ben
b19f1c8e79
1. OAuth CSRF Protection: - Added state parameter to OAuth authorization URL - Generate and store state in transient (10 min expiry) - Validate state on callback with timing-safe comparison 2. Debug Log Sanitization: - Added sanitize_log_message() to mask credentials in logs - Patterns mask client_id, client_secret, access_token, refresh_token - Error handlers only expose file paths in WP_DEBUG mode 3. Move Inline JS to External File: - Moved ~100 lines of inline JS to assets/js/zoho-admin.js - Added redirectUri and oauthUrl to wp_localize_script - Better CSP compliance and caching 4. Updated .gitignore to track includes/admin/ and includes/zoho/ 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| class-admin-dashboard.php | ||
| class-hvac-enhanced-settings.php | ||
| class-zoho-admin.php | ||
| init_hooks_replacement.txt | ||