v1.4.6 — unicode-range fonts, security & correctness fixes

What's Changed

• Added: Character range (unicode-range) support per font in the Fonts module — limit which characters trigger a font download for faster page loads
• Added: Quick-pick presets in the admin UI for common subsets (Latin, Latin Extended, Greek, Cyrillic, Vietnamese, Punctuation/Symbols)
• Added: unicode-range is also emitted into the theme.json fontFace data layer so it propagates to the block editor
• Security: Login Security no longer trusts X-Forwarded-For / Client-IP headers by default — these were spoofable on direct connections, allowing IP-based lockouts to be evaded or weaponized. Sites behind a trusted reverse proxy or CDN can opt in via the new "Trust Proxy Headers" setting.
• Security: Login Security now validates client IPs through FILTER_VALIDATE_IP when proxy headers are in use, dropping malformed values rather than hashing them into transient keys.
• Fixed: Block Cleanup XPath query now safely escapes class names via a proper XPath 1.0 string-literal builder (addcslashes was the wrong escape function and silently failed on classes containing quotes).
• Fixed: Snippets kses_with_styles() placeholder collision — <style> extraction now uses a per-call random token so a snippet body containing the literal placeholder string can no longer corrupt the output.
• Fixed: Fonts module admin badge now reflects the Style field (free-text input) instead of looking for a <select> that doesn't exist.
• Fixed: Fonts module options static cache is invalidated automatically on update_option_functionalities_fonts, preventing stale font lists when the option is updated mid-request.
• Fixed: Task Manager AJAX handlers (Export, Delete, etc.) now register whenever in admin, so existing projects remain manageable even when the module is toggled off.
• Fixed: Task Manager card layout — widget badge now sits above the action row, so Open/Export/Delete align consistently across cards.
• Fixed: Help & Support buttons now have higher CSS specificity to defeat WP 7.0's button reset.

Commits

• v1.4.6: unicode-range fonts, security & correctness fixes (00223a7)

Full Changelog: v1.4.5...v1.4.6

v1.4.5

What's Changed

• Added: WOFF and WOFF2 font file uploads now supported in the WordPress media library
• Security: Font uploads validated via binary magic-byte signatures to prevent malicious file uploads

= 1.4.4 =
= 1.4.5 =
Enables WOFF/WOFF2 font uploads in the media library with magic-byte validation for security.

Commits

• v1.4.5: allow WOFF/WOFF2 font uploads in WordPress media library (7e66ba1)
• fix: suppress PHPCS warnings for uninstall meta_key query and dynamic hook name (d6ca5fb)

Full Changelog: v1.4.4...v1.4.5

v1.4.4

What's Changed

• Fixed: Schema module filter_article() now skips content with Vue/Alpine.js directives — prevents DOMDocument from corrupting JS framework templates
• Fixed: Block Cleanup module filter_content_cleanup() now skips content with JS framework directives
• Refactored: Extracted Vue-safe DOMDocument guard into shared Has_Dom_Parser trait used by Link Management, Schema, and Block Cleanup
• All three the_content filters that use DOMDocument (priorities 12, 14, 999) are now protected against JS framework corruption

= 1.4.3 =
= 1.4.4 =
Extends Vue/Alpine.js protection to Schema and Block Cleanup modules. All DOMDocument-based content filters now skip JS framework content.

Commits

• docs: remove changelog from README.md, point to readme.txt (c28993b)
• v1.4.4: extend Vue-safe guard to Schema and Block Cleanup modules (f9b27cc)
• refactor: extract Vue-safe DOMDocument guard into shared trait (f4df469)

Full Changelog: v1.4.3...v1.4.4

v1.4.3

What's Changed

• Fixed: Link Management process_content() now skips HTML containing Vue.js directives (v-cloak, v-if, v-show, :class, @click, {{ }})
• Fixed: DOMDocument re-parsing was corrupting Vue/React template syntax in themes like MyListing, causing explore pages to flash and disappear
• Improved: Early-exit check prevents unnecessary DOM parsing on content with JavaScript framework directives

= 1.4.2 =
= 1.4.3 =
Fixes Link Management breaking pages that use Vue.js (MyListing explore page, etc.). DOMDocument no longer corrupts Vue/React template directives.

Commits

• v1.4.3: fix Link Management breaking Vue.js pages (MyListing explore) (18ca7a3)

Full Changelog: v1.4.2...v1.4.3

v1.4.2

What's Changed

• Fixed: wp_kses now preserves data-* attributes on <script>, <style>, and <link> tags in Header & Footer snippets
• Fixed: async, defer, nomodule, id, nonce, crossorigin, and as attributes no longer stripped from snippet tags for non-admin users
• Fixed: Unified allowed-tags list between snippet output and save sanitization to prevent attribute drift
• Fixed: README.md version was outdated (still showed 1.4.0)

= 1.4.1 =
= 1.4.2 =
Fixes data-* and other attributes being stripped from script/style/link tags in Header & Footer snippets for non-admin users.

Commits

• v1.4.2: preserve data-* and module attributes on snippet tags (c2c3da4)

Full Changelog: v1.4.1...v1.4.2

v1.4.1

What's Changed

• Added: Opt-in "Delete all plugin data when uninstalling" checkbox on the dashboard — removes all options, post metadata, transients, and files on uninstall
• Fixed: Replaced all direct file_put_contents calls with WP_Filesystem API across Task Manager, Redirect Manager, and JSON file creation
• Fixed: Extracted duplicate CSS sanitization into a shared trait used by Components and Fonts modules
• Fixed: Removed sslverify => false from loopback HTTP requests in Assumption Detection
• Fixed: Disabled debug console logging in SVG Icons editor script
• Fixed: Removed dead code in admin UI script

= 1.4.0 =
= 1.4.1 =
Code quality and plugin review compliance: WP_Filesystem for all file writes, comprehensive uninstall cleanup (opt-in), shared CSS sanitization trait, and minor fixes.

Commits

• v1.4.1: comprehensive uninstall, WP_Filesystem, shared CSS sanitizer, cleanup (20f055f)

Full Changelog: v1.4.0...1.4.1

v1.4.0

What's Changed

• Added: Bricks Builder font integration — custom fonts appear in Bricks typography picker and load inside the builder canvas
• Added: PWA module prefills app name, short name, description, and icons from WordPress Settings and Site Icon
• Improved: Task Manager UI redesign — external CSS, card-based project grid, improved modals, hover task actions, polished column view
• Improved: Task Manager consistent spacing across all sections

= 1.3.3 =
= 1.4.0 =
Bricks Builder font support. Task Manager redesign: cleaner card-based UI, external CSS, improved modals, hover actions on tasks, and polished column view.

Commits

• docs: mention Bricks font integration and typography assignments in readme (59b4f89)
• v1.4.0: Bricks font support, Task Manager redesign, typography assignments, PWA prefill (55d8432)

Full Changelog: v1.3.1...v1.4.0

v1.3.1

What's Changed

• Added: Public Link_Management::process_content() helper for applying nofollow/new-tab rules to ACF fields, shortcode output, and custom templates
• Fixed: Redirect Manager now strips query strings before matching, so /old-page?utm=x correctly matches /old-page
• Improved: Redirect Manager passes original query string through to destination URL
• Improved: Redirect Manager uses O(1) indexed lookup for exact matches instead of linear scan
• Improved: Redirect Manager defers hit counter writes to shutdown for faster redirects
• Added: Redirect loop detection at both creation time and runtime
• Fixed: Removed filler text from readme plugin alternatives list

= 1.3.0 =
= 1.3.1 =
Link Management now works with ACF fields and custom templates via process_content() helper. Redirect Manager fixes query string matching and adds loop detection.

Commits

• clean html (14e7071)
• v1.3.1: Link Management public helper, Redirect Manager improvements (371e383)

Full Changelog: v1.3.0...v1.3.1

v1.3.0 — WordPress 7 Compatibility

What's Changed

• Added: WordPress 7 editor iframe compatibility for Fonts, SVG Icons, Content Regression, and Components modules
• Added: enqueue_block_assets handlers so editor CSS loads inside the WP 7 iframed block editor
• Fixed: Query string stripping (remove_query_strings) no longer strips version tags from admin/editor assets
• Tested up to WordPress 7.0

= 1.2.0 =
= 1.3.0 =
WordPress 7 compatibility: editor CSS now loads inside the iframed block editor. Fixes version tag stripping in admin.

Commits

• WordPress 7 compatibility: editor CSS loads inside iframed block editor (aeb119c)

Full Changelog: v1.2.0...v1.3.0

v1.2.0

What's Changed

• Changed: All 16 modules now require explicit activation — no module runs code until enabled
• Added: Enable/disable toggle to every module settings page
• Added: Toggle forms for Task Manager, Redirect Manager, and SVG Icons custom pages
• Fixed: Redirect Manager and Task Manager file paths now set before enabled gate to prevent empty-path errors in admin

= 1.1.1 =
= 1.2.0 =
All modules now require explicit activation. After updating, visit Functionalities settings and enable the modules you use.

Commits

• feat: require explicit activation for all 16 modules (8be70aa)

Full Changelog: v1.1.1...v1.2.0