Merge branch 'master' into develop

README.md

@@ -5,7 +5,7 @@
 **Requires at least:** 6.6 \
 **Tested up to:** 6.9 \
 **Requires PHP:** 7.4 \
-**Stable tag:** 4.0.1 \
+**Stable tag:** 4.1.0 \
 **License:** GPLv2 or later
 
 Ally: Make your site more inclusive by scanning for accessibility violations, fixing them easily, and adding a usability widget and accessibility statement.
@@ -227,6 +227,26 @@ You can report security bugs through the Patchstack Vulnerability Disclosure Pro
 
 ## Changelog
 
+### 4.1.0 – 2026-02-23
+
+* New: Added bulk remediation flow to generate AI alt text or mark multiple images as decorative
+* Tweak: Added the ability to disable the accessibility widget to prevent it from loading on your site
+* Tweak: Security enhancement to prevent potential SQL injection
+* Tweak: Security enhancement to remove unsecure composer package
+* Fix: Display WordPress admin notices inside the settings page
+* Fix: Resolved conflict in Beaver Builder by preventing remediation runner from executing during page builder sessions
+
+### 4.0.3 – 2026-01-28
+
+* Tweak: Security enhancements for access control
+
+### 4.0.2 – 2026-01-28
+
+* Tweak: Added a dashboard widget to trigger scans and view results
+* Fix: Resolved layout issues on the settings page for RTL websites
+* Fix: Resolved widget trigger functionality when users are logged out
+* Fix: Missing styles warning when reviews popup is displayed
+
 ### 4.0.1 – 2026-01-20
 
 * Fix: Fix ally widget action to toggle open/close state.

composer.json

@@ -24,20 +24,20 @@
 	},
 	"scripts": {
 		"lint": "vendor/bin/phpcs --standard=./ruleset.xml ./**/*.php",
-		"lint:fix": "vendor/bin/phpcbf --standard=./ruleset.xml ./**/*.php "
+		"lint:fix": "vendor/bin/phpcbf --standard=./ruleset.xml ./**/*.php",
+		"lint:report": "vendor/bin/phpcs --report=summary --standard=./ruleset.xml ./**/*.php"
 	},
 	"require": {
-		"firebase/php-jwt": "^6.10",
 		"ext-json": "*",
 		"ext-fileinfo": "*",
 		"ext-curl": "*",
 		"ext-exif": "*",
 		"ext-libxml": "*",
 		"ext-zlib": "*",
 		"ext-dom": "*",
-		"elementor/wp-notifications-package": "^1.2.0",
 		"ext-ctype": "*",
 		"ext-mbstring": "*",
+		"elementor/wp-notifications-package": "^1.2.0",
 		"elementor/wp-one-package": "1.0.54"
 	},
 	"config": {
@@ -46,19 +46,6 @@
 			"dealerdirect/phpcodesniffer-composer-installer": true
 		}
 	},
-	"extra": {
-		"imposter": {
-			"namespace": "...",
-			"excludes": [
-				"firebase/php-jwt"
-			]
-		},
-		"installer-paths": {
-			"vendor/{$vendor}/{$name}/": [
-				"firebase/php-jwt"
-			]
-		}
-	},
 	"repositories": [
 		{
 			"type": "vcs",

modules/remediation/components/remediation-runner.php

@@ -140,7 +140,22 @@ private function is_template_redirect_ajax_request(): bool {
 		return false;
 	}
 
+	private function is_builders_view(): bool {
+		// Condition used instead of direct return for feature extend
+
+		// Beaver Builder
+		if ( isset( $_GET['fl_builder'] ) || isset( $_GET['fl_builder_ui'] ) ) {
+			return true;
+		}
+		return false;
+	}
+
 	private function should_run_remediation(): bool {
+		// Skip remediation for editors view
+		if ( $this->is_builders_view() ) {
+			return false;
+		}
+
 		// Skip remediation during template_redirect AJAX requests
 		if ( $this->is_template_redirect_ajax_request() ) {
 			return false;

modules/remediation/database/remediation-entry.php

@@ -212,7 +212,11 @@ public static function get_global_remediations( string $url ) : array {
 				'operator' => '=',
 			],
 		];
-		$join = "LEFT JOIN $excluded_table ON $remediation_table.id = $excluded_table.remediation_id AND $excluded_table.page_url = '$url'";
+		// Use prepare() to safely bind the URL; never concatenate user input into SQL.
+		$join = Remediation_Table::db()->prepare(
+			"LEFT JOIN $excluded_table ON $remediation_table.id = $excluded_table.remediation_id AND $excluded_table.page_url = %s",
+			$url
+		);
 		return Remediation_Table::select( "$remediation_table.*, COALESCE($excluded_table.active, $remediation_table.active) AS active_for_page", $global_where, null, null, $join );
 	}
 

modules/scanner/assets/js/components/bulk-alt-text/bulk-alt-text-manager.js

@@ -245,7 +245,7 @@ const BulkAltTextManager = ({ open, close }) => {
 								},
 							}}
 							sx={{
-								maxWidth: '1178px',
+								maxWidth: '1200px',
 								margin: 'auto',
 							}}
 						>

package.json

@@ -3,7 +3,7 @@
 	"slug": "pojo-accessibility",
 	"homepage": "http://pojo.me/",
 	"description": "",
-	"version": "4.0.3",
+	"version": "4.1.0",
 	"scripts": {
 		"build": "NODE_ENV=production wp-scripts build",
 		"start": "NODE_ENV=development wp-scripts start",
@@ -15,7 +15,8 @@
 		"lint:js:fix": "wp-scripts lint-js --fix",
 		"lint:php": "composer run lint",
 		"lint:php:fix": "composer run lint:fix",
-		"prepare": "husky install",
+		"lint:php:report": "composer run lint:report",
+		"prepare": "husky",
 		"local:start": "wp-env start",
 		"local:stop": "wp-env stop",
 		"local:quick-run": "npx @wp-now/wp-now start",
@@ -41,7 +42,7 @@
 		"eslint-plugin-jsx-a11y": "^6.10.1",
 		"eslint-plugin-prettier": "^5.2.1",
 		"eslint-plugin-react": "^7.37.1",
-		"husky": "^9.1.6",
+		"husky": "^9.1.7",
 		"prettier": "^3.4.1"
 	},
 	"dependencies": {
@@ -68,7 +69,6 @@
 		"focus-trap-react": "^11.0.4",
 		"get-xpath": "^3.3.0",
 		"html-react-parser": "^5.2.2",
-		"husky": "^9.1.6",
 		"mixpanel-browser": "^2.58.0",
 		"postcss": "^8.5.6",
 		"prop-types": "^15.8.1",

pojo-accessibility.php

@@ -5,7 +5,7 @@
  * Description: Improve your website’s accessibility with ease. Customize capabilities such as text resizing, contrast modes, link highlights, and easily generate an accessibility statement to demonstrate your commitment to inclusivity.
  * Author: Elementor.com
  * Author URI: https://elementor.com/
- * Version: 4.0.3
+ * Version: 4.1.0
  * Text Domain: pojo-accessibility
  */
 
@@ -15,7 +15,7 @@
 
 // Legacy
 define( 'POJO_A11Y_CUSTOMIZER_OPTIONS', 'pojo_a11y_customizer_options' );
-define( 'EA11Y_VERSION', '4.0.3' );
+define( 'EA11Y_VERSION', '4.1.0' );
 define( 'EA11Y_MAIN_FILE', __FILE__ );
 define( 'EA11Y_BASE', plugin_basename( EA11Y_MAIN_FILE ) );
 define( 'EA11Y_PATH', plugin_dir_path( __FILE__ ) );

readme.txt

@@ -4,7 +4,7 @@ Tags: Web Accessibility, Accessibility, A11Y, WCAG, Accessibility Statement
 Requires at least: 6.6
 Tested up to: 6.9
 Requires PHP: 7.4
-Stable tag: 4.0.3
+Stable tag: 4.1.0
 License: GPLv2 or later
 
 Ally: Make your site more inclusive by scanning for accessibility violations, fixing them easily, and adding a usability widget and accessibility statement.
@@ -191,9 +191,16 @@ You can report security bugs through the Patchstack Vulnerability Disclosure Pro
 7. Scanner dashboard: Track your site’s accessibility scans, monitor open issues, and follow progress over time.
 
 == Changelog ==
+= 4.1.0 – 2026-02-23 =
+* New: Added bulk remediation flow to generate AI alt text or mark multiple images as decorative
+* Tweak: Added the ability to disable the accessibility widget to prevent it from loading on your site
+* Tweak: Security enhancement to prevent potential SQL injection
+* Tweak: Security enhancement to remove unsecure composer package
+* Fix: Display WordPress admin notices inside the settings page
+* Fix: Resolved conflict in Beaver Builder by preventing remediation runner from executing during page builder sessions
 
 = 4.0.3 – 2026-01-28 =
-* Tweak - Security enhancements for access control
+* Tweak: Security enhancements for access control
 
 = 4.0.2 – 2026-01-28 =
 * Tweak: Added a dashboard widget to trigger scans and view results