Security: Hardened database queries by replacing serialized lookups with direct relational structures for improved performance and safety.
Security: Eliminated inline JavaScript by moving workflow actions to a dedicated static file.
Security: Added explicit early exits after redirects to ensure execution flow integrity.
Code Quality: Standardized line endings to LF and added .gitattributes for repository consistency.
Cosmetic: Cleaned up package docblocks across the codebase.
1.4.6
Security: Removed hardcoded sample-user password (Workflow@123). Each new sample user now receives a unique password generated via wp_generate_password(16, true), displayed once in the admin notice and never stored in source.
Security: Added rest_pre_insert_{post_type} enforcement to block unauthorized publish attempts via the REST API. Admin-role REST tokens can no longer bypass the editorial workflow when a post has an active assignment.
Bug fix: reject() no longer overwrites the approved content snapshot with the rejected draft. Visitors continue seeing the last explicitly approved version while the creator revises and re-submits.
Performance: dbDelta() schema checks in CUTMAP_DB and CUTMAP_WNS are now guarded by a version option (cew_db_version, cew_wns_version). The expensive schema introspection runs only on activation/upgrade, not on every page load.
Cleanup: uninstall.php now deletes all _cew_* post meta rows and removes plugin version options, leaving no orphaned data after deletion.
Reliability: The ALTER TABLE … DROP INDEX migration for the audit-log unique key now runs reliably on every upgrade because the schema version option is cleared on activation.
1.4.5
Resolved remaining critical security checklist issues including strict nonce validation across all forms/actions.
Sanitized remaining raw $_POST and $_GET superglobal accesses and strictly avoided empty() checks for them.
Re-audited output escaping inside admin tables and guaranteed all display logic passes through esc_html() and esc_url().
Ensured every single admin_post action starts with a firm current_user_can() capability check followed by wp_die().
1.4.4
Hardened admin actions with strict current_user_can() capability checks.
Improved security by ensuring complete table cleanup on uninstall.
Verified input sanitization and output escaping across the plugin.
1.4.3
Removed UTF-8 Byte Order Marks (BOM) from PHP files to satisfy automated checks.
1.4.2
Fixed unescaped translatable label strings in the frontend shortcode output by using esc_html__.
1.4.1
Fixed the_title escaping context from wp_kses_post to esc_html.
Fixed stale admin hook slug to ensure assets enqueue correctly.
1.4.0
Fixed wp_enqueue issues by converting raw script/style tags.
Added rigorous escaping output (wp_kses_post) to all filter callbacks.
Cleaned up unclosed ob_start buffers to ensure safe hook flows.
Changed short prefixes to longer CUTMAP_ prefixes.
1.3.0
Fixed plugin header metadata parsing issues for strict WordPress.org compatibility.
1.2.0
Renamed plugin to Cutmap Editorial Workflow.
Enhanced security: Enqueued all inline scripts and styles using WP core APIs.
Refactored prefixes to comply with WordPress official plugin guidelines.
Improved dashboard UI and workflow assignment screen.
1.1.0
Hardened security and addressed plugin review feedback.
Refined capabilities and user role checks.
Removed redundant database tables for improved performance.
