Major modernization of HVAC plugin for PHP 8+ with full backward compatibility:
CORE MODERNIZATION:
- Implement strict type declarations throughout codebase
- Modernize main plugin class with PHP 8+ features
- Convert array syntax to modern PHP format
- Add constructor property promotion where applicable
- Enhance security helpers with modern PHP patterns
COMPATIBILITY FIXES:
- Fix PHP 8.1+ enum compatibility (convert to class constants)
- Fix union type compatibility (true|WP_Error → bool|WP_Error)
- Remove mixed type declarations for PHP 8.0 compatibility
- Add default arms to match expressions preventing UnhandledMatchError
- Fix method naming inconsistency (ensureRegistrationAccess callback)
- Add null coalescing in TEC integration for strict type compliance
DEPLOYMENT STATUS:
✅ Successfully deployed and tested on staging
✅ Site functional at https://upskill-staging.measurequick.com✅ Expert code review completed with GPT-5 validation
✅ MCP Playwright testing confirms functionality
Ready for production deployment when requested.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed critical security vulnerability with incorrect capability checks
- Fixed hardcoded redirect path from /community-login/ to /training-login/
- Moved dashboard shortcode registration to centralized location
- Fixed duplicate class loading with proper singleton checks
- Fixed incorrect edit URLs in dashboard
- Removed debug HTML comments from production templates
- Moved inline CSS to external stylesheets for better maintainability
- Added caching mechanism for dashboard statistics queries (1 hour cache)
- Implemented pagination JavaScript handlers for AJAX navigation
- Added comprehensive error handling and logging throughout
- Fixed role-based access control (checking roles not capabilities)
- Improved performance with cached database queries
- Fix production debug exposure in Zoho admin interface (WP_DEBUG conditional)
- Implement secure credential storage with AES-256-CBC encryption
- Add file upload size limits (5MB profiles, 2MB logos) with enhanced validation
- Fix privilege escalation via PHP Reflection bypass with public method alternative
- Add comprehensive input validation and security headers
- Update plugin version to 1.0.7 with security hardening
Security improvements:
✅ Debug information exposure eliminated in production
✅ API credentials now encrypted in database storage
✅ File upload security enhanced with size/type validation
✅ AJAX endpoints secured with proper capability checks
✅ SQL injection protection verified via parameterized queries
✅ CSRF protection maintained with nonce verification
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
- Added explicit checks to prevent authentication redirects on registration page
- Added ensure_registration_page_public() method with priority 1 to run before other auth checks
- Included registration-pending and training-login pages in public pages list
- Added fallback function in main plugin file to remove auth hooks on registration page
This ensures that users can access /trainer/registration/ without being logged in, as intended for new trainer signups.
