NetterTech Events

Changelog

1.0.2

• Compliance: Round-2 WP.org Plugin Review remediation. Suppression-as-documentation removed across the source tree; per-issue root-cause refactors landed in waves.
• Compliance (Wave A): Output escaping refactored across blocks, BeaverBuilder modules, frontend shortcodes, admin/repo/service classes, and templates. Custom wp_kses allowlist helper (ShortcodeOutput::get_allowlist()) preserves SVG, ARIA, and data-* attributes that wp_kses_post would strip.
• Compliance (Wave B): Service classes (RecurrenceRuleBuilder, TicketTypeSaver, CheckInEmailSaver, AttendeeFieldsSaveHandler) no longer fall back on $_POST — callers must pass verified data after nonce/capability checks. Bulk-action handlers extract input only after nonce verification.
• Compliance (Wave B): SecurityHeaders re-anchored to current_screen + WP_Screen API (was reading $_GET on admin_init priority 1).
• Compliance (Wave B): Calendar shortcode URL parameters migrated from ?month= / ?date= to registered query vars nettertech_events_calendar_month / ..._date; legacy URLs 301-redirect to the prefixed format.
• Compliance (Wave B): Settings page sanitizes $_POST['nettertech_events_settings'] at the boundary via map_deep( ..., 'sanitize_textarea_field' ); type-specific tightening continues in SettingsSanitizer.
• Compliance (Wave B): TicketCartAjax sanitizes the JSON ticket payload at the boundary; the prior suppression is removed.
• Compliance (Wave B): EventTemplateResolver::can_preview_event() refactored to close a bypass gap where a malformed ?preview= value could skip nonce verification.
• Compliance (Wave C): Dynamic-hook patterns (e.g. Hooks::SETTINGS_TAB_PREFIX . $tab, {filter_prefix}_get_template_part_{slug}) replaced with fixed Hooks::* constants; listeners receive what was previously encoded in the suffix as an action argument. Backward-compat bridges fire the deprecated names alongside the canonical ones (will be removed in 2.0).
• Compliance (Wave C): AdminMenu exposes explicit SUBMENU_NEW, SUBMENU_EDIT, SUBMENU_ATTENDEES, SUBMENU_QR_GENERATOR, SUBMENU_CSV_IMPORT, SUBMENU_ACTIVITY_LOG, SUBMENU_SETTINGS constants. Eight callsites refactored.
• Compliance (Wave C): MigrationManager (legacy ve_* → canonical) state-option keys renamed from nte_rebrand_migration_* to nettertech_events_legacy_rebrand_*. A v1.0.2 upgrade-path transition forwards legacy keys onto the new names for sites that ran the migration under v1.0.0/1.0.1. Only the canonical nettertech_events_legacy_rebrand_complete action fires on completion; the legacy bridge hook was removed for the initial WP.org submission.
• Compliance (Wave C): PrefixMigrationManager loads its old/new prefix maps from config/legacy-prefix-map.json instead of carrying nte_* literals in PHP source. The remaining nte_* mentions in production source are confined to the MigrationManager legacy-rename code path: state-transition source-key strings (nte_rebrand_migration_complete, nte_rebrand_migration_log) read on upgrade from v1.0.0/1.0.1, the intermediate post-type and taxonomy slugs targeted by the ve_* → canonical rename, and docblock examples documenting them. No nte_* literal is emitted at steady-state runtime.
• Compliance (Wave C): Template loader now passes a typed TemplateContext (or EmailContext for email templates) as a single $context parameter instead of injecting locals via extract(). Thirty-two templates refactored to property-style access ($context->event). The NonPrefixedVariableFound suppressions across templates/ are gone (was 38).
• Compliance (Wave D): Vendor documentation (per-library LICENSE, NOTICE, CHANGELOG.md, README.md, tests, examples) excluded from the distribution zip. The “Bundled Third-Party Libraries” section of this readme.txt is the authoritative attribution surface (a standalone CREDITS.md was previously used and has been inlined here). License selected for the dual-licensed chillerlan/php-qrcode dependency: MIT (GPL-2.0 compatible).
• Compliance (Wave D): .eslintignore removed from the distribution (Plugin Check’s “hidden files are not permitted” rule).

1.0.1

• Compliance: Renamed all nte_* prefix identifiers to nettertech_events_* to satisfy WP.org plugin review’s 4-character minimum prefix requirement (hooks, options, post/user/order-item meta keys, transients, AJAX action strings, nonces, $POST keys, JS-localized variables, table prefixes, cron hook names)
• Compliance: Renamed custom post type slug from nte_event to nettertech_event (16 chars; the originally-planned 23-char name exceeded WP core’s 20-char register_post_type() limit and would have silently failed registration)
• Compliance: Renamed taxonomies to nettertech_event_category and nettertech_event_tag for safer headroom under WP’s 32-char taxonomy slug limit
• Compliance: Renamed style handle nte-public-ticket to nettertech-events-public-ticket
• Compliance: Sanitization fixes — added wp_unslash() and sanitize_text_field() to 13 superglobal access points flagged by WordPress.Security.ValidatedSanitizedInput sniff (Rentals: 11 sites; Seating: 2 sites)
• Migration: New PrefixMigrationManager class (Step 2 migration, separate from the existing legacy ve_* → nte_* MigrationManager) automatically renames all DB-persisted artifacts on plugin upgrade — custom tables (RENAME TABLE), wp_posts.post_type, wp_term_taxonomy.taxonomy, options (exact-match per key, no broad REPLACE), wp_postmeta/wp_usermeta/wp_woocommerce_order_itemmeta keys, transients (cache vs stateful classification), cron hook reschedule with cadence preserved, and shortcode rewrites in wp_posts.post_content
• Migration: Conflict-detection rule — if both old and new tables exist, migration logs the conflict and aborts rather than auto-merging (per data-safety policy); transient lock prevents parallel runs
• Migration: Per-addon migrators (Pro, Rentals, Seating) listen on the base completion action AND run a plugins_loaded priority 20 fallback check, so addons activated after base migrate independently. Each addon has its own completion flag and log option.
• Note for site owners: existing sites running the in-review v1.0.0 should run update_option( 'nettertech_events_prefix_migration_complete', '' ) before upgrade only if they want the migration to re-run; otherwise the migration runs automatically on plugin update.
• BREAKING — Yoast SEO templates: The three custom title-template variables registered via wpseo_register_var_replacement() were renamed from %%nte_event_date%%, %%nte_event_venue%%, %%nte_event_organizer%% to %%nettertech_events_event_date%%, %%nettertech_events_event_venue%%, %%nettertech_events_event_organizer%%. Sites with the legacy variable names in their Yoast title templates will need to update those templates after the upgrade — the old names no longer resolve and will render as the literal string. Rank Math equivalents were already migrated and are unaffected.
• Cleanup: Swept all stale nte_* references out of comments, PHPDocs, local PHP variable names, test fixtures, block render templates, Beaver Builder module render templates, and the uninstall handler. The only remaining nte_* strings in the codebase are inside MigrationManager.php (Step-1 ve_* → nte_* migrator, never executes on a fresh install) and PrefixMigrationManager.php (Step-2 input keys for the rename map). Both are documented carve-outs.
• Fix: uninstall.php was deleting transients matching _transient_nte_% (the pre-1.0.1 prefix) which would have left nettertech_events_* transients orphaned on uninstall after the migration ran. Pattern updated to match the post-migration prefix.
• Fix: uninstall.php was filtering shadow posts by the post-type slug 'nettertech_events_event' (23 chars; exceeded WP’s 20-char limit and was never the live slug). Replaced with the canonical ShadowPostType::POST_TYPE constant so it stays in sync with the registered slug.

1.0.0

• Feature: Category system migrated from WordPress taxonomy to internal tables with dedicated editor
• Feature: Event reminder emails with configurable timing and cron scheduling
• Feature: GDPR privacy tools — WordPress privacy exporter/eraser for attendee data
• Feature: Event card redesign with full-tile clickability and responsive images
• Feature: Category checkbox UI in event editor sidebar
• Feature: WooCommerce event_id meta on cart items for integration support
• Feature: Distribution packaging with .distignore and GPL v2 LICENSE
• Enhancement: God class decomposition — 8 large classes refactored into focused modules
• Enhancement: PHPStan Level 7 static analysis with zero-error baseline
• Enhancement: CSS custom properties for themeable colors (date badge, ticket area, borders)
• Enhancement: 12px minimum font floor enforced; systemic rem-to-em CSS conversion
• Enhancement: Test suite of over 5,000 unit tests with over 17,000 assertions
• Fix: Event time not saving correctly (BUG-001)
• Fix: Past events AJAX pagination missing parameter (BUG-002)
• Fix: Category filter dropdown empty after iCal import (BUG-003)
• Fix: Ticket quantity buttons non-functional due to script timing (BUG-004)
• Fix: Event editor browser tab title stuck on “All Events” (BUG-005)
• Fix: Category UI missing from event editor (BUG-007)
• Fix: ActivityLogHooks signature updated to accept Attendee model
• Fix: Admin bar “Edit Event” hover color
• Security: Compatible with WooCommerce High-Performance Order Storage
• Security: OWASP 2025 compliance verified across all endpoints

0.9.0

• Feature: Multi-organizer support with junction tables
• Feature: Categories and tags junction tables for scalability
• Enhancement: Test coverage improved to 29.30% (1,077 unit tests)
• Enhancement: E2E test suite expanded to 53 Playwright tests
• Enhancement: Schema version bump with automatic migration
• Security: Check-in codes generated via random_bytes (16-hex-char codes, cryptographically secure per OWASP 2025)

0.8.0

• Feature: ServiceRegistry DI pattern with 7 contracts
• Feature: Denormalized counter caching for ticket sales
• Feature: N+1 query prevention with identity maps
• Security: OWASP 2025 compliance (authorization order fixes)
• Enhancement: 887 unit tests + 51 E2E Playwright tests
• Enhancement: Beaver Builder modules with direct class invocation
• Enhancement: Gutenberg blocks for Calendar, Carousel, and Grid

0.7.0

• Feature: QR code generation with color customization
• Feature: Atomic check-in operations (race-condition safe)
• Feature: Email confirmations with ICS attachments
• Feature: Series passes for recurring events
• Feature: Template tickets with automatic propagation
• Enhancement: Centralized capacity service

0.6.0

• Feature: WooCommerce ticketing integration
• Feature: RSVP form shortcode
• Feature: Theme-overridable template system
• Enhancement: Event categories taxonomy

0.5.0

• Feature: Recurring event frontend pages
• Feature: Occurrence-specific pages with tickets
• Feature: Event carousel shortcode
• Feature: Event list shortcode with AJAX filters

0.4.0

• Feature: REST API endpoints
• Feature: Calendar shortcode with multiple views
• Enhancement: Frontend router for clean URLs

0.3.0

• Feature: Admin event editor with metaboxes
• Feature: Events list table with bulk actions
• Feature: Recurrence rule builder UI

0.2.0

• Feature: RFC 5545 RRULE parser
• Feature: Occurrence generation service
• Feature: Pre-computed occurrence storage

0.1.0

• Initial pre-release
• Custom database tables for events, occurrences, tickets, attendees
• Basic event CRUD operations