Security: renamed database table from {prefix}quotes to {prefix}d11rql_quotes, eliminating collision risk with other plugins. Existing installs are migrated automatically.
Security: replaced TRUNCATE TABLE with DELETE FROM inside the CSV import transaction. TRUNCATE causes an implicit commit in MySQL, meaning a failed import could not be rolled back. DELETE FROM is fully transactional.
Security: replaced explode()/str_getcsv() CSV parser with a php://memory stream + fgetcsv(). The previous approach broke on quoted multi-line fields. The memory stream approach has no filesystem writes and correctly handles all RFC 4180 CSV edge cases.
Synced D11RQL_MIN_WP_VERSION constant and plugin header to 6.9 to match readme.txt.
2.2
Renamed all internal function, constant, option, and transient prefixes from rqw_ (3 chars, too short) to d11rql_ to comply with WordPress.org prefix length requirements (minimum 4 characters).
Updated plugin_signature value in database from rqw_v1 to d11rql_v1.
No database schema changes — existing installs upgrade cleanly on next page load.
2.1
Changed shortcode tag from [random_quote] to [d11rql_random_quote] to comply with WordPress.org prefix requirements.
Rewrote CSV import to use in-memory str_getcsv() parsing — no temporary filesystem writes.
Removed load_plugin_textdomain() call, which is no longer needed for WordPress.org hosted plugins since WordPress 4.6.
Fixed Contributors field in readme.txt to use correct WordPress.org username (briz_dad).
2.0.6
Compatibility: updated “Tested up to” to WordPress 7.0.
Updated “Requires at least” to WordPress 6.9.
No code or database changes.
2.0.5
Admin: added pagination to the Manage Quotes page. Defaults to 10 quotes per page with numbered page links and Previous/Next controls.
Admin: added a per-page dropdown (10, 25, 50, 75, 100) that persists across page navigation and category filtering.
Admin: quote count display shows current range and total (e.g. “Showing 1–10 of 74 quotes”).
Admin: category filter links now reset to page 1 and preserve the current per-page setting.
Admin: export description clarified to confirm all quotes are exported regardless of current page or filter.
2.0.4
Database: added an index on the category column for faster category-filtered queries on larger quote libraries. Applied automatically via dbDelta on next page load — no manual steps required.
2.0.3
Fix: Added DONOTCACHEPAGE constant to both the shortcode and widget output functions. This tells WP Super Cache, W3 Total Cache, WP Rocket, and other major caching plugins not to serve a static cached copy of pages containing a random quote — ensuring the quote is genuinely random on every page load for logged-out visitors.
Data: encoding fix for smart quotes, em dashes, and emoji in imported CSV data (Mojibake caused by Windows-1252 bytes being mis-interpreted as UTF-8 during export).
2.0.2
Database: replaced all SELECT * queries with explicit column lists (id, quote, author, category) across all files.
Database: CSV import now runs inside a MySQL transaction — if any insert fails mid-import, a ROLLBACK fully restores the original quotes rather than leaving a partial data set.
Database: admin quote listing queries now use explicit column selection.
No database schema changes — safe drop-in replacement for 2.0.1.
2.0.1
Security: capability check in admin form handler now fires before any superglobal access, closing a trivial bypass via spoofed $_GET[‘page’].
Security: admin success notices (added/updated/deleted) now use per-user transients instead of URL parameters, preventing anyone from flashing misleading notices via crafted URLs.
Security: uninstall.php now verifies the table exists before running SHOW COLUMNS, preventing a DB error on edge-case removal.
Reliability: rqw_maybe_upgrade_db() now uses a static guard to prevent repeated dbDelta calls if update_option() fails transiently.
Reliability: rqw_get_random_quote() now handles the COUNT/OFFSET race condition — if a quote is deleted between the two queries, it falls back to the first available quote instead of silently returning nothing.
Version bump to 2.0.1 (no database changes).
2.0
Added quote categories — assign a category to each quote and filter by category in the widget, shortcode, and admin page.
Shortcode now accepts a category parameter: [d11rql_random_quote category=”inspiration”].
Widget settings now include an optional Category field.
Admin page: Category column added to the quotes table, category field in Add/Edit forms, filter bar to view quotes by category, category autocomplete using HTML datalist.
CSV export now includes the category column. CSV import supports an optional category column (backwards compatible with old files).
Database: added category column (varchar 100) via dbDelta — safe, non-destructive upgrade for existing installations.
Uncategorized quotes (empty category) appear in all category-filtered queries as a fallback.
1.9
Added [d11rql_random_quote] shortcode for displaying a random quote in any post or page.
Shortcode supports an optional title parameter: [d11rql_random_quote title=”Daily Quote”].
Shortcode output uses semantic blockquote/cite markup with CSS class hooks (rqw-shortcode, rqw-shortcode-quote, rqw-shortcode-title).
1.8
WordPress.org submission release.
Added Requires PHP: 7.4 header and runtime PHP/WP version checks on activation.
Added RQW_VERSION constant.
Full WordPress Coding Standards pass: tabs for indentation, absint() replacing intval(), wp_rand() replacing rand(), gmdate() replacing date().
All user-facing strings now use the d11-random-quote-loader text domain (previously some used the bare text_domain placeholder).
Widget output updated to use semantic blockquote/cite markup with CSS class hooks.
Widget now renders before_title/after_title when a title is set.
Admin page function renamed to rqw_render_admin_page for consistent rqw_ namespacing.
All $wpdb insert/update/delete calls now pass explicit format arrays.
Added GPL-2.0-or-later SPDX licence identifier and @package docblock to every file.
1.7
CSV import: added per-row UTF-8 validation with skip-and-report for unreadable characters.
CSV import: 5,000-row limit with count of skipped rows reported to the user.
1.6
CSV import: added BOM stripping and Windows-1252 to UTF-8 encoding conversion.
CSV import: server-side MIME type and file-extension validation.
1.5
CSV export moved to admin-post.php for a proper browser file-download response.
1.4
Added CSV import and export functionality.
1.3
Added inline edit functionality for existing quotes.
1.2
Security pass: nonces added to all forms, current_user_can() checks on all admin actions.
1.1
Replaced ORDER BY RAND() with COUNT + OFFSET strategy for better database performance.
