- Remove dangerous set_time_limit() calls in AJAX handlers to prevent resource exhaustion
- Restrict debug logging GET parameter access to administrators only
- Addresses remaining critical issues from security audit
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added explicit checks to prevent authentication redirects on registration page
- Added ensure_registration_page_public() method with priority 1 to run before other auth checks
- Included registration-pending and training-login pages in public pages list
- Added fallback function in main plugin file to remove auth hooks on registration page
This ensures that users can access /trainer/registration/ without being logged in, as intended for new trainer signups.
