NXP Docs

Appearance

Changelog

All notable changes to NXP Easy Forms will be documented here. This changelog covers both the WordPress plugin and Joomla component.

WordPress Plugin

1.0.3 - 2026-02-15

WordPress Plugin Directory Compliance

  • Added ABSPATH direct-access guards across plugin PHP files
  • Replaced direct error_log() usage with hook-based debug logging
  • Hardened superglobal sanitization ($_SERVER, $_GET, $_COOKIE) and documented legitimate nonce-free reads
  • Hardened SQL queries for stricter prepared-statement compliance
  • Added/adjusted translators comments and placeholder ordering for i18n compliance
  • Replaced unlink() usage with wp_delete_file() in export cleanup
  • Removed manual textdomain bootstrap and aligned Tested up to format for directory requirements

Bug Fixes

  • Fixed "Send test email" button behavior when "Use global Recipient email" is enabled
  • Fixed additional Plugin Check output-escaping issues for admin page header icon URLs
  • Fixed translators comment placement for placeholder-based error strings in form repository save/duplicate paths

Tooling

  • Updated release tooling so version bumps can promote Unreleased changelog headings in both readme.txt and CHANGELOG.md

1.0.2 - 2026-02-14

  • Removed Microsoft Teams integration
  • Added Privacy section to readme with third-party service disclosure
  • Fixed Contributors field for WordPress.org compliance
  • Cleaned up installation instructions for end users

1.0.1 - 2025-10-31

Bug Fixes

  • Fixed: Mailpit sender domain enforcement causing unnecessary deliverability warnings during local development
  • Mailpit now bypasses sender domain validation (like API providers) since it's a development-only tool

1.0.0 - 2025-10-23

Initial Release

Form Builder
  • Vue.js 3 + Pinia drag-and-drop form builder with SortableJS
  • Real-time field editing with live preview
  • Form preview functionality with zoom control (50-100%)
  • 15 pre-built templates
  • 13 field types with inline validation
  • Template selection modal with Quick Start notification
Email Delivery
  • 9 email delivery providers: WordPress, SendGrid, SMTP2GO, Mailgun, Postmark, Brevo, Amazon SES, SMTP, Mailpit
  • Encrypted credentials storage (AES-256-CBC)
  • Test email functionality
  • Per-form email configuration
Integrations
  • Zapier, Make.com, Slack integration
  • WordPress Post creation with full ACF support (20+ field types)
  • WooCommerce order creation
  • Mailchimp audience subscription
  • Salesforce Web-to-Lead
  • HubSpot Forms API
  • Custom webhooks with HMAC-SHA256 signing
  • Async integration queue for background processing (WordPress Cron)
  • Dramatically improved submission performance (5-15s -> <200ms for webhook-heavy forms)
Security & Privacy
  • Multiple CAPTCHA providers (reCAPTCHA v3, Turnstile, FriendlyCaptcha)
  • Honeypot protection, CSRF tokens, rate limiting
  • IP anonymization options (full, anonymized, none)
  • Auto-delete submissions after X days
  • GDPR-friendly data handling
  • File upload validation with MIME type checking
User Registration
  • WordPress user registration form type
  • Email verification required before login
  • Verification emails use form's configured delivery provider
  • Login blocking for unverified users
Developer Features
  • Comprehensive API documentation
  • 15+ action and filter hooks
  • REST API endpoints
  • Database schema versioning system with migration support
  • Service Layer Architecture with 22 specialized classes
  • PSR-4 autoloaded architecture
  • Modular ES6 JavaScript
Admin Features
  • Active/Inactive form filters with counts
  • Activate/Deactivate actions
  • Safe delete confirmations
  • Form duplication
  • Settings modal with tabs (General, Email, Integrations, Security, Privacy, Advanced)
Infrastructure
  • Custom database tables for forms and submissions
  • WordPress Cron integration for cleanup and async processing
  • Vite build system for assets
  • Full i18n support (text domain: nxp-easy-forms)
Code Quality
  • WordPress.org coding standards compliance
  • Removed aggressive admin notice suppression
  • Removed @ error suppressors (proper error handling)
  • Sanitized all nonce reads
  • PSR-12 code formatting standards

Joomla Component

[1.0.11] - 2026-02-19

Changed

  • Joomla 5+/6+ legacy cleanup: Consolidated all administrator form XML files into the standard forms/ directory, removing the legacy models/forms/ and models/fields/ directories.
    • Moved models/forms/form.xml to forms/form.xml.
    • Moved models/forms/submissions.xml to forms/filter_submissions.xml (corrected filename to match Joomla's ListModel::getFilterForm() convention).
    • Deleted duplicate models/forms/forms.xml (identical to forms/filter_forms.xml).
    • Deleted legacy models/fields/modal/form.php (JFormFieldModal_Form wrapper); the modern namespaced src/Field/Modal/FormField.php is now the sole provider.
    • Updated menu layout XML (components/com_nxpeasyforms/tmpl/form/default.xml) addfieldpath from models/fields to src/Field.
    • Removed the entire administrator/components/com_nxpeasyforms/models/ directory.

Added

  • Submissions list filter bar: Added search, form selector, and ordering controls to the administrator Submissions view using Joomla's standard searchtools layout, with SubmissionsModel state handling, getStoreId() cache keys, and parameterised query filters.
  • Orphaned submissions filter: The submissions form filter dropdown now includes an "Orphaned (deleted form)" option that shows submissions whose parent form has been deleted, making it easy to find and bulk-delete orphaned records.
  • Form publish/unpublish toggle: Added clickable status toggle in the forms list view using Joomla's jgrid.published helper, with Publish/Unpublish toolbar buttons gated by core.edit.state permission. The FormTable column alias maps the active column to Joomla's standard published convention so the inherited AdminController::publish() works without custom controller code.

Fixed

  • Submissions filter "Clear" button required two clicks: Filter default values used non-empty strings ("all", "0") that Joomla's searchtools JS did not recognise as cleared state. Changed all filter defaults to empty string so a single Clear click resets correctly.
  • Export re-triggered on filter change: After exporting submissions the hidden task field retained submissions.export, causing subsequent filter changes to re-fire the export. Added a submit listener that resets the task field after an export download begins.
  • Submissions toolbar layout: The searchtools container was constrained to col-lg-6, cramping filter controls on wide screens. Changed to col-12 to match the Forms view.

Security

  • SSRF fail-open on unresolvable hosts: EndpointValidator::validate() accepted webhook endpoints whose hostname could not be resolved to any IP address, because the empty-array IP validation loop was a no-op. Now returns null (reject) when DNS resolution yields no records.
  • CSRF origin fail-open for browser requests: SubmissionController::isValidOrigin() returned true when both Origin and Referer headers were absent, allowing cross-site browser requests to bypass origin validation. Now fails closed (return false) for non-API browser requests missing both headers; legitimate API clients already bypass origin checks via the isApiClient() gate.

Removed

  • Submission status column and filter: Removed the non-functional status column, status filter dropdown, and "Default submission status" component option from the Submissions view. The database column is retained for future use when full status CRUD is implemented.

1.0.10 - February 2026

Added

  • New Joomla site module mod_nxpeasyforms for rendering selected active forms in module positions
  • Release packaging includes mod_nxpeasyforms in package ZIP builds

Fixed

  • Builder toolbar label behavior (Close vs Cancel) in edit/new contexts
  • Plugin manifest language registration reliability

1.0.9 - 2025-01-09

Security and stability release.

Security

  • Hardened encryption key handling
  • CSS injection prevention
  • Upload directory protection (.htaccess, web.config)
  • SQL injection protection in repositories
  • API CSRF protection with origin validation
  • Enhanced file extension validation
  • IP header spoofing protection with trusted proxies
  • API error response hardening

Added

  • Country/State field types with dynamic state loading
  • Country/State API endpoints
  • Encrypted CAPTCHA secrets storage
  • Administrator AJAX refactor with service-oriented routing
  • Modal form selector for menu items
  • Custom form aliases for SEF-friendly URLs

Fixed

  • Frontend validation error display
  • File upload handling for Joomla 5.4.0
  • Joomla Article integration form path loading
  • Single Form menu SEF routing
  • Builder defaults (store/email enabled by default)
  • Frontend CAPTCHA handling
  • Featured image propagation for articles

1.0.0 - 2025-09-22

Initial Joomla 5 port of NXP Easy Forms.

Added

  • Full feature parity with WordPress plugin
  • Vue.js 3 drag-and-drop form builder
  • 15 form templates
  • 12 field types
  • Content plugin for {nxpeasyform} shortcodes
  • SEF routing with custom router
  • Joomla Article integration
  • Async integration queue for background processing
  • All security, privacy, and email features from WordPress version