Changelog

1.7

• New — the guest email-verification (OTP) texts are now editable in the admin under Settings → Form: the verification prompt shown to unverified guests, the “send verification email” and “confirm code” button labels, and the verification-code help text. Previously these were fixed built-in strings. Leaving a field empty keeps the built-in default.
• New — the guest email-verification step is now visually highlighted as a clear call to action: the prompt sits in an accented callout and its verify/confirm button is a solid, filled button so an unverified guest notices the action they must take. The emphasis never relies on colour alone (left-border surface plus the prompt text and accessible button names), and the button keeps AAA contrast.
• New — the above verification texts are multilingual: they can be translated per language through WPML String Translation or Polylang’s strings screen, like the other admin-entered texts. On single-language sites nothing changes.

1.6

• New — multilingual support (WPML and Polylang): all admin-entered texts (form intro and disclaimer, the submission success message, the notification email subjects and bodies, the order-email withdrawal link label and text) can now be translated per language through WPML String Translation or Polylang’s strings screen, and the form-page link follows the current language. On single-language sites nothing changes.
• New — the submission success message shown after the form is sent can now be edited in the admin under Settings → Form, including a {uid} placeholder for the record’s reference id. Previously it was a fixed built-in text.
• Fix — secondary button hover: the secondary button’s text colour is now pinned on hover, so it no longer turns unreadable (e.g. white-on-white) under themes that restyle button hover states.
• Fix — notification emails are now sent as HTML, so line breaks survive on sites where an SMTP or email-template plugin renders mail as HTML. Previously the text could arrive as one run-on block.
• Fix — the withdrawal form now recognises custom order numbers. When a plugin overrides WooCommerce’s default order number (for example MD0574), the form accepts the displayed number, not only the original numeric ID.

1.5

• Hardening (security) — this change was made to satisfy the WordPress.org plugin security review. Unverified guests now file a free-text withdrawal declaration without any order data being looked up or shown. Order data is disclosed only to logged-in or email-verified customers; a visitor who cannot prove their identity describes their order in their own words, and the resulting declaration is flagged “unverified” in the admin for manual matching before any refund.
• New — checkout withdrawal waiver: for goods where the right of withdrawal can be waived (typically digital content), the shop can now show a consent checkbox at checkout through which the customer expressly waives that right for the affected items. The checkbox appears only when the cart actually contains a waivable item, and works on both the classic shortcode checkout and the block-based (Store API) checkout. It can be set globally to optional or mandatory — mandatory blocks placing the order until the box is ticked. The consent is recorded on the order as evidence (timestamp, IP address, a fingerprint of the exact statement text, the covered products and the mode) and shown in a “Withdrawal waiver” panel on the order-edit screen. Off by default; enable and word it under Settings → Exclusions. For the block-based Checkout, add the “Withdrawal waiver” block to your Checkout page once where you want it to appear.
• New — exclusion type split (excluded by law vs waivable): the withdrawal-exclusion settings now separate two legally distinct cases. “Excluded by law” items (perishables, custom-made goods, opened hygiene/sealed products) are never withdrawable — the right does not apply, no customer action is involved and no checkbox is shown. “Waivable” items are those where the right exists but the customer can give it up with the checkout consent: only these drive the consent checkbox, and such an item stays excluded only when the customer actually consents — without consent the right of withdrawal is retained. Existing exclusions keep behaving as “by law”, so nothing changes for orders that predate this. Each case has its own product and category pickers under Settings → Exclusions.
• New — withdrawal status on the order screen: when an order has an associated withdrawal, the WooCommerce order-edit screen now shows a “Right of withdrawal” panel with the withdrawal’s status and a link straight to its record.
• New — optional withdrawal column on the orders list: a new Settings → General switch (“Show a withdrawal column in the orders table”, off by default) adds a column to the WooCommerce orders list flagging which orders have a withdrawal and its status (a dash when none). HPOS- and legacy-orders compatible.
• Fix — bank account entry: a Hungarian IBAN (starting “HU”) could not be typed into the field — the letters were stripped as you went, so the prefix never took. Typing an IBAN now works character by character (pasting one already worked).
• Improvement — domestic (GIRO) bank account validation is no longer over-strict: it still checks the account format and the bank + branch check digit, but no longer rejects on the account-holder block’s check digit, which is bank-dependent and not present at every bank. Valid accounts issued by some banks (e.g. Raiffeisen, Budapest Bank) that were previously refused are now accepted.
• New — the withdrawal link added to WooCommerce order emails is now a discreet text link instead of a prominent box, to avoid accidental clicks. Its position in the email is configurable (top, after the order details, or bottom — bottom by default), and both the surrounding message text and the link label can be customised under Settings → Email.
• Improvement — withdrawal form, step 2: item quantities now start at 0 and the customer increases them, instead of pre-filling the full purchased quantity. The per-item maximum still applies, and at least one item must be selected to submit.

1.4.1

• Fix — the “order not found” validation message now displays correctly in Hungarian (the message was rewritten in 1.4 and its translation was missing from the shipped language pack, so it fell back to English).

1.4

• Fix — guest (not-logged-in) form completion: the withdrawal form now fills in and submits reliably for visitors who are not logged in, including on shops running a login-hardening layer (rename wp-login.php, hide-wp-admin, a firewall) that could previously break the guest two-step submission. Where 1.3.2 only diagnosed an intercepted submit, the guest path now completes.
• New — Pro version visibility: administrators can clearly see that a Pro version exists and, when the Pro plugin is installed, which Pro version is active. The free-only upsell never appears once Pro is present.
• Fix — double-submission guard: a duplicated or retried submission (double click, network retry) can no longer create two withdrawal records or send two confirmation emails for the same declaration. The legitimate partial / repeat-withdrawal flow is unaffected.
• Fix — GDPR personal-data export now labels the “by later arrangement” refund preference correctly, instead of showing it as “Original payment method”.
• Fix — the admin “notification could not be sent” notice now escapes its output correctly.
• Hardening — the guest email-verification code requests now carry their own rate limit, independent of whether the OneCode Login plugin enforces one, to prevent code-request flooding.
• Maintenance — uninstall now removes every option the plugin can create (customer-service contact, diagnostics toggle, error colours); plus minor robustness fixes in stored-record decoding and query handling.

1.3.2

• Fix — when submitting the form fails because a caching or security layer (firewall, “hide wp-admin” rule, full-page cache) intercepts the request — most often for visitors who are not logged in — the form no longer does nothing silently. It now shows an accessible diagnostic with the server response status and a short excerpt of what came back, so the shop owner can identify and whitelist the layer that is blocking the submission.
• New — these intercepted submissions are also recorded in the WooCommerce logs (WooCommerce → Status → Logs, source “bitron-right-of-withdrawal”), including the response status, the page, and whether the visitor was logged in, so the shop owner has a server-side trail even if no one reports the problem. Stale-nonce failures (a cached form) are logged too. Logging is rate-limited, stores no plain-text IP addresses, and can be turned off with the bitrow_diagnostics_enabled filter.

1.3.1

• Fix — email notifications: the order total no longer leaks raw HTML entities into the plain-text message (e.g. “12 990 Ft” / “Ft”) — the amount is now stripped and entity-decoded to clean text such as “12 990 Ft”.
• New — a dismissible admin banner introduces the Pro version (one-click refunds, status management, automation, custom fields, CSV export, webhooks, REST API) with a link to learn more. Shown only in the free plugin and only to administrators, can be dismissed per-user, and never appears when the Pro plugin is present.

1.3

• Fix — the bank account number is no longer mandatory: when the original payment method cannot auto-refund, the customer can choose “by later arrangement” and submit the declaration without entering an account number; the shop arranges the refund details afterwards.
• Fix — corrected a bank account number handling bug.
• Fix — resolved a block editor (Gutenberg) issue with the Withdrawal Form block.
• Fix — Hungarian translation: customer-facing strings switched to the formal register (magázás) for a consistent tone across the form, emails and account pages.
• Improvement — the bank account field now formats the number as you type (IBAN in groups of four, domestic accounts as 8-8-8) and shows a “saved as” preview of the exact value the shop will receive, cutting down copy-paste and typing mistakes. When you finish typing it checks the IBAN/GIRO and announces the result (valid or not) to screen readers, instead of only failing on submit. Fully keyboard- and screen-reader-accessible; pasting a number with spaces or hyphens still works.
• New — repeat-withdrawal guard: once a customer has already declared withdrawal for every eligible item in an order, re-selecting that order is blocked at step 1 with a clear message. If only some items — or some quantities — are still eligible, the form lets them through but limits each item to the remaining amount and marks the already-withdrawn ones. Enforced server-side, so it cannot be bypassed from the browser.
• New — customisable error colours: the validation error summary and the blocked-order notice (the red box above the form) now take their text, background, and left-accent-border colours from Settings → Form → “Error message colours”, the [bitrow_form] error_text / error_background / error_border attributes, or the block’s inspector — matching the existing form-colour customisation. Defaults are unchanged (and stay WCAG-AA); like the other advanced colours these are not contrast-checked, so you own the contrast on any override.
• New — customer-service contact: a dedicated Settings → General → “Customer service contact” section lets you enter a support email and phone number. These are shown on every step-1 message that stops a customer from proceeding — the repeat-withdrawal block, the §16-exempt and business-purchase blocks, and orders with nothing withdrawable — so they always know how to reach you instead of hitting a dead end. Both fields are optional — the email falls back to your WordPress administration email when left empty, and the phone is offered only when set.

1.2

• New — business-customer exclusion: the right of withdrawal is a consumer right, so shops that also sell to VAT-registered businesses can now switch the online withdrawal form off for business orders. Under Settings → Exclusions enable “Switch the online form off for business purchases” and pick the checkout field whose presence on an order marks it as a business purchase (for example a VAT-number field). The available fields are read live from your checkout (woocommerce_checkout_fields), grouped by Billing / Shipping / Account / Order. Orders that carry a value in that field are blocked at step 1 with a message pointing the buyer to your contact channel; orders without it are treated as consumer purchases and work exactly as before. This is a technical filter, not legal advice — you decide which field marks a business buyer.
• New — the admin notification setting is now a free-form email field instead of an on/off toggle: send each new declaration to any address, not just the site administration email. It defaults to your WordPress administration email (filled in automatically on update), you can point it elsewhere, and leaving it empty turns admin notifications off. An invalid address is rejected with a clear, screen-reader-announced error instead of silently disabling notifications.
• Improvement — the Form page selector is now a searchable, fully keyboard- and screen-reader-accessible combobox (the same accessible search already used by the product/category exclusion pickers), so picking the form page no longer means scrolling a huge dropdown on shops with many pages.
• Maintenance — resolved all Plugin Check findings (translator comments, escaping, prepared-statement annotations) and hardened the test suite (deterministic colour-setting isolation). No behaviour change for the customer-facing form.

1.1

• New — guest email verification: with the free OneCode Login plugin active, a not-logged-in customer can prove they own their email with a one-time code before filing. The form emails a code; once entered, it loads the orders for that email just like for a logged-in customer. This replaces the previous “order number + typed email” guest path (which anyone who knew both could use), closing that gap. Controlled by Settings → Form → Guest email verification (on by default when OneCode Login is available). When OneCode Login isn’t active the setting is shown disabled with a one-click “Install & activate OneCode Login” button (for admins who can install plugins) plus a manual-install link; the classic guest path keeps working so the plugin remains fully standalone. Keyboard- and screen-reader-accessible; the verification step requires JavaScript.
• New — product and category withdrawal exemptions: exclude individual products and whole product categories from the right of withdrawal, for the CRD §16 / 45-2014 §29 carve-outs (perishables, custom-made goods, sealed digital downloads, etc.). Managed from a dedicated Settings → Exclusions tab with searchable, fully keyboard- and screen-reader-accessible autocompletes. Exempt items still appear inside an eligible order (with a visible “Not eligible for withdrawal” badge and the quantity locked at zero) so the customer sees what they bought; an order made up entirely of exempt items is blocked at step 1 with a contact pointer.
• New — text and colour customization: match the form to your shop’s look. The submit-button background and text colours come with a live WCAG contrast meter that announces the ratio as you type, and an advanced panel adds the form text, background, and input/fieldset border colours. There’s also an optional intro paragraph and the editable disclaimer below the form. Set everything from Settings → Form, or override per-instance through [bitrow_form] shortcode attributes and the Withdrawal Form block’s Inspector panel.
• New — customer “Withdrawals” hub in My Account: a single, logged-in landing page combining a “Submit a new withdrawal declaration” button (when the form page is configured) with the customer’s own record of every declaration filed from their account — reference number, date, affected order, items, refund preference and status. The menu item appears only when there’s something to show, and the list is privacy-scoped to the account email.
• Improvement — for logged-in customers the step-1 name field prefills from the WooCommerce billing record (family name + given name) instead of the WordPress display name, so the declaration carries the real name used at checkout; email prefills from the account.

1.0

• Initial release