Changeset 3399438

Timestamp:

11/20/2025 06:41:53 AM (2 months ago)

Author:

convertkit

Message:

Update to version 3.1.0 from GitHub

Location:

convertkit

Files:

• tags/3.1.0 (copied) (copied from convertkit/trunk)
• tags/3.1.0/CHANGELOG.md (modified) (1 diff)
• tags/3.1.0/admin/class-convertkit-admin-notices.php (deleted)
• tags/3.1.0/admin/class-convertkit-admin-refresh-resources.php (modified) (7 diffs)
• tags/3.1.0/admin/importers (added)
• tags/3.1.0/admin/importers/class-convertkit-admin-importer-mc4wp.php (added)
• tags/3.1.0/admin/importers/class-convertkit-admin-importer.php (added)
• tags/3.1.0/admin/section/class-convertkit-admin-section-general.php (modified) (2 diffs)
• tags/3.1.0/admin/section/class-convertkit-admin-section-tools.php (modified) (4 diffs)
• tags/3.1.0/includes/blocks/class-convertkit-block-broadcasts.php (modified) (2 diffs)
• tags/3.1.0/includes/blocks/class-convertkit-block-content.php (modified) (2 diffs)
• tags/3.1.0/includes/blocks/class-convertkit-block-form-builder-field-custom.php (modified) (2 diffs)
• tags/3.1.0/includes/blocks/class-convertkit-block-form-builder-field-email.php (modified) (1 diff)
• tags/3.1.0/includes/blocks/class-convertkit-block-form-builder-field.php (modified) (2 diffs)
• tags/3.1.0/includes/blocks/class-convertkit-block-form-builder.php (modified) (2 diffs)
• tags/3.1.0/includes/blocks/class-convertkit-block-form-trigger.php (modified) (2 diffs)
• tags/3.1.0/includes/blocks/class-convertkit-block-form.php (modified) (2 diffs)
• tags/3.1.0/includes/blocks/class-convertkit-block-product.php (modified) (2 diffs)
• tags/3.1.0/includes/blocks/class-convertkit-block.php (modified) (2 diffs)
• tags/3.1.0/includes/class-convertkit-admin-notices.php (added)
• tags/3.1.0/includes/class-convertkit-ajax.php (modified) (2 diffs)
• tags/3.1.0/includes/class-convertkit-cache-plugins.php (modified) (6 diffs)
• tags/3.1.0/includes/class-convertkit-gutenberg.php (modified) (2 diffs)
• tags/3.1.0/includes/class-convertkit-output-restrict-content.php (modified) (15 diffs)
• tags/3.1.0/includes/class-convertkit-output.php (modified) (3 diffs)
• tags/3.1.0/includes/class-convertkit-resource-forms.php (modified) (1 diff)
• tags/3.1.0/includes/class-convertkit-settings.php (modified) (4 diffs)
• tags/3.1.0/includes/class-wp-convertkit.php (modified) (2 diffs)
• tags/3.1.0/languages/convertkit.pot (modified) (13 diffs)
• tags/3.1.0/readme.txt (modified) (2 diffs)
• tags/3.1.0/resources/backend/js/gutenberg.js (modified) (4 diffs)
• tags/3.1.0/resources/backend/js/refresh-resources.js (modified) (5 diffs)
• tags/3.1.0/resources/frontend/js/convertkit.js (modified) (1 diff)
• tags/3.1.0/resources/frontend/js/restrict-content.js (modified) (9 diffs)
• tags/3.1.0/vendor/convertkit/convertkit-wordpress-libraries/src/class-convertkit-api-v4.php (modified) (5 diffs)
• tags/3.1.0/views/backend/settings/tools.php (modified) (1 diff)
• tags/3.1.0/wp-convertkit.php (modified) (5 diffs)
• trunk/CHANGELOG.md (modified) (1 diff)
• trunk/admin/class-convertkit-admin-notices.php (deleted)
• trunk/admin/class-convertkit-admin-refresh-resources.php (modified) (7 diffs)
• trunk/admin/importers (added)
• trunk/admin/importers/class-convertkit-admin-importer-mc4wp.php (added)
• trunk/admin/importers/class-convertkit-admin-importer.php (added)
• trunk/admin/section/class-convertkit-admin-section-general.php (modified) (2 diffs)
• trunk/admin/section/class-convertkit-admin-section-tools.php (modified) (4 diffs)
• trunk/includes/blocks/class-convertkit-block-broadcasts.php (modified) (2 diffs)
• trunk/includes/blocks/class-convertkit-block-content.php (modified) (2 diffs)
• trunk/includes/blocks/class-convertkit-block-form-builder-field-custom.php (modified) (2 diffs)
• trunk/includes/blocks/class-convertkit-block-form-builder-field-email.php (modified) (1 diff)
• trunk/includes/blocks/class-convertkit-block-form-builder-field.php (modified) (2 diffs)
• trunk/includes/blocks/class-convertkit-block-form-builder.php (modified) (2 diffs)
• trunk/includes/blocks/class-convertkit-block-form-trigger.php (modified) (2 diffs)
• trunk/includes/blocks/class-convertkit-block-form.php (modified) (2 diffs)
• trunk/includes/blocks/class-convertkit-block-product.php (modified) (2 diffs)
• trunk/includes/blocks/class-convertkit-block.php (modified) (2 diffs)
• trunk/includes/class-convertkit-admin-notices.php (added)
• trunk/includes/class-convertkit-ajax.php (modified) (2 diffs)
• trunk/includes/class-convertkit-cache-plugins.php (modified) (6 diffs)
• trunk/includes/class-convertkit-gutenberg.php (modified) (2 diffs)
• trunk/includes/class-convertkit-output-restrict-content.php (modified) (15 diffs)
• trunk/includes/class-convertkit-output.php (modified) (3 diffs)
• trunk/includes/class-convertkit-resource-forms.php (modified) (1 diff)
• trunk/includes/class-convertkit-settings.php (modified) (4 diffs)
• trunk/includes/class-wp-convertkit.php (modified) (2 diffs)
• trunk/languages/convertkit.pot (modified) (13 diffs)
• trunk/readme.txt (modified) (2 diffs)
• trunk/resources/backend/js/gutenberg.js (modified) (4 diffs)
• trunk/resources/backend/js/refresh-resources.js (modified) (5 diffs)
• trunk/resources/frontend/js/convertkit.js (modified) (1 diff)
• trunk/resources/frontend/js/restrict-content.js (modified) (9 diffs)
• trunk/vendor/convertkit/convertkit-wordpress-libraries/src/class-convertkit-api-v4.php (modified) (5 diffs)
• trunk/views/backend/settings/tools.php (modified) (1 diff)
• trunk/wp-convertkit.php (modified) (5 diffs)

convertkit/tags/3.1.0/CHANGELOG.md

@@ +1 @@
+### 3.1.0 2025-11-20
+* Added: Settings: Tools: Mailchimp for WordPress to Kit Form Importer
+* Fix: Settings: Non-inline Forms: Correctly output `data-kit-limit-per-session`
+* Fix: Settings: Automatically delete invalid Access Tokens
+* Fix: Member Content: Courses: Next/Previous Links compatibility for WordPress 6.9
+* Fix: Landing Pages: Prevent LazyLoad Plugin from lazy loading images on Landing Pages, which would result in missing images
+* Updated: Blocks: Refresh Resources: Use REST API, replacing admin-ajax.php
+* Updated: Refresh Resources: Use REST API, replacing admin-ajax.php
+* Updated: Member Content: Use REST API, replacing admin-ajax.php
+* Updated: Use WordPress Libraries 2.1.1
+* Removed: Unused `convertkit_store_subscriber_id_in_cookie` AJAX function
+
 ### 3.0.8 2025-11-05
 * Fix: Member Content: Product: Display 'no access' notice when logged in and no access

convertkit/tags/3.1.0/admin/class-convertkit-admin-refresh-resources.php

@@ -23 +23 @@
     public function __construct() {
 
-        add_action( 'wp_ajax_convertkit_admin_refresh_resources', array( $this, 'refresh_resources' ) );
         add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_scripts' ) );
+        add_action( 'rest_api_init', array( $this, 'register_routes' ) );
+
+    }
+
+    /**
+     * Register REST API routes.
+     *
+     * @since   3.1.0
+     */
+    public function register_routes() {
+
+        // Register route to return all blocks registered by the Plugin.
+        register_rest_route(
+            'kit/v1',
+            '/resources/refresh/(?P<resource>[a-zA-Z0-9-_]+)',
+            array(
+                'methods'             => WP_REST_Server::CREATABLE,
+                'callback'            => array( $this, 'refresh_resources' ),
+                'permission_callback' => function () {
+                    return current_user_can( 'edit_posts' );
+                },
+            )
+        );
 
     }
@@ -32 +54 @@
      *
      * @since   1.9.8.0
+     *
+     * @param   WP_REST_Request $request    Request object.
+     * @return  WP_REST_Response|WP_Error               Response object.
      */
-    public function refresh_resources() {
-
-        // Check nonce.
-        check_ajax_referer( 'convertkit_admin_refresh_resources', 'nonce' );
+    public function refresh_resources( $request ) {
 
         // Get resource type.
-        $resource = ( isset( $_REQUEST['resource'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['resource'] ) ) : '' );
+        $resource = $request->get_param( 'resource' );
 
         // Fetch resources.
@@ -75 +97 @@
                 // Bail if an error occured.
                 if ( is_wp_error( $results_tags ) ) {
-                    wp_send_json_error( $results_tags->get_error_message() );
+                    return rest_ensure_response( $results_tags );
                 }
 
@@ -84 +106 @@
                 // Bail if an error occured.
                 if ( is_wp_error( $results_products ) ) {
-                    wp_send_json_error( $results_products->get_error_message() );
+                    return rest_ensure_response( $results_products );
                 }
 
                 // Return resources.
-                wp_send_json_success(
+                return rest_ensure_response(
                     array(
                         'tags'     => array_values( $results_tags ),
@@ -94 +116 @@
                     )
                 );
-                // no break as wp_send_json_success terminates.
 
             default:
@@ -109 +130 @@
         // Bail if an error occured.
         if ( is_wp_error( $results ) ) {
-            wp_send_json_error( $results->get_error_message() );
+            return rest_ensure_response( $results );
         }
 
         // Return resources as a zero based sequential array, so that JS retains the order of resources.
-        wp_send_json_success( array_values( $results ) );
+        return rest_ensure_response( array_values( $results ) );
 
     }
@@ -145 +166 @@
             'convertkit_admin_refresh_resources',
             array(
-                'action'  => 'convertkit_admin_refresh_resources',
-                'ajaxurl' => admin_url( 'admin-ajax.php' ),
+                'ajaxurl' => rest_url( 'kit/v1/resources/refresh/' ),
                 'debug'   => $settings->debug_enabled(),
-                'nonce'   => wp_create_nonce( 'convertkit_admin_refresh_resources' ),
+                'nonce'   => wp_create_nonce( 'wp_rest' ),
             )
         );

convertkit/tags/3.1.0/admin/section/class-convertkit-admin-section-general.php

@@ -134 +134 @@
         // Bail if no access and refresh token exist.
         if ( ! $this->settings->has_access_and_refresh_token() ) {
-            return;
+            // Redirect to General screen, which will now show the ConvertKit_Admin_Section_OAuth screen, because
+            // the Plugin has no access token.
+            wp_safe_redirect(
+                add_query_arg(
+                    array(
+                        'page' => $this->settings_key,
+                    ),
+                    'options-general.php'
+                )
+            );
+            exit();
         }
 
@@ -153 +163 @@
         // If the request succeeded, no need to perform further actions.
         if ( ! is_wp_error( $this->account ) ) {
-            // Remove any existing persistent notice.
-            WP_ConvertKit()->get_class( 'admin_notices' )->delete( 'authorization_failed' );
-
             return;
         }
 
-        // Depending on the error code, maybe persist a notice in the WordPress Administration until the user
+        // Depending on the error code, display an error notice in the settings screen until the user
         // fixes the problem.
-        switch ( $this->account->get_error_data( $this->account->get_error_code() ) ) {
-            case 401:
-                // Access token either expired or was revoked in ConvertKit.
-                // Remove from settings.
-                $this->settings->delete_credentials();
-
-                // Display a site wide notice.
-                WP_ConvertKit()->get_class( 'admin_notices' )->add( 'authorization_failed' );
-
-                // Redirect to General screen, which will now show the ConvertKit_Admin_Section_OAuth screen, because
-                // the Plugin has no access token.
-                wp_safe_redirect(
-                    add_query_arg(
-                        array(
-                            'page' => $this->settings_key,
-                        ),
-                        'options-general.php'
-                    )
-                );
-                exit();
-        }
-
-        // Output a non-401 error now.
         $this->output_error( $this->account->get_error_message() );
 

convertkit/tags/3.1.0/admin/section/class-convertkit-admin-section-tools.php

@@ -58 +58 @@
                 'import_configuration_empty'             => __( 'The uploaded configuration file contains no settings.', 'convertkit' ),
                 'import_configuration_success'           => __( 'Configuration imported successfully.', 'convertkit' ),
+                'migrate_mc4wp_configuration_success'    => __( 'MC4WP forms migrated successfully.', 'convertkit' ),
             )
         );
@@ -76 +77 @@
         $this->maybe_export_configuration();
         $this->maybe_import_configuration();
+        $this->maybe_migrate_mc4wp_configuration();
 
     }
@@ -316 +318 @@
 
     /**
+     * Replaces MC4WP Form Shortcodes with Kit Form Shortcodes, if the user submitted the
+     * MC4WP Migrate Configuration section.
+     *
+     * @since   3.1.0
+     */
+    private function maybe_migrate_mc4wp_configuration() {
+
+        // Bail if nonce verification fails.
+        if ( ! isset( $_REQUEST['_convertkit_settings_tools_nonce'] ) ) {
+            return;
+        }
+
+        if ( ! wp_verify_nonce( sanitize_key( $_REQUEST['_convertkit_settings_tools_nonce'] ), 'convertkit-settings-tools' ) ) {
+            return;
+        }
+
+        // Bail if no MC4WP Form IDs were submitted.
+        if ( ! isset( $_REQUEST['_wp_convertkit_integration_mc4wp_settings'] ) ) {
+            return;
+        }
+
+        // Initialise the importer.
+        $mc4wp = new ConvertKit_Admin_Importer_MC4WP();
+
+        // Iterate through the MC4WP Form IDs and replace the shortcodes with the Kit Form Shortcodes.
+        foreach ( array_map( 'sanitize_text_field', wp_unslash( $_REQUEST['_wp_convertkit_integration_mc4wp_settings'] ) ) as $mc4wp_form_id => $kit_form_id ) {
+            $mc4wp->replace_shortcodes_in_posts( (int) $mc4wp_form_id, (int) $kit_form_id );
+        }
+
+        // Redirect to Tools screen.
+        $this->redirect_with_success_notice( 'migrate_mc4wp_configuration_success' );
+
+    }
+
+    /**
      * Outputs the Debug Log and System Info view.
      *
@@ -333 +370 @@
         $system_info = $this->get_system_info();
 
+        // Get Forms.
+        $forms = new ConvertKit_Resource_Forms();
+
+        // Get Importers.
+        $mc4wp = new ConvertKit_Admin_Importer_MC4WP();
+
         // Output view.
         require_once CONVERTKIT_PLUGIN_PATH . '/views/backend/settings/tools.php';

convertkit/tags/3.1.0/includes/blocks/class-convertkit-block-broadcasts.php

@@ -273 +273 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }
@@ -381 +381 @@
     public function get_panels() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/tags/3.1.0/includes/blocks/class-convertkit-block-content.php

@@ -105 +105 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }
@@ -138 +138 @@
     public function get_panels() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/tags/3.1.0/includes/blocks/class-convertkit-block-form-builder-field-custom.php

@@ -102 +102 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }
@@ -151 +151 @@
     public function get_panels() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/tags/3.1.0/includes/blocks/class-convertkit-block-form-builder-field-email.php

@@ -121 +121 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/tags/3.1.0/includes/blocks/class-convertkit-block-form-builder-field.php

@@ -195 +195 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }
@@ -224 +224 @@
     public function get_panels() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/tags/3.1.0/includes/blocks/class-convertkit-block-form-builder.php

@@ -476 +476 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }
@@ -569 +569 @@
     public function get_panels() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/tags/3.1.0/includes/blocks/class-convertkit-block-form-trigger.php

@@ -213 +213 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }
@@ -271 +271 @@
     public function get_panels() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/tags/3.1.0/includes/blocks/class-convertkit-block-form.php

@@ -241 +241 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }
@@ -286 +286 @@
     public function get_panels() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/tags/3.1.0/includes/blocks/class-convertkit-block-product.php

@@ -246 +246 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }
@@ -313 +313 @@
     public function get_panels() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/tags/3.1.0/includes/blocks/class-convertkit-block.php

@@ -397 +397 @@
 
     /**
+     * Determines if the request is a WordPress REST API request.
+     *
+     * @since   3.1.0
+     *
+     * @return  bool
+     */
+    public function is_rest_request() {
+
+        return defined( 'REST_REQUEST' ) && REST_REQUEST;
+
+    }
+
+    /**
+     * Determines if the request is for the WordPress Administration, frontend editor or REST API request.
+     *
+     * @since   3.1.0
+     *
+     * @return  bool
+     */
+    public function is_admin_frontend_editor_or_rest_request() {
+
+        return WP_ConvertKit()->is_admin_or_frontend_editor() || $this->is_rest_request();
+
+    }
+
+    /**
      * Determines if the request for the block is from the block editor or the frontend site.
      *
@@ -406 +432 @@
 
         // Return false if not a WordPress REST API request, which Gutenberg uses.
-        if ( ! defined( 'REST_REQUEST' ) ) {
-            return false;
-        }
-        if ( REST_REQUEST !== true ) {
+        if ( ! $this->is_rest_request() ) {
             return false;
         }

convertkit/tags/3.1.0/includes/class-convertkit-ajax.php

@@ -21 +21 @@
     public function __construct() {
 
-        add_action( 'wp_ajax_convertkit_get_blocks', array( $this, 'get_blocks' ) );
-
-        add_action( 'wp_ajax_nopriv_convertkit_store_subscriber_id_in_cookie', array( $this, 'store_subscriber_id_in_cookie' ) );
-        add_action( 'wp_ajax_convertkit_store_subscriber_id_in_cookie', array( $this, 'store_subscriber_id_in_cookie' ) );
-
         add_action( 'wp_ajax_nopriv_convertkit_store_subscriber_email_as_id_in_cookie', array( $this, 'store_subscriber_email_as_id_in_cookie' ) );
         add_action( 'wp_ajax_convertkit_store_subscriber_email_as_id_in_cookie', array( $this, 'store_subscriber_email_as_id_in_cookie' ) );
-
-        add_action( 'wp_ajax_nopriv_convertkit_subscriber_authentication_send_code', array( $this, 'subscriber_authentication_send_code' ) );
-        add_action( 'wp_ajax_convertkit_subscriber_authentication_send_code', array( $this, 'subscriber_authentication_send_code' ) );
-
-        add_action( 'wp_ajax_nopriv_convertkit_subscriber_verification', array( $this, 'subscriber_verification' ) );
-        add_action( 'wp_ajax_convertkit_subscriber_verification', array( $this, 'subscriber_verification' ) );
-
-    }
-
-    /**
-     * Returns all ConvertKit registered blocks.
-     *
-     * Typically used when a refresh button in a block has been pressed when
-     * displayNoticeWithLink() is called, because either
-     * no Access Token is specified, or no resources exist in ConvertKit.
-     *
-     * @since   2.2.6
-     */
-    public function get_blocks() {
-
-        // Check nonce.
-        check_ajax_referer( 'convertkit_get_blocks', 'nonce' );
-
-        // Refresh resources from the API, to reflect any changes.
-        $forms = new ConvertKit_Resource_Forms( 'block_edit' );
-        $forms->refresh();
-
-        $posts = new ConvertKit_Resource_Posts( 'block_edit' );
-        $posts->refresh();
-
-        $products = new ConvertKit_Resource_Products( 'block_edit' );
-        $products->refresh();
-
-        // Return blocks.
-        wp_send_json_success( convertkit_get_blocks() );
-
-    }
-
-    /**
-     * Stores the ConvertKit Subscriber's ID in a cookie.
-     *
-     * Typically performed when the user subscribes via a ConvertKit Form on the web site
-     * that is set to "Send subscriber to thank you page", and the Plugin's JavaScript is not
-     * disabled, permitting convertkit.js to run.
-     *
-     * @since   1.9.6
-     */
-    public function store_subscriber_id_in_cookie() {
-
-        // Check nonce.
-        check_ajax_referer( 'convertkit', 'convertkit_nonce' );
-
-        // Bail if required request parameters not submitted.
-        if ( ! isset( $_REQUEST['subscriber_id'] ) ) {
-            wp_send_json_error( __( 'Kit: Required parameter `subscriber_id` not included in AJAX request.', 'convertkit' ) );
-        }
-
-        // Bail if no subscriber ID provided.
-        $id = absint( sanitize_text_field( wp_unslash( $_REQUEST['subscriber_id'] ) ) );
-        if ( empty( $id ) ) {
-            wp_send_json_error( __( 'Kit: Required parameter `subscriber_id` empty in AJAX request.', 'convertkit' ) );
-        }
-
-        // Get subscriber ID.
-        $subscriber    = new ConvertKit_Subscriber();
-        $subscriber_id = $subscriber->validate_and_store_subscriber_id( $id );
-
-        // Bail if an error occured i.e. API hasn't been configured, subscriber ID does not exist in ConvertKit etc.
-        if ( is_wp_error( $subscriber_id ) ) {
-            wp_send_json_error( $subscriber_id->get_error_message() );
-        }
-
-        // Return the subscriber ID.
-        wp_send_json_success(
-            array(
-                'id' => $subscriber_id,
-            )
-        );
 
     }
@@ -156 +73 @@
     }
 
-    /**
-     * Calls the API to send the subscriber a magic link by email containing a code when
-     * the modal version of Restrict Content is used, and the user has submitted their email address.
-     *
-     * Returns a view of either:
-     * - an error message and email input i.e. the user entered an invalid email address,
-     * - the code input, which is then displayed in the modal for the user to enter the code sent by email.
-     *
-     * See maybe_run_subscriber_verification() for logic once they enter the code on screen.
-     *
-     * @since   2.3.8
-     */
-    public function subscriber_authentication_send_code() {
-
-        // Load Restrict Content class.
-        $output_restrict_content = WP_ConvertKit()->get_class( 'output_restrict_content' );
-
-        // Run subscriber authentication.
-        $output_restrict_content->maybe_run_subscriber_authentication();
-
-        // Fetch Post ID, Resource Type and Resource ID for the view.
-        $post_id       = $output_restrict_content->post_id;
-        $resource_type = $output_restrict_content->resource_type;
-        $resource_id   = $output_restrict_content->resource_id;
-
-        // If an error occured, build the email form view with the error message.
-        if ( is_wp_error( $output_restrict_content->error ) ) {
-            ob_start();
-            include CONVERTKIT_PLUGIN_PATH . '/views/frontend/restrict-content/login-modal-content-email.php';
-            $output = trim( ob_get_clean() );
-            wp_send_json_success( $output );
-        }
-
-        // Build authentication code view to return for output.
-        ob_start();
-        include CONVERTKIT_PLUGIN_PATH . '/views/frontend/restrict-content/login-modal-content-code.php';
-        $output = trim( ob_get_clean() );
-        wp_send_json_success( $output );
-
-    }
-
-    /**
-     * Calls the API to verify the token and entered subscriber code, which tells us that the email
-     * address supplied truly belongs to the user, and that we can safely trust their subscriber ID
-     * to be valid.
-     *
-     * @since   2.3.8
-     */
-    public function subscriber_verification() {
-
-        // Load Restrict Content class.
-        $output_restrict_content = WP_ConvertKit()->get_class( 'output_restrict_content' );
-
-        // Run subscriber authentication.
-        $output_restrict_content->maybe_run_subscriber_verification();
-
-        // Fetch Post ID, Resource Type and Resource ID for the view.
-        $post_id       = $output_restrict_content->post_id;
-        $resource_type = $output_restrict_content->resource_type;
-        $resource_id   = $output_restrict_content->resource_id;
-
-        // If an error occured, build the code form view with the error message.
-        if ( is_wp_error( $output_restrict_content->error ) ) {
-            ob_start();
-            include CONVERTKIT_PLUGIN_PATH . '/views/frontend/restrict-content/login-modal-content-code.php';
-            $output = trim( ob_get_clean() );
-            wp_send_json_error( $output );
-        }
-
-        // Return success with the URL to the Post, including the `ck-cache-bust` parameter.
-        // JS will load the given URL to show the restricted content.
-        wp_send_json_success( $output_restrict_content->get_url( true ) );
-
-    }
-
 }

convertkit/tags/3.1.0/includes/class-convertkit-cache-plugins.php

@@ -16 +16 @@
 
     /**
-     * Holds external hosts to exclude from CSS and JS minification.
+     * Holds external hosts to exclude from CSS and JS minification
+     * and lazy loading of images.
      *
      * @since   2.4.6
@@ -28 +29 @@
         'pages.convertkit.com',
         'convertkit.com',
+        'filekitcdn.com',
     );
 
@@ -55 +57 @@
 
         // Debloat: Exclude Forms from Delay Load JS.
-        add_filter( 'debloat/defer_js_excludes', array( $this, 'exclude_hosts_from_minification' ) );
-        add_filter( 'debloat/delay_js_excludes', array( $this, 'exclude_hosts_from_minification' ) );
+        add_filter( 'debloat/defer_js_excludes', array( $this, 'exclude_hosts' ) );
+        add_filter( 'debloat/delay_js_excludes', array( $this, 'exclude_hosts' ) );
 
         // Jetpack Boost: Exclude Forms from JS defer.
@@ -75 +77 @@
         add_filter( 'convertkit_resource_forms_output_script', array( $this, 'siteground_speed_optimizer_exclude_js_combine' ) );
 
+        // Rocket LazyLoad: Exclude images from lazy loading.
+        add_filter( 'rocket_lazyload_excluded_src', array( $this, 'exclude_hosts' ) );
+
         // WP Rocket: Disable Caching and Minification on Landing Pages.
         add_action( 'convertkit_output_landing_page_before', array( $this, 'wp_rocket_disable_caching_and_minification_on_landing_pages' ) );
 
         // WP Rocket: Exclude Forms from JS minification and combine.
-        add_filter( 'rocket_minify_excluded_external_js', array( $this, 'exclude_hosts_from_minification' ) );
+        add_filter( 'rocket_minify_excluded_external_js', array( $this, 'exclude_hosts' ) );
 
         // WP Rocket: Exclude Forms from Delay JavaScript execution.
@@ -239 +244 @@
     public function wp_rocket_disable_caching_and_minification_on_landing_pages() {
 
-        add_filter( 'rocket_minify_excluded_external_js', array( $this, 'exclude_hosts_from_minification' ) );
-        add_filter( 'rocket_exclude_css', array( $this, 'exclude_hosts_from_minification' ) );
+        add_filter( 'rocket_minify_excluded_external_js', array( $this, 'exclude_hosts' ) );
+        add_filter( 'rocket_exclude_css', array( $this, 'exclude_hosts' ) );
         add_filter( 'rocket_exclude_js', array( $this, 'exclude_local_js_from_minification' ) );
-        add_filter( 'do_rocket_lazyload', '__return_false' );
 
     }
@@ -278 +282 @@
     public function exclude_hosts_from_minification( $hosts ) {
 
+        _doing_it_wrong( __FUNCTION__, 'Use exclude_hosts() instead.', '3.1.0' );
+
+        return $this->exclude_hosts( $hosts );
+
+    }
+
+    /**
+     * Appends the $exclude_hosts property to an array of existing hosts.
+     *
+     * @since   3.1.0
+     *
+     * @param   array $hosts  External hosts to ignore.
+     * @return  array
+     */
+    public function exclude_hosts( $hosts ) {
+
         return array_merge( $hosts, $this->exclude_hosts );
 

convertkit/tags/3.1.0/includes/class-convertkit-gutenberg.php

@@ -32 +32 @@
         // Register Gutenberg Blocks.
         add_action( 'init', array( $this, 'add_blocks' ) );
+
+        // Register REST API routes.
+        add_action( 'rest_api_init', array( $this, 'register_routes' ) );
+
+    }
+
+    /**
+     * Register REST API routes.
+     *
+     * @since   3.1.0
+     */
+    public function register_routes() {
+
+        // Register route to return all blocks registered by the Plugin.
+        register_rest_route(
+            'kit/v1',
+            '/blocks',
+            array(
+                'methods'             => WP_REST_Server::READABLE,
+
+                // Refresh resources and return blocks.
+                'callback'            => function () {
+                    // Refresh resources from the API, to reflect any changes.
+                    $forms = new ConvertKit_Resource_Forms( 'block_edit' );
+                    $forms->refresh();
+
+                    $posts = new ConvertKit_Resource_Posts( 'block_edit' );
+                    $posts->refresh();
+
+                    $products = new ConvertKit_Resource_Products( 'block_edit' );
+                    $products->refresh();
+
+                    // Return blocks.
+                    return rest_ensure_response( convertkit_get_blocks() );
+                },
+
+                'permission_callback' => function () {
+                    return current_user_can( 'edit_posts' );
+                },
+            )
+        );
 
     }
@@ -158 +199 @@
             'convertkit_gutenberg',
             array(
-                'get_blocks_nonce' => wp_create_nonce( 'convertkit_get_blocks' ),
+                'ajaxurl'          => rest_url( 'kit/v1/blocks' ),
+                'get_blocks_nonce' => wp_create_nonce( 'wp_rest' ),
             )
         );

convertkit/tags/3.1.0/includes/class-convertkit-output-restrict-content.php

@@ -107 +107 @@
     public function __construct() {
 
-        // Initialize classes that will be used.
-        $this->settings                  = new ConvertKit_Settings();
-        $this->restrict_content_settings = new ConvertKit_Settings_Restrict_Content();
-
-        // Don't register any hooks if this is an AJAX request, otherwise
-        // maybe_run_subscriber_authentication() and maybe_run_subscriber_verification() will run
-        // twice in an AJAX request (once here, and once when called by the ConvertKit_AJAX class).
-        if ( wp_doing_ajax() ) {
-            return;
-        }
-
+        add_action( 'rest_api_init', array( $this, 'register_routes' ) );
+        add_action( 'init', array( $this, 'initialize_classes' ), 2 );
         add_action( 'init', array( $this, 'maybe_run_subscriber_authentication' ), 3 );
         add_action( 'wp', array( $this, 'maybe_run_subscriber_verification' ), 4 );
@@ -129 +120 @@
 
     /**
-     * Checks if the request is a Restrict Content request with an email address.
-     * If so, calls the API depending on the Restrict Content resource that's required:
-     * - tag: subscribes the email address to the tag, storing the subscriber ID in a cookie and redirecting
-     * - product: calls the API to send the subscriber a magic link by email containing a code. See maybe_run_subscriber_verification()
-     * for logic once they click the link in the email or enter the code on screen.
-     *
-     * @since   2.1.0
-     */
-    public function maybe_run_subscriber_authentication() {
-
-        // Bail if no nonce was specified.
-        if ( ! array_key_exists( '_wpnonce', $_REQUEST ) ) {
-            return;
-        }
-
-        // Bail if the nonce failed validation.
-        if ( ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'convertkit_restrict_content_login' ) ) {
-            return;
-        }
-
-        // Bail if the expected email, resource ID or Post ID are missing.
-        if ( ! array_key_exists( 'convertkit_email', $_REQUEST ) ) {
-            return;
-        }
-        if ( ! array_key_exists( 'convertkit_resource_type', $_REQUEST ) ) {
-            return;
-        }
-        if ( ! array_key_exists( 'convertkit_resource_id', $_REQUEST ) ) {
-            return;
-        }
-        if ( ! array_key_exists( 'convertkit_post_id', $_REQUEST ) ) {
-            return;
-        }
-
-        // If the Plugin Access Token has not been configured, we can't get this subscriber's ID by email.
-        if ( ! $this->settings->has_access_and_refresh_token() ) {
-            return;
-        }
-
-        // Initialize the API.
-        $this->api = new ConvertKit_API_V4(
+     * Register REST API routes.
+     *
+     * @since   3.1.0
+     */
+    public function register_routes() {
+
+        // Register route to run subscriber authentication.
+        register_rest_route(
+            'kit/v1',
+            '/restrict-content/subscriber-authentication',
+            array(
+                'methods'             => WP_REST_Server::CREATABLE,
+                'callback'            => function ( $request ) {
+
+                    // Initialize classes that will be used.
+                    $output_restrict_content = WP_ConvertKit()->get_class( 'output_restrict_content' );
+                    $output_restrict_content->initialize_classes();
+
+                    // Fetch Post ID, Resource Type and Resource ID for the view.
+                    $email         = $request->get_param( 'convertkit_email' );
+                    $post_id       = $request->get_param( 'convertkit_post_id' );
+                    $resource_type = $request->get_param( 'convertkit_resource_type' );
+                    $resource_id   = $request->get_param( 'convertkit_resource_id' );
+
+                    // Run subscriber authentication.
+                    $result = $output_restrict_content->subscriber_authentication_send_code(
+                        $email,
+                        $post_id
+                    );
+
+                    // If an error occured, build the email form view with the error message.
+                    if ( is_wp_error( $result ) ) {
+                        // Set error to display on screen.
+                        $output_restrict_content->error = $result;
+
+                        // Build email form view to return for output with error message.
+                        ob_start();
+                        include CONVERTKIT_PLUGIN_PATH . '/views/frontend/restrict-content/login-modal-content-email.php';
+                        $output = trim( ob_get_clean() );
+                        return rest_ensure_response(
+                            array(
+                                'success' => false,
+                                'data'    => $output,
+                            )
+                        );
+                    }
+
+                    // Set token and Post ID for authentication code view.
+                    $output_restrict_content->token = $result;
+                    $output_restrict_content->post_id = $post_id;
+
+                    // Build authentication code view to return for output.
+                    ob_start();
+                    include CONVERTKIT_PLUGIN_PATH . '/views/frontend/restrict-content/login-modal-content-code.php';
+                    $output = trim( ob_get_clean() );
+                    return rest_ensure_response(
+                        array(
+                            'success' => true,
+                            'data'    => $output,
+                        )
+                    );
+                },
+                'permission_callback' => '__return_true',
+            )
+        );
+
+        // Register route to run subscriber verification.
+        register_rest_route(
+            'kit/v1',
+            '/restrict-content/subscriber-verification',
+            array(
+                'methods'             => WP_REST_Server::CREATABLE,
+                'callback'            => function ( $request ) {
+
+                    // Initialize classes that will be used.
+                    $output_restrict_content = WP_ConvertKit()->get_class( 'output_restrict_content' );
+                    $output_restrict_content->initialize_classes();
+
+                    // Fetch Post ID, Resource Type and Resource ID for the view.
+                    $post_id       = $request->get_param( 'convertkit_post_id' );
+                    $token         = $request->get_param( 'token' );
+                    $subscriber_code = $request->get_param( 'subscriber_code' );
+
+                    // Run subscriber authentication.
+                    $result = $output_restrict_content->subscriber_authentication_verify( $post_id, $token, $subscriber_code );
+
+                    // If an error occured, build the code form view with the error message.
+                    if ( is_wp_error( $result ) ) {
+                        // Set error to display on screen.
+                        $output_restrict_content->error = $result;
+
+                        // Set token and post ID for authentication code view.
+                        $output_restrict_content->token = $token;
+                        $output_restrict_content->post_id = $post_id;
+
+                        // Build code form view to return for output with error message.
+                        ob_start();
+                        include CONVERTKIT_PLUGIN_PATH . '/views/frontend/restrict-content/login-modal-content-code.php';
+                        $output = trim( ob_get_clean() );
+                        return rest_ensure_response(
+                            array(
+                                'success' => false,
+                                'data'    => $output,
+                            )
+                        );
+                    }
+
+                    // Return success with the URL to the Post, including the `ck-cache-bust` parameter.
+                    return rest_ensure_response(
+                        array(
+                            'success' => true,
+                            'url'     => $output_restrict_content->get_url( $post_id, true ),
+                        )
+                    );
+                },
+                'permission_callback' => '__return_true',
+            )
+        );
+    }
+
+    /**
+     * Initialize classes that will be used.
+     *
+     * @since   3.1.0
+     */
+    public function initialize_classes() {
+
+        $this->settings                  = new ConvertKit_Settings();
+        $this->restrict_content_settings = new ConvertKit_Settings_Restrict_Content();
+        $this->api                       = new ConvertKit_API_V4(
             CONVERTKIT_OAUTH_CLIENT_ID,
             CONVERTKIT_OAUTH_CLIENT_REDIRECT_URI,
@@ -178 +258 @@
         );
 
+    }
+
+    /**
+     * If the user isn't using JavaScript, or the Plugin's Disable JS is enabled, checks if the request is a Restrict Content request with an email address.
+     * Also runs if restrict content by tag and require login is disabled, as we immediately tag and redirect if this is the case.
+     * If so, calls the API depending on the Restrict Content resource that's required:
+     * - tag: subscribes the email address to the tag, storing the subscriber ID in a cookie and redirecting
+     * - product: calls the API to send the subscriber a magic link by email containing a code. See maybe_run_subscriber_verification()
+     * for logic once they click the link in the email or enter the code on screen.
+     *
+     * @since   2.1.0
+     */
+    public function maybe_run_subscriber_authentication() {
+
+        // Bail if no nonce was specified via form submission.
+        if ( ! array_key_exists( '_wpnonce', $_REQUEST ) ) {
+            return;
+        }
+
+        // Bail if the request is a form submission and the nonce failed validation.
+        if ( ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'convertkit_restrict_content_login' ) ) {
+            return;
+        }
+
+        // Bail if the expected email, resource type, resource ID or Post ID are missing from the request.
+        if ( ! array_key_exists( 'convertkit_email', $_REQUEST ) ) {
+            return;
+        }
+        if ( ! array_key_exists( 'convertkit_resource_type', $_REQUEST ) ) {
+            return;
+        }
+        if ( ! array_key_exists( 'convertkit_resource_id', $_REQUEST ) ) {
+            return;
+        }
+        if ( ! array_key_exists( 'convertkit_post_id', $_REQUEST ) ) {
+            return;
+        }
+
+        // If the Plugin Access Token has not been configured, we can't get this subscriber's ID by email.
+        if ( ! $this->settings->has_access_and_refresh_token() ) {
+            return;
+        }
+
         // Sanitize inputs.
         $email               = sanitize_text_field( wp_unslash( $_REQUEST['convertkit_email'] ) );
@@ -184 +307 @@
         $this->post_id       = absint( $_REQUEST['convertkit_post_id'] );
 
-        // Run subscriber authentication / subscription depending on the resource type.
-        switch ( $this->resource_type ) {
-            case 'product':
-            case 'form':
-                // Send email to subscriber with a link to authenticate they have access to the email address submitted.
-                $result = $this->api->subscriber_authentication_send_code(
-                    $email,
-                    $this->get_url()
-                );
-
-                // Bail if an error occured.
-                if ( is_wp_error( $result ) ) {
-                    $this->error = $result;
-                    return;
-                }
-
+        // If Restrict Content is by tag, tag the subscriber.
+        if ( $this->resource_type === 'tag' ) {
+            // Check reCAPTCHA.
+            $recaptcha          = new ConvertKit_Recaptcha();
+            $recaptcha_response = $recaptcha->verify_recaptcha(
+                ( isset( $_POST['g-recaptcha-response'] ) ? sanitize_text_field( wp_unslash( $_POST['g-recaptcha-response'] ) ) : '' ),
+                'convertkit_restrict_content_tag'
+            );
+
+            // Bail if reCAPTCHA failed.
+            if ( is_wp_error( $recaptcha_response ) ) {
+                $this->error = $recaptcha_response;
+                return;
+            }
+
+            // Tag subscriber.
+            $result = $this->api->tag_subscribe( $this->resource_id, $email );
+
+            // Bail if an error occured.
+            if ( is_wp_error( $result ) ) {
+                $this->error = $result;
+                return;
+            }
+
+            // If require login is disabled, return now.
+            if ( ! $this->restrict_content_settings->require_tag_login() ) {
                 // Clear any existing subscriber ID cookie, as the authentication flow has started by sending the email.
                 $subscriber = new ConvertKit_Subscriber();
                 $subscriber->forget();
 
-                // Store the token so it's included in the subscriber code form.
-                $this->token = $result;
-                break;
-
-            case 'tag':
-                // If require login is enabled, show the login screen.
-                if ( $this->restrict_content_settings->require_tag_login() ) {
-                    // Tag the subscriber, unless this is an AJAX request.
-                    if ( ! wp_doing_ajax() ) {
-                        $result = $this->api->tag_subscribe( $this->resource_id, $email );
-
-                        // Bail if an error occured.
-                        if ( is_wp_error( $result ) ) {
-                            $this->error = $result;
-                            return;
-                        }
-                    }
-
-                    // Send email to subscriber with a link to authenticate they have access to the email address submitted.
-                    $result = $this->api->subscriber_authentication_send_code(
-                        $email,
-                        $this->get_url()
-                    );
-
-                    // Bail if an error occured.
-                    if ( is_wp_error( $result ) ) {
-                        $this->error = $result;
-                        return;
-                    }
-
-                    // Clear any existing subscriber ID cookie, as the authentication flow has started by sending the email.
-                    $subscriber = new ConvertKit_Subscriber();
-                    $subscriber->forget();
-
-                    // Store the token so it's included in the subscriber code form.
-                    $this->token = $result;
-                    break;
-                }
-
-                // If here, require login is disabled.
-                // Check reCAPTCHA, tag subscriber and assign subscriber ID integer to cookie
-                // without email link.
-                $recaptcha          = new ConvertKit_Recaptcha();
-                $recaptcha_response = $recaptcha->verify_recaptcha(
-                    ( isset( $_POST['g-recaptcha-response'] ) ? sanitize_text_field( wp_unslash( $_POST['g-recaptcha-response'] ) ) : '' ),
-                    'convertkit_restrict_content_tag'
-                );
-
-                // Bail if reCAPTCHA failed.
-                if ( is_wp_error( $recaptcha_response ) ) {
-                    $this->error = $recaptcha_response;
-                    return;
-                }
-
-                // Tag the subscriber.
-                $result = $this->api->tag_subscribe( $this->resource_id, $email );
-
-                // Bail if an error occured.
-                if ( is_wp_error( $result ) ) {
-                    $this->error = $result;
-                    return;
-                }
-
-                // Clear any existing subscriber ID cookie, as the authentication flow has started by sending the email.
-                $subscriber = new ConvertKit_Subscriber();
-                $subscriber->forget();
-
                 // Fetch the subscriber ID from the result.
                 $subscriber_id = $result['subscriber']['id'];
@@ -277 +343 @@
                 $this->store_subscriber_id_in_cookie( $subscriber_id );
 
-                // If this isn't an AJAX request, redirect now to reload the Post.
-                if ( ! wp_doing_ajax() ) {
-                    $this->redirect();
-                }
-                break;
-
-        }
-
-    }
-
-    /**
-     * Checks if the request contains a token and subscriber_code i.e. the subscriber clicked
-     * the link in the email sent by the maybe_run_subscriber_authentication() function above.
+                // Redirect.
+                $this->redirect( $this->post_id );
+                return;
+            }
+        }
+
+        // If here, require login is enabled for tags or this is a product/form.
+        // Run subscriber authentication.
+        $result = $this->subscriber_authentication_send_code( $email, $this->post_id );
+
+        // Bail if an error occured.
+        if ( is_wp_error( $result ) ) {
+            $this->error = $result;
+            return;
+        }
+
+        // Store the token so it's included in the subscriber code form.
+        $this->token = $result;
+
+    }
+
+    /**
+     * If the user isn't using JavaScript, or the Plugin's Disable JS is enabled, checks if the request contains a token and subscriber_code,
+     * which happens when the subscriber either:
+     * - clicked the link in the email sent by run_subscriber_authentication(), or
+     * - entered the code from the email on the screen
      *
      * This calls the API to verify the token and subscriber code, which tells us that the email
@@ -309 +388 @@
         // If a nonce was specified, validate it now.
         // It won't be provided if clicking the link in the magic link email.
-        if ( array_key_exists( '_wpnonce', $_REQUEST ) ) {
+        if ( array_key_exists( '_wpnonce', $_REQUEST ) && ! is_null( $_REQUEST['_wpnonce'] ) ) {
             if ( ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'convertkit_restrict_content_subscriber_code' ) ) {
                 return;
@@ -332 +411 @@
         }
 
-        // Initialize the API.
-        $this->api = new ConvertKit_API_V4(
-            CONVERTKIT_OAUTH_CLIENT_ID,
-            CONVERTKIT_OAUTH_CLIENT_REDIRECT_URI,
-            $this->settings->get_access_token(),
-            $this->settings->get_refresh_token(),
-            $this->settings->debug_enabled(),
-            'restrict_content'
-        );
-
-        // Verify the token and subscriber code.
-        $subscriber_id = $this->api->subscriber_authentication_verify(
-            sanitize_text_field( wp_unslash( $_REQUEST['token'] ) ),
-            sanitize_text_field( wp_unslash( $_REQUEST['subscriber_code'] ) )
-        );
+        // Run subscriber verification.
+        $subscriber_id = $this->subscriber_authentication_verify( $this->post_id, sanitize_text_field( wp_unslash( $_REQUEST['token'] ) ), sanitize_text_field( wp_unslash( $_REQUEST['subscriber_code'] ) ) );
 
         // Bail if an error occured.
@@ -354 +420 @@
         }
 
+        // Redirect now to reload the Post.
+        $this->redirect( $this->post_id );
+
+    }
+
+    /**
+     * Sends an email to the subscriber with a code and link to authenticate they have access to the email address submitted.
+     *
+     * @since   3.1.0
+     *
+     * @param   string $email         Email address.
+     * @param   int    $post_id       Post ID.
+     *
+     * @return WP_Error|string        Error or Token.
+     */
+    public function subscriber_authentication_send_code( $email, $post_id ) {
+
+        // Send email to subscriber with a link to authenticate they have access to the email address submitted.
+        $token = $this->api->subscriber_authentication_send_code(
+            $email,
+            $this->get_url( $post_id )
+        );
+
+        // Bail if an error occured.
+        if ( is_wp_error( $token ) ) {
+            return $token;
+        }
+
+        // Clear any existing subscriber ID cookie, as the authentication flow has started by sending the email.
+        $subscriber = new ConvertKit_Subscriber();
+        $subscriber->forget();
+
+        // Return the token.
+        return $token;
+
+    }
+
+    /**
+     * Verifies the token and subscriber code, which tells us that the email
+     * address supplied truly belongs to the user, and that we can safely
+     * trust their subscriber ID to be valid.
+     *
+     * @since   3.1.0
+     *
+     * @param   int    $post_id         Post ID.
+     * @param   string $token           Token.
+     * @param   string $subscriber_code Subscriber code.
+     *
+     * @return WP_Error|string          Error or Signed Subscriber ID.
+     */
+    public function subscriber_authentication_verify( $post_id, $token, $subscriber_code ) {
+
+        // Verify the token and subscriber code.
+        $subscriber_id = $this->api->subscriber_authentication_verify( $token, $subscriber_code );
+
+        // Bail if an error occured.
+        if ( is_wp_error( $subscriber_id ) ) {
+            return $subscriber_id;
+        }
+
         // Store subscriber ID in cookie.
         $this->store_subscriber_id_in_cookie( $subscriber_id );
 
-        // If this isn't an AJAX request, redirect now to reload the Post.
-        if ( ! wp_doing_ajax() ) {
-            $this->redirect();
-        }
+        // Return signed subscriber ID.
+        return $subscriber_id;
 
     }
@@ -513 +637 @@
 
         // Replace existing where statement with new statement.
-        $where = 'WHERE ' . $new_where . ' ' . substr( $where, strpos( $where, 'AND' ) );
+        $where = 'WHERE ' . $new_where . ' ' . substr( $where, strpos( $where, 'AND p.post_type = \'' . $post->post_type . '\' ' ) );
 
         // Return.
@@ -552 +676 @@
 
         // Replace existing where statement with new statement.
-        $where = 'WHERE ' . $new_where . ' ' . substr( $where, strpos( $where, 'AND' ) );
+        $where = 'WHERE ' . $new_where . ' ' . substr( $where, strpos( $where, 'AND p.post_type = \'' . $post->post_type . '\' ' ) );
 
         // Return.
@@ -612 +736 @@
      *
      * @since   2.3.7
-     */
-    private function redirect() {
+     *
+     * @param   int $post_id      Post ID.
+     */
+    private function redirect( $post_id ) {
 
         // Redirect to the Post, appending a query parameter to the URL to prevent caching plugins and
@@ -619 +745 @@
         // result in maybe_restrict_content() not showing an error message or permitting
         // access to the content.
-        wp_safe_redirect( $this->get_url( true ) );
+        wp_safe_redirect( $this->get_url( $post_id, true ) );
         exit;
 
@@ -629 +755 @@
      * @since   2.1.0
      *
+     * @param   int  $post_id        Post ID.
      * @param   bool $cache_bust     Include `ck-cache-bust` parameter in URL.
-     * @return  string  URL.
-     */
-    public function get_url( $cache_bust = false ) {
+     * @return  string                 URL.
+     */
+    public function get_url( $post_id, $cache_bust = false ) {
 
         // Get URL of Post.
-        $url = get_permalink( $this->post_id );
+        $url = get_permalink( $post_id );
 
         // If no cache busting required, return the URL now.
@@ -867 +994 @@
     private function subscriber_has_access( $subscriber_id ) { // phpcs:ignore Generic.CodeAnalysis.UnusedFunctionParameter
 
-        // Initialize the API.
-        $this->api = new ConvertKit_API_V4(
-            CONVERTKIT_OAUTH_CLIENT_ID,
-            CONVERTKIT_OAUTH_CLIENT_REDIRECT_URI,
-            $this->settings->get_access_token(),
-            $this->settings->get_refresh_token(),
-            $this->settings->debug_enabled(),
-            'restrict_content'
-        );
-
         // Depending on the resource type, determine if the subscriber has access to it.
         // This is deliberately a switch statement, because we will likely add in support
@@ -1215 +1332 @@
                 'convertkit_restrict_content',
                 array(
-                    'ajaxurl' => admin_url( 'admin-ajax.php' ),
-                    'debug'   => $this->settings->debug_enabled(),
+                    'nonce'                         => wp_create_nonce( 'wp_rest' ),
+                    'subscriber_authentication_url' => rest_url( 'kit/v1/restrict-content/subscriber-authentication' ),
+                    'subscriber_verification_url'   => rest_url( 'kit/v1/restrict-content/subscriber-verification' ),
+                    'debug'                         => $this->settings->debug_enabled(),
                 )
             );

convertkit/tags/3.1.0/includes/class-convertkit-output.php

@@ -813 +813 @@
         }
 
+        // Determine if the Non-inline Form Limit per Session setting is enabled.
+        $limit_per_session = $this->settings->non_inline_form_limit_per_session();
+
         // Get form.
         $convertkit_forms = new ConvertKit_Resource_Forms();
@@ -829 +832 @@
             add_filter(
                 'convertkit_output_scripts_footer',
-                function ( $scripts ) use ( $form ) {
+                function ( $scripts ) use ( $form, $limit_per_session ) {
 
                     $scripts[] = array(
@@ -835 +838 @@
                         'data-uid'                   => $form['uid'],
                         'src'                        => $form['embed_js'],
-                        'data-kit-limit-per-session' => true,
+                        'data-kit-limit-per-session' => $limit_per_session ? '1' : '0',
                     );
 

convertkit/tags/3.1.0/includes/class-convertkit-resource-forms.php

@@ -545 +545 @@
                         'data-uid'                   => $this->resources[ $id ]['uid'],
                         'src'                        => $this->resources[ $id ]['embed_js'],
-                        'data-kit-limit-per-session' => $settings->non_inline_form_limit_per_session(),
+                        'data-kit-limit-per-session' => $settings->non_inline_form_limit_per_session() ? '1' : '0',
                     );
 

convertkit/tags/3.1.0/includes/class-convertkit-settings.php

@@ -49 +49 @@
         add_action( 'convertkit_api_get_access_token', array( $this, 'update_credentials' ), 10, 2 );
         add_action( 'convertkit_api_refresh_token', array( $this, 'update_credentials' ), 10, 2 );
+
+        // Delete credentials if the API class uses a invalid access token.
+        // This prevents the Plugin making repetitive API requests that will 401.
+        add_action( 'convertkit_api_access_token_invalid', array( $this, 'maybe_delete_credentials' ), 10, 2 );
 
     }
@@ -630 +634 @@
         }
 
+        // Remove any existing persistent notice.
+        WP_ConvertKit()->get_class( 'admin_notices' )->delete( 'authorization_failed' );
+
         $this->save(
             array(
@@ -647 +654 @@
 
     /**
-     * Deletes any existing access token, refresh token and its expiry from the Plugin settings.
+     * Deletes the stored access token, refresh token and its expiry from the Plugin settings,
+     * and clears any existing scheduled WordPress Cron event to refresh the token on expiry,
+     * when either:
+     * - The access token is invalid
+     * - The access token expired, and refreshing failed
+     *
+     * @since   3.1.0
+     *
+     * @param   WP_Error $result      Error result.
+     * @param   string   $client_id   OAuth Client ID used for the Access and Refresh Tokens.
+     */
+    public function maybe_delete_credentials( $result, $client_id ) {
+
+        // Don't delete these credentials if they're not for this Client ID.
+        // They're for another Kit Plugin that uses OAuth.
+        if ( $client_id !== CONVERTKIT_OAUTH_CLIENT_ID ) {
+            return;
+        }
+
+        // Persist an error notice in the WordPress Administration until the user fixes the problem.
+        WP_ConvertKit()->get_class( 'admin_notices' )->add( 'authorization_failed' );
+
+        // Delete the credentials from the Plugin settings.
+        $this->delete_credentials();
+
+    }
+
+    /**
+     * Deletes any existing access token, refresh token and its expiry from the Plugin settings,
+     * and clears any existing scheduled WordPress Cron event to refresh the token on expiry.
      *
      * @since   2.5.0
@@ -661 +697 @@
         );
 
+        // Clear any existing scheduled WordPress Cron event.
+        wp_clear_scheduled_hook( 'convertkit_refresh_token' );
+
     }
 

convertkit/tags/3.1.0/includes/class-wp-convertkit.php

@@ -84 +84 @@
         $this->classes['admin_category']                      = new ConvertKit_Admin_Category();
         $this->classes['admin_landing_page']                  = new ConvertKit_Admin_Landing_Page();
-        $this->classes['admin_notices']                       = new ConvertKit_Admin_Notices();
         $this->classes['admin_post']                          = new ConvertKit_Admin_Post();
         $this->classes['admin_quick_edit']                    = new ConvertKit_Admin_Quick_Edit();
-        $this->classes['admin_refresh_resources']             = new ConvertKit_Admin_Refresh_Resources();
         $this->classes['admin_restrict_content']              = new ConvertKit_Admin_Restrict_Content();
         $this->classes['admin_settings']                      = new ConvertKit_Admin_Settings();
@@ -179 +177 @@
     private function initialize_global() {
 
+        $this->classes['admin_notices']                               = new ConvertKit_Admin_Notices();
+        $this->classes['admin_refresh_resources']                     = new ConvertKit_Admin_Refresh_Resources();
         $this->classes['ajax']                                        = new ConvertKit_AJAX();
         $this->classes['blocks_convertkit_broadcasts']                = new ConvertKit_Block_Broadcasts();

convertkit/tags/3.1.0/languages/convertkit.pot

@@ -3 +3 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: Kit (formerly ConvertKit) 3.0.8\n"
+"Project-Id-Version: Kit (formerly ConvertKit) 3.1.0\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/convertkit\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
@@ -10 +10 @@
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2025-11-05T03:11:47+00:00\n"
+"POT-Creation-Date: 2025-11-20T04:42:45+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.12.0\n"
@@ -88 +88 @@
 msgstr ""
 
-#: admin/class-convertkit-admin-notices.php:69
-msgid "Kit: Authorization failed. Please"
-msgstr ""
-
-#: admin/class-convertkit-admin-notices.php:73
-#: views/backend/post/no-api-key.php:19
-msgid "connect your Kit account."
-msgstr ""
-
 #: admin/class-convertkit-admin-post.php:93
 msgid "Add New"
@@ -276 +267 @@
 
 #: admin/section/class-convertkit-admin-section-broadcasts.php:501
-#: admin/section/class-convertkit-admin-section-general.php:689
+#: admin/section/class-convertkit-admin-section-general.php:673
 #: views/backend/post/bulk-edit.php:30
 #: views/backend/post/bulk-edit.php:53
@@ -396 +387 @@
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:295
+#: admin/section/class-convertkit-admin-section-general.php:279
 msgid "Account Name"
 msgstr ""
 
 #. translators: Post Type Name, plural
-#: admin/section/class-convertkit-admin-section-general.php:316
+#: admin/section/class-convertkit-admin-section-general.php:300
 #, php-format
 msgid "Default Form (%s)"
@@ -407 +398 @@
 
 #. translators: Post Type Name, plural
-#: admin/section/class-convertkit-admin-section-general.php:334
+#: admin/section/class-convertkit-admin-section-general.php:318
 #, php-format
 msgid "Form Position (%s)"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:365
+#: admin/section/class-convertkit-admin-section-general.php:349
 msgid "Default Forms (Site Wide)"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:376
+#: admin/section/class-convertkit-admin-section-general.php:360
 msgid "Behavior"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:388
+#: admin/section/class-convertkit-admin-section-general.php:372
 msgid "Limit Display"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:400
+#: admin/section/class-convertkit-admin-section-general.php:384
 msgid "reCAPTCHA: Site Key"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:407
+#: admin/section/class-convertkit-admin-section-general.php:391
 msgid "Enter your Google reCAPTCHA v3 Site Key. When specified, this will be used to reduce spam signups."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:413
+#: admin/section/class-convertkit-admin-section-general.php:397
 msgid "reCAPTCHA: Secret Key"
 msgstr ""
 
+#: admin/section/class-convertkit-admin-section-general.php:404
+msgid "Enter your Google reCAPTCHA v3 Secret Key. When specified, this will be used to reduce spam signups."
+msgstr ""
+
+#: admin/section/class-convertkit-admin-section-general.php:410
+msgid "reCAPTCHA: Minimum Score"
+msgstr ""
+
 #: admin/section/class-convertkit-admin-section-general.php:420
-msgid "Enter your Google reCAPTCHA v3 Secret Key. When specified, this will be used to reduce spam signups."
-msgstr ""
-
-#: admin/section/class-convertkit-admin-section-general.php:426
-msgid "reCAPTCHA: Minimum Score"
-msgstr ""
-
-#: admin/section/class-convertkit-admin-section-general.php:436
 msgid "Enter the minimum threshold for a subscriber to pass Google reCAPTCHA. A higher number will reduce spam signups (1.0 is very likely a good interaction, 0.0 is very likely a bot)."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:444
+#: admin/section/class-convertkit-admin-section-general.php:428
 msgid "Debug"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:455
+#: admin/section/class-convertkit-admin-section-general.php:439
 msgid "Disable JavaScript"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:466
+#: admin/section/class-convertkit-admin-section-general.php:450
 msgid "Disable CSS"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:477
+#: admin/section/class-convertkit-admin-section-general.php:461
 msgid "Usage Tracking"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:494
+#: admin/section/class-convertkit-admin-section-general.php:478
 msgid "Forms can be embedded before and/or after (or following number of elements) on every post or page (in single view only) across your site by using the settings below."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:495
+#: admin/section/class-convertkit-admin-section-general.php:479
 msgid "You can also configure non-inline forms to display site wide under the \"Non-inline Forms\" section below."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:496
+#: admin/section/class-convertkit-admin-section-general.php:480
 msgid "These default form settings can be overridden using the Kit meta box on a page or post's edit screen. For site wide non-inline forms to respect when a post/page has forms disabled, enable the \"Behavior\" option in the \"Non-inline Forms\" section below."
 msgstr ""
 
 #. translators: [convertkit] shortcode, wrapped in <code> tags
-#: admin/section/class-convertkit-admin-section-general.php:501
+#: admin/section/class-convertkit-admin-section-general.php:485
 #, php-format
 msgid "The default form can be inserted into the middle of post or page content by using either the %s shortcode or block."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:518
+#: admin/section/class-convertkit-admin-section-general.php:502
 msgid "Defines non-inline forms to display site wide, and if these forms should display on Pages / Posts that have the Kit Form setting = None."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:530
+#: admin/section/class-convertkit-admin-section-general.php:514
 msgid "Configure reCAPTCHA to protect the Member Content signup form and Form Builder block from spam and abuse."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:542
+#: admin/section/class-convertkit-admin-section-general.php:526
 msgid "Defines advanced configuration settings, usually when working with support or needing to disable JS or CSS."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:571
+#: admin/section/class-convertkit-admin-section-general.php:555
 msgid "(Not specified)"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:586
+#: admin/section/class-convertkit-admin-section-general.php:570
 msgid "Disconnect"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:649
+#: admin/section/class-convertkit-admin-section-general.php:633
 msgid "No Forms exist in Kit."
 msgstr ""
 
+#: admin/section/class-convertkit-admin-section-general.php:634
+msgid "Click here to create your first form"
+msgstr ""
+
+#. translators: Post Type name, plural
+#: admin/section/class-convertkit-admin-section-general.php:647
+#: admin/section/class-convertkit-admin-section-general.php:657
+#, php-format
+msgid "Select a form above to automatically output below all %s."
+msgstr ""
+
 #: admin/section/class-convertkit-admin-section-general.php:650
-msgid "Click here to create your first form"
-msgstr ""
-
-#. translators: Post Type name, plural
-#: admin/section/class-convertkit-admin-section-general.php:663
-#: admin/section/class-convertkit-admin-section-general.php:673
-#, php-format
-msgid "Select a form above to automatically output below all %s."
-msgstr ""
-
-#: admin/section/class-convertkit-admin-section-general.php:666
-#: admin/section/class-convertkit-admin-section-general.php:803
+#: admin/section/class-convertkit-admin-section-general.php:787
 #: includes/class-convertkit-broadcasts-exporter.php:150
 #: views/backend/setup-wizard/convertkit-setup/content-2.php:79
@@ -525 +516 @@
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:667
-#: admin/section/class-convertkit-admin-section-general.php:804
+#: admin/section/class-convertkit-admin-section-general.php:651
+#: admin/section/class-convertkit-admin-section-general.php:788
 msgid "to preview how this will display."
 msgstr ""
 
 #. translators: Post type singular name
-#: admin/section/class-convertkit-admin-section-general.php:716
+#: admin/section/class-convertkit-admin-section-general.php:700
 #, php-format
 msgid "Before %s content"
@@ -537 +528 @@
 
 #. translators: Post type singular name
-#: admin/section/class-convertkit-admin-section-general.php:721
+#: admin/section/class-convertkit-admin-section-general.php:705
 #, php-format
 msgid "After %s content"
@@ -543 +534 @@
 
 #. translators: Post type singular name
-#: admin/section/class-convertkit-admin-section-general.php:726
+#: admin/section/class-convertkit-admin-section-general.php:710
 #, php-format
 msgid "Before and after %s content"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:729
+#: admin/section/class-convertkit-admin-section-general.php:713
 msgid "After element"
 msgstr ""
 
 #. translators: Post Type name, plural
-#: admin/section/class-convertkit-admin-section-general.php:733
+#: admin/section/class-convertkit-admin-section-general.php:717
 #, php-format
 msgid "Where forms should display relative to the %s content"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:768
+#: admin/section/class-convertkit-admin-section-general.php:752
 msgid "Paragraphs"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:769
+#: admin/section/class-convertkit-admin-section-general.php:753
 msgid "Headings <h2>"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:770
+#: admin/section/class-convertkit-admin-section-general.php:754
 msgid "Headings <h3>"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:771
+#: admin/section/class-convertkit-admin-section-general.php:755
 msgid "Headings <h4>"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:772
+#: admin/section/class-convertkit-admin-section-general.php:756
 msgid "Headings <h5>"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:773
+#: admin/section/class-convertkit-admin-section-general.php:757
 msgid "Headings <h6>"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:774
+#: admin/section/class-convertkit-admin-section-general.php:758
 msgid "Images"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:776
+#: admin/section/class-convertkit-admin-section-general.php:760
 msgid "The number of elements before outputting the form."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:793
+#: admin/section/class-convertkit-admin-section-general.php:777
 msgid "No non-inline Forms exist in Kit."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:794
+#: admin/section/class-convertkit-admin-section-general.php:778
 msgid "Click here to create your first modal, slide in or sticky bar form"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:802
+#: admin/section/class-convertkit-admin-section-general.php:786
 msgid "Automatically display one or more modal, slide-in, or sticky bar forms across your site. This setting is overridden if a default non-inline form is set above, a specific non-inline form or \"None\" option is chosen for a post/page, or a non-inline form is specified in a block/shortcode."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:840
+#: admin/section/class-convertkit-admin-section-general.php:824
 msgid "If checked, do not display the site wide form(s) above on Pages / Posts that have their Kit Form setting = None."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:860
+#: admin/section/class-convertkit-admin-section-general.php:844
 msgid "If checked, one non-inline form will be displayed per session. This applies to all non-inline forms defined on this screen, Page / Post / Category settings, and any Form blocks or shortcodes specifying a non-inline form."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:943
+#: admin/section/class-convertkit-admin-section-general.php:927
 msgid "Log requests to file and output browser console messages."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:944
+#: admin/section/class-convertkit-admin-section-general.php:928
 msgid "You can ignore this unless you're working with our support team to resolve an issue. Decheck this option to improve performance."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:961
+#: admin/section/class-convertkit-admin-section-general.php:945
 msgid "Prevent plugin JavaScript files loading on the frontend site. This will disable the custom content and tagging features of the plugin. Does not apply to embedding forms or landing pages. Use with caution!"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:978
+#: admin/section/class-convertkit-admin-section-general.php:962
 msgid "Prevents loading plugin CSS files. This will disable styling on broadcasts, form trigger buttons, product buttons and member's content. Use with caution!"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:982
+#: admin/section/class-convertkit-admin-section-general.php:966
 msgid "To customize forms and their styling, use the"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:984
+#: admin/section/class-convertkit-admin-section-general.php:968
 msgid "Kit form editor"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:986
+#: admin/section/class-convertkit-admin-section-general.php:970
 msgid "For creators who require form designs to follow their WordPress theme, use the Kit Form Builder block in the block editor."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:989
+#: admin/section/class-convertkit-admin-section-general.php:973
 msgid "For developers who require custom form designs through use of CSS, consider using the"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:990
+#: admin/section/class-convertkit-admin-section-general.php:974
 msgid "or"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:991
+#: admin/section/class-convertkit-admin-section-general.php:975
 msgid "integrations."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:1010
+#: admin/section/class-convertkit-admin-section-general.php:994
 msgid "By allowing us to collect usage data, we can better understand which WordPress configurations, themes and plugins we should test."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:1014
+#: admin/section/class-convertkit-admin-section-general.php:998
 msgid "Complete documentation on usage tracking can be found"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:1016
+#: admin/section/class-convertkit-admin-section-general.php:1000
 #: views/backend/setup-wizard/convertkit-setup/content-2.php:150
 msgid "here"
@@ -844 +835 @@
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-tools.php:353
+#: admin/section/class-convertkit-admin-section-tools.php:60
+msgid "MC4WP forms migrated successfully."
+msgstr ""
+
+#: admin/section/class-convertkit-admin-section-tools.php:396
 msgid "Tools to help you manage Kit on your site."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-tools.php:381
+#: admin/section/class-convertkit-admin-section-tools.php:424
 msgid "WordPress 5.2 or higher is required for system information report."
 msgstr ""
@@ -1418 +1413 @@
 
 #: includes/blocks/class-convertkit-block-form.php:106
+#: views/backend/settings/tools.php:119
 #: views/backend/term/fields-add.php:11
 #: views/backend/term/fields-edit.php:12
@@ -1513 +1509 @@
 msgstr ""
 
-#: includes/class-convertkit-ajax.php:84
-msgid "Kit: Required parameter `subscriber_id` not included in AJAX request."
-msgstr ""
-
-#: includes/class-convertkit-ajax.php:90
-msgid "Kit: Required parameter `subscriber_id` empty in AJAX request."
-msgstr ""
-
-#: includes/class-convertkit-ajax.php:126
+#: includes/class-convertkit-admin-notices.php:69
+msgid "Kit: Authorization failed. Please"
+msgstr ""
+
+#: includes/class-convertkit-admin-notices.php:73
+#: views/backend/post/no-api-key.php:19
+msgid "connect your Kit account."
+msgstr ""
+
+#: includes/class-convertkit-ajax.php:43
 msgid "Kit: Required parameter `email` not included in AJAX request."
 msgstr ""
 
-#: includes/class-convertkit-ajax.php:132
+#: includes/class-convertkit-ajax.php:49
 msgid "Kit: Required parameter `email` is empty."
 msgstr ""
 
-#: includes/class-convertkit-ajax.php:137
+#: includes/class-convertkit-ajax.php:54
 msgid "Kit: Required parameter `email` is not an email address."
 msgstr ""
@@ -2108 +2105 @@
 #: views/backend/settings/tools.php:95
 msgid "Import"
+msgstr ""
+
+#: views/backend/settings/tools.php:109
+msgid "MC4WP: Migrate Configuration"
+msgstr ""
+
+#: views/backend/settings/tools.php:112
+msgid "Automatically replace MC4WP form shortcodes with Kit forms."
+msgstr ""
+
+#: views/backend/settings/tools.php:118
+msgid "MC4WP Form"
+msgstr ""
+
+#: views/backend/settings/tools.php:149
+msgid "Migrate"
 msgstr ""
 

convertkit/tags/3.1.0/readme.txt

@@ -6 +6 @@
 Tested up to: 6.8
 Requires PHP: 7.1
-Stable tag: 3.0.8
+Stable tag: 3.1.0
 License: GPLv3 or later
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -180 +180 @@
 == Changelog ==
 
+### 3.1.0 2025-11-20
+* Added: Settings: Tools: Mailchimp for WordPress to Kit Form Importer
+* Fix: Settings: Non-inline Forms: Correctly output `data-kit-limit-per-session`
+* Fix: Settings: Automatically delete invalid Access Tokens
+* Fix: Member Content: Courses: Next/Previous Links compatibility for WordPress 6.9
+* Fix: Landing Pages: Prevent LazyLoad Plugin from lazy loading images on Landing Pages, which would result in missing images
+* Updated: Blocks: Refresh Resources: Use REST API, replacing admin-ajax.php
+* Updated: Refresh Resources: Use REST API, replacing admin-ajax.php
+* Updated: Member Content: Use REST API, replacing admin-ajax.php
+* Updated: Use WordPress Libraries 2.1.1
+* Removed: Unused `convertkit_store_subscriber_id_in_cookie` AJAX function
+
 ### 3.0.8 2025-11-05
 * Fix: Member Content: Product: Display 'no access' notice when logged in and no access

convertkit/tags/3.1.0/resources/backend/js/gutenberg.js

@@ -747 +747 @@
          */
         const refreshBlocksDefinitions = function (props, setButtonDisabled) {
-            // Define data for WordPress AJAX request.
-            const data = new FormData();
-            data.append('action', 'convertkit_get_blocks');
-            data.append('nonce', convertkit_gutenberg.get_blocks_nonce);
-
             // Disable the button.
             if (typeof setButtonDisabled !== 'undefined') {
@@ -758 +753 @@
 
             // Send AJAX request.
-            fetch(ajaxurl, {
-                method: 'POST',
-                credentials: 'same-origin',
-                body: data,
+            fetch(convertkit_gutenberg.ajaxurl, {
+                method: 'GET',
+                headers: {
+                    'Content-Type': 'application/json',
+                    'X-WP-Nonce': convertkit_gutenberg.get_blocks_nonce,
+                },
             })
                 .then(function (response) {
@@ -768 +765 @@
                 })
                 .then(function (response) {
+                    // If the response includes a code, show an error notice.
+                    if (typeof response.code !== 'undefined') {
+                        // Show an error in the Gutenberg editor.
+                        wp.data
+                            .dispatch('core/notices')
+                            .createErrorNotice('Kit: ' + response.message, {
+                                id: 'convertkit-error',
+                            });
+
+                        // Enable refresh button.
+                        if (typeof setButtonDisabled !== 'undefined') {
+                            setButtonDisabled(false);
+                        }
+                        return;
+                    }
+
                     // Update global ConvertKit Blocks object, so that any updated resources
                     // are reflected when adding new ConvertKit Blocks.
-                    convertkit_blocks = response.data;
+                    convertkit_blocks = response;
 
                     // Update this block's properties, so that has_access_token, has_resources
@@ -791 +804 @@
                     wp.data
                         .dispatch('core/notices')
-                        .createErrorNotice('ConvertKit: ' + error, {
+                        .createErrorNotice('Kit: ' + error, {
                             id: 'convertkit-error',
                         });
 
                     // Enable refresh button.
-                    setButtonDisabled(false);
+                    if (typeof setButtonDisabled !== 'undefined') {
+                        setButtonDisabled(false);
+                    }
                 });
         };

convertkit/tags/3.1.0/resources/backend/js/refresh-resources.js

@@ -50 +50 @@
 
     // Perform AJAX request to refresh resource.
-    fetch(convertkit_admin_refresh_resources.ajaxurl, {
+    fetch(convertkit_admin_refresh_resources.ajaxurl + resource, {
         method: 'POST',
         headers: {
-            'Content-Type': 'application/x-www-form-urlencoded',
+            'Content-Type': 'application/json',
+            'X-WP-Nonce': convertkit_admin_refresh_resources.nonce,
         },
-        body: new URLSearchParams({
-            action: 'convertkit_admin_refresh_resources',
-            nonce: convertkit_admin_refresh_resources.nonce,
-            resource, // e.g. forms, landing_pages, tags.
-        }),
     })
         .then(function (response) {
@@ -71 +67 @@
 
             // Show an error if the request wasn't successful.
-            if (!response.success) {
+            if (typeof response.code !== 'undefined') {
                 // Show error notice.
-                convertKitRefreshResourcesOutputErrorNotice(response.data);
+                convertKitRefreshResourcesOutputErrorNotice(response.message);
 
                 // Enable button and remove is-refreshing class.
@@ -103 +99 @@
                     // Populate select `optgroup`` from response data, which comprises of Tags and Products.
                     // Tags.
-                    response.data.tags.forEach(function (item) {
+                    response.tags.forEach(function (item) {
                         document
                             .querySelector(
@@ -119 +115 @@
 
                     // Products.
-                    response.data.products.forEach(function (item) {
+                    response.products.forEach(function (item) {
                         document
                             .querySelector(
@@ -137 +133 @@
                 default:
                     // Populate select options from response data.
-                    response.data.forEach(function (item) {
+                    response.forEach(function (item) {
                         // Define label.
                         let label = '';

convertkit/tags/3.1.0/resources/frontend/js/convertkit.js

@@ -213 +213 @@
     // Set a cookie if any scripts with data-kit-limit-per-session attribute exist.
     if (
-        document.querySelectorAll('script[data-kit-limit-per-session]').length >
-        0
+        document.querySelectorAll('script[data-kit-limit-per-session="1"]')
+            .length > 0
     ) {
         document.cookie = 'ck_non_inline_form_displayed=1; path=/';

convertkit/tags/3.1.0/resources/frontend/js/restrict-content.js

@@ -78 +78 @@
         // Code submission.
         convertKitRestrictContentSubscriberVerification(
-            e.target.querySelector('input[name="_wpnonce"]').value,
+            convertkit_restrict_content.nonce,
             e.target.querySelector('input[name="subscriber_code"]').value,
             e.target.querySelector('input[name="token"]').value,
@@ -89 +89 @@
     // Email submission.
     convertKitRestrictContentSubscriberAuthenticationSendCode(
-        e.target.querySelector('input[name="_wpnonce"]').value,
+        convertkit_restrict_content.nonce,
         e.target.querySelector('input[name="convertkit_email"]').value,
         e.target.querySelector('input[name="convertkit_resource_type"]').value,
@@ -128 +128 @@
 
 /**
- * Submits the given email address to maybe_run_subscriber_authentication(), which
- * will return either:
+ * Submits the given email address to the WP REST API kit/v1/restrict-content/subscriber-authentication
+ * endpoint, which will return either:
  * - the email form view, with an error message e.g. invalid email,
  * - the code form view, where the user can enter the OTP.
@@ -136 +136 @@
  *
  * @param {string} nonce         WordPress nonce.
- * @param {string} email         Email address.  resource_type   Resource Type (tag|product).
- * @param {string} resource_type Resource Type (tag|product).
- * @param {string} resource_id   Resource ID (ConvertKit Tag or Product ID).
+ * @param {string} email         Email address.
+ * @param {string} resource_type Resource Type (form|tag|product).
+ * @param {string} resource_id   Resource ID (Kit Form,Tag or Product ID).
  * @param {number} post_id       WordPress Post ID being viewed / accessed.
  */
@@ -148 +148 @@
     post_id
 ) {
-    fetch(convertkit_restrict_content.ajaxurl, {
+    fetch(convertkit_restrict_content.subscriber_authentication_url, {
         method: 'POST',
         headers: {
             'Content-Type': 'application/x-www-form-urlencoded',
+            'X-WP-Nonce': nonce,
         },
         body: new URLSearchParams({
-            action: 'convertkit_subscriber_authentication_send_code',
-            _wpnonce: nonce,
             convertkit_email: email,
             convertkit_resource_type: resource_type,
@@ -174 +173 @@
             }
 
-            // Output response, which will be a form with/without an error message.
-            document.querySelector(
-                '#convertkit-restrict-content-modal-content'
-            ).innerHTML = result.data;
+            // Output error message if the response contains a code.
+            if (typeof result.code !== 'undefined') {
+                document.querySelector(
+                    '#convertkit-restrict-content-modal-content'
+                ).innerHTML = result.message;
+            } else {
+                // Output response, which will be either:
+                // - the email form view, with an error message e.g. invalid email,
+                // - the code form view, where the user can enter the OTP.
+                document.querySelector(
+                    '#convertkit-restrict-content-modal-content'
+                ).innerHTML = result.data;
+            }
 
             // Hide loading overlay.
@@ -195 +203 @@
 
 /**
- * Submits the given email address to maybe_run_subscriber_verification(), which
- * will return either:
+ * Submits the given email address to the WP REST API kit/v1/restrict-content/subscriber-verification
+ * endpoint, which will return either:
  * - the code form view, with an error message e.g. invalid code entered,
  * - the Post's URL, with a `ck-cache-bust` parameter appended, which can then be loaded to show the content.
@@ -213 +221 @@
     post_id
 ) {
-    fetch(convertkit_restrict_content.ajaxurl, {
+    fetch(convertkit_restrict_content.subscriber_verification_url, {
         method: 'POST',
         headers: {
             'Content-Type': 'application/x-www-form-urlencoded',
+            'X-WP-Nonce': nonce,
         },
         body: new URLSearchParams({
-            action: 'convertkit_subscriber_verification',
-            _wpnonce: nonce,
             subscriber_code,
             token,
@@ -255 +262 @@
 
             // Code entered is valid; load the URL in the response data.
-            window.location = result.data;
+            window.location = result.url;
         })
         .catch(function (error) {

convertkit/tags/3.1.0/vendor/convertkit/convertkit-wordpress-libraries/src/class-convertkit-api-v4.php

@@ -378 +378 @@
         if ( is_wp_error( $result ) ) {
             $this->log( 'API: Error: ' . $result->get_error_message() );
+
+            /**
+             * Perform any actions when obtaining an access token fails.
+             *
+             * @since   2.1.1
+             *
+             * @param   WP_Error  $result     Error from API.
+             * @param   string    $client_id  OAuth Client ID.
+             */
+            do_action( 'convertkit_api_get_access_token_error', $result, $this->client_id );
+
             return $result;
         }
@@ -415 +426 @@
         if ( is_wp_error( $result ) ) {
             $this->log( 'API: Error: ' . $result->get_error_message() );
+
+            /**
+             * Perform any actions when refreshing an expired access token fails.
+             *
+             * @since   2.1.1
+             *
+             * @param   WP_Error  $result     Error from API.
+             * @param   string    $client_id  OAuth Client ID.
+             */
+            do_action( 'convertkit_api_refresh_token_error', $result, $this->client_id );
+
             return $result;
         }
@@ -1433 +1455 @@
         // Return the API error message as a WP_Error if the HTTP response code is a 4xx code.
         if ( $http_response_code >= 400 ) {
+
             // Define the error message.
             $error = $this->get_error_message_string( $response );
@@ -1439 +1462 @@
 
             switch ( $http_response_code ) {
-                // If the HTTP response code is 401, and the error matches 'The access token expired', refresh the access token now
-                // and re-attempt the request.
                 case 401:
-                    if ( $error !== 'The access token expired' ) {
-                        break;
+                    switch ( $error ) {
+                        case 'The access token expired':
+                            // Attempt to refresh the access token.
+                            $result = $this->refresh_token();
+
+                            // If an error occured, bail.
+                            if ( is_wp_error( $result ) ) {
+                                return $result;
+                            }
+
+                            // Attempt the request again, now we have a new access token.
+                            return $this->request( $endpoint, $method, $params, false );
+
+                        case 'The access token is invalid':
+                            $error = new WP_Error(
+                                'convertkit_api_error',
+                                $error,
+                                $http_response_code
+                            );
+
+                            /**
+                             * Perform any actions when an invalid access token was used.
+                             *
+                             * @since   2.1.1
+                             *
+                             * @param   WP_Error  $error      WP_Error object.
+                             * @param   string    $client_id  OAuth Client ID.
+                             */
+                            do_action( 'convertkit_api_access_token_invalid', $error, $this->client_id );
+
+                            // Return error.
+                            return $error;
+
+                        default:
+                            return new WP_Error(
+                                'convertkit_api_error',
+                                $error,
+                                $http_response_code
+                            );
                     }
 
-                    // Don't automatically refresh the expired access token if we're not on a production environment.
-                    // This prevents the same ConvertKit account used on both a staging and production site from
-                    // reaching a race condition where the staging site refreshes the token first, resulting in
-                    // the production site unable to later refresh its same expired access token.
-                    if ( ! $this->is_production_site() ) {
-                        break;
-                    }
-
-                    // Refresh the access token.
-                    $result = $this->refresh_token();
-
-                    // If an error occured, bail.
-                    if ( is_wp_error( $result ) ) {
-                        return $result;
-                    }
-
-                    // Attempt the request again, now we have a new access token.
-                    return $this->request( $endpoint, $method, $params, false );
-
-                // If a rate limit was hit, maybe try again.
                 case 429:
                     // If retry on rate limit hit is disabled, return a WP_Error.
@@ -1489 +1527 @@
 
         return $response;
-
-    }
-
-    /**
-     * Helper method to determine the WordPress environment type, checking
-     * if the wp_get_environment_type() function exists in WordPress (versions
-     * older than WordPress 5.5 won't have this function).
-     *
-     * @since   2.0.2
-     *
-     * @return  bool
-     */
-    private function is_production_site() {
-
-        // If the WordPress wp_get_environment_type() function isn't available,
-        // assume this is a production site.
-        if ( ! function_exists( 'wp_get_environment_type' ) ) {
-            return true;
-        }
-
-        return ( wp_get_environment_type() === 'production' );
 
     }

convertkit/tags/3.1.0/views/backend/settings/tools.php

@@ -103 +103 @@
 
     <?php
+    // Mailchimp for WordPress (MC4WP).
+    if ( $mc4wp->has_forms_in_posts() && $mc4wp->has_forms() && $forms->exist() ) {
+        ?>
+        <div id="import-mc4wp" class="postbox">
+            <h2><?php esc_html_e( 'MC4WP: Migrate Configuration', 'convertkit' ); ?></h2>
+
+            <p class="description">
+                <?php esc_html_e( 'Automatically replace MC4WP form shortcodes with Kit forms.', 'convertkit' ); ?><br />
+            </p>
+
+            <table class="widefat striped">
+                <thead>
+                    <tr>
+                        <th><?php esc_html_e( 'MC4WP Form', 'convertkit' ); ?></th>
+                        <th><?php esc_html_e( 'Kit Form', 'convertkit' ); ?></th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <?php
+                    foreach ( $mc4wp->get_forms() as $mc4wp_form_id => $mc4wp_form_title ) {
+                        ?>
+                        <tr>
+                            <td><?php echo esc_html( $mc4wp_form_title ); ?></td>
+                            <td>
+                                <select name="_wp_convertkit_integration_mc4wp_settings[<?php echo esc_attr( $mc4wp_form_id ); ?>]">
+                                    <?php
+                                    foreach ( $forms->get() as $form ) {
+                                        ?>
+                                        <option value="<?php echo esc_attr( $form['id'] ); ?>"><?php echo esc_html( $form['name'] ); ?></option>
+                                        <?php
+                                    }
+                                    ?>
+                                </select>
+                            </td>
+                        </tr>
+                        <?php
+                    }
+                    ?>
+                </tbody>
+            </table>
+
+            <p>
+                <?php
+                submit_button(
+                    __( 'Migrate', 'convertkit' ),
+                    'primary',
+                    'convertkit-import-mc4wp',
+                    false
+                );
+                ?>
+            </p>
+        </div><!-- .postbox -->
+        <?php
+    }
+
     wp_nonce_field( 'convertkit-settings-tools', '_convertkit_settings_tools_nonce' );
     ?>

convertkit/tags/3.1.0/wp-convertkit.php

@@ -10 +10 @@
  * Plugin URI: https://kit.com/
  * Description: Display Kit (formerly ConvertKit) email subscription forms, landing pages, products, broadcasts and more.
- * Version: 3.0.8
+ * Version: 3.1.0
  * Author: Kit
  * Author URI: https://kit.com/
@@ -28 +28 @@
 define( 'CONVERTKIT_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
 define( 'CONVERTKIT_PLUGIN_PATH', __DIR__ );
-define( 'CONVERTKIT_PLUGIN_VERSION', '3.0.8' );
+define( 'CONVERTKIT_PLUGIN_VERSION', '3.1.0' );
 define( 'CONVERTKIT_OAUTH_CLIENT_ID', 'HXZlOCj-K5r0ufuWCtyoyo3f688VmMAYSsKg1eGvw0Y' );
 define( 'CONVERTKIT_OAUTH_CLIENT_REDIRECT_URI', 'https://app.kit.com/wordpress/redirect' );
@@ -53 +53 @@
 require_once CONVERTKIT_PLUGIN_PATH . '/includes/functions.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/includes/class-wp-convertkit.php';
+require_once CONVERTKIT_PLUGIN_PATH . '/includes/class-convertkit-admin-notices.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/includes/class-convertkit-ajax.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/includes/class-convertkit-broadcasts-exporter.php';
@@ -109 +110 @@
 require_once CONVERTKIT_PLUGIN_PATH . '/admin/class-convertkit-admin-category.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/admin/class-convertkit-admin-landing-page.php';
-require_once CONVERTKIT_PLUGIN_PATH . '/admin/class-convertkit-admin-notices.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/admin/class-convertkit-admin-post.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/admin/class-convertkit-admin-refresh-resources.php';
@@ -117 +117 @@
 require_once CONVERTKIT_PLUGIN_PATH . '/admin/class-convertkit-admin-setup-wizard.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/admin/class-convertkit-wp-list-table.php';
+require_once CONVERTKIT_PLUGIN_PATH . '/admin/importers/class-convertkit-admin-importer.php';
+require_once CONVERTKIT_PLUGIN_PATH . '/admin/importers/class-convertkit-admin-importer-mc4wp.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/admin/section/class-convertkit-admin-section-base.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/admin/section/class-convertkit-admin-section-broadcasts.php';

convertkit/trunk/CHANGELOG.md

@@ +1 @@
+### 3.1.0 2025-11-20
+* Added: Settings: Tools: Mailchimp for WordPress to Kit Form Importer
+* Fix: Settings: Non-inline Forms: Correctly output `data-kit-limit-per-session`
+* Fix: Settings: Automatically delete invalid Access Tokens
+* Fix: Member Content: Courses: Next/Previous Links compatibility for WordPress 6.9
+* Fix: Landing Pages: Prevent LazyLoad Plugin from lazy loading images on Landing Pages, which would result in missing images
+* Updated: Blocks: Refresh Resources: Use REST API, replacing admin-ajax.php
+* Updated: Refresh Resources: Use REST API, replacing admin-ajax.php
+* Updated: Member Content: Use REST API, replacing admin-ajax.php
+* Updated: Use WordPress Libraries 2.1.1
+* Removed: Unused `convertkit_store_subscriber_id_in_cookie` AJAX function
+
 ### 3.0.8 2025-11-05
 * Fix: Member Content: Product: Display 'no access' notice when logged in and no access

convertkit/trunk/admin/class-convertkit-admin-refresh-resources.php

@@ -23 +23 @@
     public function __construct() {
 
-        add_action( 'wp_ajax_convertkit_admin_refresh_resources', array( $this, 'refresh_resources' ) );
         add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_scripts' ) );
+        add_action( 'rest_api_init', array( $this, 'register_routes' ) );
+
+    }
+
+    /**
+     * Register REST API routes.
+     *
+     * @since   3.1.0
+     */
+    public function register_routes() {
+
+        // Register route to return all blocks registered by the Plugin.
+        register_rest_route(
+            'kit/v1',
+            '/resources/refresh/(?P<resource>[a-zA-Z0-9-_]+)',
+            array(
+                'methods'             => WP_REST_Server::CREATABLE,
+                'callback'            => array( $this, 'refresh_resources' ),
+                'permission_callback' => function () {
+                    return current_user_can( 'edit_posts' );
+                },
+            )
+        );
 
     }
@@ -32 +54 @@
      *
      * @since   1.9.8.0
+     *
+     * @param   WP_REST_Request $request    Request object.
+     * @return  WP_REST_Response|WP_Error               Response object.
      */
-    public function refresh_resources() {
-
-        // Check nonce.
-        check_ajax_referer( 'convertkit_admin_refresh_resources', 'nonce' );
+    public function refresh_resources( $request ) {
 
         // Get resource type.
-        $resource = ( isset( $_REQUEST['resource'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['resource'] ) ) : '' );
+        $resource = $request->get_param( 'resource' );
 
         // Fetch resources.
@@ -75 +97 @@
                 // Bail if an error occured.
                 if ( is_wp_error( $results_tags ) ) {
-                    wp_send_json_error( $results_tags->get_error_message() );
+                    return rest_ensure_response( $results_tags );
                 }
 
@@ -84 +106 @@
                 // Bail if an error occured.
                 if ( is_wp_error( $results_products ) ) {
-                    wp_send_json_error( $results_products->get_error_message() );
+                    return rest_ensure_response( $results_products );
                 }
 
                 // Return resources.
-                wp_send_json_success(
+                return rest_ensure_response(
                     array(
                         'tags'     => array_values( $results_tags ),
@@ -94 +116 @@
                     )
                 );
-                // no break as wp_send_json_success terminates.
 
             default:
@@ -109 +130 @@
         // Bail if an error occured.
         if ( is_wp_error( $results ) ) {
-            wp_send_json_error( $results->get_error_message() );
+            return rest_ensure_response( $results );
         }
 
         // Return resources as a zero based sequential array, so that JS retains the order of resources.
-        wp_send_json_success( array_values( $results ) );
+        return rest_ensure_response( array_values( $results ) );
 
     }
@@ -145 +166 @@
             'convertkit_admin_refresh_resources',
             array(
-                'action'  => 'convertkit_admin_refresh_resources',
-                'ajaxurl' => admin_url( 'admin-ajax.php' ),
+                'ajaxurl' => rest_url( 'kit/v1/resources/refresh/' ),
                 'debug'   => $settings->debug_enabled(),
-                'nonce'   => wp_create_nonce( 'convertkit_admin_refresh_resources' ),
+                'nonce'   => wp_create_nonce( 'wp_rest' ),
             )
         );

convertkit/trunk/admin/section/class-convertkit-admin-section-general.php

@@ -134 +134 @@
         // Bail if no access and refresh token exist.
         if ( ! $this->settings->has_access_and_refresh_token() ) {
-            return;
+            // Redirect to General screen, which will now show the ConvertKit_Admin_Section_OAuth screen, because
+            // the Plugin has no access token.
+            wp_safe_redirect(
+                add_query_arg(
+                    array(
+                        'page' => $this->settings_key,
+                    ),
+                    'options-general.php'
+                )
+            );
+            exit();
         }
 
@@ -153 +163 @@
         // If the request succeeded, no need to perform further actions.
         if ( ! is_wp_error( $this->account ) ) {
-            // Remove any existing persistent notice.
-            WP_ConvertKit()->get_class( 'admin_notices' )->delete( 'authorization_failed' );
-
             return;
         }
 
-        // Depending on the error code, maybe persist a notice in the WordPress Administration until the user
+        // Depending on the error code, display an error notice in the settings screen until the user
         // fixes the problem.
-        switch ( $this->account->get_error_data( $this->account->get_error_code() ) ) {
-            case 401:
-                // Access token either expired or was revoked in ConvertKit.
-                // Remove from settings.
-                $this->settings->delete_credentials();
-
-                // Display a site wide notice.
-                WP_ConvertKit()->get_class( 'admin_notices' )->add( 'authorization_failed' );
-
-                // Redirect to General screen, which will now show the ConvertKit_Admin_Section_OAuth screen, because
-                // the Plugin has no access token.
-                wp_safe_redirect(
-                    add_query_arg(
-                        array(
-                            'page' => $this->settings_key,
-                        ),
-                        'options-general.php'
-                    )
-                );
-                exit();
-        }
-
-        // Output a non-401 error now.
         $this->output_error( $this->account->get_error_message() );
 

convertkit/trunk/admin/section/class-convertkit-admin-section-tools.php

@@ -58 +58 @@
                 'import_configuration_empty'             => __( 'The uploaded configuration file contains no settings.', 'convertkit' ),
                 'import_configuration_success'           => __( 'Configuration imported successfully.', 'convertkit' ),
+                'migrate_mc4wp_configuration_success'    => __( 'MC4WP forms migrated successfully.', 'convertkit' ),
             )
         );
@@ -76 +77 @@
         $this->maybe_export_configuration();
         $this->maybe_import_configuration();
+        $this->maybe_migrate_mc4wp_configuration();
 
     }
@@ -316 +318 @@
 
     /**
+     * Replaces MC4WP Form Shortcodes with Kit Form Shortcodes, if the user submitted the
+     * MC4WP Migrate Configuration section.
+     *
+     * @since   3.1.0
+     */
+    private function maybe_migrate_mc4wp_configuration() {
+
+        // Bail if nonce verification fails.
+        if ( ! isset( $_REQUEST['_convertkit_settings_tools_nonce'] ) ) {
+            return;
+        }
+
+        if ( ! wp_verify_nonce( sanitize_key( $_REQUEST['_convertkit_settings_tools_nonce'] ), 'convertkit-settings-tools' ) ) {
+            return;
+        }
+
+        // Bail if no MC4WP Form IDs were submitted.
+        if ( ! isset( $_REQUEST['_wp_convertkit_integration_mc4wp_settings'] ) ) {
+            return;
+        }
+
+        // Initialise the importer.
+        $mc4wp = new ConvertKit_Admin_Importer_MC4WP();
+
+        // Iterate through the MC4WP Form IDs and replace the shortcodes with the Kit Form Shortcodes.
+        foreach ( array_map( 'sanitize_text_field', wp_unslash( $_REQUEST['_wp_convertkit_integration_mc4wp_settings'] ) ) as $mc4wp_form_id => $kit_form_id ) {
+            $mc4wp->replace_shortcodes_in_posts( (int) $mc4wp_form_id, (int) $kit_form_id );
+        }
+
+        // Redirect to Tools screen.
+        $this->redirect_with_success_notice( 'migrate_mc4wp_configuration_success' );
+
+    }
+
+    /**
      * Outputs the Debug Log and System Info view.
      *
@@ -333 +370 @@
         $system_info = $this->get_system_info();
 
+        // Get Forms.
+        $forms = new ConvertKit_Resource_Forms();
+
+        // Get Importers.
+        $mc4wp = new ConvertKit_Admin_Importer_MC4WP();
+
         // Output view.
         require_once CONVERTKIT_PLUGIN_PATH . '/views/backend/settings/tools.php';

convertkit/trunk/includes/blocks/class-convertkit-block-broadcasts.php

@@ -273 +273 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }
@@ -381 +381 @@
     public function get_panels() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/trunk/includes/blocks/class-convertkit-block-content.php

@@ -105 +105 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }
@@ -138 +138 @@
     public function get_panels() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/trunk/includes/blocks/class-convertkit-block-form-builder-field-custom.php

@@ -102 +102 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }
@@ -151 +151 @@
     public function get_panels() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/trunk/includes/blocks/class-convertkit-block-form-builder-field-email.php

@@ -121 +121 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/trunk/includes/blocks/class-convertkit-block-form-builder-field.php

@@ -195 +195 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }
@@ -224 +224 @@
     public function get_panels() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/trunk/includes/blocks/class-convertkit-block-form-builder.php

@@ -476 +476 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }
@@ -569 +569 @@
     public function get_panels() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/trunk/includes/blocks/class-convertkit-block-form-trigger.php

@@ -213 +213 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }
@@ -271 +271 @@
     public function get_panels() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/trunk/includes/blocks/class-convertkit-block-form.php

@@ -241 +241 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }
@@ -286 +286 @@
     public function get_panels() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/trunk/includes/blocks/class-convertkit-block-product.php

@@ -246 +246 @@
     public function get_fields() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }
@@ -313 +313 @@
     public function get_panels() {
 
-        // Bail if the request is not for the WordPress Administration or frontend editor.
-        if ( ! WP_ConvertKit()->is_admin_or_frontend_editor() ) {
+        // Bail if the request is not for the WordPress Administration, frontend editor or REST API request.
+        if ( ! $this->is_admin_frontend_editor_or_rest_request() ) {
             return false;
         }

convertkit/trunk/includes/blocks/class-convertkit-block.php

@@ -397 +397 @@
 
     /**
+     * Determines if the request is a WordPress REST API request.
+     *
+     * @since   3.1.0
+     *
+     * @return  bool
+     */
+    public function is_rest_request() {
+
+        return defined( 'REST_REQUEST' ) && REST_REQUEST;
+
+    }
+
+    /**
+     * Determines if the request is for the WordPress Administration, frontend editor or REST API request.
+     *
+     * @since   3.1.0
+     *
+     * @return  bool
+     */
+    public function is_admin_frontend_editor_or_rest_request() {
+
+        return WP_ConvertKit()->is_admin_or_frontend_editor() || $this->is_rest_request();
+
+    }
+
+    /**
      * Determines if the request for the block is from the block editor or the frontend site.
      *
@@ -406 +432 @@
 
         // Return false if not a WordPress REST API request, which Gutenberg uses.
-        if ( ! defined( 'REST_REQUEST' ) ) {
-            return false;
-        }
-        if ( REST_REQUEST !== true ) {
+        if ( ! $this->is_rest_request() ) {
             return false;
         }

convertkit/trunk/includes/class-convertkit-ajax.php

@@ -21 +21 @@
     public function __construct() {
 
-        add_action( 'wp_ajax_convertkit_get_blocks', array( $this, 'get_blocks' ) );
-
-        add_action( 'wp_ajax_nopriv_convertkit_store_subscriber_id_in_cookie', array( $this, 'store_subscriber_id_in_cookie' ) );
-        add_action( 'wp_ajax_convertkit_store_subscriber_id_in_cookie', array( $this, 'store_subscriber_id_in_cookie' ) );
-
         add_action( 'wp_ajax_nopriv_convertkit_store_subscriber_email_as_id_in_cookie', array( $this, 'store_subscriber_email_as_id_in_cookie' ) );
         add_action( 'wp_ajax_convertkit_store_subscriber_email_as_id_in_cookie', array( $this, 'store_subscriber_email_as_id_in_cookie' ) );
-
-        add_action( 'wp_ajax_nopriv_convertkit_subscriber_authentication_send_code', array( $this, 'subscriber_authentication_send_code' ) );
-        add_action( 'wp_ajax_convertkit_subscriber_authentication_send_code', array( $this, 'subscriber_authentication_send_code' ) );
-
-        add_action( 'wp_ajax_nopriv_convertkit_subscriber_verification', array( $this, 'subscriber_verification' ) );
-        add_action( 'wp_ajax_convertkit_subscriber_verification', array( $this, 'subscriber_verification' ) );
-
-    }
-
-    /**
-     * Returns all ConvertKit registered blocks.
-     *
-     * Typically used when a refresh button in a block has been pressed when
-     * displayNoticeWithLink() is called, because either
-     * no Access Token is specified, or no resources exist in ConvertKit.
-     *
-     * @since   2.2.6
-     */
-    public function get_blocks() {
-
-        // Check nonce.
-        check_ajax_referer( 'convertkit_get_blocks', 'nonce' );
-
-        // Refresh resources from the API, to reflect any changes.
-        $forms = new ConvertKit_Resource_Forms( 'block_edit' );
-        $forms->refresh();
-
-        $posts = new ConvertKit_Resource_Posts( 'block_edit' );
-        $posts->refresh();
-
-        $products = new ConvertKit_Resource_Products( 'block_edit' );
-        $products->refresh();
-
-        // Return blocks.
-        wp_send_json_success( convertkit_get_blocks() );
-
-    }
-
-    /**
-     * Stores the ConvertKit Subscriber's ID in a cookie.
-     *
-     * Typically performed when the user subscribes via a ConvertKit Form on the web site
-     * that is set to "Send subscriber to thank you page", and the Plugin's JavaScript is not
-     * disabled, permitting convertkit.js to run.
-     *
-     * @since   1.9.6
-     */
-    public function store_subscriber_id_in_cookie() {
-
-        // Check nonce.
-        check_ajax_referer( 'convertkit', 'convertkit_nonce' );
-
-        // Bail if required request parameters not submitted.
-        if ( ! isset( $_REQUEST['subscriber_id'] ) ) {
-            wp_send_json_error( __( 'Kit: Required parameter `subscriber_id` not included in AJAX request.', 'convertkit' ) );
-        }
-
-        // Bail if no subscriber ID provided.
-        $id = absint( sanitize_text_field( wp_unslash( $_REQUEST['subscriber_id'] ) ) );
-        if ( empty( $id ) ) {
-            wp_send_json_error( __( 'Kit: Required parameter `subscriber_id` empty in AJAX request.', 'convertkit' ) );
-        }
-
-        // Get subscriber ID.
-        $subscriber    = new ConvertKit_Subscriber();
-        $subscriber_id = $subscriber->validate_and_store_subscriber_id( $id );
-
-        // Bail if an error occured i.e. API hasn't been configured, subscriber ID does not exist in ConvertKit etc.
-        if ( is_wp_error( $subscriber_id ) ) {
-            wp_send_json_error( $subscriber_id->get_error_message() );
-        }
-
-        // Return the subscriber ID.
-        wp_send_json_success(
-            array(
-                'id' => $subscriber_id,
-            )
-        );
 
     }
@@ -156 +73 @@
     }
 
-    /**
-     * Calls the API to send the subscriber a magic link by email containing a code when
-     * the modal version of Restrict Content is used, and the user has submitted their email address.
-     *
-     * Returns a view of either:
-     * - an error message and email input i.e. the user entered an invalid email address,
-     * - the code input, which is then displayed in the modal for the user to enter the code sent by email.
-     *
-     * See maybe_run_subscriber_verification() for logic once they enter the code on screen.
-     *
-     * @since   2.3.8
-     */
-    public function subscriber_authentication_send_code() {
-
-        // Load Restrict Content class.
-        $output_restrict_content = WP_ConvertKit()->get_class( 'output_restrict_content' );
-
-        // Run subscriber authentication.
-        $output_restrict_content->maybe_run_subscriber_authentication();
-
-        // Fetch Post ID, Resource Type and Resource ID for the view.
-        $post_id       = $output_restrict_content->post_id;
-        $resource_type = $output_restrict_content->resource_type;
-        $resource_id   = $output_restrict_content->resource_id;
-
-        // If an error occured, build the email form view with the error message.
-        if ( is_wp_error( $output_restrict_content->error ) ) {
-            ob_start();
-            include CONVERTKIT_PLUGIN_PATH . '/views/frontend/restrict-content/login-modal-content-email.php';
-            $output = trim( ob_get_clean() );
-            wp_send_json_success( $output );
-        }
-
-        // Build authentication code view to return for output.
-        ob_start();
-        include CONVERTKIT_PLUGIN_PATH . '/views/frontend/restrict-content/login-modal-content-code.php';
-        $output = trim( ob_get_clean() );
-        wp_send_json_success( $output );
-
-    }
-
-    /**
-     * Calls the API to verify the token and entered subscriber code, which tells us that the email
-     * address supplied truly belongs to the user, and that we can safely trust their subscriber ID
-     * to be valid.
-     *
-     * @since   2.3.8
-     */
-    public function subscriber_verification() {
-
-        // Load Restrict Content class.
-        $output_restrict_content = WP_ConvertKit()->get_class( 'output_restrict_content' );
-
-        // Run subscriber authentication.
-        $output_restrict_content->maybe_run_subscriber_verification();
-
-        // Fetch Post ID, Resource Type and Resource ID for the view.
-        $post_id       = $output_restrict_content->post_id;
-        $resource_type = $output_restrict_content->resource_type;
-        $resource_id   = $output_restrict_content->resource_id;
-
-        // If an error occured, build the code form view with the error message.
-        if ( is_wp_error( $output_restrict_content->error ) ) {
-            ob_start();
-            include CONVERTKIT_PLUGIN_PATH . '/views/frontend/restrict-content/login-modal-content-code.php';
-            $output = trim( ob_get_clean() );
-            wp_send_json_error( $output );
-        }
-
-        // Return success with the URL to the Post, including the `ck-cache-bust` parameter.
-        // JS will load the given URL to show the restricted content.
-        wp_send_json_success( $output_restrict_content->get_url( true ) );
-
-    }
-
 }

convertkit/trunk/includes/class-convertkit-cache-plugins.php

@@ -16 +16 @@
 
     /**
-     * Holds external hosts to exclude from CSS and JS minification.
+     * Holds external hosts to exclude from CSS and JS minification
+     * and lazy loading of images.
      *
      * @since   2.4.6
@@ -28 +29 @@
         'pages.convertkit.com',
         'convertkit.com',
+        'filekitcdn.com',
     );
 
@@ -55 +57 @@
 
         // Debloat: Exclude Forms from Delay Load JS.
-        add_filter( 'debloat/defer_js_excludes', array( $this, 'exclude_hosts_from_minification' ) );
-        add_filter( 'debloat/delay_js_excludes', array( $this, 'exclude_hosts_from_minification' ) );
+        add_filter( 'debloat/defer_js_excludes', array( $this, 'exclude_hosts' ) );
+        add_filter( 'debloat/delay_js_excludes', array( $this, 'exclude_hosts' ) );
 
         // Jetpack Boost: Exclude Forms from JS defer.
@@ -75 +77 @@
         add_filter( 'convertkit_resource_forms_output_script', array( $this, 'siteground_speed_optimizer_exclude_js_combine' ) );
 
+        // Rocket LazyLoad: Exclude images from lazy loading.
+        add_filter( 'rocket_lazyload_excluded_src', array( $this, 'exclude_hosts' ) );
+
         // WP Rocket: Disable Caching and Minification on Landing Pages.
         add_action( 'convertkit_output_landing_page_before', array( $this, 'wp_rocket_disable_caching_and_minification_on_landing_pages' ) );
 
         // WP Rocket: Exclude Forms from JS minification and combine.
-        add_filter( 'rocket_minify_excluded_external_js', array( $this, 'exclude_hosts_from_minification' ) );
+        add_filter( 'rocket_minify_excluded_external_js', array( $this, 'exclude_hosts' ) );
 
         // WP Rocket: Exclude Forms from Delay JavaScript execution.
@@ -239 +244 @@
     public function wp_rocket_disable_caching_and_minification_on_landing_pages() {
 
-        add_filter( 'rocket_minify_excluded_external_js', array( $this, 'exclude_hosts_from_minification' ) );
-        add_filter( 'rocket_exclude_css', array( $this, 'exclude_hosts_from_minification' ) );
+        add_filter( 'rocket_minify_excluded_external_js', array( $this, 'exclude_hosts' ) );
+        add_filter( 'rocket_exclude_css', array( $this, 'exclude_hosts' ) );
         add_filter( 'rocket_exclude_js', array( $this, 'exclude_local_js_from_minification' ) );
-        add_filter( 'do_rocket_lazyload', '__return_false' );
 
     }
@@ -278 +282 @@
     public function exclude_hosts_from_minification( $hosts ) {
 
+        _doing_it_wrong( __FUNCTION__, 'Use exclude_hosts() instead.', '3.1.0' );
+
+        return $this->exclude_hosts( $hosts );
+
+    }
+
+    /**
+     * Appends the $exclude_hosts property to an array of existing hosts.
+     *
+     * @since   3.1.0
+     *
+     * @param   array $hosts  External hosts to ignore.
+     * @return  array
+     */
+    public function exclude_hosts( $hosts ) {
+
         return array_merge( $hosts, $this->exclude_hosts );
 

convertkit/trunk/includes/class-convertkit-gutenberg.php

@@ -32 +32 @@
         // Register Gutenberg Blocks.
         add_action( 'init', array( $this, 'add_blocks' ) );
+
+        // Register REST API routes.
+        add_action( 'rest_api_init', array( $this, 'register_routes' ) );
+
+    }
+
+    /**
+     * Register REST API routes.
+     *
+     * @since   3.1.0
+     */
+    public function register_routes() {
+
+        // Register route to return all blocks registered by the Plugin.
+        register_rest_route(
+            'kit/v1',
+            '/blocks',
+            array(
+                'methods'             => WP_REST_Server::READABLE,
+
+                // Refresh resources and return blocks.
+                'callback'            => function () {
+                    // Refresh resources from the API, to reflect any changes.
+                    $forms = new ConvertKit_Resource_Forms( 'block_edit' );
+                    $forms->refresh();
+
+                    $posts = new ConvertKit_Resource_Posts( 'block_edit' );
+                    $posts->refresh();
+
+                    $products = new ConvertKit_Resource_Products( 'block_edit' );
+                    $products->refresh();
+
+                    // Return blocks.
+                    return rest_ensure_response( convertkit_get_blocks() );
+                },
+
+                'permission_callback' => function () {
+                    return current_user_can( 'edit_posts' );
+                },
+            )
+        );
 
     }
@@ -158 +199 @@
             'convertkit_gutenberg',
             array(
-                'get_blocks_nonce' => wp_create_nonce( 'convertkit_get_blocks' ),
+                'ajaxurl'          => rest_url( 'kit/v1/blocks' ),
+                'get_blocks_nonce' => wp_create_nonce( 'wp_rest' ),
             )
         );

convertkit/trunk/includes/class-convertkit-output-restrict-content.php

@@ -107 +107 @@
     public function __construct() {
 
-        // Initialize classes that will be used.
-        $this->settings                  = new ConvertKit_Settings();
-        $this->restrict_content_settings = new ConvertKit_Settings_Restrict_Content();
-
-        // Don't register any hooks if this is an AJAX request, otherwise
-        // maybe_run_subscriber_authentication() and maybe_run_subscriber_verification() will run
-        // twice in an AJAX request (once here, and once when called by the ConvertKit_AJAX class).
-        if ( wp_doing_ajax() ) {
-            return;
-        }
-
+        add_action( 'rest_api_init', array( $this, 'register_routes' ) );
+        add_action( 'init', array( $this, 'initialize_classes' ), 2 );
         add_action( 'init', array( $this, 'maybe_run_subscriber_authentication' ), 3 );
         add_action( 'wp', array( $this, 'maybe_run_subscriber_verification' ), 4 );
@@ -129 +120 @@
 
     /**
-     * Checks if the request is a Restrict Content request with an email address.
-     * If so, calls the API depending on the Restrict Content resource that's required:
-     * - tag: subscribes the email address to the tag, storing the subscriber ID in a cookie and redirecting
-     * - product: calls the API to send the subscriber a magic link by email containing a code. See maybe_run_subscriber_verification()
-     * for logic once they click the link in the email or enter the code on screen.
-     *
-     * @since   2.1.0
-     */
-    public function maybe_run_subscriber_authentication() {
-
-        // Bail if no nonce was specified.
-        if ( ! array_key_exists( '_wpnonce', $_REQUEST ) ) {
-            return;
-        }
-
-        // Bail if the nonce failed validation.
-        if ( ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'convertkit_restrict_content_login' ) ) {
-            return;
-        }
-
-        // Bail if the expected email, resource ID or Post ID are missing.
-        if ( ! array_key_exists( 'convertkit_email', $_REQUEST ) ) {
-            return;
-        }
-        if ( ! array_key_exists( 'convertkit_resource_type', $_REQUEST ) ) {
-            return;
-        }
-        if ( ! array_key_exists( 'convertkit_resource_id', $_REQUEST ) ) {
-            return;
-        }
-        if ( ! array_key_exists( 'convertkit_post_id', $_REQUEST ) ) {
-            return;
-        }
-
-        // If the Plugin Access Token has not been configured, we can't get this subscriber's ID by email.
-        if ( ! $this->settings->has_access_and_refresh_token() ) {
-            return;
-        }
-
-        // Initialize the API.
-        $this->api = new ConvertKit_API_V4(
+     * Register REST API routes.
+     *
+     * @since   3.1.0
+     */
+    public function register_routes() {
+
+        // Register route to run subscriber authentication.
+        register_rest_route(
+            'kit/v1',
+            '/restrict-content/subscriber-authentication',
+            array(
+                'methods'             => WP_REST_Server::CREATABLE,
+                'callback'            => function ( $request ) {
+
+                    // Initialize classes that will be used.
+                    $output_restrict_content = WP_ConvertKit()->get_class( 'output_restrict_content' );
+                    $output_restrict_content->initialize_classes();
+
+                    // Fetch Post ID, Resource Type and Resource ID for the view.
+                    $email         = $request->get_param( 'convertkit_email' );
+                    $post_id       = $request->get_param( 'convertkit_post_id' );
+                    $resource_type = $request->get_param( 'convertkit_resource_type' );
+                    $resource_id   = $request->get_param( 'convertkit_resource_id' );
+
+                    // Run subscriber authentication.
+                    $result = $output_restrict_content->subscriber_authentication_send_code(
+                        $email,
+                        $post_id
+                    );
+
+                    // If an error occured, build the email form view with the error message.
+                    if ( is_wp_error( $result ) ) {
+                        // Set error to display on screen.
+                        $output_restrict_content->error = $result;
+
+                        // Build email form view to return for output with error message.
+                        ob_start();
+                        include CONVERTKIT_PLUGIN_PATH . '/views/frontend/restrict-content/login-modal-content-email.php';
+                        $output = trim( ob_get_clean() );
+                        return rest_ensure_response(
+                            array(
+                                'success' => false,
+                                'data'    => $output,
+                            )
+                        );
+                    }
+
+                    // Set token and Post ID for authentication code view.
+                    $output_restrict_content->token = $result;
+                    $output_restrict_content->post_id = $post_id;
+
+                    // Build authentication code view to return for output.
+                    ob_start();
+                    include CONVERTKIT_PLUGIN_PATH . '/views/frontend/restrict-content/login-modal-content-code.php';
+                    $output = trim( ob_get_clean() );
+                    return rest_ensure_response(
+                        array(
+                            'success' => true,
+                            'data'    => $output,
+                        )
+                    );
+                },
+                'permission_callback' => '__return_true',
+            )
+        );
+
+        // Register route to run subscriber verification.
+        register_rest_route(
+            'kit/v1',
+            '/restrict-content/subscriber-verification',
+            array(
+                'methods'             => WP_REST_Server::CREATABLE,
+                'callback'            => function ( $request ) {
+
+                    // Initialize classes that will be used.
+                    $output_restrict_content = WP_ConvertKit()->get_class( 'output_restrict_content' );
+                    $output_restrict_content->initialize_classes();
+
+                    // Fetch Post ID, Resource Type and Resource ID for the view.
+                    $post_id       = $request->get_param( 'convertkit_post_id' );
+                    $token         = $request->get_param( 'token' );
+                    $subscriber_code = $request->get_param( 'subscriber_code' );
+
+                    // Run subscriber authentication.
+                    $result = $output_restrict_content->subscriber_authentication_verify( $post_id, $token, $subscriber_code );
+
+                    // If an error occured, build the code form view with the error message.
+                    if ( is_wp_error( $result ) ) {
+                        // Set error to display on screen.
+                        $output_restrict_content->error = $result;
+
+                        // Set token and post ID for authentication code view.
+                        $output_restrict_content->token = $token;
+                        $output_restrict_content->post_id = $post_id;
+
+                        // Build code form view to return for output with error message.
+                        ob_start();
+                        include CONVERTKIT_PLUGIN_PATH . '/views/frontend/restrict-content/login-modal-content-code.php';
+                        $output = trim( ob_get_clean() );
+                        return rest_ensure_response(
+                            array(
+                                'success' => false,
+                                'data'    => $output,
+                            )
+                        );
+                    }
+
+                    // Return success with the URL to the Post, including the `ck-cache-bust` parameter.
+                    return rest_ensure_response(
+                        array(
+                            'success' => true,
+                            'url'     => $output_restrict_content->get_url( $post_id, true ),
+                        )
+                    );
+                },
+                'permission_callback' => '__return_true',
+            )
+        );
+    }
+
+    /**
+     * Initialize classes that will be used.
+     *
+     * @since   3.1.0
+     */
+    public function initialize_classes() {
+
+        $this->settings                  = new ConvertKit_Settings();
+        $this->restrict_content_settings = new ConvertKit_Settings_Restrict_Content();
+        $this->api                       = new ConvertKit_API_V4(
             CONVERTKIT_OAUTH_CLIENT_ID,
             CONVERTKIT_OAUTH_CLIENT_REDIRECT_URI,
@@ -178 +258 @@
         );
 
+    }
+
+    /**
+     * If the user isn't using JavaScript, or the Plugin's Disable JS is enabled, checks if the request is a Restrict Content request with an email address.
+     * Also runs if restrict content by tag and require login is disabled, as we immediately tag and redirect if this is the case.
+     * If so, calls the API depending on the Restrict Content resource that's required:
+     * - tag: subscribes the email address to the tag, storing the subscriber ID in a cookie and redirecting
+     * - product: calls the API to send the subscriber a magic link by email containing a code. See maybe_run_subscriber_verification()
+     * for logic once they click the link in the email or enter the code on screen.
+     *
+     * @since   2.1.0
+     */
+    public function maybe_run_subscriber_authentication() {
+
+        // Bail if no nonce was specified via form submission.
+        if ( ! array_key_exists( '_wpnonce', $_REQUEST ) ) {
+            return;
+        }
+
+        // Bail if the request is a form submission and the nonce failed validation.
+        if ( ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'convertkit_restrict_content_login' ) ) {
+            return;
+        }
+
+        // Bail if the expected email, resource type, resource ID or Post ID are missing from the request.
+        if ( ! array_key_exists( 'convertkit_email', $_REQUEST ) ) {
+            return;
+        }
+        if ( ! array_key_exists( 'convertkit_resource_type', $_REQUEST ) ) {
+            return;
+        }
+        if ( ! array_key_exists( 'convertkit_resource_id', $_REQUEST ) ) {
+            return;
+        }
+        if ( ! array_key_exists( 'convertkit_post_id', $_REQUEST ) ) {
+            return;
+        }
+
+        // If the Plugin Access Token has not been configured, we can't get this subscriber's ID by email.
+        if ( ! $this->settings->has_access_and_refresh_token() ) {
+            return;
+        }
+
         // Sanitize inputs.
         $email               = sanitize_text_field( wp_unslash( $_REQUEST['convertkit_email'] ) );
@@ -184 +307 @@
         $this->post_id       = absint( $_REQUEST['convertkit_post_id'] );
 
-        // Run subscriber authentication / subscription depending on the resource type.
-        switch ( $this->resource_type ) {
-            case 'product':
-            case 'form':
-                // Send email to subscriber with a link to authenticate they have access to the email address submitted.
-                $result = $this->api->subscriber_authentication_send_code(
-                    $email,
-                    $this->get_url()
-                );
-
-                // Bail if an error occured.
-                if ( is_wp_error( $result ) ) {
-                    $this->error = $result;
-                    return;
-                }
-
+        // If Restrict Content is by tag, tag the subscriber.
+        if ( $this->resource_type === 'tag' ) {
+            // Check reCAPTCHA.
+            $recaptcha          = new ConvertKit_Recaptcha();
+            $recaptcha_response = $recaptcha->verify_recaptcha(
+                ( isset( $_POST['g-recaptcha-response'] ) ? sanitize_text_field( wp_unslash( $_POST['g-recaptcha-response'] ) ) : '' ),
+                'convertkit_restrict_content_tag'
+            );
+
+            // Bail if reCAPTCHA failed.
+            if ( is_wp_error( $recaptcha_response ) ) {
+                $this->error = $recaptcha_response;
+                return;
+            }
+
+            // Tag subscriber.
+            $result = $this->api->tag_subscribe( $this->resource_id, $email );
+
+            // Bail if an error occured.
+            if ( is_wp_error( $result ) ) {
+                $this->error = $result;
+                return;
+            }
+
+            // If require login is disabled, return now.
+            if ( ! $this->restrict_content_settings->require_tag_login() ) {
                 // Clear any existing subscriber ID cookie, as the authentication flow has started by sending the email.
                 $subscriber = new ConvertKit_Subscriber();
                 $subscriber->forget();
 
-                // Store the token so it's included in the subscriber code form.
-                $this->token = $result;
-                break;
-
-            case 'tag':
-                // If require login is enabled, show the login screen.
-                if ( $this->restrict_content_settings->require_tag_login() ) {
-                    // Tag the subscriber, unless this is an AJAX request.
-                    if ( ! wp_doing_ajax() ) {
-                        $result = $this->api->tag_subscribe( $this->resource_id, $email );
-
-                        // Bail if an error occured.
-                        if ( is_wp_error( $result ) ) {
-                            $this->error = $result;
-                            return;
-                        }
-                    }
-
-                    // Send email to subscriber with a link to authenticate they have access to the email address submitted.
-                    $result = $this->api->subscriber_authentication_send_code(
-                        $email,
-                        $this->get_url()
-                    );
-
-                    // Bail if an error occured.
-                    if ( is_wp_error( $result ) ) {
-                        $this->error = $result;
-                        return;
-                    }
-
-                    // Clear any existing subscriber ID cookie, as the authentication flow has started by sending the email.
-                    $subscriber = new ConvertKit_Subscriber();
-                    $subscriber->forget();
-
-                    // Store the token so it's included in the subscriber code form.
-                    $this->token = $result;
-                    break;
-                }
-
-                // If here, require login is disabled.
-                // Check reCAPTCHA, tag subscriber and assign subscriber ID integer to cookie
-                // without email link.
-                $recaptcha          = new ConvertKit_Recaptcha();
-                $recaptcha_response = $recaptcha->verify_recaptcha(
-                    ( isset( $_POST['g-recaptcha-response'] ) ? sanitize_text_field( wp_unslash( $_POST['g-recaptcha-response'] ) ) : '' ),
-                    'convertkit_restrict_content_tag'
-                );
-
-                // Bail if reCAPTCHA failed.
-                if ( is_wp_error( $recaptcha_response ) ) {
-                    $this->error = $recaptcha_response;
-                    return;
-                }
-
-                // Tag the subscriber.
-                $result = $this->api->tag_subscribe( $this->resource_id, $email );
-
-                // Bail if an error occured.
-                if ( is_wp_error( $result ) ) {
-                    $this->error = $result;
-                    return;
-                }
-
-                // Clear any existing subscriber ID cookie, as the authentication flow has started by sending the email.
-                $subscriber = new ConvertKit_Subscriber();
-                $subscriber->forget();
-
                 // Fetch the subscriber ID from the result.
                 $subscriber_id = $result['subscriber']['id'];
@@ -277 +343 @@
                 $this->store_subscriber_id_in_cookie( $subscriber_id );
 
-                // If this isn't an AJAX request, redirect now to reload the Post.
-                if ( ! wp_doing_ajax() ) {
-                    $this->redirect();
-                }
-                break;
-
-        }
-
-    }
-
-    /**
-     * Checks if the request contains a token and subscriber_code i.e. the subscriber clicked
-     * the link in the email sent by the maybe_run_subscriber_authentication() function above.
+                // Redirect.
+                $this->redirect( $this->post_id );
+                return;
+            }
+        }
+
+        // If here, require login is enabled for tags or this is a product/form.
+        // Run subscriber authentication.
+        $result = $this->subscriber_authentication_send_code( $email, $this->post_id );
+
+        // Bail if an error occured.
+        if ( is_wp_error( $result ) ) {
+            $this->error = $result;
+            return;
+        }
+
+        // Store the token so it's included in the subscriber code form.
+        $this->token = $result;
+
+    }
+
+    /**
+     * If the user isn't using JavaScript, or the Plugin's Disable JS is enabled, checks if the request contains a token and subscriber_code,
+     * which happens when the subscriber either:
+     * - clicked the link in the email sent by run_subscriber_authentication(), or
+     * - entered the code from the email on the screen
      *
      * This calls the API to verify the token and subscriber code, which tells us that the email
@@ -309 +388 @@
         // If a nonce was specified, validate it now.
         // It won't be provided if clicking the link in the magic link email.
-        if ( array_key_exists( '_wpnonce', $_REQUEST ) ) {
+        if ( array_key_exists( '_wpnonce', $_REQUEST ) && ! is_null( $_REQUEST['_wpnonce'] ) ) {
             if ( ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'convertkit_restrict_content_subscriber_code' ) ) {
                 return;
@@ -332 +411 @@
         }
 
-        // Initialize the API.
-        $this->api = new ConvertKit_API_V4(
-            CONVERTKIT_OAUTH_CLIENT_ID,
-            CONVERTKIT_OAUTH_CLIENT_REDIRECT_URI,
-            $this->settings->get_access_token(),
-            $this->settings->get_refresh_token(),
-            $this->settings->debug_enabled(),
-            'restrict_content'
-        );
-
-        // Verify the token and subscriber code.
-        $subscriber_id = $this->api->subscriber_authentication_verify(
-            sanitize_text_field( wp_unslash( $_REQUEST['token'] ) ),
-            sanitize_text_field( wp_unslash( $_REQUEST['subscriber_code'] ) )
-        );
+        // Run subscriber verification.
+        $subscriber_id = $this->subscriber_authentication_verify( $this->post_id, sanitize_text_field( wp_unslash( $_REQUEST['token'] ) ), sanitize_text_field( wp_unslash( $_REQUEST['subscriber_code'] ) ) );
 
         // Bail if an error occured.
@@ -354 +420 @@
         }
 
+        // Redirect now to reload the Post.
+        $this->redirect( $this->post_id );
+
+    }
+
+    /**
+     * Sends an email to the subscriber with a code and link to authenticate they have access to the email address submitted.
+     *
+     * @since   3.1.0
+     *
+     * @param   string $email         Email address.
+     * @param   int    $post_id       Post ID.
+     *
+     * @return WP_Error|string        Error or Token.
+     */
+    public function subscriber_authentication_send_code( $email, $post_id ) {
+
+        // Send email to subscriber with a link to authenticate they have access to the email address submitted.
+        $token = $this->api->subscriber_authentication_send_code(
+            $email,
+            $this->get_url( $post_id )
+        );
+
+        // Bail if an error occured.
+        if ( is_wp_error( $token ) ) {
+            return $token;
+        }
+
+        // Clear any existing subscriber ID cookie, as the authentication flow has started by sending the email.
+        $subscriber = new ConvertKit_Subscriber();
+        $subscriber->forget();
+
+        // Return the token.
+        return $token;
+
+    }
+
+    /**
+     * Verifies the token and subscriber code, which tells us that the email
+     * address supplied truly belongs to the user, and that we can safely
+     * trust their subscriber ID to be valid.
+     *
+     * @since   3.1.0
+     *
+     * @param   int    $post_id         Post ID.
+     * @param   string $token           Token.
+     * @param   string $subscriber_code Subscriber code.
+     *
+     * @return WP_Error|string          Error or Signed Subscriber ID.
+     */
+    public function subscriber_authentication_verify( $post_id, $token, $subscriber_code ) {
+
+        // Verify the token and subscriber code.
+        $subscriber_id = $this->api->subscriber_authentication_verify( $token, $subscriber_code );
+
+        // Bail if an error occured.
+        if ( is_wp_error( $subscriber_id ) ) {
+            return $subscriber_id;
+        }
+
         // Store subscriber ID in cookie.
         $this->store_subscriber_id_in_cookie( $subscriber_id );
 
-        // If this isn't an AJAX request, redirect now to reload the Post.
-        if ( ! wp_doing_ajax() ) {
-            $this->redirect();
-        }
+        // Return signed subscriber ID.
+        return $subscriber_id;
 
     }
@@ -513 +637 @@
 
         // Replace existing where statement with new statement.
-        $where = 'WHERE ' . $new_where . ' ' . substr( $where, strpos( $where, 'AND' ) );
+        $where = 'WHERE ' . $new_where . ' ' . substr( $where, strpos( $where, 'AND p.post_type = \'' . $post->post_type . '\' ' ) );
 
         // Return.
@@ -552 +676 @@
 
         // Replace existing where statement with new statement.
-        $where = 'WHERE ' . $new_where . ' ' . substr( $where, strpos( $where, 'AND' ) );
+        $where = 'WHERE ' . $new_where . ' ' . substr( $where, strpos( $where, 'AND p.post_type = \'' . $post->post_type . '\' ' ) );
 
         // Return.
@@ -612 +736 @@
      *
      * @since   2.3.7
-     */
-    private function redirect() {
+     *
+     * @param   int $post_id      Post ID.
+     */
+    private function redirect( $post_id ) {
 
         // Redirect to the Post, appending a query parameter to the URL to prevent caching plugins and
@@ -619 +745 @@
         // result in maybe_restrict_content() not showing an error message or permitting
         // access to the content.
-        wp_safe_redirect( $this->get_url( true ) );
+        wp_safe_redirect( $this->get_url( $post_id, true ) );
         exit;
 
@@ -629 +755 @@
      * @since   2.1.0
      *
+     * @param   int  $post_id        Post ID.
      * @param   bool $cache_bust     Include `ck-cache-bust` parameter in URL.
-     * @return  string  URL.
-     */
-    public function get_url( $cache_bust = false ) {
+     * @return  string                 URL.
+     */
+    public function get_url( $post_id, $cache_bust = false ) {
 
         // Get URL of Post.
-        $url = get_permalink( $this->post_id );
+        $url = get_permalink( $post_id );
 
         // If no cache busting required, return the URL now.
@@ -867 +994 @@
     private function subscriber_has_access( $subscriber_id ) { // phpcs:ignore Generic.CodeAnalysis.UnusedFunctionParameter
 
-        // Initialize the API.
-        $this->api = new ConvertKit_API_V4(
-            CONVERTKIT_OAUTH_CLIENT_ID,
-            CONVERTKIT_OAUTH_CLIENT_REDIRECT_URI,
-            $this->settings->get_access_token(),
-            $this->settings->get_refresh_token(),
-            $this->settings->debug_enabled(),
-            'restrict_content'
-        );
-
         // Depending on the resource type, determine if the subscriber has access to it.
         // This is deliberately a switch statement, because we will likely add in support
@@ -1215 +1332 @@
                 'convertkit_restrict_content',
                 array(
-                    'ajaxurl' => admin_url( 'admin-ajax.php' ),
-                    'debug'   => $this->settings->debug_enabled(),
+                    'nonce'                         => wp_create_nonce( 'wp_rest' ),
+                    'subscriber_authentication_url' => rest_url( 'kit/v1/restrict-content/subscriber-authentication' ),
+                    'subscriber_verification_url'   => rest_url( 'kit/v1/restrict-content/subscriber-verification' ),
+                    'debug'                         => $this->settings->debug_enabled(),
                 )
             );

convertkit/trunk/includes/class-convertkit-output.php

@@ -813 +813 @@
         }
 
+        // Determine if the Non-inline Form Limit per Session setting is enabled.
+        $limit_per_session = $this->settings->non_inline_form_limit_per_session();
+
         // Get form.
         $convertkit_forms = new ConvertKit_Resource_Forms();
@@ -829 +832 @@
             add_filter(
                 'convertkit_output_scripts_footer',
-                function ( $scripts ) use ( $form ) {
+                function ( $scripts ) use ( $form, $limit_per_session ) {
 
                     $scripts[] = array(
@@ -835 +838 @@
                         'data-uid'                   => $form['uid'],
                         'src'                        => $form['embed_js'],
-                        'data-kit-limit-per-session' => true,
+                        'data-kit-limit-per-session' => $limit_per_session ? '1' : '0',
                     );
 

convertkit/trunk/includes/class-convertkit-resource-forms.php

@@ -545 +545 @@
                         'data-uid'                   => $this->resources[ $id ]['uid'],
                         'src'                        => $this->resources[ $id ]['embed_js'],
-                        'data-kit-limit-per-session' => $settings->non_inline_form_limit_per_session(),
+                        'data-kit-limit-per-session' => $settings->non_inline_form_limit_per_session() ? '1' : '0',
                     );
 

convertkit/trunk/includes/class-convertkit-settings.php

@@ -49 +49 @@
         add_action( 'convertkit_api_get_access_token', array( $this, 'update_credentials' ), 10, 2 );
         add_action( 'convertkit_api_refresh_token', array( $this, 'update_credentials' ), 10, 2 );
+
+        // Delete credentials if the API class uses a invalid access token.
+        // This prevents the Plugin making repetitive API requests that will 401.
+        add_action( 'convertkit_api_access_token_invalid', array( $this, 'maybe_delete_credentials' ), 10, 2 );
 
     }
@@ -630 +634 @@
         }
 
+        // Remove any existing persistent notice.
+        WP_ConvertKit()->get_class( 'admin_notices' )->delete( 'authorization_failed' );
+
         $this->save(
             array(
@@ -647 +654 @@
 
     /**
-     * Deletes any existing access token, refresh token and its expiry from the Plugin settings.
+     * Deletes the stored access token, refresh token and its expiry from the Plugin settings,
+     * and clears any existing scheduled WordPress Cron event to refresh the token on expiry,
+     * when either:
+     * - The access token is invalid
+     * - The access token expired, and refreshing failed
+     *
+     * @since   3.1.0
+     *
+     * @param   WP_Error $result      Error result.
+     * @param   string   $client_id   OAuth Client ID used for the Access and Refresh Tokens.
+     */
+    public function maybe_delete_credentials( $result, $client_id ) {
+
+        // Don't delete these credentials if they're not for this Client ID.
+        // They're for another Kit Plugin that uses OAuth.
+        if ( $client_id !== CONVERTKIT_OAUTH_CLIENT_ID ) {
+            return;
+        }
+
+        // Persist an error notice in the WordPress Administration until the user fixes the problem.
+        WP_ConvertKit()->get_class( 'admin_notices' )->add( 'authorization_failed' );
+
+        // Delete the credentials from the Plugin settings.
+        $this->delete_credentials();
+
+    }
+
+    /**
+     * Deletes any existing access token, refresh token and its expiry from the Plugin settings,
+     * and clears any existing scheduled WordPress Cron event to refresh the token on expiry.
      *
      * @since   2.5.0
@@ -661 +697 @@
         );
 
+        // Clear any existing scheduled WordPress Cron event.
+        wp_clear_scheduled_hook( 'convertkit_refresh_token' );
+
     }
 

convertkit/trunk/includes/class-wp-convertkit.php

@@ -84 +84 @@
         $this->classes['admin_category']                      = new ConvertKit_Admin_Category();
         $this->classes['admin_landing_page']                  = new ConvertKit_Admin_Landing_Page();
-        $this->classes['admin_notices']                       = new ConvertKit_Admin_Notices();
         $this->classes['admin_post']                          = new ConvertKit_Admin_Post();
         $this->classes['admin_quick_edit']                    = new ConvertKit_Admin_Quick_Edit();
-        $this->classes['admin_refresh_resources']             = new ConvertKit_Admin_Refresh_Resources();
         $this->classes['admin_restrict_content']              = new ConvertKit_Admin_Restrict_Content();
         $this->classes['admin_settings']                      = new ConvertKit_Admin_Settings();
@@ -179 +177 @@
     private function initialize_global() {
 
+        $this->classes['admin_notices']                               = new ConvertKit_Admin_Notices();
+        $this->classes['admin_refresh_resources']                     = new ConvertKit_Admin_Refresh_Resources();
         $this->classes['ajax']                                        = new ConvertKit_AJAX();
         $this->classes['blocks_convertkit_broadcasts']                = new ConvertKit_Block_Broadcasts();

convertkit/trunk/languages/convertkit.pot

@@ -3 +3 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: Kit (formerly ConvertKit) 3.0.8\n"
+"Project-Id-Version: Kit (formerly ConvertKit) 3.1.0\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/convertkit\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
@@ -10 +10 @@
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2025-11-05T03:11:47+00:00\n"
+"POT-Creation-Date: 2025-11-20T04:42:45+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.12.0\n"
@@ -88 +88 @@
 msgstr ""
 
-#: admin/class-convertkit-admin-notices.php:69
-msgid "Kit: Authorization failed. Please"
-msgstr ""
-
-#: admin/class-convertkit-admin-notices.php:73
-#: views/backend/post/no-api-key.php:19
-msgid "connect your Kit account."
-msgstr ""
-
 #: admin/class-convertkit-admin-post.php:93
 msgid "Add New"
@@ -276 +267 @@
 
 #: admin/section/class-convertkit-admin-section-broadcasts.php:501
-#: admin/section/class-convertkit-admin-section-general.php:689
+#: admin/section/class-convertkit-admin-section-general.php:673
 #: views/backend/post/bulk-edit.php:30
 #: views/backend/post/bulk-edit.php:53
@@ -396 +387 @@
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:295
+#: admin/section/class-convertkit-admin-section-general.php:279
 msgid "Account Name"
 msgstr ""
 
 #. translators: Post Type Name, plural
-#: admin/section/class-convertkit-admin-section-general.php:316
+#: admin/section/class-convertkit-admin-section-general.php:300
 #, php-format
 msgid "Default Form (%s)"
@@ -407 +398 @@
 
 #. translators: Post Type Name, plural
-#: admin/section/class-convertkit-admin-section-general.php:334
+#: admin/section/class-convertkit-admin-section-general.php:318
 #, php-format
 msgid "Form Position (%s)"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:365
+#: admin/section/class-convertkit-admin-section-general.php:349
 msgid "Default Forms (Site Wide)"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:376
+#: admin/section/class-convertkit-admin-section-general.php:360
 msgid "Behavior"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:388
+#: admin/section/class-convertkit-admin-section-general.php:372
 msgid "Limit Display"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:400
+#: admin/section/class-convertkit-admin-section-general.php:384
 msgid "reCAPTCHA: Site Key"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:407
+#: admin/section/class-convertkit-admin-section-general.php:391
 msgid "Enter your Google reCAPTCHA v3 Site Key. When specified, this will be used to reduce spam signups."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:413
+#: admin/section/class-convertkit-admin-section-general.php:397
 msgid "reCAPTCHA: Secret Key"
 msgstr ""
 
+#: admin/section/class-convertkit-admin-section-general.php:404
+msgid "Enter your Google reCAPTCHA v3 Secret Key. When specified, this will be used to reduce spam signups."
+msgstr ""
+
+#: admin/section/class-convertkit-admin-section-general.php:410
+msgid "reCAPTCHA: Minimum Score"
+msgstr ""
+
 #: admin/section/class-convertkit-admin-section-general.php:420
-msgid "Enter your Google reCAPTCHA v3 Secret Key. When specified, this will be used to reduce spam signups."
-msgstr ""
-
-#: admin/section/class-convertkit-admin-section-general.php:426
-msgid "reCAPTCHA: Minimum Score"
-msgstr ""
-
-#: admin/section/class-convertkit-admin-section-general.php:436
 msgid "Enter the minimum threshold for a subscriber to pass Google reCAPTCHA. A higher number will reduce spam signups (1.0 is very likely a good interaction, 0.0 is very likely a bot)."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:444
+#: admin/section/class-convertkit-admin-section-general.php:428
 msgid "Debug"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:455
+#: admin/section/class-convertkit-admin-section-general.php:439
 msgid "Disable JavaScript"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:466
+#: admin/section/class-convertkit-admin-section-general.php:450
 msgid "Disable CSS"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:477
+#: admin/section/class-convertkit-admin-section-general.php:461
 msgid "Usage Tracking"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:494
+#: admin/section/class-convertkit-admin-section-general.php:478
 msgid "Forms can be embedded before and/or after (or following number of elements) on every post or page (in single view only) across your site by using the settings below."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:495
+#: admin/section/class-convertkit-admin-section-general.php:479
 msgid "You can also configure non-inline forms to display site wide under the \"Non-inline Forms\" section below."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:496
+#: admin/section/class-convertkit-admin-section-general.php:480
 msgid "These default form settings can be overridden using the Kit meta box on a page or post's edit screen. For site wide non-inline forms to respect when a post/page has forms disabled, enable the \"Behavior\" option in the \"Non-inline Forms\" section below."
 msgstr ""
 
 #. translators: [convertkit] shortcode, wrapped in <code> tags
-#: admin/section/class-convertkit-admin-section-general.php:501
+#: admin/section/class-convertkit-admin-section-general.php:485
 #, php-format
 msgid "The default form can be inserted into the middle of post or page content by using either the %s shortcode or block."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:518
+#: admin/section/class-convertkit-admin-section-general.php:502
 msgid "Defines non-inline forms to display site wide, and if these forms should display on Pages / Posts that have the Kit Form setting = None."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:530
+#: admin/section/class-convertkit-admin-section-general.php:514
 msgid "Configure reCAPTCHA to protect the Member Content signup form and Form Builder block from spam and abuse."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:542
+#: admin/section/class-convertkit-admin-section-general.php:526
 msgid "Defines advanced configuration settings, usually when working with support or needing to disable JS or CSS."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:571
+#: admin/section/class-convertkit-admin-section-general.php:555
 msgid "(Not specified)"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:586
+#: admin/section/class-convertkit-admin-section-general.php:570
 msgid "Disconnect"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:649
+#: admin/section/class-convertkit-admin-section-general.php:633
 msgid "No Forms exist in Kit."
 msgstr ""
 
+#: admin/section/class-convertkit-admin-section-general.php:634
+msgid "Click here to create your first form"
+msgstr ""
+
+#. translators: Post Type name, plural
+#: admin/section/class-convertkit-admin-section-general.php:647
+#: admin/section/class-convertkit-admin-section-general.php:657
+#, php-format
+msgid "Select a form above to automatically output below all %s."
+msgstr ""
+
 #: admin/section/class-convertkit-admin-section-general.php:650
-msgid "Click here to create your first form"
-msgstr ""
-
-#. translators: Post Type name, plural
-#: admin/section/class-convertkit-admin-section-general.php:663
-#: admin/section/class-convertkit-admin-section-general.php:673
-#, php-format
-msgid "Select a form above to automatically output below all %s."
-msgstr ""
-
-#: admin/section/class-convertkit-admin-section-general.php:666
-#: admin/section/class-convertkit-admin-section-general.php:803
+#: admin/section/class-convertkit-admin-section-general.php:787
 #: includes/class-convertkit-broadcasts-exporter.php:150
 #: views/backend/setup-wizard/convertkit-setup/content-2.php:79
@@ -525 +516 @@
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:667
-#: admin/section/class-convertkit-admin-section-general.php:804
+#: admin/section/class-convertkit-admin-section-general.php:651
+#: admin/section/class-convertkit-admin-section-general.php:788
 msgid "to preview how this will display."
 msgstr ""
 
 #. translators: Post type singular name
-#: admin/section/class-convertkit-admin-section-general.php:716
+#: admin/section/class-convertkit-admin-section-general.php:700
 #, php-format
 msgid "Before %s content"
@@ -537 +528 @@
 
 #. translators: Post type singular name
-#: admin/section/class-convertkit-admin-section-general.php:721
+#: admin/section/class-convertkit-admin-section-general.php:705
 #, php-format
 msgid "After %s content"
@@ -543 +534 @@
 
 #. translators: Post type singular name
-#: admin/section/class-convertkit-admin-section-general.php:726
+#: admin/section/class-convertkit-admin-section-general.php:710
 #, php-format
 msgid "Before and after %s content"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:729
+#: admin/section/class-convertkit-admin-section-general.php:713
 msgid "After element"
 msgstr ""
 
 #. translators: Post Type name, plural
-#: admin/section/class-convertkit-admin-section-general.php:733
+#: admin/section/class-convertkit-admin-section-general.php:717
 #, php-format
 msgid "Where forms should display relative to the %s content"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:768
+#: admin/section/class-convertkit-admin-section-general.php:752
 msgid "Paragraphs"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:769
+#: admin/section/class-convertkit-admin-section-general.php:753
 msgid "Headings <h2>"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:770
+#: admin/section/class-convertkit-admin-section-general.php:754
 msgid "Headings <h3>"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:771
+#: admin/section/class-convertkit-admin-section-general.php:755
 msgid "Headings <h4>"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:772
+#: admin/section/class-convertkit-admin-section-general.php:756
 msgid "Headings <h5>"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:773
+#: admin/section/class-convertkit-admin-section-general.php:757
 msgid "Headings <h6>"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:774
+#: admin/section/class-convertkit-admin-section-general.php:758
 msgid "Images"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:776
+#: admin/section/class-convertkit-admin-section-general.php:760
 msgid "The number of elements before outputting the form."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:793
+#: admin/section/class-convertkit-admin-section-general.php:777
 msgid "No non-inline Forms exist in Kit."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:794
+#: admin/section/class-convertkit-admin-section-general.php:778
 msgid "Click here to create your first modal, slide in or sticky bar form"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:802
+#: admin/section/class-convertkit-admin-section-general.php:786
 msgid "Automatically display one or more modal, slide-in, or sticky bar forms across your site. This setting is overridden if a default non-inline form is set above, a specific non-inline form or \"None\" option is chosen for a post/page, or a non-inline form is specified in a block/shortcode."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:840
+#: admin/section/class-convertkit-admin-section-general.php:824
 msgid "If checked, do not display the site wide form(s) above on Pages / Posts that have their Kit Form setting = None."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:860
+#: admin/section/class-convertkit-admin-section-general.php:844
 msgid "If checked, one non-inline form will be displayed per session. This applies to all non-inline forms defined on this screen, Page / Post / Category settings, and any Form blocks or shortcodes specifying a non-inline form."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:943
+#: admin/section/class-convertkit-admin-section-general.php:927
 msgid "Log requests to file and output browser console messages."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:944
+#: admin/section/class-convertkit-admin-section-general.php:928
 msgid "You can ignore this unless you're working with our support team to resolve an issue. Decheck this option to improve performance."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:961
+#: admin/section/class-convertkit-admin-section-general.php:945
 msgid "Prevent plugin JavaScript files loading on the frontend site. This will disable the custom content and tagging features of the plugin. Does not apply to embedding forms or landing pages. Use with caution!"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:978
+#: admin/section/class-convertkit-admin-section-general.php:962
 msgid "Prevents loading plugin CSS files. This will disable styling on broadcasts, form trigger buttons, product buttons and member's content. Use with caution!"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:982
+#: admin/section/class-convertkit-admin-section-general.php:966
 msgid "To customize forms and their styling, use the"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:984
+#: admin/section/class-convertkit-admin-section-general.php:968
 msgid "Kit form editor"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:986
+#: admin/section/class-convertkit-admin-section-general.php:970
 msgid "For creators who require form designs to follow their WordPress theme, use the Kit Form Builder block in the block editor."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:989
+#: admin/section/class-convertkit-admin-section-general.php:973
 msgid "For developers who require custom form designs through use of CSS, consider using the"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:990
+#: admin/section/class-convertkit-admin-section-general.php:974
 msgid "or"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:991
+#: admin/section/class-convertkit-admin-section-general.php:975
 msgid "integrations."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:1010
+#: admin/section/class-convertkit-admin-section-general.php:994
 msgid "By allowing us to collect usage data, we can better understand which WordPress configurations, themes and plugins we should test."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:1014
+#: admin/section/class-convertkit-admin-section-general.php:998
 msgid "Complete documentation on usage tracking can be found"
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-general.php:1016
+#: admin/section/class-convertkit-admin-section-general.php:1000
 #: views/backend/setup-wizard/convertkit-setup/content-2.php:150
 msgid "here"
@@ -844 +835 @@
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-tools.php:353
+#: admin/section/class-convertkit-admin-section-tools.php:60
+msgid "MC4WP forms migrated successfully."
+msgstr ""
+
+#: admin/section/class-convertkit-admin-section-tools.php:396
 msgid "Tools to help you manage Kit on your site."
 msgstr ""
 
-#: admin/section/class-convertkit-admin-section-tools.php:381
+#: admin/section/class-convertkit-admin-section-tools.php:424
 msgid "WordPress 5.2 or higher is required for system information report."
 msgstr ""
@@ -1418 +1413 @@
 
 #: includes/blocks/class-convertkit-block-form.php:106
+#: views/backend/settings/tools.php:119
 #: views/backend/term/fields-add.php:11
 #: views/backend/term/fields-edit.php:12
@@ -1513 +1509 @@
 msgstr ""
 
-#: includes/class-convertkit-ajax.php:84
-msgid "Kit: Required parameter `subscriber_id` not included in AJAX request."
-msgstr ""
-
-#: includes/class-convertkit-ajax.php:90
-msgid "Kit: Required parameter `subscriber_id` empty in AJAX request."
-msgstr ""
-
-#: includes/class-convertkit-ajax.php:126
+#: includes/class-convertkit-admin-notices.php:69
+msgid "Kit: Authorization failed. Please"
+msgstr ""
+
+#: includes/class-convertkit-admin-notices.php:73
+#: views/backend/post/no-api-key.php:19
+msgid "connect your Kit account."
+msgstr ""
+
+#: includes/class-convertkit-ajax.php:43
 msgid "Kit: Required parameter `email` not included in AJAX request."
 msgstr ""
 
-#: includes/class-convertkit-ajax.php:132
+#: includes/class-convertkit-ajax.php:49
 msgid "Kit: Required parameter `email` is empty."
 msgstr ""
 
-#: includes/class-convertkit-ajax.php:137
+#: includes/class-convertkit-ajax.php:54
 msgid "Kit: Required parameter `email` is not an email address."
 msgstr ""
@@ -2108 +2105 @@
 #: views/backend/settings/tools.php:95
 msgid "Import"
+msgstr ""
+
+#: views/backend/settings/tools.php:109
+msgid "MC4WP: Migrate Configuration"
+msgstr ""
+
+#: views/backend/settings/tools.php:112
+msgid "Automatically replace MC4WP form shortcodes with Kit forms."
+msgstr ""
+
+#: views/backend/settings/tools.php:118
+msgid "MC4WP Form"
+msgstr ""
+
+#: views/backend/settings/tools.php:149
+msgid "Migrate"
 msgstr ""
 

convertkit/trunk/readme.txt

@@ -6 +6 @@
 Tested up to: 6.8
 Requires PHP: 7.1
-Stable tag: 3.0.8
+Stable tag: 3.1.0
 License: GPLv3 or later
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -180 +180 @@
 == Changelog ==
 
+### 3.1.0 2025-11-20
+* Added: Settings: Tools: Mailchimp for WordPress to Kit Form Importer
+* Fix: Settings: Non-inline Forms: Correctly output `data-kit-limit-per-session`
+* Fix: Settings: Automatically delete invalid Access Tokens
+* Fix: Member Content: Courses: Next/Previous Links compatibility for WordPress 6.9
+* Fix: Landing Pages: Prevent LazyLoad Plugin from lazy loading images on Landing Pages, which would result in missing images
+* Updated: Blocks: Refresh Resources: Use REST API, replacing admin-ajax.php
+* Updated: Refresh Resources: Use REST API, replacing admin-ajax.php
+* Updated: Member Content: Use REST API, replacing admin-ajax.php
+* Updated: Use WordPress Libraries 2.1.1
+* Removed: Unused `convertkit_store_subscriber_id_in_cookie` AJAX function
+
 ### 3.0.8 2025-11-05
 * Fix: Member Content: Product: Display 'no access' notice when logged in and no access

convertkit/trunk/resources/backend/js/gutenberg.js

@@ -747 +747 @@
          */
         const refreshBlocksDefinitions = function (props, setButtonDisabled) {
-            // Define data for WordPress AJAX request.
-            const data = new FormData();
-            data.append('action', 'convertkit_get_blocks');
-            data.append('nonce', convertkit_gutenberg.get_blocks_nonce);
-
             // Disable the button.
             if (typeof setButtonDisabled !== 'undefined') {
@@ -758 +753 @@
 
             // Send AJAX request.
-            fetch(ajaxurl, {
-                method: 'POST',
-                credentials: 'same-origin',
-                body: data,
+            fetch(convertkit_gutenberg.ajaxurl, {
+                method: 'GET',
+                headers: {
+                    'Content-Type': 'application/json',
+                    'X-WP-Nonce': convertkit_gutenberg.get_blocks_nonce,
+                },
             })
                 .then(function (response) {
@@ -768 +765 @@
                 })
                 .then(function (response) {
+                    // If the response includes a code, show an error notice.
+                    if (typeof response.code !== 'undefined') {
+                        // Show an error in the Gutenberg editor.
+                        wp.data
+                            .dispatch('core/notices')
+                            .createErrorNotice('Kit: ' + response.message, {
+                                id: 'convertkit-error',
+                            });
+
+                        // Enable refresh button.
+                        if (typeof setButtonDisabled !== 'undefined') {
+                            setButtonDisabled(false);
+                        }
+                        return;
+                    }
+
                     // Update global ConvertKit Blocks object, so that any updated resources
                     // are reflected when adding new ConvertKit Blocks.
-                    convertkit_blocks = response.data;
+                    convertkit_blocks = response;
 
                     // Update this block's properties, so that has_access_token, has_resources
@@ -791 +804 @@
                     wp.data
                         .dispatch('core/notices')
-                        .createErrorNotice('ConvertKit: ' + error, {
+                        .createErrorNotice('Kit: ' + error, {
                             id: 'convertkit-error',
                         });
 
                     // Enable refresh button.
-                    setButtonDisabled(false);
+                    if (typeof setButtonDisabled !== 'undefined') {
+                        setButtonDisabled(false);
+                    }
                 });
         };

convertkit/trunk/resources/backend/js/refresh-resources.js

@@ -50 +50 @@
 
     // Perform AJAX request to refresh resource.
-    fetch(convertkit_admin_refresh_resources.ajaxurl, {
+    fetch(convertkit_admin_refresh_resources.ajaxurl + resource, {
         method: 'POST',
         headers: {
-            'Content-Type': 'application/x-www-form-urlencoded',
+            'Content-Type': 'application/json',
+            'X-WP-Nonce': convertkit_admin_refresh_resources.nonce,
         },
-        body: new URLSearchParams({
-            action: 'convertkit_admin_refresh_resources',
-            nonce: convertkit_admin_refresh_resources.nonce,
-            resource, // e.g. forms, landing_pages, tags.
-        }),
     })
         .then(function (response) {
@@ -71 +67 @@
 
             // Show an error if the request wasn't successful.
-            if (!response.success) {
+            if (typeof response.code !== 'undefined') {
                 // Show error notice.
-                convertKitRefreshResourcesOutputErrorNotice(response.data);
+                convertKitRefreshResourcesOutputErrorNotice(response.message);
 
                 // Enable button and remove is-refreshing class.
@@ -103 +99 @@
                     // Populate select `optgroup`` from response data, which comprises of Tags and Products.
                     // Tags.
-                    response.data.tags.forEach(function (item) {
+                    response.tags.forEach(function (item) {
                         document
                             .querySelector(
@@ -119 +115 @@
 
                     // Products.
-                    response.data.products.forEach(function (item) {
+                    response.products.forEach(function (item) {
                         document
                             .querySelector(
@@ -137 +133 @@
                 default:
                     // Populate select options from response data.
-                    response.data.forEach(function (item) {
+                    response.forEach(function (item) {
                         // Define label.
                         let label = '';

convertkit/trunk/resources/frontend/js/convertkit.js

@@ -213 +213 @@
     // Set a cookie if any scripts with data-kit-limit-per-session attribute exist.
     if (
-        document.querySelectorAll('script[data-kit-limit-per-session]').length >
-        0
+        document.querySelectorAll('script[data-kit-limit-per-session="1"]')
+            .length > 0
     ) {
         document.cookie = 'ck_non_inline_form_displayed=1; path=/';

convertkit/trunk/resources/frontend/js/restrict-content.js

@@ -78 +78 @@
         // Code submission.
         convertKitRestrictContentSubscriberVerification(
-            e.target.querySelector('input[name="_wpnonce"]').value,
+            convertkit_restrict_content.nonce,
             e.target.querySelector('input[name="subscriber_code"]').value,
             e.target.querySelector('input[name="token"]').value,
@@ -89 +89 @@
     // Email submission.
     convertKitRestrictContentSubscriberAuthenticationSendCode(
-        e.target.querySelector('input[name="_wpnonce"]').value,
+        convertkit_restrict_content.nonce,
         e.target.querySelector('input[name="convertkit_email"]').value,
         e.target.querySelector('input[name="convertkit_resource_type"]').value,
@@ -128 +128 @@
 
 /**
- * Submits the given email address to maybe_run_subscriber_authentication(), which
- * will return either:
+ * Submits the given email address to the WP REST API kit/v1/restrict-content/subscriber-authentication
+ * endpoint, which will return either:
  * - the email form view, with an error message e.g. invalid email,
  * - the code form view, where the user can enter the OTP.
@@ -136 +136 @@
  *
  * @param {string} nonce         WordPress nonce.
- * @param {string} email         Email address.  resource_type   Resource Type (tag|product).
- * @param {string} resource_type Resource Type (tag|product).
- * @param {string} resource_id   Resource ID (ConvertKit Tag or Product ID).
+ * @param {string} email         Email address.
+ * @param {string} resource_type Resource Type (form|tag|product).
+ * @param {string} resource_id   Resource ID (Kit Form,Tag or Product ID).
  * @param {number} post_id       WordPress Post ID being viewed / accessed.
  */
@@ -148 +148 @@
     post_id
 ) {
-    fetch(convertkit_restrict_content.ajaxurl, {
+    fetch(convertkit_restrict_content.subscriber_authentication_url, {
         method: 'POST',
         headers: {
             'Content-Type': 'application/x-www-form-urlencoded',
+            'X-WP-Nonce': nonce,
         },
         body: new URLSearchParams({
-            action: 'convertkit_subscriber_authentication_send_code',
-            _wpnonce: nonce,
             convertkit_email: email,
             convertkit_resource_type: resource_type,
@@ -174 +173 @@
             }
 
-            // Output response, which will be a form with/without an error message.
-            document.querySelector(
-                '#convertkit-restrict-content-modal-content'
-            ).innerHTML = result.data;
+            // Output error message if the response contains a code.
+            if (typeof result.code !== 'undefined') {
+                document.querySelector(
+                    '#convertkit-restrict-content-modal-content'
+                ).innerHTML = result.message;
+            } else {
+                // Output response, which will be either:
+                // - the email form view, with an error message e.g. invalid email,
+                // - the code form view, where the user can enter the OTP.
+                document.querySelector(
+                    '#convertkit-restrict-content-modal-content'
+                ).innerHTML = result.data;
+            }
 
             // Hide loading overlay.
@@ -195 +203 @@
 
 /**
- * Submits the given email address to maybe_run_subscriber_verification(), which
- * will return either:
+ * Submits the given email address to the WP REST API kit/v1/restrict-content/subscriber-verification
+ * endpoint, which will return either:
  * - the code form view, with an error message e.g. invalid code entered,
  * - the Post's URL, with a `ck-cache-bust` parameter appended, which can then be loaded to show the content.
@@ -213 +221 @@
     post_id
 ) {
-    fetch(convertkit_restrict_content.ajaxurl, {
+    fetch(convertkit_restrict_content.subscriber_verification_url, {
         method: 'POST',
         headers: {
             'Content-Type': 'application/x-www-form-urlencoded',
+            'X-WP-Nonce': nonce,
         },
         body: new URLSearchParams({
-            action: 'convertkit_subscriber_verification',
-            _wpnonce: nonce,
             subscriber_code,
             token,
@@ -255 +262 @@
 
             // Code entered is valid; load the URL in the response data.
-            window.location = result.data;
+            window.location = result.url;
         })
         .catch(function (error) {

convertkit/trunk/vendor/convertkit/convertkit-wordpress-libraries/src/class-convertkit-api-v4.php

@@ -378 +378 @@
         if ( is_wp_error( $result ) ) {
             $this->log( 'API: Error: ' . $result->get_error_message() );
+
+            /**
+             * Perform any actions when obtaining an access token fails.
+             *
+             * @since   2.1.1
+             *
+             * @param   WP_Error  $result     Error from API.
+             * @param   string    $client_id  OAuth Client ID.
+             */
+            do_action( 'convertkit_api_get_access_token_error', $result, $this->client_id );
+
             return $result;
         }
@@ -415 +426 @@
         if ( is_wp_error( $result ) ) {
             $this->log( 'API: Error: ' . $result->get_error_message() );
+
+            /**
+             * Perform any actions when refreshing an expired access token fails.
+             *
+             * @since   2.1.1
+             *
+             * @param   WP_Error  $result     Error from API.
+             * @param   string    $client_id  OAuth Client ID.
+             */
+            do_action( 'convertkit_api_refresh_token_error', $result, $this->client_id );
+
             return $result;
         }
@@ -1433 +1455 @@
         // Return the API error message as a WP_Error if the HTTP response code is a 4xx code.
         if ( $http_response_code >= 400 ) {
+
             // Define the error message.
             $error = $this->get_error_message_string( $response );
@@ -1439 +1462 @@
 
             switch ( $http_response_code ) {
-                // If the HTTP response code is 401, and the error matches 'The access token expired', refresh the access token now
-                // and re-attempt the request.
                 case 401:
-                    if ( $error !== 'The access token expired' ) {
-                        break;
+                    switch ( $error ) {
+                        case 'The access token expired':
+                            // Attempt to refresh the access token.
+                            $result = $this->refresh_token();
+
+                            // If an error occured, bail.
+                            if ( is_wp_error( $result ) ) {
+                                return $result;
+                            }
+
+                            // Attempt the request again, now we have a new access token.
+                            return $this->request( $endpoint, $method, $params, false );
+
+                        case 'The access token is invalid':
+                            $error = new WP_Error(
+                                'convertkit_api_error',
+                                $error,
+                                $http_response_code
+                            );
+
+                            /**
+                             * Perform any actions when an invalid access token was used.
+                             *
+                             * @since   2.1.1
+                             *
+                             * @param   WP_Error  $error      WP_Error object.
+                             * @param   string    $client_id  OAuth Client ID.
+                             */
+                            do_action( 'convertkit_api_access_token_invalid', $error, $this->client_id );
+
+                            // Return error.
+                            return $error;
+
+                        default:
+                            return new WP_Error(
+                                'convertkit_api_error',
+                                $error,
+                                $http_response_code
+                            );
                     }
 
-                    // Don't automatically refresh the expired access token if we're not on a production environment.
-                    // This prevents the same ConvertKit account used on both a staging and production site from
-                    // reaching a race condition where the staging site refreshes the token first, resulting in
-                    // the production site unable to later refresh its same expired access token.
-                    if ( ! $this->is_production_site() ) {
-                        break;
-                    }
-
-                    // Refresh the access token.
-                    $result = $this->refresh_token();
-
-                    // If an error occured, bail.
-                    if ( is_wp_error( $result ) ) {
-                        return $result;
-                    }
-
-                    // Attempt the request again, now we have a new access token.
-                    return $this->request( $endpoint, $method, $params, false );
-
-                // If a rate limit was hit, maybe try again.
                 case 429:
                     // If retry on rate limit hit is disabled, return a WP_Error.
@@ -1489 +1527 @@
 
         return $response;
-
-    }
-
-    /**
-     * Helper method to determine the WordPress environment type, checking
-     * if the wp_get_environment_type() function exists in WordPress (versions
-     * older than WordPress 5.5 won't have this function).
-     *
-     * @since   2.0.2
-     *
-     * @return  bool
-     */
-    private function is_production_site() {
-
-        // If the WordPress wp_get_environment_type() function isn't available,
-        // assume this is a production site.
-        if ( ! function_exists( 'wp_get_environment_type' ) ) {
-            return true;
-        }
-
-        return ( wp_get_environment_type() === 'production' );
 
     }

convertkit/trunk/views/backend/settings/tools.php

@@ -103 +103 @@
 
     <?php
+    // Mailchimp for WordPress (MC4WP).
+    if ( $mc4wp->has_forms_in_posts() && $mc4wp->has_forms() && $forms->exist() ) {
+        ?>
+        <div id="import-mc4wp" class="postbox">
+            <h2><?php esc_html_e( 'MC4WP: Migrate Configuration', 'convertkit' ); ?></h2>
+
+            <p class="description">
+                <?php esc_html_e( 'Automatically replace MC4WP form shortcodes with Kit forms.', 'convertkit' ); ?><br />
+            </p>
+
+            <table class="widefat striped">
+                <thead>
+                    <tr>
+                        <th><?php esc_html_e( 'MC4WP Form', 'convertkit' ); ?></th>
+                        <th><?php esc_html_e( 'Kit Form', 'convertkit' ); ?></th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <?php
+                    foreach ( $mc4wp->get_forms() as $mc4wp_form_id => $mc4wp_form_title ) {
+                        ?>
+                        <tr>
+                            <td><?php echo esc_html( $mc4wp_form_title ); ?></td>
+                            <td>
+                                <select name="_wp_convertkit_integration_mc4wp_settings[<?php echo esc_attr( $mc4wp_form_id ); ?>]">
+                                    <?php
+                                    foreach ( $forms->get() as $form ) {
+                                        ?>
+                                        <option value="<?php echo esc_attr( $form['id'] ); ?>"><?php echo esc_html( $form['name'] ); ?></option>
+                                        <?php
+                                    }
+                                    ?>
+                                </select>
+                            </td>
+                        </tr>
+                        <?php
+                    }
+                    ?>
+                </tbody>
+            </table>
+
+            <p>
+                <?php
+                submit_button(
+                    __( 'Migrate', 'convertkit' ),
+                    'primary',
+                    'convertkit-import-mc4wp',
+                    false
+                );
+                ?>
+            </p>
+        </div><!-- .postbox -->
+        <?php
+    }
+
     wp_nonce_field( 'convertkit-settings-tools', '_convertkit_settings_tools_nonce' );
     ?>

convertkit/trunk/wp-convertkit.php

@@ -10 +10 @@
  * Plugin URI: https://kit.com/
  * Description: Display Kit (formerly ConvertKit) email subscription forms, landing pages, products, broadcasts and more.
- * Version: 3.0.8
+ * Version: 3.1.0
  * Author: Kit
  * Author URI: https://kit.com/
@@ -28 +28 @@
 define( 'CONVERTKIT_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
 define( 'CONVERTKIT_PLUGIN_PATH', __DIR__ );
-define( 'CONVERTKIT_PLUGIN_VERSION', '3.0.8' );
+define( 'CONVERTKIT_PLUGIN_VERSION', '3.1.0' );
 define( 'CONVERTKIT_OAUTH_CLIENT_ID', 'HXZlOCj-K5r0ufuWCtyoyo3f688VmMAYSsKg1eGvw0Y' );
 define( 'CONVERTKIT_OAUTH_CLIENT_REDIRECT_URI', 'https://app.kit.com/wordpress/redirect' );
@@ -53 +53 @@
 require_once CONVERTKIT_PLUGIN_PATH . '/includes/functions.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/includes/class-wp-convertkit.php';
+require_once CONVERTKIT_PLUGIN_PATH . '/includes/class-convertkit-admin-notices.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/includes/class-convertkit-ajax.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/includes/class-convertkit-broadcasts-exporter.php';
@@ -109 +110 @@
 require_once CONVERTKIT_PLUGIN_PATH . '/admin/class-convertkit-admin-category.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/admin/class-convertkit-admin-landing-page.php';
-require_once CONVERTKIT_PLUGIN_PATH . '/admin/class-convertkit-admin-notices.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/admin/class-convertkit-admin-post.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/admin/class-convertkit-admin-refresh-resources.php';
@@ -117 +117 @@
 require_once CONVERTKIT_PLUGIN_PATH . '/admin/class-convertkit-admin-setup-wizard.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/admin/class-convertkit-wp-list-table.php';
+require_once CONVERTKIT_PLUGIN_PATH . '/admin/importers/class-convertkit-admin-importer.php';
+require_once CONVERTKIT_PLUGIN_PATH . '/admin/importers/class-convertkit-admin-importer-mc4wp.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/admin/section/class-convertkit-admin-section-base.php';
 require_once CONVERTKIT_PLUGIN_PATH . '/admin/section/class-convertkit-admin-section-broadcasts.php';