內容簡介
總結:comitifact將WooCommerce連接至COMITI的CFDI 4.0(墨西哥)戳記服務。這外掛具有多項功能,如生成CFDI 4.0(XML)和其可打印版本(PDF)、設定HTTPS端點、保障安全性、並尊重隱私。
問題與答案:
1. comitifact外掛的主要功能有哪些?
- 生成CFDI 4.0(XML)和其可打印版本(PDF)
- 取消CFDI
- 附加到訂單的文件上傳,有大小限制和白名單(CSD、XML、ZIP、PEM等)
2. comitifact外掛如何保障安全性?
- 通過AJAX動作上的一次性代幣進行保護
- 進行能力檢查(默認需要manage_woocommerce來進行管理動作)
- 進行輸入淨化和輸出脫逸
3. comitifact外掛如何處理隱私問題?
- 該外掛與外部電子發票(timbrado)提供商整合,根據設置,訂單中的財務數據(RFC、法定名稱、CFDI使用、稅收地址等)可能通過HTTPS發送給提供商。在使用前請查看並接受提供商的條款。如果處理個人數據,請確保有合法基礎和適當的隱私聲明。
外掛標籤
開發者團隊
② 後台搜尋「COMITI Invoicing Cloud for Ecommerce」→ 直接安裝(推薦)
原文外掛簡介
comitifact connects WooCommerce to COMITI’s CFDI 4.0 (Mexico) stamping services.
Key features
– Generate CFDI 4.0 (XML) and its printable representation (PDF).
– CFDI cancellation.
– File uploads attached to orders with size limits and a whitelist of extensions (CSD, XML, ZIP, PEM, etc.).
– Configurable HTTPS endpoints for production and sandbox environments.
– Multisite-aware (cleans up on uninstall per site).
– Internationalization ready (Text Domain: comitifact) and loads translations from /languages.
Security
– Nonces on AJAX actions.
– Capability checks (by default requires manage_woocommerce for admin actions).
– Input sanitization and output escaping.
– Uploads stored in a dedicated folder /wp-content/uploads/comitifact/ with MIME checks and size limits.
– No credentials or endpoints exposed on the front end.
Privacy
This plugin integrates with an external e-invoicing (timbrado) provider. Depending on your configuration, fiscal data from orders (RFC, legal name, CFDI use, tax address, etc.) may be sent to your provider over HTTPS. Review and accept the provider’s terms before use. If you process personal data, ensure you have a lawful basis and appropriate privacy notices.
Requirements
– WordPress ≥ 5.8
– PHP ≥ 7.4
– WooCommerce (a version compatible with your site)
Localization
This plugin is translation-ready. Text domain: comitifact, path: /languages. You can contribute translations via WordPress.org GlotPress once published.
Notes for Reviewers (WordPress.org)
All AJAX actions that write files or data are protected by nonces and capability checks.
External services are configurable and default to HTTPS endpoints.
No external tracking; no personal data is transmitted unless configured by the site owner for invoicing purposes.
Uninstall routine removes options, transients, prefixed tables, cron hooks, and /uploads/comitifact/.
