@ -199,10 +199,20 @@ The plugin also handles SSL, resizing, and fallback mechanisms automatically for
 	* (Pro) Added ACF field support for thumbnails: specify an Advanced Custom Fields Image or Text field name in the thumbnail settings. Supports all ACF Image field return formats (Image Array, Image ID, Image URL) as well as plain Text fields containing a URL.
 
 * Modifications:
+	* [Pro] Scheduled reconciliation cron: a twicedaily background job now automatically syncs any published posts that are missing from the custom search index table — keeps the index complete without manual intervention.
+	* [Pro] Custom table upsert optimized to use `INSERT ... ON DUPLICATE KEY UPDATE`, reducing write contention on high-traffic sites.
+	* [Pro] Database check results are now cached within a request, reducing redundant `SHOW TABLES` queries on pages that check table status multiple times.
+	* [Pro] Tools page migration and undo scripts are now loaded as external JavaScript files (via `wp_enqueue_script`) instead of inline `<script>` blocks — improves compatibility with strict Content Security Policies.
+	* [Pro] Copy-to-clipboard buttons on the tools and custom tables pages are now initialized automatically; no per-block inline script needed.
+	* [Pro] The Include Categories Tom Select field in the post metabox is now correctly initialized.
+	* [Pro] Network admin: settings copy URL cleanup and select-all checkbox logic moved to an external JavaScript file.
+	* Tom Select fields in the settings now include a clear button for easier value removal.
+	* Fixed spinner alignment inside action buttons (now displays inline rather than floating).
 	* The custom CSS will now always be available in the frontend when the field contains CSS.
 	* Manual Related Posts lookup improved.
 
 * Fixes:
+	* Security hardening: improved output escaping in settings forms and metabox fields.
 	* Fixed Tom Select value extraction for multiselect fields which gave a JS error.
 
 = 4.2.2 =
@@ -261,5 +271,4 @@ For the changelog of earlier versions, please refer to the separate changelog.tx
 == Upgrade Notice ==
 
 = 4.2.3 =
-Pro: Added ACF field support for thumbnails.
-Modifications: Improved Manual Related Posts lookup.
+Pro: Added ACF field support for thumbnails. Scheduled reconciliation cron for custom search index. Security hardening and multiple admin UI improvements.

vendor/freemius/assets/js/pricing/freemius-pricing.js

@@ -6558,10 +6558,7 @@ private function maybe_schedule_sync_cron() {
             $next_schedule = $this->next_sync_cron();
 
             // The event is properly scheduled, so no need to reschedule it.
-            if (
-                is_numeric( $next_schedule ) &&
-                $next_schedule > time()
-            ) {
+            if ( is_numeric( $next_schedule ) ) {
                 return;
             }
 
@@ -7098,7 +7095,6 @@ private function add_sticky_optin_admin_notice() {
          */
         function _enqueue_connect_essentials() {
             wp_enqueue_script( 'jquery' );
-            wp_enqueue_script( 'json2' );
 
             fs_enqueue_local_script( 'postmessage', 'nojquery.ba-postmessage.js' );
             fs_enqueue_local_script( 'fs-postmessage', 'postmessage.js' );
@@ -17436,7 +17432,7 @@ function setup_network_account(
                 FS_User_Lock::instance()->unlock();
             }
 
-            if ( 1 < count( $installs ) ) {
+            if ( 1 < count( $installs ) || fs_is_network_admin() ) {
                 // Only network level opt-in can have more than one install.
                 $is_network_level_opt_in = true;
             }

vendor/freemius/includes/class-freemius.php

@@ -540,9 +540,32 @@ function pre_set_site_transient_update_plugins_filter( $transient_data ) {
                 return $transient_data;
             }
 
+            // Alias.
+            $basename = $this->_fs->premium_plugin_basename();
+
             global $wp_current_filter;
 
-            if ( ! empty( $wp_current_filter ) && in_array( 'upgrader_process_complete', $wp_current_filter ) ) {
+            /**
+             * During bulk updates, avoid re-injecting update data for the plugin itself once it has already been updated.
+             *
+             * If the custom package is re-added to the transient after the plugin update, WordPress may detect the package again and incorrectly report "The plugin is at the latest version" for a pending update, since the custom package version matches the currently installed version.
+             *
+             * Behavior differs depending on how the bulk update is triggered. Please refer to the inline comments for each flow below for details.
+             */
+            if (
+                ! empty( $wp_current_filter ) && (
+                    /**
+                     * update-core.php and other upgrader pages:
+                     * The `upgrader_process_complete` action fires only once after all updates have finished. In this case, it is the current action (`$wp_current_filter[0]`), while `self::$_upgrade_basename` may contain any plugin basename.
+                     */
+                    'upgrader_process_complete' === $wp_current_filter[0] ||
+                    /**
+                     * AJAX bulk updates (e.g., from the Plugins page):
+                     * The `upgrader_process_complete` action fires multiple times — once for each plugin after it finishes updating. In this flow, it is not the current action (`$wp_current_filter[0]`) because it is triggered from another action. Instead, we compare `self::$_upgrade_basename` with the basename of the plugin currently being updated, since the `upgrader_process_complete` action runs separately for each plugin.
+                     */
+                    ( in_array( 'upgrader_process_complete', $wp_current_filter ) && self::$_upgrade_basename === $basename )
+                )
+            ) {
                 return $transient_data;
             }
 
@@ -566,9 +589,6 @@ function pre_set_site_transient_update_plugins_filter( $transient_data ) {
                 }
             }
 
-            // Alias.
-            $basename = $this->_fs->premium_plugin_basename();
-
             if ( is_object( $this->_update_details ) ) {
                 if ( isset( $transient_data->no_update ) ) {
                     unset( $transient_data->no_update[ $basename ] );

vendor/freemius/includes/class-fs-plugin-updater.php

@@ -10,6 +10,9 @@
 	 * @license     https://www.gnu.org/licenses/gpl-3.0.html GNU General Public License Version 3
 	 * @since       1.1.5
 	 */
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
 
 	if ( ! function_exists( 'fs_normalize_path' ) ) {
 		if ( function_exists( 'wp_normalize_path' ) ) {

vendor/freemius/includes/fs-essential-functions.php

@@ -77,7 +77,7 @@ public function get_standalone_link( Freemius $fs ) {
 			$query_params = $this->get_query_params( $fs );
 
 			$query_params['is_standalone'] = 'true';
-			$query_params['parent_url']    = admin_url( add_query_arg( null, null ) );
+			$query_params['parent_url']    = admin_url( add_query_arg( '', '' ) );
 
 			return WP_FS__ADDRESS . '/contact/?' . http_build_query( $query_params );
 		}

vendor/freemius/includes/managers/class-fs-contact-form-manager.php

@@ -6,6 +6,9 @@
      * @package   Freemius
      * @since     2.6.2
      */
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
 
     class FS_DebugManager {
 

vendor/freemius/includes/managers/class-fs-debug-manager.php

@@ -15,7 +15,7 @@
 	 *
 	 * @var string
 	 */
-	$this_sdk_version = '2.13.0';
+	$this_sdk_version = '2.13.1';
 
 	#region SDK Selection Logic --------------------------------------------------------------------
 

vendor/freemius/start.php

@@ -252,6 +252,8 @@
     $available_license_paid_plan = is_object( $available_license ) ?
         $fs->_get_plan_by_id( $available_license->plan_id ) :
         null;
+
+    $is_dev_mode = ( defined( 'WP_FS__DEV_MODE' ) && WP_FS__DEV_MODE );
 ?>
 	<div class="wrap fs-section">
 		<?php if ( ! $has_tabs && ! $fs->apply_filters( 'hide_account_tabs', false ) ) : ?>
@@ -787,7 +789,7 @@ class="fs-tag fs-<?php echo $fs->can_use_premium_code() ? 'success' : 'warn' ?>"
 											<th><?php echo esc_html( $plan_text ) ?></th>
 											<th><?php fs_esc_html_echo_x_inline( 'License', 'as software license', 'license', $slug ) ?></th>
 											<th></th>
-											<?php if ( defined( 'WP_FS__DEV_MODE' ) && WP_FS__DEV_MODE ) : ?>
+											<?php if ( $is_dev_mode ) : ?>
 												<th></th>
 											<?php endif ?>
 										</tr>
@@ -853,10 +855,20 @@ class="fs-tag fs-<?php echo $fs->can_use_premium_code() ? 'success' : 'warn' ?>"
                                                     'is_whitelabeled'                => ( $is_whitelabeled && ! $is_data_debug_mode )
 												);
 
-												fs_require_template(
-													'account/partials/addon.php',
-													$addon_view_params
-												);
+												if ( ! empty($addon_view_params['addon_info'] ) ) {
+													fs_require_template(
+														'account/partials/addon.php',
+														$addon_view_params
+													);
+												} else {
+													// If we are here it means there is an activation of an unreleased add-on and yet the SDK is not in development mode.
+													echo '<tr>';
+													echo '<td style="text-align: right;">' . esc_html( $addon_id ) . '</td>';
+													echo '<td colspan="' . ( $is_dev_mode ? 6 : 5 ) . '" style="text-align: left;">';
+													echo 'The add-on you have activated is no longer <a href="https://freemius.com/help/documentation/wordpress/selling-add-ons-extensions/#preparing-the-add-on-for-sale" rel="noreferrer noopener" target="_blank">listed</a> by the product owner, or the SDK is not running in <a href="https://freemius.com/help/documentation/wordpress-sdk/testing/" rel="noreferrer noopener" target="_blank">test mode</a>. Please <a href="' . esc_url( $fs->contact_url() ) . '">contact support</a> if you need further assistance.';
+													echo '</td>';
+													echo '</tr>';
+												}
 
 												$odd = ! $odd;
 											} ?>