- Fix production debug exposure in Zoho admin interface (WP_DEBUG conditional)
- Implement secure credential storage with AES-256-CBC encryption
- Add file upload size limits (5MB profiles, 2MB logos) with enhanced validation
- Fix privilege escalation via PHP Reflection bypass with public method alternative
- Add comprehensive input validation and security headers
- Update plugin version to 1.0.7 with security hardening
Security improvements:
✅ Debug information exposure eliminated in production
✅ API credentials now encrypted in database storage
✅ File upload security enhanced with size/type validation
✅ AJAX endpoints secured with proper capability checks
✅ SQL injection protection verified via parameterized queries
✅ CSRF protection maintained with nonce verification
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
- Add comprehensive Training Leads system for HVAC trainers
* New /trainer/training-leads/ page with tabular contact submission display
* HVAC_Training_Leads class with AJAX status updates and filtering
* Empty state messaging and profile sharing CTA
* Database integration with existing contact forms system
- Restructure trainer navigation menu for better UX
* Rename "Customize" to "Profile" with logical groupings
* Move "Logout" under "Profile" submenu
* Change "Personal Profile" to "Trainer Profile"
* Add "Training Leads" under Profile section
* Update help menu to show only question mark icon positioned far right
- Enhance documentation system
* Fix /trainer/documentation/ page styling and navigation integration
* Update content to reflect current platform features
* Add Training Leads documentation and navigation guide
* Implement proper WordPress template structure
- Update user management
* Change joe@upskillhvac.com display name to "Joe Medosch"
* Assign Joe as author of measureQuick headquarters venue
* Assign Joe as author of measureQuick and Upskill HVAC organizers
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Implement singleton pattern for HVAC_Enhanced_Settings to prevent duplicate initialization
- Fix jQuery selector error by checking for valid hash selectors before using $(href)
- Add default email templates with professional copy for trainer notifications
- Update plugin version to 1.0.1 for cache busting
- Remove duplicate Enhanced Settings initialization from HVAC_Community_Events
- Add force cache refresh suffix to admin scripts
This resolves the duplicate content issue on email templates page and fixes
JavaScript errors in the admin interface.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add trainer status system (pending, approved, active, inactive, disabled)
- Create access control system based on trainer status
- Refactor Master Dashboard with enhanced trainer table
- Add status column and filtering
- Implement search and pagination
- Add bulk status update functionality
- Create status pages for pending and disabled trainers
- Implement approval workflow with email notifications
- Add email template management to settings page
- Include comprehensive test suite (unit, integration, E2E)
This allows Master Trainers to manage trainer accounts, approve new registrations,
and control access based on account status. Trainers must be approved before
accessing dashboard features.
Co-Authored-By: Claude <noreply@anthropic.com>
- Added explicit checks to prevent authentication redirects on registration page
- Added ensure_registration_page_public() method with priority 1 to run before other auth checks
- Included registration-pending and training-login pages in public pages list
- Added fallback function in main plugin file to remove auth hooks on registration page
This ensures that users can access /trainer/registration/ without being logged in, as intended for new trainer signups.
- Fixed registration form redirect to use hierarchical URL (/trainer/registration/)
- Removed inline styles from event manage page that were breaking theme layout
- Added proper CSS styles for event manage header navigation
- Created header component to properly display navigation on event manage page
- Fixed manage event page detection to be more specific
The event manage page now uses external CSS instead of inline styles that conflict with the theme.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Removed all CSS debug error_log statements from hvac-community-events.php
- Removed Request URI and OAuth callback debug messages from class-zoho-admin.php
- Updated gitignore to properly track plugin files
This eliminates the debug noise in production error logs.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
