Oliver POS – WooCommerce POS for iPhone, iPad & Android

Changelog

4.5.8 – 2026-05-22

• Billing dashboard iteration on top of 4.5.7 — Billing core rework, Billing_Admin polish, JS/CSS refinements, and additional Pay_API_Client resilience. New BillingClaimTest unit coverage.
• First-run UX: promoted the “Create your free Oliver POS account” CTA from the Billing page into the existing Dashboard onboarding panel so it’s the first thing a merchant sees after activation, with conversion copy (“Free forever · No credit card · Instant · Start selling”) and a one-click flow. The Billing-page CTA stays as a fallback surface.
• Still a single explicit, disclosed click — ww.wp.xz.cn Plugin Directory guideline 7 (no “phoning home” without informed consent) preserved. Activation continues to make zero outbound calls; the new card carries the same expandable “What gets sent when you click” disclosure as the Billing CTA, listing site URL, site name, and admin email before any request goes out.
• No new endpoints. The new Dashboard button reuses the existing wp_ajax_oliver_pos_billing_register handler (nonce oliver_pos_billing), so the throttle, error mapping, and Phoenix register path are a single source of truth across both surfaces.
• Hero subhead on the Dashboard panel updated to reflect the new step. When Pay_API_Client::is_registered() is already true (e.g. the merchant registered from Billing first), the card renders in a compact “Account created” state in place so returning merchants see continuity rather than a missing step.

4.5.7 – 2026-05-21

• Phoenix device pairing bridge, plan-tier gating, /meta wire-shape fix. Staff admin form values preserved on validation errors and the user dropdown is broadened.

4.5.6 – 2026-05-20

• Fresh-install UX fix: outlet stock is now seeded from WooCommerce’s existing _stock on activation, so a single-outlet store sees real inventory the moment a device pairs. Previously every product showed “0 in stock” until the merchant manually entered per-outlet quantities — busy-work that defeated the “install → pair → start ringing” promise.
• Implemented as a single bulk INSERT … SELECT in the new Activator::maybe_seed_outlet_stock_from_woo() so it stays fast on 50k+ SKU catalogs. Only products / variations with _manage_stock = 'yes' and post_status = 'publish' are seeded; unmanaged products (which rely on _stock_status alone) are deliberately skipped so they don’t suddenly look out-of-stock on the device.
• Four belt-and-braces guards: the seed is a no-op when already run (one-shot oliver_pos_outlet_stock_seeded option), when the install has more than one active outlet (multi-outlet stores must decide the split themselves), when the wp_oliver_outlet_stock table already has any rows, or when legacy _oliver_stock_{outlet_id} postmeta exists. The seeder will never overwrite a value the merchant has typed in.
• Self-heal for existing installs: the same routine runs from Activator::maybe_upgrade() after the outlet has been verified, so a merchant who upgraded from 4.5.5 (or earlier) without ever pairing a device picks up the mirror automatically on the next admin page load.
• Eight new PHPUnit cases in tests/test-outlet-stock-seed.php cover the mirror path (simple products, variations, negative stock, empty catalog) and every guard branch, plus a re-run idempotency check.

4.5.5 – 2026-05-20

• Security: removed wp_set_current_user( $customer_id ) from Coupon_Rest::init_cart_context() (POST /oliver-pos/v1/coupons/validate). The endpoint no longer impersonates the request’s customer_id while running the coupon validation pipeline, closing an authorization-bypass primitive flagged by the ww.wp.xz.cn plugin review team. WC()->customer = new WC_Customer( $customer_id ) is still set, so per-user usage limits, customer_email restrictions, billing address, and tax location continue to evaluate against the right customer; role / capability-restricted coupons (e.g. “wholesale-only”) will now correctly require the customer’s own session.
• Security: removed wp_set_current_user( $order->get_customer_id() ) from POS_Payment_Page::set_customer_context() on the POS pay-for-order page (?oliver_pos_pay=1&...&key=ORDER_KEY) as the same defensive sweep. WC()->customer is still scoped to the order’s customer so billing and tax context are unchanged.
• New oliver_pos_payment_customer_id filter and POS_Payment_Page::resolve_payment_customer_id() static helper give third-party balance-based gateways (store credit, gift card, wallet) a stable hook for resolving the in-flight POS customer without calling get_current_user_id(). See docs/balance-gateway-migration.md in the development repository for the worked migration example and POS-app test checklist.
• The only remaining wp_set_current_user() call sites in the codebase are now inside tests/ (PHPUnit auth setup) — nothing in shipping code.

4.5.4 – 2026-05-20

• ww.wp.xz.cn submission pass — privacy, security, and Plugin Check cleanup before the directory listing goes live.
• Privacy / “phone home” hardening (Plugin Directory guideline 7): the silent current_screen auto-register on the Billing and Oliver Pay admin pages is gone. Opening either screen on a fresh install now makes ZERO outbound calls to phoenix.oliverpos.com; the merchant has to click the new “Create your free Oliver POS account” CTA on the Billing screen (or the existing “Connect with Stripe” CTA on the Oliver Pay screen) for the site URL + admin email to be transmitted, and the Billing CTA lists exactly what gets sent before the click.
• Removed the Plan_Badge live-Phoenix injection — tier badges on the Dashboard / Settings / Reports / Staff / Outlets / Receipts admin pages now read the persisted oliver_pos_subscription_plan option only and never trigger a Phoenix call. The persisted option is still refreshed by the Billing screen on every successful read.
• Security: GET /oliver-pos/v1/staff now omits the legacy pin_hash field by default (the oliver_pos_emit_pin_hash option flips to 0). The Deprecation / Sunset headers stay; the field is removed entirely in 4.6.0. Site owners running an older paired Oliver POS app build that hasn’t been updated yet can re-enable it temporarily with wp option update oliver_pos_emit_pin_hash 1.
• Security: receipt templates posted to oliver_pos_save_template are now fully sanitized per-field in Receipt_Templates::sanitize_template() — section type, alignment, paper width, every section-config scalar, and the styling block — before being persisted to wp_options. Unknown section types and non-scalar config values are dropped.
• Plugin Check / PCP cleanups: wp_unslash() added around $_POST integers in product-fields meta saves, admin image preview now builds the <img> via DOM rather than HTML string concatenation, and the receipt-config / receipt-template AJAX handlers wp_unslash the $_POST fallback path.
• Translation template regenerated against the 4.5.3 plugin-name / description rebrand; SVN /assets/ screenshot set trimmed to match the 8 captions in the readme (wp.org displays at most 10).
• External-services disclosure refreshed to reflect the explicit-CTA flow and to list the previously-undocumented /api/subscriptions/pricing-table-config and /api/subscriptions/plans endpoints.
• Verified against WordPress 7.0 (released May 20, 2026). No blocks, no iframed-editor surfaces, no AI Client / Connectors / Abilities API consumers in the plugin, and Requires PHP: 8.1 is already above WP 7.0’s new floor (7.4). Tested up to: 7.0 in readme.txt.
• No app-team contract changes other than the pin_hash default flip; see docs/handover-2026-05-staff-pin-online-verify.md for the rollout plan.

4.5.3 – 2026-05-19

• Readme / SEO refresh — title, short description, plugin-header description and tags realigned with the new oliverpos.com positioning (iPhone, iPad, Android, Tap to Pay, Stripe Terminal). Swapped the ipad tag for the higher-traffic pos slug; iPad coverage stays in the title and short description.
• Two new readme sections — “Real-Time Sync Across Every Device” and “Works With the WooCommerce Plugins You Already Run” (named compatibility for Subscriptions, Memberships, Bookings, Product Bundles, Points & Rewards, Gift Cards and WooPayments).
• Devices section reworked to lead with native iPhone / iPad / Android apps and Tap to Pay; web register for Mac / PC / Chromebook called out explicitly.
• Two new FAQs covering Tap to Pay on iPhone / Android (no extra reader required) and compatibility with the most-used WooCommerce extensions.
• Rewrote all eight screenshot captions for keyword density and image-search clarity. No code changes in this release.

4.5.2 – 2026-05-19

• ww.wp.xz.cn pre-submission pass — bundles unminified upstream sources for the vendored Chart.js / qrcode-generator builds, ships the full GPL-2.0 license text, regenerates the translation template, and refreshes the readme for the 6.9 release window.
• External-service disclosure for js.stripe.com/v3/pricing-table.js added, and the script is now enqueued from PHP on the Billing admin screen instead of being injected at runtime by JavaScript.
• Security hardening: POST /stations/{id}/activate rejects station-key requests whose {id} does not match the authenticating key’s bound station (returns 403 oliver_pos_station_mismatch).
• PIN-hash deprecation begins: GET /staff adds a pin_hash_deprecated: true marker plus Deprecation / Warning response headers. A new oliver_pos_emit_pin_hash option (default true) lets sites flip to the v4.6 behaviour early, in which case the per-row pin_hash field is omitted entirely.
• New transient-backed rate limiter on POST /bootstrap, GET /bootstrap/preview, POST /staff/verify-pin, and POST /staff/me/pin (5 failures per 15 minutes per IP+user). Throttled requests return 429 oliver_pos_rate_limited with a Retry-After header.
• HPOS-aware money-cents backfill — the migration now finds POS orders regardless of whether WooCommerce is using HPOS, fixing a stuck oliver_pos_money_cents_migrated flag on HPOS-only stores.
• Dashboard “View All” link routes to admin.php?page=wc-orders when HPOS is active instead of the legacy edit.php?post_type=shop_order URL (which is empty under HPOS).
• Removed two unconditional console.error calls from the Billing admin JS; diagnostics now gate behind ?oliver_debug=1.

4.5.1 – 2026-05-18

• Iteration on the 4.5.0 staging readiness — refinements to Pay_API_Client (auth retry path), billing dashboard JS/CSS polish, Billing_Service rework, Activator cleanup, and a full rewrite of the Billing service unit-test suite.

4.5.0 – 2026-05-18

• Phoenix staging readiness — Oliver Pay admin now shows an env pill (yellow “Phoenix: STAGING (test mode)” on staging, neutral on production) and a “Test connection” button that round-trips through /api/subscriptions/plans against the active Phoenix environment. Staging mode is enabled by adding define( 'PHOENIX_ENV', 'staging' ) and define( 'PHOENIX_STAGING_BYPASS_TOKEN', '...' ) to wp-config.php; production is the default.
• New dev/staging-smoke.php script (wp eval-file) runs 13 assertions end-to-end against staging Phoenix including Connect account creation, Terminal location sync, and the §9.11 cross-env credential isolation check.

4.4.2 – 2026-05-16

• Maintenance redeploy — re-runs the version-aware upgrade routine and refreshes plugin files on disk

4.4.1 – 2026-05-15

• Maintenance redeploy — picks up the latest plugin name / description refresh used in the ww.wp.xz.cn listing alongside the 4.4.0 billing dashboard overhaul.

4.4.0 – 2026-05-15

• Billing dashboard overhaul — full plan cards with tier accents, dedicated lifetime card, non-blocking status banners for past_due / canceled / unpaid, feature chips, and an embedded Phoenix-hosted pricing table section.
• New helpers in Billing_Admin for plan/tier/state resolution, currency-aware price formatting, billing-period suffixes, and feature-chip humanisation.
• Billing_Service and Pay_API_Client refinements; Phoenix call retry path tightened.
• Activator::maybe_upgrade() extended for the new billing data shape.
• Order feed and sync generator hardening; uninstall cleanup expanded.
• Updated meta-endpoint test coverage.

4.3.0 – 2026-05-14

• New GET /wp-json/oliver-pos/v1/bootstrap/preview and POST /wp-json/oliver-pos/v1/bootstrap REST endpoints power the “Connect with site URL” reverse-pairing flow shipped in the Oliver POS app. The merchant types only their WordPress URL on the device, approves a one-page wp-admin Application Password prompt, and the app self-configures.
• Both routes use HTTP Basic Auth (Application Password preferred, real WP password as fallback) and require manage_woocommerce. The mutating POST /bootstrap mints a WooCommerce REST API key, optionally creates a new outlet, registers a station bound to the device, and returns a store_connection payload.
• Bootstrap is fully idempotent on (user_id, device_uuid) — a re-run after a mid-pair crash returns the same key / secret instead of orphaning a duplicate WooCommerce API key.
• Stations table gains device_uuid, platform, user_id, and consumer_key columns plus a UNIQUE KEY (user_id, device_uuid) for idempotency lookups.
• One-shot wp-admin success notice is shown to the bootstrapping user on the next admin page load, then auto-clears.
• Readme rewrite — title, tags, short description and body all refreshed; every external link points directly at oliverpos.com (no redirect shorteners); new Privacy & Security section added.

4.2.0 – 2026-05-14

• Billing admin rewrite — replaced the legacy 3-state Billing page with a single Phoenix-driven dashboard that shows the current plan badge, a “Manage Subscription” button (Stripe Customer Portal) and a “View Plans” button (Phoenix-hosted Stripe pricing table). Lifetime customers see a “Lifetime” tag and the View Plans button is hidden.
• New WP REST routes under /wp-json/oliver-pos/v1/billing/ (current, manage-link, pricing-link) proxy Phoenix from the server. The Phoenix API key and JWT never leave the server.
• Five-minute transient cache on /billing/current. The cache is invalidated automatically when the merchant returns from the Stripe portal so the badge picks up the new plan immediately.
• New status banner on the dashboard for past_due / canceled / unpaid subscriptions. Non-blocking.
• Removed the legacy wp_ajax_oliver_pos_billing_* AJAX handlers. The Stripe Pricing Table now lives on Phoenix.

4.1.0 – 2026-05-14

• Added GET /wp-json/oliver-pos/v1/meta REST endpoint for the Oliver POS app’s tax / cash / gateway configuration. Replaces the static wp-content/uploads/oliver-pos/sync/meta.json file.
• Tax rate is now serialised as a 4-decimal string (e.g. "15.0000").
• Tax classes with no resolved rates for an outlet are omitted from outlet_rates instead of being emitted as empty arrays.
• New tax.cart_discount_taxes_subtotal field mirrors prices_include_tax so the device can apply the correct cart-level discount semantics.
• The cached meta payload now refreshes synchronously when a WC tax rate, outlet address, or woocommerce_calc_taxes toggle changes.

For the full release history including the 4.0.x rewrite and the legacy 2.x changelog, see oliverpos.com/changelog or the CHANGELOG.md in the public development repository.