- Fix production debug exposure in Zoho admin interface (WP_DEBUG conditional)
- Implement secure credential storage with AES-256-CBC encryption
- Add file upload size limits (5MB profiles, 2MB logos) with enhanced validation
- Fix privilege escalation via PHP Reflection bypass with public method alternative
- Add comprehensive input validation and security headers
- Update plugin version to 1.0.7 with security hardening
Security improvements:
✅ Debug information exposure eliminated in production
✅ API credentials now encrypted in database storage
✅ File upload security enhanced with size/type validation
✅ AJAX endpoints secured with proper capability checks
✅ SQL injection protection verified via parameterized queries
✅ CSRF protection maintained with nonce verification
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
- Implement singleton pattern for HVAC_Enhanced_Settings to prevent duplicate initialization
- Fix jQuery selector error by checking for valid hash selectors before using $(href)
- Add default email templates with professional copy for trainer notifications
- Update plugin version to 1.0.1 for cache busting
- Remove duplicate Enhanced Settings initialization from HVAC_Community_Events
- Add force cache refresh suffix to admin scripts
This resolves the duplicate content issue on email templates page and fixes
JavaScript errors in the admin interface.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add trainer status system (pending, approved, active, inactive, disabled)
- Create access control system based on trainer status
- Refactor Master Dashboard with enhanced trainer table
- Add status column and filtering
- Implement search and pagination
- Add bulk status update functionality
- Create status pages for pending and disabled trainers
- Implement approval workflow with email notifications
- Add email template management to settings page
- Include comprehensive test suite (unit, integration, E2E)
This allows Master Trainers to manage trainer accounts, approve new registrations,
and control access based on account status. Trainers must be approved before
accessing dashboard features.
Co-Authored-By: Claude <noreply@anthropic.com>
- Removed all CSS debug error_log statements from hvac-community-events.php
- Removed Request URI and OAuth callback debug messages from class-zoho-admin.php
- Updated gitignore to properly track plugin files
This eliminates the debug noise in production error logs.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
