Fix: WooCommerce Blocks cart / checkout — product short descriptions now translate correctly. WC Blocks pre-renders the cart server-side via a hydration path that bypasses the REST response filter; the plugin now hooks woocommerce_hydration_request_after_callbacks so hydrated responses are translated alongside live Store API calls.
Fix: WooCommerce Blocks Summary truncation — product short descriptions in cart / checkout are no longer clipped to ~15 characters on locales whose WordPress translation breaks the Word count type. Do not translate! hint (e.g. pt_BR returning “palavras”). Both the server-side _x() value and the client-side wp.i18n translation file entry are now sanitised back to a valid value.
Fix: Store API translation — WC Blocks calls /wc/store/v1/* without a language URL prefix from the localized React bundle. The plugin now falls back to HTTP_REFERER to detect the visitor’s current language so Store API responses match the page they were requested from.
Doc: readme repositioned to make clear the plugin is free and fully usable in manual mode; the Transleti API (automatic translation) is now described as optional.
Doc: trial messaging updated to reflect that the 7-day API trial no longer requires a card or payment method. After the trial, the API stops automatically unless you subscribe and the plugin keeps working in manual mode for free.
1.9.22
Fix: per-language progress no longer gets stuck below 100% on mixed-script content. Dictionary rows now retire after 3 failed translation attempts (mirroring the existing gettext mechanism), so untranslatable strings stop blocking the percentage indicator.
1.9.21
Fix: visual editor — clicks on theme menu items (GeneratePress, Astra, Divi, Elementor Pro mega-menus, etc.) now open the translation panel reliably. Listener moved to window capture + pointerdown so theme menu togglers that call stopPropagation() can no longer swallow the selection click.
1.9.20
Fix: visual editor now detects menu items in Hebrew, Greek, Hindi, Thai, Georgian and Armenian (menu translation now bails during preview so the renderer can add translatable markers regardless of script).
Fix: visual editor — clicking on a string with duplicated text on the same page (e.g. a heading and a menu link with the same label) now opens the translation panel for the selected occurrence.
Fix: ignore RSS feed pubDate/lastBuildDate strings in the “stuck translations” notice.
Improvement: automatic cleanup of orphan sentence segments left over from long-paragraph batching.
1.9.x
New: visual translation editor — click any text in the rendered front-end and edit its translation in a live side panel. Works on menus, buttons, image alts and theme strings.
New: 49+ languages supported via the Transleti translation API.
New: HTML entity and shortcode protection across all translation entry points.
New: “Do not translate” word list (brand names, product codes, acronyms).
New: SEO meta translation for SEOPress, Yoast, AIOSEO and RankMath.
Compliance: wrapped language_has_translations() and find_original_slug() direct $wpdb probes with wp_cache_get / wp_cache_set (5-minute TTL, transleti cache group).
Compliance: documented every legitimate direct DB call against core meta tables with phpcs:ignore comments explaining why the existing core API can’t replace them.
1.4.2
Hardening: escaped flag-emoji output in the language switcher shortcode (render_switcher, render_language_list) via esc_html().
Hardening: every ob_start() callback buffer is now explicitly closed via a paired ob_end_flush() registered through register_shutdown_function() in the same function scope (frontend page buffer, AJAX response buffer, sitemap xhtml-namespace buffer).
1.2.1
Hardening: replaced fopen/fread/fclose with WP_Filesystem::get_contents() for the diagnostic log reader.
Hardening: switched all custom-table existence checks to $wpdb->prepare( ‘SHOW TABLES LIKE %s’, … ) (no more single-quote interpolation).
Hardening: switched several $_POST reads on HTML-bearing fields to wp_kses_post( wp_unslash( … ) ); integer reads now use absint( wp_unslash( … ) ).
Hardening: added explicit nonce checks (check_admin_referer/wp_nonce_url) to the string-export download link.
Compliance: removed redundant load_plugin_textdomain() call (WP 4.6+ auto-loads translations from the WP.org directory).
Compliance: documented every legitimate direct-DB query (custom plugin tables) with localised phpcs:disable/enable blocks.
1.2.0
Compliance: removed comparative/superlative marketing phrasing from the readme.
Hardening: all $_GET / $_POST / $_SERVER / $_COOKIE reads now go through wp_unslash() plus a context-appropriate sanitiser (sanitize_text_field, esc_url_raw).
Hardening: AJAX nonce check in ajax_empty_language() now unslashes and sanitises the nonce before passing it to wp_verify_nonce().
1.0.6
Removed redundant load_plugin_textdomain() call — translations are now auto-loaded by WordPress 4.6+ for plugins hosted in the directory.
Switched front-end language redirect from wp_redirect() to wp_safe_redirect() for additional protection against open-redirect attempts.
Defense-in-depth: explicit allowlist validation for the language storage key before SQL identifier interpolation in the cache-clearing endpoint.
Packaging: included a .pot template in languages/ so the Domain Path folder is present in the distributed package.
1.0.5
New: separate <url> entry per language in the sitemap, matching Google’s documented hreflang format.
