Screenshots are captured client-side using html2canvas (loaded from jsDelivr CDN on demand, only when the user clicks "Attach Screenshot"). This avoids any cron dependency.
Process:
- User clicks "Attach Screenshot" in the widget or page form.
- html2canvas renders the visible page to a
<canvas>, excluding the widget panel itself. - The canvas is compressed to JPEG (quality 0.72, max dimension 1280px).
- The base64 data URL is uploaded via AJAX to
ofb_upload_screenshot. - The server validates magic bytes (JPEG or PNG only), enforces the 2 MB limit, saves to
wp-content/uploads/ofb-screenshots/, and returns the public URL. - The URL and server path are stored with the submission on form submit.
Cleanup:
A daily WP-Cron job deletes screenshot files belonging to entries that were archived more than 30 days ago. You can also trigger this immediately from Settings → Screenshot Storage → Run Cleanup Now.
Security:
The ofb-screenshots/ directory is protected by a .htaccess file that disables directory listing and blocks PHP execution.