| - Add XSS protection with DOMPurify sanitization in rich text editor - Implement comprehensive file upload security validation - Enhance server-side content sanitization with wp_kses - Add comprehensive security test suite with 194+ test cases - Create security remediation plan documentation Security fixes address: - CRITICAL: XSS vulnerability in event description editor - HIGH: File upload security bypass for malicious files - HIGH: Enhanced CSRF protection verification - MEDIUM: Input validation and error handling improvements 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> | ||
|---|---|---|
| .. | ||
| scraped | ||
| 00_testing_improvement_plan_140425.md | ||
| ADMINISTRATOR-SETUP-GUIDE.md | ||
| ANNOUNCEMENT-BUTTON-FIX-REPORT.md | ||
| ANNOUNCEMENT-MODAL-SYSTEM.md | ||
| API-REFERENCE.md | ||
| ARCHITECTURE.md | ||
| automatic-page-creation-plan.md | ||
| CERTIFICATION-SYSTEM-IMPLEMENTATION-REPORT.md | ||
| CLAUDE-CODE-DEVELOPMENT-BEST-PRACTICES.md | ||
| COMPREHENSIVE-E2E-TEST-IMPLEMENTATION-PLAN.md | ||
| COMPREHENSIVE-TESTING-MODERNIZATION-PLAN.md | ||
| CONFIGURATION.md | ||
| CUSTOM-TEC-TEMPLATE-IMPLEMENTATION-PLAN.md | ||
| CUSTOMIZATION-EXAMPLES.md | ||
| deploy-plugin-safe-script.md | ||
| DEPLOYMENT-CHECKLIST.md | ||
| deployment.md | ||
| design_guidance.md | ||
| DEVELOPMENT-GUIDE.md | ||
| DOCKER-DEVELOPMENT-GUIDE.md | ||
| documentation-plan.md | ||
| ENHANCED-TEC-TEMPLATE-DEPLOYMENT-GUIDE.md | ||
| EVENT-SEEDING-INSTRUCTIONS.md | ||
| FEATURE_AI_EVENT_POPULATION.md | ||
| FINAL_DEPLOYMENT_REPORT.md | ||
| FIND-TRAINER-FILTER-FIX-REPORT.md | ||
| FIND-TRAINER-FIXES-IMPLEMENTATION-REPORT.md | ||
| FORGEJO-ACTIONS-SETUP-GUIDE.md | ||
| hvac-multi-role-testing-plan.md | ||
| HVAC-PLUGIN-MODERNIZATION-REPORT.md | ||
| hvac-role-testing-plan.md | ||
| HVAC-TEMPLATE-SYSTEM-API.md | ||
| implementation_plan.md | ||
| JAVASCRIPT-BUILD-SYSTEM-IMPLEMENTATION-REPORT.md | ||
| JAVASCRIPT-COMPATIBILITY-RESOLUTION-REPORT.md | ||
| MANUAL-GEOCODING-SYSTEM.md | ||
| MASTER-TRAINER-FIXES-REPORT.md | ||
| MASTER-TRAINER-USER-GUIDE.md | ||
| MONITORING-SYSTEMS.md | ||
| mvp-integration-testing-plan.md | ||
| NAVIGATION-CLEANUP-SUMMARY.md | ||
| NAVIGATION-DROPDOWN-FIX-2025-08-22.md | ||
| ORGANIZER-MANAGEMENT.md | ||
| PHASE-2-TEC-INTEGRATION-ANALYSIS.md | ||
| PHASE-2A-EVENT-TEMPLATES-STATUS.md | ||
| PHASE-2A-IMPLEMENTATION-NOTES.md | ||
| PHASE-2B-TEMPLATE-SYSTEM-FEATURES.md | ||
| PHP8-MODERNIZATION-INTERIM-STATUS.md | ||
| phpunit-staging-setup-plan.md | ||
| PLAYWRIGHT-TEST-COMPATIBILITY.md | ||
| PLUGIN-ARCHITECTURE-REFACTORING.md | ||
| README.md | ||
| REFACTORING-GUIDE.md | ||
| REQUIREMENTS.md | ||
| role-implementation-plan.md | ||
| role-manager-api.md | ||
| SAFARI-COMPATIBILITY-CURRENT-INVESTIGATION.md | ||
| SAFARI-COMPATIBILITY-INVESTIGATION.md | ||
| SAFARI-COMPATIBILITY-PHASE1-COMPLETE.md | ||
| SECURITY-FIXES.md | ||
| SECURITY-INCIDENT-REPORT.md | ||
| SECURITY-REMEDIATION-PLAN.md | ||
| staging-phpunit-setup.md | ||
| STAGING-RESTORATION-CHECKLIST.md | ||
| staging-restore-plan.md | ||
| staging-restore-report.md | ||
| staging-test-implementation-report.md | ||
| staging-test-plan.md | ||
| staging-test-simplified-plan.md | ||
| staging-workflow-plan.md | ||
| TAXONOMY-TESTING-PLAN.md | ||
| TEC-BACKEND-IMPLEMENTATION-SUMMARY.md | ||
| tec-ce-shortcode-integration-plan.md | ||
| tec-ce-template-customization-plan.md | ||
| TEC-EVENT-EDIT-COMPREHENSIVE-FIX.md | ||
| TEC-TEMPLATE-BACKEND-ARCHITECTURE.md | ||
| TEC-TEMPLATE-DEPLOYMENT-CHECKLIST.md | ||
| TEC-TEMPLATE-DEPLOYMENT-SUMMARY.md | ||
| TEC-TEMPLATE-OVERRIDE-PHASE1-REPORT.md | ||
| TEC-V5-BEST-PRACTICES.md | ||
| TEC-V5-FIELD-MAPPING.md | ||
| TEMPLATE-AND-TICKETING-REQUIREMENTS.md | ||
| TEMPLATE-SYSTEM-OVERHAUL.md | ||
| TEMPLATE-SYSTEM-REFACTOR-PLAN.md | ||
| test-environment-checklist.md | ||
| TEST-FRAMEWORK-MODERNIZATION-STATUS.md | ||
| TESTING-GUIDE.md | ||
| TESTING_PLAN_TRAINER_FEATURES.md | ||
| TESTING_REPORT_TRAINER_FEATURES.md | ||
| TRAINER-ANNOUNCEMENTS-IMPLEMENTATION-PLAN.md | ||
| TRAINER-ANNOUNCEMENTS-SPEC.md | ||
| TRAINER-API-REFERENCE.md | ||
| TRAINER-CERTIFICATION-REFACTORING-PLAN.md | ||
| TRAINER-IMPORT.md | ||
| TRAINER-PROFILE-IMPLEMENTATION.md | ||
| TRAINER-PROFILE-SHARING-GUIDE.md | ||
| TRAINER-PROFILE-TECHNICAL-ADDENDUM.md | ||
| trainer-role.md | ||
| TRAINER-SYSTEM-DOCUMENTATION.md | ||
| TRAINER-TROUBLESHOOTING.md | ||
| TRAINER-USER-GUIDE.md | ||
| trainer_page_refactor_30July2025.md | ||
| TRAINING-LEADS.md | ||
| TROUBLESHOOTING.md | ||
| Upskill_HVAC_Prod_WP_Info.txt | ||
| VENUE-MANAGEMENT.md | ||
| WELCOME-POPUP-SYSTEM.md | ||
| WORDPRESS-BEST-PRACTICES.md | ||
| WORDPRESS_ADMIN_TASKS.md | ||
HVAC Community Events Plugin Documentation
Overview
The HVAC Community Events plugin is a comprehensive event management system designed specifically for HVAC trainers. It integrates seamlessly with WordPress and The Events Calendar to provide trainer profiles, certificate generation, venue management, certification tracking, advanced reporting capabilities, comprehensive CSV import functionality with taxonomy integration, and professional trainer profile sharing with QR code generation.
Latest Updates (August 2025):
- Custom event editing interface without JavaScript dependencies
- Simplified jQuery implementation following WordPress best practices
- Enhanced security with proper authorization checks
- Professional responsive design matching registration pages
- Production-ready with comprehensive testing
Documentation Structure
🎯 WordPress Best Practices
Comprehensive guide to WordPress development standards:
- JavaScript and jQuery patterns
- Security implementation
- Plugin development standards
- Asset management
- Database operations
- Template development
- Performance optimization
- Common pitfalls to avoid
🧪 Testing Guide
Complete testing procedures and best practices:
- Display session configuration
- E2E testing with Playwright
- MCP Playwright tools usage
- Test user accounts
- Manual testing procedures
- Production verification
- Debugging failed tests
- Performance and security testing
📋 Configuration Guide
Complete reference for plugin configuration including:
- System architecture overview
- Configuration files and constants
- User roles and permissions
- URL structure and routing
- Theme integration (Astra)
- Database structure
💻 Development Guide
Best practices and guidelines for developers:
- Development environment setup
- Coding standards (WordPress, PHP, JS, CSS)
- Architecture principles and patterns
- Git workflow and deployment process
- Testing strategies
- Security best practices
- Performance optimization
🔧 Troubleshooting Guide
Solutions to common issues:
- 404 errors and missing pages
- Navigation and menu problems
- CSS and theme conflicts
- Database issues
- Performance problems
- Recovery procedures
- Debugging techniques
🏗️ Architecture Documentation
Technical architecture details:
- Plugin structure
- Class responsibilities
- Hook system
- Data flow
- Integration points
Quick Start
Installation
- Upload plugin to /wp-content/plugins/
- Activate through WordPress admin
- Plugin automatically creates required pages
- Configure settings as needed
Key Features
- Trainer Profiles: Comprehensive trainer management with photos, certifications, and statistics
- Event Management: Full integration with The Events Calendar
- Certificate Generation: Automated PDF certificate creation with custom templates
- Venue Management: Organize training locations with TEC integration
- Master Dashboard: Aggregate reporting for master trainers
- Hierarchical URLs: SEO-friendly URL structure (/trainer/dashboard/)
User Roles
- 
hvac_trainer: Standard trainer role - Manage own events
- Generate certificates
- Manage profile, venues, organizers
 
- 
hvac_master_trainer: Advanced trainer role - All trainer capabilities
- View aggregate reports
- Access master dashboard
- Manage other trainers
 
Important Notes
- Dual-role users (both trainer and master trainer) will only see the master trainer navigation
- Plugin requires The Events Calendar to be installed and active
- Optimized for Astra theme but compatible with most WordPress themes
- PHP 7.4+ required (PHP 8.0+ recommended)
Support
For issues or questions:
- Check the Troubleshooting Guide
- Review error logs in /wp-content/debug.log
- Contact development team with detailed error information
Recent Fixes & Updates
Master Dashboard Navigation Overhaul (August 22, 2025) ✅
Complete refactoring of master dashboard layout and navigation system
- 
Problems Fixed: - Two-column layout issue with navigation appearing as unwanted sidebar
- Breadcrumb method error causing PHP fatal errors
- Hierarchical URL detection failure with is_page()function
- Redundant button navigation creating duplicate UI elements
- Content blocking from dual authentication systems
 
- 
Solutions Implemented: - Created hvac-master-dashboard.cssto force single-column layout
- Fixed breadcrumb method call (render()→render_breadcrumbs())
- Enhanced URL detection in HVAC_Scripts_Styles::is_master_dashboard_page()
- Removed old button-based navigation (Google Sheets, Templates, Trainer Dashboard, Logout)
- Integrated all functionality into organized dropdown menu structure:
- Google Sheets → Tools dropdown
- Communication Templates → Tools dropdown
- Trainer Dashboard → Account dropdown
- Logout → Account dropdown
 
 
- Created 
- 
Files Modified: - templates/page-master-dashboard.php- Navigation moved inside content wrapper
- assets/css/hvac-master-dashboard.css- New CSS for layout control
- includes/class-hvac-scripts-styles.php- Added master dashboard detection
- includes/class-hvac-master-menu-system.php- Enhanced menu structure
- templates/template-hvac-master-dashboard.php- Removed button navigation
 
- 
Known Issues: Navigation color scheme needs aesthetic improvements 
Enhanced CSV Import System (August 4, 2025) ✅
Comprehensive CSV import system with taxonomy integration
- Problem: Trainer profiles missing critical information from CSV file - phone numbers, company websites, certification details, business classifications
- Root Cause: Import system using hardcoded data instead of reading actual CSV file with 19 available fields
- Solution: Complete CSV import system redesign with comprehensive field mapping
- Key Features:
- Reads actual CSV_Trainers_Import_1Aug2025.csvfile (43 trainer records)
- Imports all 19 fields: contact info, professional details, certification data
- Full taxonomy integration for business types and training audiences
- Automatic venue/organizer creation based on CSV flags
- Multi-value taxonomy handling (comma-separated values)
- Comprehensive error handling and progress tracking
 
- Reads actual 
- Result: Complete trainer profiles with professional information, proper categorization, and enhanced event management capabilities
Certificate Pages Template System (August 1, 2025) ✅
Fixed critical template loading issue affecting certificate pages
- Problem: Certificate pages (/trainer/certificate-reports/,/trainer/generate-certificates/) were bypassing WordPress template system, showing bare shortcode content without theme headers, navigation, or styling
- Root Cause: load_custom_templates()method loading content-only templates instead of proper page templates
- Solution: Updated template paths to use full page templates with proper WordPress integration
- Additional Fixes:
- Eliminated duplicate breadcrumbs by disabling Astra theme breadcrumbs on plugin pages
- Restored missing navigation menu by removing problematic constant checks
 
- Result: Certificate pages now display with complete theme integration, proper headers/footers, navigation, and consistent styling
Previous Major Updates
- Taxonomy Implementation (August 4, 2025) - WordPress taxonomies for trainer profile classification with E2E testing
- Navigation and Layout System (August 1, 2025) - Dual-role user navigation, sidebar removal, profile page templates
- Role and Certification System (August 1, 2025) - Comprehensive user roles and certification tracking with 10 role options
- Major Plugin Refactor (July 30, 2025) - Registration system overhaul, new trainer pages, comprehensive navigation system
Version History
- v2.0.0 (Current) - Major refactor with modular architecture
- v1.0.0 - Initial release
Last updated: August 2025