Skip to content

Add GitHub Updater support and fix fatal error in event tracking#1

Open
zackkatz wants to merge 4 commits intocode-atlantic:masterfrom
GravityKit:feature/github-updater-headers
Open

Add GitHub Updater support and fix fatal error in event tracking#1
zackkatz wants to merge 4 commits intocode-atlantic:masterfrom
GravityKit:feature/github-updater-headers

Conversation

@zackkatz
Copy link

@zackkatz zackkatz commented Feb 2, 2026
edited
Loading

Summary

GitHub Updater support

  • Add GitHub Plugin URI and Primary Branch headers to enable automatic plugin updates via Git Updater
  • Fill in missing plugin metadata (Description, Version, License, Requires PHP, Requires at least) and correct Plugin URI

Composer fix

  • Add vendor-prefixed/.gitkeep to fix composer classmap scan error on fresh clones

Fatal error fix

  • Fix TypeError in JSONEventTrackingHandler::register() where all hook callbacks referenced non-existent camelCase methods instead of the actual snake_case methods

Security fixes

  • Add authentication to /fluent-crm/v1/list-growth REST endpoint (require manage_options capability)
  • Add date parameter validation to prevent malformed input
  • Sanitize $prop_name in JSON_EXTRACT SQL queries to prevent SQL injection
  • Use bound parameters for all whereRaw LIKE queries (was using string interpolation)
  • Sanitize $_GET params before forwarding in SmartLink redirects

Bug fixes

  • Remove stray break in not_contains filter handler that silently skipped all remaining filters
  • Fix wrong variable check ($item_value$trimmed_values) in UpdateContactPropertyAction::formatCustomFieldValues
  • Fix trailing ? or & appended to redirect URLs when no query params exist
  • Remove empty switch statement (dead code from incomplete implementation)

Cleanup

  • Remove hardcoded debug email (daniel@code-atlantic.com) from event tracking
  • Remove no-op gettingAction() override in RandomWaitTimeAction
  • Remove dead code: commented-out hook, unused add_custom_dashboard_metrics(), placeholder register_custom_report/render_custom_report (Subscriber::all() memory issue)
  • Remove unnecessary Carbon dependency from REST endpoint
  • Prefix remaining global functions with customcrm_ to avoid namespace collisions

Test plan

  • Activate the plugin and verify no fatal errors on any FluentCRM admin page
  • Verify event tracking filters and condition groups load correctly in FluentCRM
  • Test SmartLink redirects preserve query parameters correctly and don't add trailing ?/&
  • Verify /fluent-crm/v1/list-growth endpoint returns 401 for unauthenticated requests
  • Test EDD subscription filters with various operator/status combinations
  • Install Git Updater and confirm this plugin can check for updates
  • Run composer install on a fresh clone and confirm no classmap scan error

@zackkatz
Add GitHub Updater plugin headers for automatic updates
d0d7f87 
Add `GitHub Plugin URI` and `Primary Branch` headers to enable
automatic plugin updates via the Git Updater plugin. Also fill in
missing plugin metadata (Description, Version, License, Requires PHP,
Requires at least) and correct the Plugin URI to point to the current
repository.
@zackkatz
Add vendor-prefixed .gitkeep to fix composer classmap scan error
b3f2944 
The classmap autoload entry references the vendor-prefixed directory,
but the directory wasn't tracked in git, causing composer to fail with
"Could not scan for classes inside vendor-prefixed". Track the directory
via .gitkeep so it exists on fresh clones.
@zackkatz
Fix fatal error: register() callbacks reference non-existent camelCas…
eb1326b 
…e methods

The register() method hooked camelCase method names (e.g.,
addEventTrackingFilterOptions) but the actual methods use snake_case
(e.g., add_event_tracking_filter_options). This caused a fatal
TypeError on every page load where FluentCRM triggers these filters.
@zackkatz zackkatz changed the title Add GitHub Updater plugin headers Add GitHub Updater support and fix fatal error in event tracking Feb 2, 2026
@zackkatz
Fix security vulnerabilities, bugs, and dead code across plugin
d4c1a65 
Security fixes:
- Add authentication to REST endpoint (require manage_options capability)
- Add date parameter validation to prevent malformed input
- Sanitize $prop_name in SQL queries to prevent SQL injection
- Use bound parameters for all whereRaw LIKE queries
- Sanitize $_GET params before forwarding in SmartLink redirects

Bug fixes:
- Remove stray break in not_contains filter that skipped remaining filters
- Fix wrong variable check ($item_value → $trimmed_values) in
  UpdateContactPropertyAction::formatCustomFieldValues
- Fix trailing ?/& appended to redirect URLs when no query params exist
- Remove empty switch statement (dead code from incomplete implementation)

Cleanup:
- Remove hardcoded debug email (daniel@code-atlantic.com) from event tracking
- Remove no-op gettingAction() override in RandomWaitTimeAction
- Remove dead code: commented-out hook, unused add_custom_dashboard_metrics(),
  placeholder register_custom_report/render_custom_report (Subscriber::all()
  memory bomb)
- Remove Carbon dependency from REST endpoint (unnecessary)
- Prefix remaining global functions with customcrm_ to avoid collisions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zackkatz

Comments