5ab2c58f68
- Fix production debug exposure in Zoho admin interface (WP_DEBUG conditional) - Implement secure credential storage with AES-256-CBC encryption - Add file upload size limits (5MB profiles, 2MB logos) with enhanced validation - Fix privilege escalation via PHP Reflection bypass with public method alternative - Add comprehensive input validation and security headers - Update plugin version to 1.0.7 with security hardening Security improvements: ✅ Debug information exposure eliminated in production ✅ API credentials now encrypted in database storage ✅ File upload security enhanced with size/type validation ✅ AJAX endpoints secured with proper capability checks ✅ SQL injection protection verified via parameterized queries ✅ CSRF protection maintained with nonce verification 🤖 Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
33 lines
No EOL
744 B
PHP
33 lines
No EOL
744 B
PHP
<?php
|
|
/**
|
|
* Plugin Name: HVAC Community Events
|
|
* Plugin URI: https://upskillhvac.com
|
|
* Description: Custom plugin for HVAC trainer event management system
|
|
* Version: 1.0.7
|
|
* Author: Upskill HVAC
|
|
* Author URI: https://upskillhvac.com
|
|
* License: GPL-2.0+
|
|
* License URI: http://www.gnu.org/licenses/gpl-2.0.txt
|
|
* Text Domain: hvac-community-events
|
|
* Domain Path: /languages
|
|
*/
|
|
|
|
// Exit if accessed directly
|
|
if (!defined('ABSPATH')) {
|
|
exit;
|
|
}
|
|
|
|
// Load the main plugin class
|
|
require_once plugin_dir_path(__FILE__) . 'includes/class-hvac-plugin.php';
|
|
|
|
/**
|
|
* Initialize the plugin
|
|
*
|
|
* @return HVAC_Plugin
|
|
*/
|
|
function hvac_community_events() {
|
|
return HVAC_Plugin::instance();
|
|
}
|
|
|
|
// Initialize the plugin
|
|
hvac_community_events(); |