Mikesoft TeamVault

Changelog

1.1.31

• Security/compliance: normalized whitelist POST arrays with immediate wp_unslash() + absint() casting for both mstv_allowed_users and legacy pdm_allowed_users
• Validation: re-ran Plugin Check and confirmed no remaining warnings for whitelist input sanitization

1.1.30

• Fixed User Access whitelist toggle wiring so the Authorized users selector appears correctly
• Fixed whitelist selected-user save flow by aligning hidden field names with backend processing
• Added compatibility fallback for legacy cached admin JS posting pdm_allowed_users[]
• Updated whitelist POST array sanitization (wp_unslash + absint) to satisfy Plugin Check input validation
• Completed staging QA validation across whitelist access control, file operations, maintenance actions, export, and uninstall setting persistence

1.1.29

• Added the TeamVault logo to the admin sidebar header on desktop and mobile
• Finalized the first WordPress.org release packaging and distribution flow

1.1.28

• Security: replaced !empty() with wp_validate_boolean() for all boolean form inputs in settings handling
• Security: replaced (bool) cast with wp_validate_boolean() in REST API settings updates
• Security: added dedicated nonce verification for export selection with explicit check
• Compliance: added wp_unslash() to all $_POST handling and PHPCS ignore comments for wp_validate_boolean
• Compliance: added PHPCS ignore comments for orderClause in repository files (whitelist-sanitized values)
• Enhancement: added TeamVault logo SVG to sidebar header in file manager
• Refactor: extracted create_protection_files() to MSTV_Helpers to eliminate code duplication
• Refactor: simplified repository files queries with build_order_clause() method
• Refactor: removed side-effect from MSTV_Storage constructor, explicit directory creation
• Refactor: injected MSTV_Settings into MSTV_Logger and MSTV_Assets via constructor
• Refactor: moved data access logic from logs-page view to admin controller
• Compliance: eliminated redundant MSTV_Settings instantiations in view templates

1.1.27

• Security: added proper sanitization for uploaded file arrays (sanitize_file_name, sanitize_mime_type, sanitize_text_field)
• Security: replaced FILTER_DEFAULT with proper sanitization for folder_ids array
• Security: added detailed PHPCS ignore comments explaining nonce verification patterns
• Compliance: prefixed all global variables in templates with “mstv_”
• Compliance: prefixed all dynamic hook names with “mstv_” via class constants
• Compliance: changed all prefixes from “pdm” to “mstv” (4+ character requirement)
• Compliance: updated all WordPress options from “pdm_” to “mstv_” for uniqueness
• Fix: corrected JavaScript config variable from “pdmConfig” to “mstvConfig”
• Fix: resolved syntax error in settings class (ternary operator compatibility)

1.1.26

• Kept the mobile header toolbar on a single row by compacting filters and action controls
• Reduced the mobile footprint of the Upload and Export buttons for a cleaner responsive header

1.1.25

• Fixed file rename fallback handling for legacy records with empty display names
• Added safer display-name fallback resolution during upload, reindex, browser payload formatting, and rename flows
• Tightened the file rename request handling and added regression coverage for the rename path

1.1.24

• Renamed the plugin branding to Mikesoft TeamVault and aligned the release package with the new slug
• Removed SVG from default allowed uploads, blocked unsafe inline preview paths, and enforced the PDF preview setting
• Fixed nested folder rename path updates so descendant files keep working after folder renames
• Rejected invalid destination folder IDs instead of silently falling back to the root folder
• Improved admin UI consistency, mobile details controls, and release hardening files

1.1.23

• Refined the mobile file manager with off-canvas navigation, responsive filters, and sidebar scrolling
• Fixed rename validation edge cases and several Italian translation issues

1.1.22

• Fixed Plugin Check compliance issues in filesystem operations, schema migration safety, and packaging

1.1.21

• Hardened whitelist enforcement so role-based access and user whitelists are applied consistently across REST, admin screens, and streamed handlers
• Normalized legacy log target types, improved storage cleanup safety, and switched file delivery to chunked streaming for large exports and previews

1.1.20

• Added clearer move-destination selection feedback and restored the root node in the sidebar tree
• Completed the latest Italian translation review for pagination, maintenance, export, and storage recovery strings

1.1.19

• Fixed the remaining Plugin Check findings in uninstall cleanup and admin request sanitization paths

1.1.18

• Added automatic storage self-healing on browser load and folder creation so missing database records are restored without manual maintenance steps

1.1.17

• Added maintenance reindex to restore folder and file records from the storage directory when database entries are missing
• Restored creation of folders whose physical directory still exists after uninstall or partial cleanup

1.1.16

• Restored folder creation when a directory already exists on disk but its database record was removed

1.1.13

• Fixed Plugin Check issues around paginated queries, admin request sanitization, and filesystem fallbacks
• Normalized line endings across the plugin files flagged by the report

1.1.12

• Simplified the export modal to two choices only: export all or export selected folders

1.1.11

• Removed create/upload reliance on the WordPress filesystem abstraction for local file writes to improve compatibility on local environments
• Improved admin API error parsing so critical backend responses surface a readable message in the UI

1.1.10

• Added export choices for the full library, the current folder, or selected folders directly from the export modal
• Fixed the sort-order button icon so it matches ascending and descending states correctly
• Added live filesystem metadata fallback for preview and download streams to reduce issues with stale stored metadata

1.1.9

• Fixed upload validation regressions that could block new file uploads
• Fixed duplicate upload controls shown inside the upload overlay
• Added runtime self-healing for the private storage directory
• Added live filesystem metadata fallback so existing files keep working even if stored MIME or size metadata is stale
• Marked missing binaries clearly in the file manager and disabled invalid preview/download actions
• Added a settings maintenance action to clean orphaned file records after local migrations

1.1.8

• Standardized the main plugin interface and project documentation around English source text
• Refined contribution and README documentation for a more professional release presentation
• Repaired internal naming regressions introduced during the language normalization pass

1.1.7

• Improved binary streaming handlers for preview, download, and ZIP export
• Improved custom table handling and whitelist capability cleanup
• Hardened allowed extensions sanitization in admin settings

1.1.6

• Fixed Windows path normalization in filesystem boundary checks
• Resolved false “Invalid destination path” upload failures caused by mixed slash formats
• Improved upload compatibility for root and nested folder destinations on local Windows environments

1.1.5

• Fixed internal drag and drop so files can be moved reliably into folders
• Added drop targets for content folders, sidebar tree folders, and the root breadcrumb
• Prevented internal drag operations from incorrectly opening the upload overlay

1.1.4

• Moved folder and file quick actions from hover overlays into the details sidebar
• Clicking a folder now selects it and shows actions in the sidebar; double-click opens it
• Simplified card and list layouts by removing inline hover action areas

1.1.3

• Improved translator comments for placeholder-based strings
• Reworked file query ordering for safer database access patterns
• Replaced remaining streamed readfile() usage with filesystem-backed reads
• Improved server input handling in admin settings and repository logs

1.1.2

• Improved admin view escaping and packaging metadata
• Reworked streamed preview and download handlers to use authenticated admin-post endpoints with dedicated nonce support
• Reworked filesystem operations and upload handling for better WordPress compatibility
• Fixed settings form handling with safer input unslashing, redirects, and transient-based success notice
• Added languages/ directory support and removed deprecated manual textdomain loading

1.1.1

• Security: REST API now enforces WordPress REST nonce validation in permission checks
• Security: Removed nonce usage from preview image URLs in the admin UI
• Security: Hardened download and preview filename sanitization against header injection
• Security: Strengthened filesystem base-path boundary validation
• Security: Rejects dangerous double-extension uploads like file.php.pdf
• Security: Added destination path checks before storing files and folders
• Fixed: Streamed download and preview URLs now use secure admin-post handlers
• Fixed: Multisite uninstall now cleans site-specific tables and options correctly
• Improved: Folder repository now caches tree and all-folder lookups during the request lifecycle
• Improved: Export modal flow now submits through admin-post with a dedicated stream nonce
• Added: Hooks are now wired into upload, rename, delete, move, preview, download, export, and folder operations

1.1.0

• Security: Fixed path traversal vulnerability in the filesystem layer
• Security: Added content sniffing to detect polyglot and malicious uploads
• Security: Improved upload validation with full content scanning
• Fixed: Multisite compatibility for plugin tables
• Fixed: ZIP export cleanup on failure with a shutdown handler
• Added: Developer hooks and filters for extensibility

For older release history, see changelog.txt in the plugin package.