From 80f11e71dd36caa7b92e8c473af55c9e1ecf1b2e Mon Sep 17 00:00:00 2001
From: ben <ben@tealmaker.com>
Date: Wed, 29 Oct 2025 16:37:59 -0300
Subject: [PATCH] fix: resolve dashboard fatal errors and event edit security
 check failures
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes three critical production issues discovered on upskillhvac.com:

✅ Dashboard Fatal Errors (class-hvac-dashboard-data.php):
- Added class_exists('Tribe__Events__Main') checks before accessing TEC constants
- Prevents fatal errors when TEC plugin loads after our code
- Applied to get_total_events_count(), get_upcoming_events_count(), and get_past_events_count()
- Gracefully returns 0 when TEC is not available

✅ Event Edit Security Check Failure (page-edit-event-custom.php):
- Fixed nonce action mismatch: changed 'hvac_edit_event' to 'hvac_event_action'
- Aligns with HVAC_Event_Manager::NONCE_ACTION constant
- Resolves "Security check failed" error on event update forms

✅ Google Drive Folder Update:
- Updated embedded folder ID from 16uDRkFcaEqKUxfBek9VbfbAIeFV77nZG to 1-SDHGR9Ix6BmUVTHa3wI99K0rwfWL-vs
- Applied to templates/page-trainer-resources.php (trainer resources page)
- Applied to includes/class-hvac-announcements-display.php (shortcode default)
- Updated tests/unit/test-announcements-display.php (test references)

All changes tested and verified on production.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 includes/class-hvac-announcements-display.php |  2 +-
 includes/class-hvac-dashboard-data.php        | 45 ++++++++++++-------
 templates/page-edit-event-custom.php          |  2 +-
 templates/page-trainer-resources.php          |  4 +-
 tests/unit/test-announcements-display.php     | 20 ++++-----
 5 files changed, 44 insertions(+), 29 deletions(-)

diff --git a/includes/class-hvac-announcements-display.php b/includes/class-hvac-announcements-display.php
index 58b7e18f..d632a316 100644
--- a/includes/class-hvac-announcements-display.php
+++ b/includes/class-hvac-announcements-display.php
@@ -251,7 +251,7 @@ class HVAC_Announcements_Display {
         }
         
         $atts = shortcode_atts(array(
-            'url' => 'https://drive.google.com/drive/folders/16uDRkFcaEqKUxfBek9VbfbAIeFV77nZG?usp=drive_link',
+            'url' => 'https://drive.google.com/drive/folders/1-SDHGR9Ix6BmUVTHa3wI99K0rwfWL-vs?usp=drive_link',
             'height' => '600',
             'width' => '100%',
         ), $atts);
diff --git a/includes/class-hvac-dashboard-data.php b/includes/class-hvac-dashboard-data.php
index ab6c69ec..0d048087 100644
--- a/includes/class-hvac-dashboard-data.php
+++ b/includes/class-hvac-dashboard-data.php
@@ -43,18 +43,23 @@ class HVAC_Dashboard_Data {
 	 */
 	public function get_total_events_count() {
 		global $wpdb;
-		
+
 		try {
+			// Check if TEC is available
+			if ( ! class_exists( 'Tribe__Events__Main' ) ) {
+				return 0;
+			}
+
 			// Cache key based on user ID
 			$cache_key = 'hvac_dashboard_total_events_' . $this->user_id;
 			$count = wp_cache_get( $cache_key, 'hvac_dashboard' );
-			
+
 			if ( false === $count ) {
 				// Use direct database query to avoid TEC query hijacking
 				$count = $wpdb->get_var( $wpdb->prepare(
-					"SELECT COUNT(*) FROM {$wpdb->posts} 
-					 WHERE post_type = %s 
-					 AND post_author = %d 
+					"SELECT COUNT(*) FROM {$wpdb->posts}
+					 WHERE post_type = %s
+					 AND post_author = %d
 					 AND post_status IN ('publish', 'future', 'draft', 'pending', 'private')",
 					Tribe__Events__Main::POSTTYPE,
 					$this->user_id
@@ -84,20 +89,25 @@ class HVAC_Dashboard_Data {
 	 */
 	public function get_upcoming_events_count() {
 		global $wpdb;
-		
+
+		// Check if TEC is available
+		if ( ! class_exists( 'Tribe__Events__Main' ) ) {
+			return 0;
+		}
+
 		// Cache key based on user ID
 		$cache_key = 'hvac_dashboard_upcoming_events_' . $this->user_id;
 		$count = wp_cache_get( $cache_key, 'hvac_dashboard' );
-		
+
 		if ( false === $count ) {
 			$today = date( 'Y-m-d H:i:s' );
-			
+
 			// Use direct database query to avoid TEC query hijacking
 			$count = $wpdb->get_var( $wpdb->prepare(
 				"SELECT COUNT(*) FROM {$wpdb->posts} p
 				 LEFT JOIN {$wpdb->postmeta} pm ON p.ID = pm.post_id AND pm.meta_key = '_EventStartDate'
-				 WHERE p.post_type = %s 
-				 AND p.post_author = %d 
+				 WHERE p.post_type = %s
+				 AND p.post_author = %d
 				 AND p.post_status IN ('publish', 'future')
 				 AND (pm.meta_value >= %s OR pm.meta_value IS NULL)",
 				Tribe__Events__Main::POSTTYPE,
@@ -119,20 +129,25 @@ class HVAC_Dashboard_Data {
 	 */
 	public function get_past_events_count() {
 		global $wpdb;
-		
+
+		// Check if TEC is available
+		if ( ! class_exists( 'Tribe__Events__Main' ) ) {
+			return 0;
+		}
+
 		// Cache key based on user ID
 		$cache_key = 'hvac_dashboard_past_events_' . $this->user_id;
 		$count = wp_cache_get( $cache_key, 'hvac_dashboard' );
-		
+
 		if ( false === $count ) {
 			$today = date( 'Y-m-d H:i:s' );
-			
+
 			// Use direct database query to avoid TEC query hijacking
 			$count = $wpdb->get_var( $wpdb->prepare(
 				"SELECT COUNT(*) FROM {$wpdb->posts} p
 				 LEFT JOIN {$wpdb->postmeta} pm ON p.ID = pm.post_id AND pm.meta_key = '_EventEndDate'
-				 WHERE p.post_type = %s 
-				 AND p.post_author = %d 
+				 WHERE p.post_type = %s
+				 AND p.post_author = %d
 				 AND p.post_status IN ('publish', 'private')
 				 AND pm.meta_value < %s",
 				Tribe__Events__Main::POSTTYPE,
diff --git a/templates/page-edit-event-custom.php b/templates/page-edit-event-custom.php
index ef190c01..3fcdc394 100644
--- a/templates/page-edit-event-custom.php
+++ b/templates/page-edit-event-custom.php
@@ -113,7 +113,7 @@ get_header();
             <?php endif; ?>
             
             <form method="post" action="" class="hvac-event-form" novalidate>
-                <?php wp_nonce_field('hvac_edit_event', 'hvac_event_nonce'); ?>
+                <?php wp_nonce_field('hvac_event_action', 'hvac_event_nonce'); ?>
                 <input type="hidden" name="event_id" value="<?php echo esc_attr($event_id); ?>">
                 
                 <!-- Basic Information -->
diff --git a/templates/page-trainer-resources.php b/templates/page-trainer-resources.php
index 5477a504..1d450799 100644
--- a/templates/page-trainer-resources.php
+++ b/templates/page-trainer-resources.php
@@ -172,8 +172,8 @@ $menu_system = HVAC_Menu_System::get_instance();
                 <div class="google-drive-container">
                     <?php
                     // Google Drive embed with proper URL format
-                    $drive_url = 'https://drive.google.com/drive/folders/16uDRkFcaEqKUxfBek9VbfbAIeFV77nZG?usp=drive_link';
-                    $folder_id = '16uDRkFcaEqKUxfBek9VbfbAIeFV77nZG';
+                    $drive_url = 'https://drive.google.com/drive/folders/1-SDHGR9Ix6BmUVTHa3wI99K0rwfWL-vs?usp=drive_link';
+                    $folder_id = '1-SDHGR9Ix6BmUVTHa3wI99K0rwfWL-vs';
                     
                     // Use the modern embed format that works better
                     $embed_url = 'https://drive.google.com/embeddedfolderview?id=' . $folder_id;
diff --git a/tests/unit/test-announcements-display.php b/tests/unit/test-announcements-display.php
index a6740b98..17a56f30 100644
--- a/tests/unit/test-announcements-display.php
+++ b/tests/unit/test-announcements-display.php
@@ -160,13 +160,13 @@ class Test_HVAC_Announcements_Display extends WP_UnitTestCase {
      */
     public function test_google_drive_shortcode() {
         wp_set_current_user( $this->regular_trainer );
-        
-        $output = do_shortcode( '[hvac_google_drive_embed url="https://drive.google.com/drive/folders/16uDRkFcaEqKUxfBek9VbfbAIeFV77nZG" height="500"]' );
-        
+
+        $output = do_shortcode( '[hvac_google_drive_embed url="https://drive.google.com/drive/folders/1-SDHGR9Ix6BmUVTHa3wI99K0rwfWL-vs" height="500"]' );
+
         // Should contain iframe
         $this->assertStringContainsString( '<iframe', $output );
         $this->assertStringContainsString( 'height="500"', $output );
-        
+
         // Should contain embed URL
         $this->assertStringContainsString( 'embeddedfolderview', $output );
     }
@@ -178,17 +178,17 @@ class Test_HVAC_Announcements_Display extends WP_UnitTestCase {
         $reflection = new ReflectionClass( $this->display_handler );
         $method = $reflection->getMethod( 'convert_drive_url_to_embed' );
         $method->setAccessible( true );
-        
+
         // Test folder URL conversion
-        $sharing_url = 'https://drive.google.com/drive/folders/16uDRkFcaEqKUxfBek9VbfbAIeFV77nZG?usp=drive_link';
+        $sharing_url = 'https://drive.google.com/drive/folders/1-SDHGR9Ix6BmUVTHa3wI99K0rwfWL-vs?usp=drive_link';
         $embed_url = $method->invoke( $this->display_handler, $sharing_url );
-        
-        $this->assertEquals( 'https://drive.google.com/embeddedfolderview?id=16uDRkFcaEqKUxfBek9VbfbAIeFV77nZG#list', $embed_url );
-        
+
+        $this->assertEquals( 'https://drive.google.com/embeddedfolderview?id=1-SDHGR9Ix6BmUVTHa3wI99K0rwfWL-vs#list', $embed_url );
+
         // Test invalid URL returns original
         $invalid_url = 'https://example.com/not-a-drive-url';
         $result = $method->invoke( $this->display_handler, $invalid_url );
-        
+
         $this->assertEquals( $invalid_url, $result );
     }