Merge pull request #915 from warfare-plugins/staging

Staging v4.5.0

.github/CODEOWNERS

@@ -0,0 +1,7 @@
+# These owners will be the default owners for everything in the repo. Unless a later match takes precedence, @andbalashov or @Nicholas-Cardot, as primary maintainers will be requested for review when someone opens a Pull Request.
+*                   @andbalashov @Nicholas-Cardot
+
+# GitHub and WordPress.org specifics
+/.github/           @andbalashov
+/.wordpress-org/    @andbalashov
+/assets/images/     @andbalashov

.github/dependabot.yml

@@ -0,0 +1,15 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+    - package-ecosystem: 'npm'
+      directory: '/'
+      schedule:
+          interval: 'weekly'
+    - package-ecosystem: 'composer'
+      directory: '/'
+      schedule:
+          interval: 'weekly'

.github/workflows/codeql.yml

@@ -0,0 +1,93 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: 'CodeQL'
+
+on:
+    push:
+        branches: ['master']
+    pull_request:
+        branches: ['master']
+    schedule:
+        - cron: '0 0 * * 1'
+
+jobs:
+    analyze:
+        name: Analyze (${{ matrix.language }})
+        # Runner size impacts CodeQL analysis time. To learn more, please see:
+        #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+        #   - https://gh.io/supported-runners-and-hardware-resources
+        #   - https://gh.io/using-larger-runners (GitHub.com only)
+        # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+        runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+        timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+        permissions:
+            # required for all workflows
+            security-events: write
+
+            # required to fetch internal or private CodeQL packs
+            packages: read
+
+            # only required for workflows in private repositories
+            actions: read
+            contents: read
+
+        strategy:
+            fail-fast: false
+            matrix:
+                include:
+                    - language: javascript-typescript
+                      build-mode: none
+                # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+                # Use `c-cpp` to analyze code written in C, C++ or both
+                # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+                # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+                # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+                # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+                # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+                # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v4
+
+            # Initializes the CodeQL tools for scanning.
+            - name: Initialize CodeQL
+              uses: github/codeql-action/init@v3
+              with:
+                  languages: ${{ matrix.language }}
+                  build-mode: ${{ matrix.build-mode }}
+                  # If you wish to specify custom queries, you can do so here or in a config file.
+                  # By default, queries listed here will override any specified in a config file.
+                  # Prefix the list here with "+" to use these queries and those in the config file.
+
+                  # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+                  # queries: security-extended,security-and-quality
+
+            # If the analyze step fails for one of the languages you are analyzing with
+            # "We were unable to automatically build your code", modify the matrix above
+            # to set the build mode to "manual" for that language. Then modify this step
+            # to build your code.
+            # ℹ️ Command-line programs to run using the OS shell.
+            # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+            - if: matrix.build-mode == 'manual'
+              shell: bash
+              run: |
+                  echo 'If you are using a "manual" build mode for one or more of the' \
+                    'languages you are analyzing, replace this with the commands to build' \
+                    'your code, for example:'
+                  echo '  make bootstrap'
+                  echo '  make release'
+                  exit 1
+
+            - name: Perform CodeQL Analysis
+              uses: github/codeql-action/analyze@v3
+              with:
+                  category: '/language:${{matrix.language}}'

.gitignore

@@ -11,5 +11,5 @@ assets/css/style.scss
 assets/css/converted_style.tmp
 atom-sftp-sync.json
 deployment-config.json
-.vscode
+.vscode/sftp.json
 vendor

.vscode/extensions.json

@@ -0,0 +1,3 @@
+{
+	"recommendations": [ "valeryanm.vscode-phpsab", "esbenp.prettier-vscode" ]
+}

.wp-env.json

@@ -0,0 +1,10 @@
+{
+	"plugins": [
+		".",
+		"https://downloads.wordpress.org/plugin/plugin-check.1.0.2.zip"
+	],
+	"config": {
+		"WP_DEBUG": true,
+		"SCRIPT_DEBUG": true
+	}
+}

README.md

@@ -1,4 +1,9 @@
 # Social Warfare Repository and Issue Tracker
+
+> The most beautiful, responsive, lightning fast social share buttons built to boost shares and drive more traffic without slowing down your site.
+
+[![Support Level](https://img.shields.io/badge/support-active-green.svg)](#support-level) ![Latest Release](https://img.shields.io/github/v/release/warfare-plugins/social-warfare) ![WordPress tested up to version](https://img.shields.io/badge/WordPress-v6.5%20tested-success.svg)
+
 This is a public repository for the Social Warfare WordPress plugin created primarily for the purpose of publishing and maintaining a public list of bugs, known issues, and feature requests with the community at large. Please use the "Issues" link above to track or add information to existing issues or to submit new issues altogether (see the guidelines below prior to adding a new issue).
 
 ***
@@ -12,22 +17,6 @@ While this project has used various coding standards over time, this guide shoul
 ### WordPress Coding Standards
 All WordPress coding standards should be followed. Anything not specifically defined here should defer to WordPress's recommended coding standards found here: [WordPress Coding Standards](https://codex.wordpress.org/WordPress_Coding_Standards).
 
-#### Running PHP_CodeSniffer
-
-To check your code against the WordPress coding standards, use the following command:
-
-```bash
-php -d memory_limit=512M vendor/bin/phpcs .
-```
-
-#### Running PHP Code Beautifier and Fixer
-
-To automatically fix coding standard violations, use `phpcbf`:
-
-```bash
-php -d memory_limit=512M vendor/bin/phpcbf .
-```
-
 ### Variables and Class Names
 All PHP and Javascript variables, functions and classes, and CSS classes and ID's should follow the following naming standards. 
 
@@ -57,7 +46,7 @@ The following will serve as an example docblock with instructions to follow.
 3.      *
 4.      * @since  3.0.8  | 16 MAY 2018 | Created the method.
 5.      * @since  3.0.8  | 24 MAY 2018 | Added check for order_of_icons
-6.      * @since  3.1.0 | 13 JUN 2018 | Replaced array bracket notation.
+6.      * @since  3.1.0  | 13 JUN 2018 | Replaced array bracket notation.
 7.      * @param  void
 8.      * @return void
 9.      *

SECURITY.md

@@ -0,0 +1,41 @@
+# Security Policy
+
+## Supported Versions
+
+The following versions of this project are currently being supported with security updates.
+
+| Version  | Supported          |
+| -------  | ------------------ |
+| 4.5.0    | :white_check_mark: |
+| 4.4.8    | :white_check_mark: |
+| <4.4.7   | :x:                |
+
+## Reporting a Vulnerability
+
+To report a security issue please email details to [email protected] with a descriptive subject line.  In addition, please include the following information along with your report:
+
+- Your name and affiliation (if any).
+- A description of the technical details of the vulnerability.  It is very important to let us know how we can reproduce your findings.
+- An explanation who can exploit this vulnerability, and what they gain when doing so -- write an attack scenario.  This will help us evaluate your report quickly, especially if the issue is complex.
+- Whether this vulnerability is public or known to third parties. If it is, please provide details.
+
+If you believe that an existing (public) issue is security-related, please send an email to [email protected].  The email should include the issue ID and a short description of why it should be handled according to this security policy.
+
+## Responding to Vulnerability Reports
+
+Warfare Plugins takes security bugs seriously.  We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
+
+Your email will be acknowledged within ONE business day, and you will receive a more detailed response to your email within SEVEN days indicating the next steps in handling your report.  After the initial reply to your report, Warfare Plugins will keep you informed of the progress being made towards a fix and announcement.  If your vulnerability report is accepted, then we will work with you on a fix and follow the process noted below on [disclosing vulnerabilities](#disclosing-a-vulnerability).  If your vulnerability report is declined, then we will provide you with a reasoning as to why we came to that conclusion.
+
+## Disclosing a Vulnerability
+
+Once an issue is reported, Warfare Plugins uses the following disclosure process:
+
+- When a report is received, we confirm the issue and determine its severity.
+- If we know of specific third-party services or software that require mitigation before publication, those projects will be notified.
+- An advisory is prepared (but not published) which details the problem and steps for mitigation.
+- Wherever possible, fixes are prepared for the last minor release of the two latest major releases, as well as the trunk branch.  We will attempt to commit these fixes as soon as possible, and as close together as possible.
+- Patch releases are published for all fixed released versions and the advisory is published.
+- Release notes and our CHANGELOG.md will include a `Security` section with a link to the advisory.
+
+We credit reporters for identifying vulnerabilities, although we will keep your name confidential if you request it.

assets/css/admin.scss

@@ -390,11 +390,6 @@ a.swp-notice-cta {
 	background-color: #ee464f;
 }
 
-/*
- * mockup:
- * https://user-images.githubusercontent.com/2152604/35994059-13570396-0cc4-11e8-9d6f-af31cba9f8e2.png
- */
-
 .swpmb-heading-wrapper h1 {
 	 font-weight: bold;
  }