We have just released a new extension called Comparables that will allow you to display the Statement of Information data on your listings or as a simple PDF download. This is especially important for websites in Victoria as there have been legislative changes that effect all listings for sale from May 1, 2017.

The new extension allows you to display the comparable listings in a widget or it will hook in under the map on your listings.

You may be aware, new Victorian legislation around underquoting will come into play on May 1, 2017. This means that all Victorian residential properties where the seller signs the Sales Authority will now require comparable sales information to be displayed on those listings. However all listings, including those with a Sales Authority signed before May1, will also need to follow the law regarding advertising prices, terms and symbols. More information can be found here along with full legislation details. Please contact the CAV for the full legislation.

More information:

• CAV – Understanding Underquoting
• A guide to Victoria’s new property pricing rules

How is Easy Property Listings supporting the changes?

The recent legislation changes have many of the CRMs, real estate portals and listing providers implementing changes to their systems to meet the new Victorian Legislation changes. This change has quickly come into effect so the implementation of these changes are being implemented into the various websites.

The real estate portal Domain has implemented the changes quite effectively and we have decided to develop this Comparables extension to handle both a dynamic display shown below or a simple link to view and download the supplied PDF.

Info Box

Widget

How to implement the changes on my website in Victoria?

Once you purchase the Comparables extension, install and activate it your listings will now show the comparables section where you can enter your details. If you are importing listings from a provider you’ll need to update your import scripts.

Adding Comparable Information to your listings

Extension Settings

You can customise the labels that are displayed from the Comparables extension settings.

Settings

Importing Listings

We have updated the Import Scripts which can be found in Your Account under your FeedSync or WP All Import Scripts purchase. Just download the new version and add it to WP All Import Pro and Save your settings.

Note: Your current version of FeedSync does not require an update to handle the new data.

We still have some work to do on the import scripts updates as this new Victorian legislation has not fully been finalised by the providers. The REAXML format only supports the file download, however this may change in the future. We are waiting to hear back from MyDesktop about their implementation as they have implemented a more dynamic solution.

MyDesktop – Uploading your listings from 1 May 2017

MyDesktop has added a Statement of information (SOI) creator within the property listing page, enabling users to seamlessly create a SOI for any listing upon upload. This can be updated at any time as the listing details change.

To see an example of the upload page for the SOI can be found here.

The SOI creator will support both Domain’s listing format, and other portals PDF format requirement. MyDesktop will also work with your website provider on request to ensure that listings uploaded from MyDesktop comply with the legislation.

For developer technical enquiries, please contact our Integration and Feeds team: xmlteam@mydesktop.com.au.

Ensure your website is compliant from 1 May 2017

The team here at Easy Property Listings is committed to supporting agents to comply with this new legislation. If you want us to handle the implementation on your WordPress site, purchase the Comparables extension along with 1 hour of Advanced Development and fill in the form with your login details so we can make the changes to your website as quickly as possible.

Well… hmmm…. finally! We are very pleased to announce that we have just released FeedSync 3.0 which has been a huge upgrade over the previous version and it is finally ready for you to get your hands on for your real estate website.

New Real Estate Formats

What looks like a decent upgrade in change log size has been a massive challenge in adding additional real estate formats to the plugin so we can expand listing processing with EAC in Australia, Native Rockend REST support for Australian and New Zealand, Three new UK formats with BLM, Jupix and Expert Agent along with Matrix MLS (RETS) support in USA.

• Rockend REST Native Format (Australia/NZ)
• EAC (Estate Agents Cooperative) API Importer (Australia)
• Jupix (UK) Processing
• Rightmove BLM (UK) Processing
• Expert Agent (UK) Import and Processing
• MLS Matrix CoreLogic LAS (USA) (RETS) Import and Processing

Several of the new formats will display additional settings pages.

FeedSync Settings

With the new version of FeedSync you can adjust your options from the Settings page. When you are upgrading from a previous version of FeedSync all your existing settings are copied from your config file and you can now quickly make changes when needed.

We’ve added a Google Maps API key which Google now requires for new sites to generate listing coordinates, so make sure you create one and add the key to your FeedSync settings.

Easy Updating from within FeedSync

We also made a major change to the delivery of new version and updates where you can now update FeedSync at the push of a button when you have a valid license key.

Security Login and Listing Data Access

With this version of FeedSync we have implemented a login screen to prevent unauthorised access to both FeedSync and the output URL’s. You can configure the username and password from the config file and set something you can remember.

Deleting all listings from within FeedSync

You’ll also be able to reset the entire listing database or delete individual listings from the Listings pages.

To enable this setting you’ll need to edit the config.php file and set the FEEDSYNC_RESET option to true. The reason for not adding this as a quick setting is for safety. Last thing you want to happen is listings start to disappear so having the setting in the config file will prevent accidental deletion of the database or individual listings.

Deleting individual listings

Once you have set FEEDSYNC_RESET option to true in the config file your listing pages will display a tick box and the option to delete selected records. Once you have edited your listings set the config setting to false to prevent others form deleting listings.

System Status

Now when you install FeedSync you can confirm that your server will work with FeedSync and all the necessary directories are writable. FeedSync will attempt to set the directory permissions to 755 automatically for you.

After many months we are eager to get version 3.0 into your hands

Building this new version has been a major challenge and we’ve had to learn a lot about different formats and so make the process of importing listings into Easy Property Listings as easy and painless as possible. Let us know if you encounter any issues with the latest version.

We’ve beaten and bashed it to make sure that its release ready so grab the latest version of FeedSync from your account and let us know what you think of the new features and how it works for you.

Full Change Log

• New: Login system which allows you to limit access to FeedSync by configuring a username and password from the config.php file. Default login is admin/password.
• New: Ability to add a secret access key to your FeedSync output URL. When enabled ensure your import URLs have the new access_key in the URL.
• New: EAC (Australia) format added, enabling import from EAC (Estate Agents Co-Operative) API into FeedSync ready for import.
• New: Rockend REST (Australia) native format added, enabling import from Rockent REST files into FeedSync ready for import.
• New: Jupix (UK) Format added, enabling import from Jupix URL into FeedSync ready for import.
• New: BLM (UK) Format added, enabling import from BLM format files into FeedSync ready for import.
• New: Expert Agent (UK) format added, enabling import from Expert Agent URL into FeedSync ready for import.
• New: MLS Matrix LAS (USA) Format added, enabling import from MLS Matrix (USA) LAS Format (beta into FeedSync ready for import.
• New: Several MLS vendors processing systems added allowing us to update FeedSync with support for other MLS vendors on request.
• New: Resetting and deleting of listing entries now possible when FEEDSYNC_RESET is true. To enable edit the config.php file.
• New: FeedSync settings are now stored in option database allowing settings to change from Settings page.
• New: PHP Gump added for field validations instead of requiring additional PHP modules.
• New: ZIP class added for processing zip files without requiring additional PHP modules.
• New: Upgrade processes added allowing copying of previous versions of FeedSync into the settings database during install.
• New: Update system added allowing FeedSync to be updated from the Easy Property Listings servers with a valid license key.
• New: Debugging and error system implemented allowing for diagnosis of issues and logging to file.
• New: Dual cron processing system implemented to handle EAC API and future API systems.
• New: Better coded the agent processing system for extracting agent details.
• New: Enabled Google Geocode API key setting as Google requires an API key for all mapping APIs’
• New: Updater system will notify you when logged in if an update is available.
• New: Status page to confirm server compatibility with FeedSync displaying directory permissions and PHP modules required.
• New: Cron commands when run in browser now output results of process.
• Tweak: Improvements to REAXML processing to handle new FeedSync features.
• Tweak: Import files will support any case provided, XML, xml, ZIP, zip.
• Tweak: Updated EZ_SQL code for PHP 7.1 support.
• Fix: Timezone issue with days_back option in output url.

After a great release of FeedSync 3.0 we discovered a couple minor issues that we have now patched. During this we also had the chance to test the update feature of FeedSync and… oh crud found a minor bug that will prevent the automatic updating system from working when you upgrade from FeedSync 2.x.

Don’t worry its a quick fix and all you need to do is create a directory. We have also updated the FeedSync codex documentation to reflect this missing step.

Open up your feedsync directory via FTP or your hosting file manager and create a new folder called upgrades eg: feedsync/upgrades

Note: This folder is present in the official 3.0 version of FeedSync if you install fresh. Now that this folder is present you will be able to update to future versions of FeedSync with the press of a button.

Once that folder is created enter your licence key under Settings and activate your licence from the Help page.

Activate Your FeedSync License

From the help page press the Activate Your License and FeedSync will let you know your license activation status. If your key has expired, just hop over to the FeedSync page and purchase a new one.

Activated License

This will display your license status and expiry date of your FeedSync license. If your license has expired, you can purchase FeedSync here.

Update FeedSync

Press the Updates button and you will see an new Update button which will download and install the new version automatically for you

Rocking the new version

Once you refresh FeedSync you will be running the new 3.0.1 version. This is so much easier that having to FTP the core directory, so we are really excited to bring this new version out to you.

Full Change Log

• Tweak: Deleting listings on sub categories and pages corrected with FEEDSYNC_RESET is enabled.
• Tweak: Pagination setting for Imported listings table now uses pagination setting.
• Tweak: Altered the ‘true’ settings to true without quotes in the config-sample.php file.
• Tweak: Corrected encoding of andbull; during processing to •
• Tweak: Adjustments to wording of status messages.
• Tweak: Shortened listing table label Unique Id to ID.
• Tweak: Adjustment to Jupix format processing status.
• Fix: Implemented a check for the PHP iconv function to prevent error during install, most servers should have this PHP function enabled.
• Fix: Adjusted so that the cron trigger will process more than one file at a time.

We are pleased to announce the release of Easy Property Listings 3.1.16 which includes some fixes along with enhanced CSS search styling for easier formatting of the search widgets and shortcodes.

Before we weren’t using exact widths so producing a nicely formatted search widget was challenging. This has now changed in 3.1.16 so formatting the search widgets and shortcodes will be a whole lot easier…. whew!

Note: This might effect your existing real estate search styling so be sure to check after updating to 3.1.16. If you are using legacy styles, no changes have been made to that stylesheet.

Before the styling was not very even

Now nice and even with the search containers

Major milestone

After releasing Easy Property Listings to the real estate and WordPress developer communities in July 2014. There are now over 6,000 WordPress websites that rely on Easy Property Listings to find buyers, sellers, tenants and landlords and display listings around the world.

We are really happy with the growth and community feedback, so thank you!

Seeing what developers do with Easy Property Listing is awesome

Every day we get to see what clever developers do with Easy Property Listings for real estate agents and this is exactly what we hoped for. Here are some recent examples of websites that are clever, beautiful and help real estate agents get online quick and easy. More examples can be found here in the showcase.

If you have created a real estate site, submit it to the showcase, we love seeing what you create.

Reviews that make us proud

Providing outstanding software support is what we strive to do for our customers and hearing that they love our service by adding a review to WordPress.org makes all of us here at Easy Property Listings really proud.

Some recently added reviews:

Amazing Support! Highly recommend

Been not to technical i found this plugin very easy to get to grips with and really enjoyed using it. I did run into a few customisation problems but on contacting their support i was completely blown away by the service I received. Merv and the team really went above and beyond in helping and I really couldn’t recommend this plugin enough!

Thanks again
Mike

Does Everything I Need. Epic Support.

Great plugin! Covers all the bases for building a Real Estate site.

However the support is even better. Answered questions fast. Updated the FAQ fast!

Greatness!

Craig

Great Support

Merv responds within 24 hours to all questions and has helped me develop changes to suite my website needs. Would recommend this plugin 100%

We love the feedback, reviews and support questions so please let us know by leaving a review.

Full Change Log

• New: Rebuilt search CSS containers for easier formatting with exact widths.
• New: Filter epl_property_category_value for altering house category.
• New: Add Listing Status and Under Offer to post class.
• New: Added Commercial Type to post class.
• Tweak: Ability to display multiple categories on listings.
• Fix: Corrected returning of none and added value to get_property_category, get_property_land_category, get_property_commercial_category and get_property_rural_category functions.
• Fix: Rental sorting error in listing shortcodes.
• Fix: Author widget on pages with sorting.

We’ve been testing the latest release of WP All Import Pro 4.5 and the new code in that version is preventing listing skipping during update.

Please refrain from updating to WP All Import 4.5 until we can resolve the issue in the Importer Add-on for Easy Property Listings new code that allows for record skipping.

We’ve contacted the team at SoFlyy, the creators of WP All Import Pro.

Whew, crisis averted as we have solved the importing issue caused by a filter alteration in WP All Import Pro 4.5 which has just been released.

Ensure you update the Easy Property Listings Importer Add-on to 1.0.11 when running WP All Import Pro 4.5. Included in this release is backward compatibility with WP All Import Pro 4.4.5 and earlier so no problems if you just update the importer add-on.

Cause of Issue

The Soflyy team made some improvements to the logging system in WP All Import Pro 4.5 however they adjusted a filter and added an additional command which mucked up the order of the function.

In code terms, the previous filter function was:

apply_filters('wp_all_import_is_post_to_update', $post_to_update_id, $current_xml_node, $this->id);

Which changed to:

apply_filters('wp_all_import_is_post_to_update', $continue_import, $post_to_update_id, $current_xml_node, $this->id);

Anytime a function or filters variables order are altered it causes issues.

We’ve implemented code changes to handle this order adjustment and retained the previous depreciated function so that it will still operate with WP All Import Pro 4.4.5 or older.

We hit the panic button and dropped everything to get this solved as quickly as possible.

Thanks for your patience while we solved this issue.

We are pleased to announce that after hundreds of hours of coding and testing, FeedSync 3.2 is ready for you to update to. We’ve made many changes to the processing system with an added Log system, image re-ordering to streamline imports, filtering capabilities, enhancements to the update system and improvements to each of FeedSync’s supported formats.

AgentID and UniqueID nodes in REAXML

This has been a challenging update due to an error made with FeedSync in how the AgentID and UniqueID listings are associated and updated. The majority of users never encountered this issue as often FeedSync is used for only a few offices per install, however users who want to use FeedSync to handle listings from a variety of providers and a lot of different offices this is a major update for them.

Thankfully the REAXML documentation has undergone a huge improvement this year better explaining how the uniqueID and AgentID XML nodes are related.

UniqueID

This represents a string supplied by an XML provider, to uniquely identify a listing (against an agentID). The value must be unique for the real estate agent (different agencies may use the same uniqueID, representing different properties).

The uniqueID needs to be populated/provided upon the creation of any new listing – however cannot be changed thereafter. If the customer’s listing predates their use of your system, it will have a pre-existing uniqueID – which must be provided in all update requests for that listing.

Oh the challenges such an error has caused us to re-work how the import processing works because (different agencies may use the same uniqueID, representing different properties). Thankfully this would not effect users on their single sites but for larger portal usage a major requirement that needed solving.

Logging and Reporting

Although FeedSync is very robust and can handle a huge number of XML files for processing we decided to implement a logging feature so that you will know when and what causes a processing error.

Once Logging has been enabled you can see what FeedSync does with a particular XML file and its results allow you to see which file has caused an error.

Along with internal logging we’ve added an email notification system so that you can be emailed of any processing errors that occur. Email notifications will be sent once per 24 hour period.

Search and Filter Listings

Searching for listings in a large database is now easier than ever with the new filtering options on your listing pages allowing for a quick search of your listing database.

We’ve provided a number of filtering options so you can quickly find the listings you are looking for.

Hiding Settings and Help

In some cases you might want to hide the FeedSync Settings or Help pages, you can now do this by adding the following lines to the config.php file preventing users from accessing settings.

/** Uncomment to disable and hide the settings page **/
//define('FEEDSYNC_SETTINGS_DISABLED' , true );

/** Uncomment to disable and hide the help page **/
//define('FEEDSYNC_HELP_DISABLED' , true );

Output listings by Agent User Name

This requested feature allows you to output listings only belonging to a specific agent. Great if you want to use a single FeedSync for a main office and create several other sites for specific real estate agents.

All you need to do is append the following command to your output URL:

&listing_agent=first-last

Now you use FeedSync to only export only joe-smiths listings for import into his site.

In Summary

Many more changes have been implemented in FeedSync for better processing of its supported formats. This update has taken us a lot longer than expected and we have been testing everything to ensure this release is as robust as possible.

Change Log

• New: Ability to hide the settings page by defining FEEDSYNC_SETTINGS_DISABLED to true in the config.php file.
• New: Ability to hide the help pages by defining FEEDSYNC_HELP_DISABLED to true in the config.php file.
• New: Ability to delete agents now when FEEDSYNC_RESET is enabled.
• New: EAC Format – Support for the PHOTO_DATE node to track image modified time mapped to feedsyncImageModtime node.
• New: All Formats – Normalise Sold date format during processing.
• New: REAXML Format – Support for the unit and lot numbers when viewing your listings.
• New: REAXML Format – Better support for multi office processing of agentID when listings have the same uniqueID.
• New: Logging system to track listing processing steps along with processing type.
• New: Logging tab to display processing results and download detailed log reports. Files saved to logs directory.
• New: Automatically set file permissions during processing.
• New: Logging Error handling system implemented allowing notification by email of FeedSync processing errors.
• New: Upgrade enhanced to automatically update existing database during update process.
• New: Jupix Format – Setting to set the status of undetermined listings.
• New: Jupix Format – Better support for Jupix format status.
• New: Expert Agent Format – Better support for Expert Agent listing types.
• New: Filter and search listings.
• New: During update FeedSync will upgrade your database to the new version.
• New: Base64 Image converter implemented to convert base64encoded images to image files and add to the listing.
• New: Ability to filter listings by listing agent username. Append &listing_agent=first-last to filter listings.
• Tweak: Better support for Microsoft Azure folders.
• Tweak: All Formats – When using ?date=today listings will output based on your specified timezone in settings.
• Tweak: Logger for debugging made available globally for internal usage.
• Tweak: All Formats: Renamed the feedsync_image_modtime node to feedsyncImageModtime for consistency.
• Tweak: REAXML Format: During processing the latest image modified time is now used and mapped to feedsyncImageModtime.
• Tweak: Display a notice if your username or password is incorrect on the login page.
• Tweak: Jupix Format – Alter status to FeedSync format during processing.
• Tweak: Enhancements made to the Help page depending on the selected format.

Today we are pleased to announce the official release of Easy Property Listings 3.2 which has improves many internal functions and features. These changes will allow us to expand the feature set with additional features  and new extensions at a faster pace for your real estate website.

Major milestone

After releasing Easy Property Listings to the real estate and WordPress developer communities in July 2014. There are now over 7,000 WordPress websites that rely on Easy Property Listings to find buyers, sellers, tenants and landlords and display listings around the world.

We are really happy with the growth and community feedback, so thank you!

Search Enhancements

This release contains many additional filters that allow searching specifying multiple post types.

Customisable Author Template

Moved the author box code template out of a function so that the main tab of the author box can be customised using the template loading system from your theme.

SVG Icons

Added support for SVG icons for listings and social media icons. This allows for easier styling of the icon’s colours, size and as they are SVG the quality is always perfect. You can also completely replaced them with your own custom SVG using a filter.

Translations

We’ve made a major structural change to the code to allow for easier translating of the core plugin by the translation community. What we did was remove a amount of code that was not necessary for translators to translate in order for the key systems to display correctly in a variety of languages.

The meta-boxes code is now loaded on both the frontend and backend of the site in a streamlined way with minimal impact to performance yet allows translators to correctly translate the various fields that are displayed on your listings.

There was a function called get_additional_features_html which actually converted the meta field name into the display… great for English but impossible to translate and we are pleased to have solved this major issue so that Easy Property Listings can be translated into more languages for use around the world in all real estate markets.

Translation strings have been reduced from over 1,800 to just over 1,100 strings.

Full Change Log

• New: Refactored meta-boxes to allow for better translations of additional features options on frontend.
• New: Search fields allow for placeholder to be defined for each search field.
• New: Ability to sort be featured image in the dashboard when managing listings allowing user to sort columns by listings without a featured image set.
• New: Search by listing features now possible when using EPL – Listing Search widget or [listing_search] shortcode.
• New: Placeholders set for Land Min Area and Max Area.
• New: Adjustments to taxonomy searching allowing search of features and locations or additional custom taxonomies.
• New: Removed changelog entries from plugin core files to greatly reduce translation requirements for plugin and translation will be far easier for translators now.
• New: Change log items are parsed from readme.txt file which removes the need to translate over 700 change log entries.
• New: Added a new CSS class epl-property-features to the listing features column.
• New: Searching by features taxonomy now possible with [listing_search] shortcode and EPL – Listing Search widget.
• New: Search Query Filter epl_search_query_pre_parse allows altering of query after its ready to be processed. I.e. after query is setup but before parsing it.
• New: Search Query Filter epl_search_get_data allows filtering of $_GET & $_POST data which is fed to epl search class.
• New: Search Query Filter epl_search_post_data allows filtering of $_GET & $_POST data which is fed to epl search class.
• New: Search Query Filter epl_preprocess_search_tax_query filter to alter taxonomy query.
• New: Search results template filter epl_common_search_template allowing using an alternative template for search results.
• New: Filter for epl_get_unique_post_meta_values to adjust data parsing.
• New: Selection to set default country for map coordinate generation when adding listings.
• New: Implementation to support beta releases of extensions, enabled when EPL_BETA_VERSIONS is true.
• New: Added additional filters for epl_author_mobile, epl_author_id, epl_author_slogan, epl_author_position, epl_author_name and epl_author_contact_form.
• New: Implemented support for energy rating value on listings as it is mandatory in some regions. New meta field is property_energy_rating.
• New: Added Energy Certificate link to listings which allows for an image upload and button output. Field is property_energy_certificate.
• New: Ability to display offmarket and withdrawn listings on archive pages through the epl_hide_listing_statuses filter.
• New: Migrated Author details tab into a new template file content-author-box-tab-details.php that can be overridden in active_theme/easypropertylistings folder which enables easier editing of the details tab contents.
• New: Filters added for listing admin columns allowing other plugins to hook in correctly to listing dashboard columns and display additional info like Yoast SEO, Post Counter and many other WordPress plugins: epl_post_type_business_admin_columns, epl_post_type_commercial_admin_columns, epl_post_type_commercial_land_admin_columns, epl_post_type_land_admin_columns, epl_post_type_property_admin_columns, epl_post_type_rental_admin_columns, epl_post_type_rural_admin_columns.
• New: Implemented a filter epl_common_search_template to allow altering of search results template. Default is archive-listing.php and can be overridden by creating a search-listing.php or by post type search-{post_type_name}.php.
• New: Ability to search for primary listing agent when adding a listing, secondary agent already has this functionallity.
• New: Added additional options to the image functions which allow disabling of the image links to epl_property_featured_image, epl_property_archive_featured_image, epl_property_widgets_featured_image.
• New: Added options for SVG icons for listing icons and author social icons. Enable from Settings.
• New: SVG assets added using inline allowing for icon styling using CSS.
• New: Implemented filters to replace or add additional SVG icons Filters are epl_svg_icons and epl_svg_social_icons.
• New: Enhanced author class with additional get variables to return the formatted value without html content.
• New: Added options to return text values to each of the get_property functions. Allowing return of a text result instead of a formatted list item.
• New: Filters added to adjust the return format of each get_property function: epl_get_property_year_built_return_type, epl_get_property_bedrooms_return_type, epl_get_property_bathrooms_return_type, epl_get_property_rooms_return_type, epl_get_property_parking_spaces_return_type, epl_get_property_garage_return_type, epl_get_property_carport_return_type, epl_get_property_air_conditioning_return_type, epl_get_property_pool_return_type, epl_get_property_security_system_return_type, epl_get_property_new_construction_return_type, epl_get_property_holiday_rental_return_type.
• New: Added functions for get_property_furnished and get_property_holiday_rental.
• New: House Category now displays in admin column for quick identification of the listing type.
• Tweak: Removed screenshots to reduce plugin size.
• Tweak: Removed Whats New page descriptions to significantly reduce translation requirements for translators.
• Tweak: Admin Getting Started CSS enhancements.
• Tweak: Adjustment to the handling of the primary and secondary listing agents on listings. When a primary agent details are entered this will be the listing agent displayed. If the primary agent for a listing is not set then the Author will be the primary agent displayed.
• Tweak: Added option to use a seperate template for search results.
• Tweak: Corrected building size css class name from land-size to building-size.
• Tweak: Extension updater class cache improvements implemented.
• Tweak: Updates to licensing system to support beta releases of extension versions.
• Tweak: Class check to ensure that the EPL_Author_Meta is already defined, class will not load in error.
• Tweak: Field type checkbox_single altered so that the label is not displayed twice when adding a custom field.
• Tweak: Altered the plugin loading order for better WPML support.
• Tweak: Better support to search multiple post types.
• Tweak: Search better supports multiple post types in an array: epl_get_unique_post_meta_values(‘property_bedroom’,’current’, array(‘property’,’rental’) ).
• Tweak: Sorting option better allows sorting options based on post types by passing post type.
• Tweak: Contact form CSS added for better formatting.
• Tweak: Adjusted admin images padding.
• Tweak: Added date picker to Listed Date and Commercial End Lease date fields.
• Fix: Translations added for Admin on commercial listings (Return, Outgoings, Lease End )
• Fix: Sorting by rental price corrected in admin for Rental listings.
• Fix: Land details missing on Commercial Land listing type.
• Fix: Select form render multiple selections for search.
• Fix: Price bar graph in admin when no price set.
• Fix: Translation issues for search drop downs.
• Fix: Location taxonomy search redirection.
• Fix: Sorting by Unique ID in Dashboard manage listings.
• Fix: Carport label filter name corrected to epl_get_property_carport_label.
• Fix: Added land size to commercial land.

Easy Property Listings 3.3 is a major release with a huge number of new features for your real estate website. Whether you are a developer helping clients or you manage your site yourself, these features will help you showcase your listings.

Standout Upgrades

• Gutenberg enabled with REST API.
• Price slider search and major search upgrades.
• New super awesome [listing_advanced] shortcode.
• Re-created Social icons and several others.
• Agent profile links for Instagram, Pinterest and YouTube.
• Minified code with production and development mode.
• Listing administration screens slimmed.
• Set listings as featured even with imports.
• Tools to import and export settings.
• Unified search.
• So much more.

Gutenberg Support

Now that WordPress Gutenberg has been out and compatibility issues solved with the core WordPress team, we have enabled Gutenberg as default for Easy Property Listings. This also enables the REST API for all the custom post types.

Prefer classic WordPress? We have you covered. If you have the Classic Editor WordPress plugin installed and activated your listing entry screens will revert to the classic WordPress experience.

Grid Mode and Enhanced CSS Styles

Major changes to underlying front end CSS is always a challenge. We know a large number of Easy Property Listings developers have applied a considerable amount of customisations to the default look and feel of the plugin. This is exactly what we hoped would happen and have seen some stunning examples.

Saying this we understand that making wide sweeping changes can have unintended consequences to your site. We do not want that to happen to you. So we have added an option to enable Enhanced CSS from the Advanced Settings page.

One of the changes this applies to is the grid mode view of your listings. Structurally this converts a float left block into an inline block for better wrapping of listings in grid mode and prevents white space appearing if your listings are not the exact same size.

If you install Easy Property Listings fresh this option will be automatically enabled, however if you are upgrading to 3.3 you will need to manually enable the option in the Advanced Settings and check that your customisations still work.

A lot of work has gone into the Enhanced CSS that will be documented in the codex as there are a number of new classes that allow you to customise templates faster.

Improvements for Everyone

Listing Entry

This release contains a number of improvements to the listing entry screens to trim them down in size significantly which should aid you with listing entry. We have also optimised the experience if you are using classic WordPress or Gutenberg.

New Social Icons

Social profile icons has been altered to a more modern flat style that can be easily customised with CSS when using SVG versions or modify the PNG file. Any existing customisations are preserved.

Search

Unified price and listing type search is now possible. The result URL now only contains the options selected and you will also find a price slider solution.

Production and Development Mode

Optomising your sites performance and keeping it running as fast possible has been a key cornerstone in development of Easy Property Listings since the beginning. We are further enhancing this with a production and development mode option that will use minified JS and CSS files. This is enabled by default and can be easily disabled from the Advanced Settings of Easy Property Listings.

WordPress Developers

Import and Export Settings

Now you can visit the Tools page and export your settings and import them into another project. This also exports and imports your extension settings.

Shortcodes Updates

Often you want to easily set the default sort of your shortcodes to feature current listings first. Well now you can with the sortby=status option.

Code Upgrades

There have been major code upgrades applied across a large number of funcations and features in the plugin, improving extensibility, performance and ease of use.

Full Change Log

• New: Gutenberg support along with the REST WordPress API. Using the WordPress classic plugin will disable Gutenberg and Easy Property Listings or define constants.
• New: Shortcode [listing_advanced] that is a super powered shortcode with a million possible filters possible.
• New: Shortcode [listing_element] for use with page builder systems to output variables, meta fields, action hooks, excerpt, onto templates.
• New: Re-created Social SVG and PNG Icons.
• New: Production/Development mode option to enable or disable minimised CSS and JS files.
• New: Enhanced CSS implemented to enable better listing grid wrapping along with a large number of helper classes to construct custom templates for listings. Enabled on new installations. When upgrading the enhanced CSS is disabled. Enable and disable from Advanced Settings.
• New: Tools page holding Import and Export options along with the Upgrade screen.
• New: Export Easy Property Listings settings and import them into another site on the Tools page.
• New: Shortcodes [listing], [listing_category] and [listing_advanced] all support agent option for filtering by either primary or secondary agents.
• New: Shortcodes now support default sorting by status with the sortby=status option.
• New: Search results URL will now only contain commands that are being searched, making the URL a whole lot shorter.
• New: Upgrade notice that will copy the listing pricing for all listing types into a unified price search.
• New: Unified price search slider usable in the EPL – Listing Search widget and [listing_search] shortcode.
• New: Able to add a functions.php, functions-single.php and functions-archive.php files to the active_child_theme/easypropertylistings where you can store code and filter customisations.
• New: Able to add style-single.css and style-archive.css to the active_child_theme/easypropertylistings where you can store CSS customisations along with the already implemented style.css file.
• New: Implemented a Featured listing system that will allow you to set your listings as featured from the listing administration page. With the update to the EPL Importer add-on listings that you mark as featured will stay featured when updated from external sources.
• New: Major tweaks to the custom fields screens allowing for a smaller data entry screen when adding your listing details.
• New: Contacts now allow you to bulk select and delete contacts.
• New: Contacts summary search.
• New: Contact widget now has a hidden field to prevent bots from entering form details.
• New: Contact shortcode renamed to [listing_contact] instead of [epl_contact_form]. Retained old shortcode name for backward compatibility.
• New: EPL – Contact form completely re-built with better handling of success and error messages to the user.
• New: Added a notice to the frontend explaining where the map should go when a Google Maps API key is not set and re-built the JS to avoid any issues when the API key is not added.
• New: Easier to add additional custom stickers to listings with the epl_property_stickers hook.
• New: Address function for use in custom templates epl_the_address, epl_get_the_address.
• New: Status functions for use in custom templates epl_the_status, epl_get_the_status.
• New: Under Offer functions for use in custom templates epl_the_under_offer, epl_get_the_under_offer.
• New: Enabled Mini Website URL meta field as a number of REAXML providers are now using 3D Tours along with support for custom button titles.
• New: Able to configure sorting dropdown as tabs.
• New: EPL – Author widget supports single or multiple users with user searching capabilities. Allowing you to use the widget and set a specific agent or WordPress user.
• New: Floorplan uploader now support a custom label added to the listing entry screen. Label filter is still in place.
• New: External Links now 3 are now supported with a custom label. Label filter is still in place.
• New: Mini Website URL, 2 are supported with a custom label. Label filter is still in place.
• New: Energy Certificate supports a custom label. Label filter is still in place.
• New: Map Icon with filter for customising.
• New: Listing Map Icon for when the location is not exact, IE when the user selects to not display the full address.
• New: Users profiles now have Instagram, Pinterest and YouTube links and social icons added.
• New: Pets icons and function to handle output with the get_property_pets function.
• New: Rebuilt several functions which now allow for greater filtered output. Rebuilt functions are: get_property_year_built, get_property_bed, get_property_bath, get_property_rooms, get_property_parking, get_property_garage, get_property_carport, get_property_air_conditioning, get_property_pool, get_property_security_system, get_property_land_value, get_property_building_area_value, get_property_energy_rating, get_property_new_construction, get_property_holiday_rental, get_property_furnished. (New Functions) get_property_pets, get_property_featured.
• New: Rental Leased Date custom field.
• New: Ability to apply multiple templates using the epl_property_single_default filter to the single listing template loading queue.
• New: Ability to apply multiple templates using the epl_property_blog_template filter to the loop listing template loading queue.
• New: Specify the default return type of the property listing icons. Basically using the epl_icons_return_type filter you can force all icons to output text instead of an icon. Or configure a completely custom output.
• New: Improvements to video link handling with YouTube and Vimeo support.
• New: Video hook implemented into templates. Before we were using the epl_property_content_after hook where we have now added a better named epl_property_video action hook.
• New: Random sorting option added to [listing_category], [listing].
• New: Search by linked contacts — search_linked_contact.
• New: YouTube User Profile link.
• New: Office Phone added to user profile and outputs on author profile and widget.
• New: Default and custom classes added to meta field generator used in admin edit listing screens.
• New: Added Portugal Portuguese language partial translation by Fábio Nunes.
• New: Disable REST support and Gutenberg by defining new constants for post types. EPL_BUSINESS_DISABLE_REST, EPL_COMMERCIAL_DISABLE_REST, EPL_COMMERCIAL_LAND_DISABLE_REST, EPL_LAND_DISABLE_REST, EPL_PROPERTY_DISABLE_REST, EPL_RENTAL_DISABLE_REST, EPL_RURAL_DISABLE_REST.
• New: Disable REST support and Gutenberg by defining new constants for taxonomies. EPL_BUSINESS_CAT_DISABLE_REST, EPL_FEATURES_DISABLE_REST, EPL_LOCATION_DISABLE_REST.
• New: Pakistani Rupee currency.
• New: Better support for hidden admin custom fields.
• Tweak: Filters to alter the default Mobile and Office labels epl_author_widget_label_office, epl_author_widget_label_mobile.
• Tweak: Custom classes in admin screens added to some meta fields for example usage.
• Tweak: Dashboard activity widget improved CSS display with icons denoting comment type.
• Tweak: Rebuilt JS validation engine to better handle numeric numbers and the date system to optimise and streamline listing entry.
• Tweak: Rebuilt mapping JS to avoid issues with websites missing Google Maps API keys.
• Tweak: Moved several old functions to compatibility functions for future removal. Functions moved are epl_the_property_address, epl_display_label_postcode, epl_display_label_bond, epl_display_label_suburb.
• Tweak: Inspection times function altered to allow disabling of iCal function.
• Tweak: Added additional inspection time filters which allow you to filter the label further in templates where needed.
• Tweak: Auction get_property_auction function greatly improved with better date formatting for different country formats.
• Tweak: Property Available get_property_available function greatly improved with better date formatting for different country formats.
• Tweak: Improvements to search and global price search slider options now available.
• Tweak: Parse EPL shortcodes for meta queries improved.
• Tweak: Completely re-worked the icons system for listings which makes it easier to customise with hooks and filters and add additional icons and adjust the order.
• Tweak: Reworked the Additional features output allowing further control over output of features along with adjusting the order and output style. Use the epl_property_general_features_list filter to alter the order and what is included. Also add your own customised feature list output with the dynamic epl_property_general_feature_{new_one} filter.
• Tweak: Total rebuild of the sorting and tools code allowing additional tools to be hooked in and rework the existing tools.
• Tweak: Code optimisations of gallery functions.
• Tweak: Widget templates to handle the Inspection time and iCal options.
• Tweak: Selecting secondary agents works better now on the edit listing pages.
• Tweak: epl_property_widget Options for Inspection times and iCal links to EPL – Listing Widget.
• Tweak: Acre to Acres tweak – Implement formatting for measurements.
• Tweak: Pagination and multiple shortcodes on the same page working correctly.
• Tweak: Removed Google Plus from Users as it no longer exists.
• Tweak: Removed redundant before and after hooks on the manage listing screens.
• Tweak: All shortcodes now include a filter to alter the default options. epl_shortcode_listing_auction_args, epl_shortcode_listing_category_args, epl_shortcode_listing_open_args, epl_shortcode_listing_feature_args, epl_shortcode_listing_location_args, epl_shortcode_listing_args.
• Tweak: Replaced grid/list icon with a better quality one.
• Tweak: Replaced all internal icons.
• Tweak: Several older functions moved to depreciated functions for future removal.
• Tweak: Converted floorplan button into button element instead of link with button styling. This makes all buttons consistent.
• Tweak: When using custom image sizes we’ve improved the admin image sizes to not exceed the column sizes when managing listings from the dashboard.
• Tweak: Floorplan opens link in another window by default to match other buttons.
• Tweak: Contacts system better displays contact information. IE hiding empty fields when nothing is set.
• Tweak: Default sorting is now using the hidden and automatically generated property_price_global value which allows sorting taxonomy filtered listings.
• Tweak: Custom taxonomy features now output a class to the list item for css targeting.
• Fix: SVG Listing icons filter epl_svg_icons corrected and will now correctly load customised SVG icons.
• Fix: SVG Social icons filter epl_svg_social_icons corrected and will now correctly load customised SVG icons.
• Fix: Archive image hook epl_property_archive_featured_image third option for link now working.
• Fix: Widget image hook epl_property_widgets_featured_image third option for link now working.
• Fix: Images no longer overlap in admin when the image filter is used to alter the default image sizes.
• Fix: [listing_auction] shortcode now correctly lists set auctions.
• Fix: [listing_open] shortcode now correctly lists listings that have an inspection set.
• Fix: Home Open label improved as sometimes empty data is imported and the label appears where it should not.
• Fix: [listing_search] enabling the multiple select option now works better.
• Fix: Several typcasting fixes to various functions to prevent any issues with data that is not entirely empty.
• Fix: Features list output class name fix for bathrooms, building size and furnished.
• Fix: Improvements to compatibility mode that prevents YoastSEO outputting multiple times on the page. This will also correct any other plugins with a similar issue.
• Fix: Adding of contacts with no summary is now possible.
• Fix: When checkbox option defaults were set to on user was unable to save option, corrected the behaviour.

What a stressful time we’ve just been through which blindsided us and upended our plans, and new extension schedule and major extension updates.

Threw that right out the window.

On Wednesday July 22nd 2019 Easy Property Listings was delisted from the WordPress.org plugin directory.

WHAT! the??? was exactly was going through my head at this time… Next I visited the plugin on WordPress.org and yep, low and behold the statement.

“Your plugin is no longer available for download.”

A cold chill ran down the back of my neck when reading these words.

What did we do?

Thinking, we have no code that is nefarious or below board as you read about apps and social media platforms not caring about user privacy, that is not us… What did we do?

Thankfully WordPress.org have a system in place and after checking my email was a very clear and specific email about exactly what was wrong with Easy Property Listings and more importantly what to do about it to get back into the plugin directory.

Jul 22, 2019, 10:27 AM

Your plugin has had to be temporarily withdrawn from the WordPress.org Plugin Directory due to an exploit.

For the next 60 days, your plugin will simply say that it is no longer available for download. After that time, it will state that it was closed for a security issue.

Plugin Page: https://wordpress.org/plugins/easy-property-listings/

Vulnerability Report: https://www.pluginvulnerabilities.com/2019/07/19/a-hackers-looks-to-be-probing-for-the-wordpress-plugin-easy-property-listings-these-vulnerabilities-might-be-why/

Plugins are closed once we are made aware of any security issues and have verified their exploit-ability. We believe that leaving plugins open would put users at risk if we allowed them to download code that could be exploited, and once an exploit is reported, it is often acted upon by persons nefarious.

Please review the exploit report carefully. If you believe the report is not valid, and that your plugin is secure, please reply to this email to let us know. If the vulnerability is XSS or CSRF related, know that Chrome actually prevents those from working in their browser and you may need to check in Firefox or another browser.

If you find this report to be valid, you must resolve the exploit and update your plugin in our directory in order to have it restored. When you do so, remember to increase the version number of your plugin to reflect the change, this ensuring that your users will be alerted to the update once your plugin is reopened.

Bear in mind, this is NOT a complete security review of your plugin. Once you’ve corrected the listed issue(s), you should perform a top-down review of your entire plugin and look for any and all possible issues. Take the time to make sure you’re in full compliance with the guidelines as well.

Once you’re certain you’ve fixed everything, update your code in SVN and reply to this email. At that time, we will perform a complete security and guideline review, as if you were a new plugin, and either reopen your plugin or report any remaining issues with the code. We require plugins to be safe before we will reopen them.

Please review our documentation on how to use SVN – https://developer.wordpress.org/plugins/wordpress-org/how-to-use-subversion/#best-practices

Your plugin will not be re-opened until it is reviewed, and it won’t be reviewed until you reply to this email and tell us you’ve checked the code in to SVN.

This review process may take a while. Please be patient. We do understand that your plugin is important to you, and we do prioritize security reviews over everything else. Still, it can take us up to 5 business days to give your plugin a complete review.

We will check both your changes and your plugin as a whole, to ensure we didn’t miss anything. You will be required to correct all security issues before we can reopen the plugin. This is because if we found another security issue down the road, we would have to close your plugin again. We feel it’s better for your reputation to have a plugin closed once and fixed rather than multiple times.

Should you, for any reason, find you are unable to update the plugin, please let us know promptly so we can decide on the best course of action to take in order to protect the users. It’s okay if you just can’t fix this or don’t want to.

If you have any queries or need any advice, please let us know.

At least we knew what to do as the site Plugin Vulnerabilities let us know where the specific security was and how to test it once fixed.

• A Hackers Looks to be Probing for the WordPress Plugin Easy Property Listings, These Vulnerabilities Might Be Why

We got to work immediately on correcting the issue

This is where the process was a bit less informative. We fixed the immediate issue and submitted the changes for review on the 24th July. The ball was now in the WordPress.org plugin review court.

NOTE: I’m publishing the full emails from WordPress.org in a hope for others to learn from what happened to us. In reality I’m really glad issues were found as we were able to correct them and learn about some new tools that we had no idea were a thing.

Reply on the 26th.

Your plugin has some security issues as well as some minor issues that should be resolved. We will not REQUIRE you to fix the non-security ones right now, but we do strongly encourage you address it as soon as possible.

SECURITY:

## Please sanitize, escape, and validate your POST calls

When you include POST/GET/REQUEST/FILE calls in your plugin, it’s important to sanitize, validate, and escape them. The goal here is to prevent a user from accidentally sending trash data through the system, as well as protecting them from potential security issues.

SANITIZE: Data that is input (either by a user or automatically) must be sanitized. This lessens the possibility of XSS vulnerabilities and MITM attacks where posted data is subverted.

VALIDATE: All data should be validated as much as possible. Even when you sanitize, remember that you don’t want someone putting in ‘dog’ when the only valid values are numbers.

ESCAPE: Data that is output must be escaped properly, so it can’t hijack admin screens. There are many esc_*() functions you can use to make sure you don’t show people the wrong data.

To help you with this, WordPress comes with a number of sanitization and escaping functions. You can read about those here:

* https://developer.wordpress.org/plugins/security/securing-input/
* https://developer.wordpress.org/plugins/security/securing-output/

Remember: You must use the MOST appropriate functions for the context. If you’re sanitizing email, use sanitize_email(), if you’re outputting HTML, use esc_html(), and so on.

Clean everything, check everything, escape everything, and never trust the users to always have input sane data.

Some examples from your plugin:

easy-property-listings/lib/includes/class-epl-meta-boxes.php:324: $epl_date = $_POST[ $field[‘name’] ];
easy-property-listings/lib/includes/class-epl-meta-boxes.php:347: update_post_meta( $post_ID, $field[‘name’], $_POST[ $field[‘name’] ] );
easy-property-listings/lib/includes/admin/admin-functions.php:495: $ver = $_POST[‘upgrade_to’];
easy-property-listings/lib/includes/admin/reports/graphing.php:395: $dates[‘year’] = isset( $_GET[‘year’] ) ? $_GET[‘year’] : date( ‘Y’ );
easy-property-listings/lib/includes/admin/reports/graphing.php:396: $dates[‘year_end’] = isset( $_GET[‘year_end’] )? $_GET[‘year_end’]: date( ‘Y’ );

NON SECURITY

## Including your own CURL code

WordPress comes with an extensive HTTP API that should be used instead of creating your own curl calls. It’s both faster and more extensive. It’ll fall back to curl if it has to, but it’ll use a lot of WordPress’ native functionality first.

HTTP API

Some examples from your plugin:

easy-property-listings/lib/includes/functions.php:97:
$response = curl_exec($ch);

## Including Libraries Already In Core

Your plugin has included a copy of a library that WordPress already includes.

WordPress includes a number of useful libraries, such as jQuery, Atom Lib, SimplePie, PHPMailer, PHPass, and more. For security and stability reasons, plugins may not include those libraries in their own code, but instead must use the versions of those libraries packaged with WordPress.

While we do not YET have a decent public facing page to list all these libraries, we do have a list here: https://meta.trac.wordpress.org/browser/sites/trunk/api.wordpress.org/public_html/core/credits/wp-52.php#L443

* easy-property-listings/lib/assets/js/jquery.ui.touch-punch.min.js

Back to work

Alright so we got back to work on some more fixes and submitted 3.3.5 on the 30th. It was a lot of work to do by the team here. We dropped everything else and laser focused on resolving these other issues.

Basically our plugin was flagged for 1 issue, however fixing that was not enough to get the plugin back into the directory.

Personally I see the thought process behind this with the WordPrss.org team however this means that we are unable to release a fix that you could download until we got everything perfect…

The issue I have with this is even though we patched X you were not able to download that patch and there was nothing we could do until we went through the process of fixing every single line of code in the plugin manually.

We tackled the issues in the previous email and submitted 3.3.5

I’ve been considering the timezone issues as we are in Perth and a lot of the WordPress.org team are all over the world but pretty much North American timezones.

My reply on the 26th.

Thank you for reviewing the plugin, we’ve reviewed all code and patched, edited and reviewed it, we even patched the non security issues also in the TRUNK and TAG 3.3.5

Really appreciate the guidance with your code snippets and thank you for checking our security issues.

Here is hoping we patched all issues.

We await your review and hopefully be live again on the WP.org plugin directory.

Reply July 31st

You still have some sanitization issues

easy-property-listings/lib/includes/functions.php:2092:
$post_type = isset($_GET[‘view’]) ? $_GET[‘view’] : ‘property’;
easy-property-listings/lib/includes/functions.php:2108:
$range
= isset($_GET[‘range’])?$_GET[‘range’]:’other’;

easy-property-listings/lib/includes/admin/contacts/contact-actions.php:560:
epl_update_contact_tag_bgcolor($_POST[‘term_id’],$_POST[‘bg’]);

And so on.

HMMMMMMMMMM, and so on….

That line got me thinking. “Are we going to fix one thing and continue to get a reply saying something else is not correct every time we submit a new build” Our plugin is frigging huge and this will be impossible and leave all the current sites with a flaw.

My reply July 31st

Alright my developer used grep to search the code and picked up and corrected several more GET REQUEST POST issues and sanitised them.

I’ve JUST pushed the TRUNK so we can fix and version with your approval.

Are you able to provide any more detail on additional fixes we need to do?

Thanks

Fingers crossed we get some guidance to help us.

Reply 1st August

We recommend a PHP Code Sniffer scan of your code, using the WordPress Coding Standards, in order to help you determine the overall security and quality of your code.

Note: No tool can promise or deliver a 100% security check of your code.

https://github.com/squizlabs/PHP_CodeSniffer
https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards

You need to walk through function save_meta_box( $post_ID )

Looking there, you have a LOT of non-sanitized code:

$epl_meta_box_ids = ”;
if(isset($_POST[‘epl_meta_box_ids’])) {
$epl_meta_box_ids = $_POST[‘epl_meta_box_ids’];
}

and

$_POST[ $field[‘name’] ] = $epl_date;

and

if( isset($_POST[ $field[‘name’] ]) ){
$meta_value = $_POST[ $field[‘name’] ];
update_post_meta( $post_ID, $field[‘name’], $meta_value );
}

Also you don’t need to make this check:

if( function_exists( ‘sanitize_textarea_field’ ) ){
$_POST[ $field[‘name’] ] = sanitize_textarea_field( $_POST[ $field[‘name’] ] );
}

There’s no point in the if-exists check for a WordPress CORE function. If that doesn’t exist, there’s so much wrong your plugin probably won’t even run.

But also re-saving as POST data is a poor development choice.

$sanitize_field_name = sanitize_textarea_field( $_POST[ $field[‘name’] ] );

Excellent! There are tools we can use to help us!

FINALLY! a response and some help from the WordPress.org plugin team. Problem is I had to ask and I’m sure that there are many other plugin developers who do not know about the tools in the reply from the plugin team.

I’m assuming that the replies are from different people and this particular person cares about us!

Yipee we have something to help us.

My Reply 1st August

Well…

Haven’t you just opened up a can of worms for us.

Thankfully so, after the installation of the tools below….

WHERE HAS THIS BEEN !!! Wow what a tool!

Amazing thanks for the share,

Working on our code, this will take us days but we will be better for it and have a better product in the WP.org directory.

Again thanks for chucking the golden spanned in the works

100% not sarcasm, what a tool set to make me and my team better coders

Will let you know once the TRUNK is ready “really ready”

Thanks

With the new tool in hand we were ready

OH Shit.

This is going to take time to resolve and as we are a small team servicing 7,000+ websites around the world we are going to need to break the work down and I had to put my coding hands back in the game.

With this new command line tool we were able to scan files for issues and flag them for fixing.

I worked on the overall simpler Code Standards changes while our lead developer, Prince worked on the security fixes and translation issues.

Through this process we learned about a new coding tool called PHPStorm which we now use as it has extensive capabilities to scan code for issues and apply numerous fixes and helps automate internal code documentation.

So I decided that we were to fix everything even internal documentation issues and apply WordPress Code Standards across every file and line in Easy Property Listings.

Once we got the all clear from our extensive testing we submitted to WordPress.org version 3.4 on August 13th.

My reply and submission August 13th

We have pushed the lates build to TRUNK for your review.

Used

phpcs

phpcbf

phpcs –standard:WordPress

Processed what we could with phpStorm

Implemented a very large number of esc_html__ esc_attr (many others with _e __ as required by the functions.

Edited every file in the plugin, renamed files to hit WP standards naming, huge changes and for the better.

please help us get the plugin back into the directory so specifics on additional security fixes would be of great help now that we really have edited everything in the plugin.

Again thanks for the phpcs tool suggestions was a great help,

We worked day and night to get this done.

I was expecting a reply with some more changes BUT due to the huge changes and checks we made and having these new tools at our disposal the email we got was:

Reply Aug 13, 2019

Your plugin has been re-listed in the directory.

Be advised: This does not offer any assurance that your plugin is free of all security issues or all guideline violations.

While we do our best to spot everything (just like you do) we’re human. We may have missed things, being not as familiar as you are with your own code.

We strongly recommend you take the time to perform as through a review as you can of your own work. This should be your top priority as once a plugin is closed, many people will think it is because it was insecure, even if it wasn’t. That means your plugin becomes a target for hackers. There isn’t a good way to avoid this assumption.

You may notice your stats are out of sync for the next while. Since our systems are heavily cached, this can take a while for all the servers and APIs to catch up. Please don’t panic. They’ll reset properly given enough time, and there’s nothing we can do to speed it up.

As long as your plugin is open, it’ll get sorted out eventually. Don’t panic.

Fingers crossed.

Joy! Pure joy reading that email and a feeling of relief came over me and the team.

We did it, the spanner has been removed from Easy Property Listings and we can now move forward and get back on track.

Due to the extensive changes in 3.4 we knew that we would need to fix issues caused by the new security functions in place.

We are not the only plugin with security issues

There seems to be a major push into checking plugins and themes for security issue recently which is actually really great.

Means we as developers can learn about how to write more secure code and ensure our users are as protected as possible with their WordPress websites.

The iThemes team have been publishing WordPress Vulnerability blog posts in August where we were included in part 2.

Much bigger plugins than ours have also had security issues patched.

See the following blog posts from iThemes the makers of iThemes Builder Theme, BackupBuddy and Security Pro.

• WordPress Vulnerability Roundup: August 2019, Part 1
• WordPress Vulnerability Roundup: August 2019, Part 2

Ensure your real estate website is secure

We’ve done extensive work on Easy Property Listings 3.4 and encourage you to update to the latest version as soon as possible to avoid any site security issues.

Reach out to us if you are concerned by opening a support ticket, we are here to help you make your real estate website the best it can be.

Full Change Logs

3.4.5 September 5, 2019

• Fix: Editor custom field type stripping html.
• Fix: Remove strict type for checkbox & select multiple field types which prevented saving number type array options.

3.4.4 September 4, 2019

• Fix: Checkbox array options not saving correctly in extensions settings.
• Fix: Removed default template check for loop and single templates as this caused incorrect templates to load in some cases.

3.4.3 August 29, 2019

• Fix: Displaying of Geo and Unique ID columns in admin.

3.4.2 August 27, 2019

• Fix: Issue when using WordPress default pagination, output corrected.

3.4.1 August 25, 2019

• New: Hidden meta fields for currency support, and floor plan modified date time.
• Tweak: Support for meta fields file type to support as an array of data.
• Tweak: Allow embeds and scripts in meta fields like floor plans and energy certificates to support an array of data which is handy during data import.
• Tweak: Corrected undefined variables in widgets since WordPress 5.2.2.
• Tweak: Admin contacts added wrapper classes to contact values.
• Fix: Currency support for search widget price sliders.
• Fix: Commercial search fix, widget select type field fix: not saving.
• Fix: Agent search suggestions in admin.
• Fix: Reports graph date display issues.
• Fix: Search templates will no longer ignore custom fields added using filters.
• Fix: When adding dynamic content to a listing using the WordPress editor default WordPress behaviour is restored allowing page builder content to display correctly.

3.4 August 16, 2019

• MAJOR Security Update Release. Important to update to the latest version to protect your website. Easy Property Listings has been reviewed and approved by the WordPress plugin team.
• WordPress standards coding applied to all plugin files and code.
• This is a critical update to Easy Property Listings plugin that is focused on security enhancements. Update you site to this version.
• New: Reset settings to default values tool page added viewable with &dev=true added to tools page URL.
• New: Added autocomplete option to meta-fields array.
• Tweak: Internal code documentation enhanced.
• Tweak: Admin, structure, style, enhanced, legacy CSS optimisations.
• Tweak: JS enhancements, improvements and optimisations.
• Tweak: Removed depreciated author meta compatibility file.
• Tweak: Removed depreciated listing meta compatibility file.
• Tweak: Removed depreciated extensions compatibility file.
• Tweak: Ability to arrange EPL – Search Widget options dashboard field order.
• Tweak: Wording alteration for Inspection Times – removed (one per line).
• Tweak: Removed subscriber user type from Dashboard filtering by User.
• Tweak: Now using WordPress jQuery touch punch JS script.
• Tweak: Removed cURL php requirement and instead use WordPress helper function.
• Tweak: Additional CSS classes added to SVG icons.
• Tweak: Fix bath and car svg wrapper class name.
• Tweak: Author box will no longer display bio tab is user bio is empty.
• Fix: Minimised scripts and css in admin areas to EPL pages.
• Fix: Versioning added to epl js scripts.
• Fix: Upgrade database on new installs message no longer displaying as no action is required.
• Fix: Business listing type pricing.
• Fix: Translation strings corrected in several places across the entire plugin. Internal translation guides added.
• Fix: jQuery UI CSS now loading minified version in production mode.
• Fix: [listing_element] shortcode will now display shortcode values when using frontend GUI builder.
• Fix: Loading custom CSS using the style-single.css now works correctly.
• Fix: XSS security flaw.
• Important Security Update.

After several months of strenuous testing and using the 2.0 import add on installed and running on many live real estate websites, the add-on for WP All Import is ready for release.

Of all the software we create this is the most difficult and complex system that must be 100% correct so that when you update to the latest version, it just works.

Whats new

Field Skipping and you can use Featured Listings

A major feature request for us is the ability to use the featured listings option in WordPress to manage your featured properties. But as this is an importer the listing data is being pulled in from an outside listing source. Making the ability to retain added data to your listings in WordPress stay there after you update it in your listing provider.

We have implemented a very elegant system where custom fields can be automatically skipped, linked contact data skipped and several default fields.

Meaning you can add additional data to your imported listings after its imported and use the Featured star to feature your imported listings!

By default we are force skipping the property_featured, property_year_built and property_owner data.

See the codex on how to use the epl_wpimport_default_skip_fields_list filter to skip additional fields.

Selective updating of imports – Partial / full / skip specific fields

Now you can selectively update a specific piece of imported info, a few, exclude some or update everything. This is really handy when altering a large number of listings where you want to JUST update something specific. Like just the title, an agent, or a few specific fields.

Skip Easy Property Listings Custom Fields

Many options to choose from and you can selectively just update the Easy Property Listings fields, or skip them entirely.

This makes updating much easier. See the guide on updating your imports with the add-on.

Major enhancement to logging

Once the import configuration is set and running every hour, every day 24/7 it just runs. However if there is a problem with bad logging this is nearly impossible to figure out what has gone wrong…

• Was it the data source?
• Why did the listing skip or update?
• Which field is incorrect?

Answering the above is very difficult with bad or minimal information. So we have done extra work to implement specific logging on exactly what is happening and why. Our logging was already quite good, but with the new features, means we need much more detail so we can see exactly what is going on during the import process.

Full Change Log

= 2.0.0 February 5, 2020 =

• New: Select and specifically override Easy Property Listings Custom Fields. You can now update all, update specific fields, or leave some alone.
• New: Filter epl_wpimport_default_skip_fields_list allowing record skipping of specific fields when importer is set to update everything. This allows you to use the featured listing system in EPL with imported data and by default will not update property_featured, property_year_built, property_owner custom fields. Add more to the epl_wpimport_default_skip_fields_list array as required.
• New: Modified date/time filter epl_import_mod_time added allowing support for other data formats.
• New: Better logging output so you know specifically what is happening to all EPL fields during import.
• New: Support for custom meat fields to use ‘import’ => ‘preserve’ which will automatically enable record skipping of custom added meta fields.
• New: Image filter epl_import_image_new_mod_date enabling image record skipping process for custom feeds.
• Tweak: WP All Import rapid-addon updated to 1.1.1 version.
• Tweak: Revised log messaging for better clarity on exactly what is happing during the import process.
• Tweak: Updated fallback meta fields to EPL 3.4.21.
• Fix: Bold formatting issue in log.
• Fix: Security improvements.

After several months of strenuous testing using multiple server environments and running a lot of FeedSync 3.4 builds on production real estate websites FeedSync is finally ready for official release.

Whats New

Extensive changes to the internal database structure which offers better encoding, enhanced server compatibility, PHP 7.4, faster data processing and enables us to implement new features moving forward.

• Replaced several server reliant functions with internal versions.
• Improvements to logging and defaults log increased.
• Geocoding functions improved and better messaging.
• Minor 3.4.1 release to allow 3.4 builds to update.
• Enhancements to missing data from some providers allowing better imports.
• Better timezone support to convert time on the fly.
• Major improvements to the encoding (converting strange characters).
• Review the fill change log below.

We will follow this release shortly with a 3.4.1 build where we are changing the version number in order to allow the fast number of sites running stable 3.4 builds to update to the official release version.

Full Change Log

• New: Ability to process coordinates for a specific listings by pressing the map icon.
• New: Support for geo Latitude and Longitude supplied in extra fields by some providers.
• New: Add price display yes to data feeds when not provided as this is the default.
• New: curl in feedsync updater.
• New: Log empty files to logging system.
• New: Added http library to handle remote requests.
• New: Replace cURL with http requests.
• New: Convert first date as per modified time and implement better timezone conversions.
• New: Database structure created replacing EZ SQL.
• New: Database upgraded to utc8.
• New: Pagination library replaced.
• New: Debug constant added, use define(‘FEEDSYNC_DEBUG_DISPLAY’, true ); in the config.php file to enable it.
• New: Display system wide notice in footer, if required PHP modules are not loaded.
• Tweak: File permissions changed to be more consistent across different servers.
• Tweak: On clean install, logging enabled by default and log records increased to 1,000 entries.
• Tweak: On clean install, Access key set to enabled by default.
• Tweak: Session path variable made independent of SITE_URL constant.
• Tweak: Improvements to creating a unique ID for each listing.
• Fix: Reconfigured server and browser sessions to better allow upgrade process to not log the user out.
• Fix: Correct file permissions to 644 once updated.
• Fix: Spelling issue in log files.
• Fix: Log files were downloading as .xml now correctly altered to .log files.
• Fix: Server out of memory issue in case of large data set.
• Fix: Login issue fixed when logging to WordPress on same server.
• Fix: Curl error, incomplete curl response, connection closed by server.
• Fix: Suppress notices when licensing server is not responding, preventing unnecessary error log entries.
• Fix: Row counter.
• Fix: Encoding issues of html entities.
• Fix: Logging page missing Footer info when empty.
• Fix: Session overlapping of multiple FeedSync installations on same server.
• Fix: Upgrade bug fix.
• Fix: Footer area added to imported and agents pages.
• Fix: HTML decoding removed for existing xml files. Preventing xml loading error.
• Fix: Jupix Format – Improvements to file splitting process.
• Fix: BLM – Format – Improvements to file splitting process.
• Fix: Added check for empty option objects to prevent unnecessary error messages.
• Fix: Strict UTF-8 data output parsing preventing errors with ASCII supplied data.

We are pleased to announce the release of the Inspect Real Estate extension version 2.5 now supporting the 2Apply rental application system created by the team over at Inspect Real Estate. This tool is needed now more than ever with the changes we are all facing in the face of the coronavirus.

2Apply Button

The extension will allow you to add a customisable Apply button to your listings which will take the rental applicant to the 2Apply website which allow potential tenants to apply for your rentals online. The applicants details will be added to your Inspect Real Estate account.

2Apply Page

Book Inspection Popout Lightbox example

The extension now includes a Lightbox option for the Book Inspection button where the form is displayed on top of your listing page instead of in a new tab. There are 5 Lightbox themes to choose from.

Full Change Log

• New: Apply button option that can be enabled for the Inspect Real Estate 2Apply feature. This will display an Apply button on rental listings.
• New: Display the book inspection page in a popout Lightbox on top of the listing with 5 themes to select from.
• New: Reordered the settings and added links to documentation and better internal instructions.
• New: Refactored the buttons from from input into buttons to bring in more consistency with other Easy Property Listings buttons used on listings.
• New: Several filters added.

We are pleased to announce the release of the Custom Buttons extension version 2.0. This release is packed with new features allowing you to add custom buttons to your listings and modify the existing buttons easily.

What started out as a minor update monopolised a week of development time as we turned it into a much more versatile plugin with some very nifty features for you to use.

This is great feature to add more interactions on your listings and can be used to help generate more leads. Use this plugin to link to your Appraisal pages, contact forms and services that you offer to home owners, investors, tenants and landlords.

Read on to see what new features are includes in the Custom Buttons extension. We’ve also bundled this into the Core Extension Bundle, download it now from your account.

Pop-up Lightbox

Popup Lightbox feature is now available for all custom buttons and can also be used on your default listings buttons. Use this feature to display external links, contact forms, maps, and all sorts of internal or external links in a variety of different ways.

Best is to show you, so visit the demo listing in a new tab. Click the Custom Button – Lightbox Map button to see it in action.

Lightbox modes

Select the right mode for the link you are using.

Inline: Use the Inline mode when you want something on the page to appear when the button is pressed. One use would be used to trigger a hidden contact form to display or pop the map out off the page. On the demo listing press the Custom Button – Lightbox Map button to effectively copy the map that is on the page to a new Lightbox spot. This can also be used to display hidden content, like a contact form.

iFrame: Use it for external web pages and links. The external link will be popped out in an iFramed Lightbox, great for 3d Tours. Press the Listing Button: iFrame External Link button on the demo listing which will display a 3D tour in a Lightbox.

Photo: Used for image links like popping out the Floor Plan images. Try the Listing Button: Lightbox Floorplan demo button on the listing.

Lightbox themes

Select from 5 pop-out Lightbox themes. We have included the following:

Customise the default listing buttons

You can alter the label, link behaviour and activate the Lightbox for default listing buttons like Floor Plan, External Link, Mini Web, Energy Certificate buttons. Just enable the additional options for the buttons.

Smooth Scroll

Sometimes you want a visitor to get access to other parts of your page, make this easy for them with the Smooth Scroll feature. The Smooth scroll feature will allow a smooth transition from button to a specific location on your listings page. Handy for instance if you want a “Map” button where the map is displayed further down the page. When you set the map html ID and the user clicks the Map button, the page will smooth scroll to the map.

Try this at the demo by pressing the Custom Button – Smooth Scroll to Gallery button.

Custom Buttons Labels

Instead of displaying Button 1 as the settings for tabs, you can now easily figure out what button you need to adjust as the tab label will be the button label.

Listing Query – Custom Fields

This feature will allow you to set a button to display on a specific listing type and/or if your listing matches criteria that you specify. For instance you can use this to display a button on a listing in a certain state. Or perhaps its a “House” and you want specific information displayed on your house listings that might differ from your “Unit” listings.

Output Location

Select the output location(s) where your want your custom buttons to be displayed.

Display your custom buttons with existing buttons on your listings.

• Display your custom buttons with existing buttons on your listings.
• Output buttons only into epl_custom_buttons hook. Add this hook to your template file.
• Before the text content on your listings.
• After the text content on your listings.
• Custom hook allowing you to specify any hook name. All the EPL templates are built with hooks, so you can place your buttons pretty much anywhere.

Shortcode

This release also has a [epl_custom_button] shortcode which makes it really easy to output a specific button in your listing templates. Visit the codex for specifics on this feature.

Grab the Custom Buttons extension from the store, its also included for all owners of  the Core Extension Bundle.

Thanks!

We hope you enjoy using this plugin as much as we enjoyed building it, so if you already have the Core Extension Bundle, download it now from your account. Check out the getting started guide in the codex.

Full Change Log

• New: Popup Lightbox feature available for all custom buttons and to alter the default listings buttons too. This advanced feature can be used to display external links, contact forms, maps all sorts of internal or external links in a variety of ways.
• New: Display your custom buttons and listings buttons using a Popout Lightbox on top of the listing with 5 themes to select from.
• New: Smooth scroll feature will allow a smooth transition from the custom button to a specific location on your listings page.
• New: Default listing buttons like Floor Plan, External Link, Mini Web, Energy Certificate options to control the default labels, link behaviour, order and use the new Lightbox feature.
• New: Custom button settings tabbed will now display the button name you have set, so you can now easily figure out which button does what.
• New: Support for custom field filtering your buttons. Allowing you to have a specific variable the listing must meet for the button to be displayed. Eg House Type, state, options etc.
• New: Implementation of button mapper now using single function for all buttons allowing us to add more buttons.
• New: Shortcode [epl_custom_button] added for use on listings and in templates.
• New: Select the output location(s) where your want your custom buttons to be displayed.
• New: Custom hook capability allowing you to output the buttons separately from the default buttons on your template.
• Tweak: Re-configured all internal wording and setting instructions.
• Tweak: Custom buttons increased to 20.

After many months and a whole lot of internal builds and testing on a huge number of installations FeedSync 3.5 is finally ready for you to get your hands on.

This is a huge release with a lot of listing management features, new XML2U format support, lots of internal improvements to make file processing faster and optimised for large data processing requirements.

We had 2GB of XML files processed fast and efficiently. So this will work from small to very large scale projects.

Status Editing

One highly requested feature by our internal team and customer was the ability to edit listing status. This is in the event of a connection issue with the listing provider allowing a quick edit of the listing status.

In order to enable this feature you will need to add the following line to your config.php file. (Its included in the new config-sample.php file.) Just add.

/** Set to true to enable listing status changing and deleting entries */
define('FEEDSYNC_EDIT', true );

Once this is added listing editing is now possible, just hover over a status and select a new status for your listing.

Quick and easy, and when a status is changed the listings modified time is incremented slightly so that your application (WordPress import) will detect a change and update the listing.

Deleting now changes the status

Along with the editing we now instead of deleting an entry, it will be marked with the status of deleted. This now allows you to undo any mistakes. Note: We added this as we have accidentally deleted the wrong listing which can take a bit of time to undo, not these are just moved to the Deleted category for easy restoring. Learn from our mistakes…

In order to really delete the listing, this can be done from the Deleted tab.

Processed files are now stored in YYYY/MM folders

FeedSync can handle a lot of data and from multiple providers at the same time. So for large workloads we are now placing files into processed/YYYY/MM for easier management.

Image review and Info page

Another highly requested feature was the ability to review the listing images in order to see the raw order, image sizes and resolution. You can press the info icon on any listing to review its image and location details.

We have seen very large images being uploaded, so use this tool to diagnose import issue and we recommend images to be 2000px wide and 70% JPG compression.

REAXML FTP Fetch

You can now have FeedSync fetch FTP from a remote location which is handy.

WordPress Publishing Settings

You can now set the published status of your listings using the <feedsyncPostStatus> node. This is required for the new incremental import processing as in order to use incremental importing, all listings must be handled. Use these settings to restrict website visitors from viewing Withdrawn / Deleted listings.

Incremental Imports Now Possible

With the WordPress publishing settings you are now able to use incremental import processing with your listings. We have been using this for several months for all our FeedSync Installation Service customers.

The main difference is that during processing the import only needs to deal with a few records at a time instead of the entire data set stored in FeedSync.

The biggest benefit to this processing is the imports can run every 10 minutes (recommended).

The requirements are:

• Incremental Import Scripts (These are downloadable from Your Account)
• Output url must contain &status=all&days_back=7

With this your trigger command can be run every 10 minutes instead of hourly.

XML2U format now supported

The XML2u service is a data fetching system that can create XML files from website data. FeedSync can handle this and can import multiple XML sources too.

Many more improvements have been added to FeedSync 3.5 indicated in the Change Log below.

Full Change Log

• Extensive upgrades and enhancements throughout FeedSync to make XML processing a seamless process.
• New: Manage listing status with a click with FEEDSYNC_EDIT set true in config.php.
• New: Error reporting and display on installation to assist with issue diagnosis.
• New: Summary row displaying listing counts.
• New: Option to define folder permissions in config.php using FEEDSYNC_FOLDER_PERMISSIONS constant.
• New: Database upgrading class added to streamline new installs and upgrade database process.
• New: Listing Info page displaying attached images, image sizes and resolution along with map location.
• New: Deleting listings are now moved to a deleted status instead of removing.
• New: WordPress publishing settings to set a new feedsyncPostStatus field to allow incremental importing. Incremental import scripts required and use of status=all is required.
• New: Commands to export by range using &days_range=100-365 output listings that have mod date in range between specified days.
• New: Commands to export by days before using &days_before=100-365 output listings for that have mod date smaller than then specified days.
• New: XML2U Format added. Supports multiple location fetching.
• New: REAXML FTP Fetch option. Allows xml fetching from FTP location and processing. Files can be deleted once fetch has completed.
• New: Support for New Zealand REAXML format address differences.
• New: Processed files are now stored in YYYY/MM folders.
• New: Multiple agent_id supported as comma separated.
• Tweak: Jupix Format – Added option for let agreed & Sold STC listing status.
• Tweak: REAXML Format – Use google geocode if no geo fields in extra fields.
• Tweak: Expert Agent Format: Improvements to status handling and options to alter them.
• Tweak: Jupix Format: Improvements to status handling and options to alter them.
• Tweak: Improvements to date processing and detecting a wide range of date formats.
• Tweak: Escape external links, escaping unwanted chars in URL.
• Tweak: Log files are now .txt instead of .log file extension.
• Tweak: Use of COOKIEPATH constant based on site url.
• Tweak: Removed gettext dependency.
• Tweak: Random access key is set during installation.
• Tweak: Implemented additional checks before renaming files.
• Tweak: Context prefix in server path check.
• Tweak: Set a random access key during installation.
• Fix: Permission denied notices while saving files.
• Fix: Hidden file permissions issue.
• Fix: Pagination divide by zero warning.