Merge branch 'enhancement/9' of github.com:mailchimp/wordpress into enhancement/9

iamdharmesh · iamdharmesh · commit b433be3f8e3b · 2024-08-08T11:44:12.000+05:30
diff --git a/README.md b/README.md
@@ -18,20 +18,20 @@ WordPress.com compatibility is limited to Business tier users only. [How to add
 
 ![Configuring extra fields on your Signup Form (optional)](https://github.com/mailchimp/wordpress/blob/develop/.wordpress-org/screenshot-4.jpg?raw=true)
 
-## Access token Encryption
+## Access Token Encryption
 
-The plugin stores the OAuth access token in the WordPress database and encrypts it for security. To ensure encryption and decryption work properly, the plugin needs access to certain security constants that should remain unchanged.
+Starting in version 1.6.0, authentication has changed to use OAuth. As part of this process, we retrieve an access token that can be used to make API requests. To provide a high-level of security, this access token is encrypted before being stored in the WordPress database. In order to ensure this access token can be decrypted when used, the plugin relies on certain security constants that should remain unchanged.
 
-By default, the plugin uses the `LOGGED_IN_KEY` and `LOGGED_IN_SALT` constants from the wp-config.php file. These usually work well. However, if another plugin or mechanism regularly updates these constants, the plugin will have trouble decrypting the access token and you’ll need to reconnect your Mailchimp account.
+With no additional configuration, we use the standard `LOGGED_IN_KEY` and `LOGGED_IN_SALT` constants that are normally set in your site's `wp-config.php` file. Some sites make use of security plugins that rotate these constants on a periodic basis. When this happens, we won't be able to decrypt the access token and you’ll need to reconnect your Mailchimp account to generate a new access token.
 
-To prevent such issues, it is recommended to define two additional constants in your wp-config.php file: `MAILCHIMP_SF_ENCRYPTION_KEY` and `MAILCHIMP_SF_ENCRYPTION_SALT`. These constants should consist of a combination of characters, preferably at least 32 characters long. Once set, these values should not be changed. For strong values, you can copy some of the values from https://api.wordpress.org/secret-key/1.1/salt/ and use them. You should have additional code like the following in your wp-config.php file:
+To prevent such issues, it is recommended to define two additional constants in your site's `wp-config.php` file: `MAILCHIMP_SF_ENCRYPTION_KEY` and `MAILCHIMP_SF_ENCRYPTION_SALT`. These constants should consist of a combination of characters, preferably at least 32 characters long. Once set, these values should not be changed. For strong values, you can copy some of the values from [here](https://api.wordpress.org/secret-key/1.1/salt/) and use them. You'll end up with additional code like the following in your `wp-config.php` file:
 
 ```php
 define( 'MAILCHIMP_SF_ENCRYPTION_KEY', 'put your unique phrase here' );
 define( 'MAILCHIMP_SF_ENCRYPTION_SALT', 'put your unique phrase here' );
 ```
 
-If you add these constants after the plugin is already configured, the plugin will use the new constants, which may cause issues. To avoid this, you can copy the values from `LOGGED_IN_KEY` and `LOGGED_IN_SALT` to `MAILCHIMP_SF_ENCRYPTION_KEY` and `MAILCHIMP_SF_ENCRYPTION_SALT`. If you prefer new values, you will need to reconnect your Mailchimp account.
+If these constants are added after you've already authenticated with Mailchimp, you will need to reconnect your account. To avoid this, you can copy the values from `LOGGED_IN_KEY` and `LOGGED_IN_SALT` (if they exist) to `MAILCHIMP_SF_ENCRYPTION_KEY` and `MAILCHIMP_SF_ENCRYPTION_SALT` respectively.
 
 ## Frequently Asked Questions
 
@@ -56,7 +56,7 @@ This section describes how to install the plugin and get started using it.
 
 ### Advanced
 
-If you have a custom coded sidebar or bells and whistles that prevent enabling widgets  through the WordPress GUI, complete these steps instead.
+If you have a custom coded sidebar or bells and whistles that prevent enabling widgets through the WordPress GUI, complete these steps instead.
 
 WordPress v2.8 or higher:
 ` [mailchimpsf_form] `
diff --git a/includes/class-mailchimp-admin.php b/includes/class-mailchimp-admin.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * Class responsible for Admin side functionalities.
+ * Class responsible for admin side functionalities.
  *
  * @package Mailchimp
  */
@@ -36,12 +36,13 @@ public function init() {
 		add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_admin_page_scripts' ) );
 	}
 
-
 	/**
 	 * Start the OAuth process.
 	 *
 	 * This function is called via AJAX.
-	 * It starts the OAuth process by the calling the OAuth middleware server and sending the response to the front-end.
+	 *
+	 * It starts the OAuth process by the calling the OAuth middleware
+	 * server and sending the response to the front-end.
 	 */
 	public function start_oauth_process() {
 		// Validate the nonce and permissions.
@@ -91,7 +92,9 @@ public function start_oauth_process() {
 	 * Finish the OAuth process.
 	 *
 	 * This function is called via AJAX.
-	 * This function finishes the OAuth process by the sending a temporary token back to the OAuth server.
+	 *
+	 * This function finishes the OAuth process by the sending
+	 * a temporary token back to the OAuth server.
 	 */
 	public function finish_oauth_process() {
 		// Validate the nonce and permissions.
@@ -201,7 +204,7 @@ public function admin_notices() {
 			return;
 		}
 
-		// display a notice if the access token is invalid/revoked.
+		// Display a notice if the access token is invalid/revoked.
 		?>
 		<div class="notice notice-warning is-dismissible">
 			<p>
@@ -223,7 +226,7 @@ public function admin_notices() {
 	/**
 	 * Sanitize variables using sanitize_text_field.
 	 *
-	 * Arrays are sanitized recursively, Non-scalar values are ignored.
+	 * Arrays are sanitized recursively, non-scalar values are ignored.
 	 *
 	 * @param string|array $data Data to sanitize.
 	 * @return string|array
diff --git a/includes/class-mailchimp-data-encryption.php b/includes/class-mailchimp-data-encryption.php
@@ -46,7 +46,7 @@ public function __construct() {
 	/**
 	 * Encrypts a value.
 	 *
-	 * If a user-based key is set, that key is used. Otherwise the default key is used.
+	 * If a user-based key is set, that is used. Otherwise the default key is used.
 	 *
 	 * @since x.x.x
 	 *
@@ -73,7 +73,7 @@ public function encrypt( $value ) {
 	/**
 	 * Decrypts a value.
 	 *
-	 * If a user-based key is set, that key is used. Otherwise the default key is used.
+	 * If a user-based key is set, that is used. Otherwise the default key is used.
 	 *
 	 * @since x.x.x
 	 *
diff --git a/readme.txt b/readme.txt
@@ -16,20 +16,20 @@ After installation, you’ll log in with your API key, select your Mailchimp lis
 
 WordPress.com compatibility is limited to Business tier users only. [How to add a signup form if you have a WordPress.com site](https://mailchimp.com/help/ways-to-add-a-signup-form-in-wordpress/).
 
-=== Access token Encryption ===
+=== Access Token Encryption ===
 
-The plugin stores the OAuth access token in the WordPress database and encrypts it for security. To ensure encryption and decryption work properly, the plugin needs access to certain security constants that should remain unchanged.
+Starting in version 1.6.0, authentication has changed to use OAuth. As part of this process, we retrieve an access token that can be used to make API requests. To provide a high-level of security, this access token is encrypted before being stored in the WordPress database. In order to ensure this access token can be decrypted when used, the plugin relies on certain security constants that should remain unchanged.
 
-By default, the plugin uses the `LOGGED_IN_KEY` and `LOGGED_IN_SALT` constants from the wp-config.php file. These usually work well. However, if another plugin or mechanism regularly updates these constants, the plugin will have trouble decrypting the access token and you’ll need to reconnect your Mailchimp account.
+With no additional configuration, we use the standard `LOGGED_IN_KEY` and `LOGGED_IN_SALT` constants that are normally set in your site's `wp-config.php` file. Some sites make use of security plugins that rotate these constants on a periodic basis. When this happens, we won't be able to decrypt the access token and you’ll need to reconnect your Mailchimp account to generate a new access token.
 
-To prevent such issues, it is recommended to define two additional constants in your wp-config.php file: `MAILCHIMP_SF_ENCRYPTION_KEY` and `MAILCHIMP_SF_ENCRYPTION_SALT`. These constants should consist of a combination of characters, preferably at least 32 characters long. Once set, these values should not be changed. For strong values, you can copy some of the values from https://api.wordpress.org/secret-key/1.1/salt/ and use them. You should have additional code like the following in your wp-config.php file:
+To prevent such issues, it is recommended to define two additional constants in your site's `wp-config.php` file: `MAILCHIMP_SF_ENCRYPTION_KEY` and `MAILCHIMP_SF_ENCRYPTION_SALT`. These constants should consist of a combination of characters, preferably at least 32 characters long. Once set, these values should not be changed. For strong values, you can copy some of the values from [here](https://api.wordpress.org/secret-key/1.1/salt/) and use them. You'll end up with additional code like the following in your `wp-config.php` file:
 
 `
 define( 'MAILCHIMP_SF_ENCRYPTION_KEY', 'put your unique phrase here' );
 define( 'MAILCHIMP_SF_ENCRYPTION_SALT', 'put your unique phrase here' );
 `
 
-If you add these constants after the plugin is already configured, the plugin will use the new constants, which may cause issues. To avoid this, you can copy the values from `LOGGED_IN_KEY` and `LOGGED_IN_SALT` to `MAILCHIMP_SF_ENCRYPTION_KEY` and `MAILCHIMP_SF_ENCRYPTION_SALT`. If you prefer new values, you will need to reconnect your Mailchimp account.
+If these constants are added after you've already authenticated with Mailchimp, you will need to reconnect your account. To avoid this, you can copy the values from `LOGGED_IN_KEY` and `LOGGED_IN_SALT` (if they exist) to `MAILCHIMP_SF_ENCRYPTION_KEY` and `MAILCHIMP_SF_ENCRYPTION_SALT` respectively.
 
 == Frequently Asked Questions ==
 
@@ -52,7 +52,7 @@ This section describes how to install the plugin and get started using it.
 
 = Advanced =
 
-If you have a custom coded sidebar or bells and whistles that prevent enabling widgets  through the WordPress GUI, complete these steps instead.
+If you have a custom coded sidebar or bells and whistles that prevent enabling widgets through the WordPress GUI, complete these steps instead.
 
 WordPress v2.8 or higher:
 ` [mailchimpsf_form] `

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ public function __construct() {`
`46`	`46`	`/**`
`47`	`47`	`* Encrypts a value.`
`48`	`48`	`*`
`49`		`- * If a user-based key is set, that key is used. Otherwise the default key is used.`
	`49`	`+ * If a user-based key is set, that is used. Otherwise the default key is used.`
`50`	`50`	`*`
`51`	`51`	`* @since x.x.x`
`52`	`52`	`*`
`@@ -73,7 +73,7 @@ public function encrypt( $value ) {`
`73`	`73`	`/**`
`74`	`74`	`* Decrypts a value.`
`75`	`75`	`*`
`76`		`- * If a user-based key is set, that key is used. Otherwise the default key is used.`
	`76`	`+ * If a user-based key is set, that is used. Otherwise the default key is used.`
`77`	`77`	`*`
`78`	`78`	`* @since x.x.x`
`79`	`79`	`*`