Domain Search for WHMCS

3.1.5

• Compatibility: tested and confirmed working with WordPress 7.0. “Tested up to” raised to 7.0.

3.1.4

Critical hotfix.

• Fixed: the search form was disappearing entirely on sites where the saved WHMCS URL was empty. 3.1.2 introduced an “if URL is empty, render nothing” guard that turned out to be too aggressive for sites whose URL had been wiped by the earlier data-loss bug (present in 3.1.0–3.1.1). The shortcode now always renders the form.
• New: automatic URL recovery — if the canonical URL is ever missing, the plugin tries in order: (1) the legacy whmcs_domain_search_url option from pre-2.0 versions, (2) a backup copy that is automatically written on every save going forward, (3) the activation default URL. Whichever wins is also written back to the canonical key so the settings page shows it again.
• Hardened: every save of the WHMCS URL now also writes to a backup option (domain_search_for_whmcs_url_backup). If a future plugin/code bug ever wipes the canonical key again, the form will self-heal on the next page load.

3.1.3

• Fixed: the search-button icon was rendering at 20px inside a much taller button, so it appeared tiny and off-center after the 3.1.1 dashicons → SVG change. The inline SVG icon is now 26px with a heavier 3px stroke, matching the original icon weight from pre-3.1.1 releases. Explicit stroke: currentColor; fill: none added in CSS as a safety net in case a theme tries to fill or recolor SVGs globally.

3.1.2

Critical bug-fix patch.

• Fixed (data loss): saving the Default Settings form (WHMCS URL / placeholder) was wiping the saved Appearance colors back to defaults, and saving the Appearance form was clearing the WHMCS URL and placeholder. Both forms shared a single Settings API option group, so WordPress’s options.php was resetting the other form’s fields on each save. Each form now uses its own option group and they save independently.
• Fixed (data loss): saving the Default Settings form was also silently wiping every Custom Shortcode (same root cause — the shortcodes option was in the shared group). Custom shortcodes now live in their own option group too and are safe across all save operations.
• Fixed: existing sites upgrading to 3.1.x saw a visibly stronger search-input border. The default border color was previously the brand mint green (#1DD1A1), which looked much heavier than the subtle translucent border (#1DD1A126) used in pre-3.1 releases. The default is now a neutral light gray (#E5E7EB), matching the original soft look. Sites that already saved a custom border color are unaffected.
• Fixed: uninstall.php did not remove the domain_search_for_whmcs_appearance option introduced in 3.1.0, leaving orphan data in wp_options after uninstall. All four plugin options are now cleaned up.
• Fixed: the shortcode no longer renders a broken form if the WHMCS URL is empty. Admins see a hidden HTML comment pointing to the settings page; visitors see nothing.
• Hardened: delete-shortcode handler now sanitizes the incoming shortcode_id with sanitize_key() to match how IDs are persisted, keeping nonce verification consistent.
• Improved: third-party admin notices (from SMTP plugins, marketing nags, theme prompts, etc.) are now suppressed on the plugin’s settings page only. Notices on every other WordPress admin screen are unchanged — this keeps the dashboard focused on configuring the plugin without losing visibility of important notices elsewhere.

3.1.1

Performance & polish patch.

• Performance: removed the 32 KB Dashicons stylesheet from the front-end. The search button now uses a tiny inline SVG icon — one fewer HTTP request and ~32 KB saved on every page that displays the form.
• Performance: front-end CSS is now enqueued only on pages that actually use the [domain_search_for_whmcs] shortcode (lazy registration + on-demand enqueue inside the shortcode handler). Pages without the form pay zero CSS cost.
• Privacy: added rel=”noreferrer” to the form (alongside the existing noopener) so the referrer URL is no longer leaked to WHMCS.
• Polish: removed the redundant “Active” pill from the dashboard header (the dashboard only renders when the plugin is active — the pill said nothing useful).
• i18n: regenerated the .pot template with an updated Project-Id-Version and POT-Creation-Date.

3.1.0

Feature release: Appearance customizer with live preview.

• New: dedicated Appearance tab in the admin dashboard — fully customize the front-end search form: input background, text color, border, focus border, placeholder color, button background, hover background, icon color, plus separate corner-radius sliders for input and button (0–50px each). Changes apply through CSS custom properties with zero front-end JavaScript.
• New: Live Preview card at the top of the Appearance tab — see your color and radius choices applied instantly as you tweak them.
• New: synced color picker + hex text input for every color setting (use whichever you prefer; both stay in sync).
• New: Reset to defaults button restores the entire Appearance section in one click (with confirmation).
• New: Appearance settings are organized via clean sub-tabs (Search Input / Search Button) inside the Color & Style card, keeping the form short and scannable.
• New: active main tab and sub-tab are now persisted across page reloads (localStorage), so saving from the Button sub-tab returns you to the Button sub-tab.
• Improved: front-end CSS now uses CSS custom properties (–dsfw-input-bg, –dsfw-button-bg, etc.), so theme developers can also override appearance from a stylesheet without touching the plugin’s settings.
• Improved: “Settings saved” notice now appears after saving via the Default Settings or Appearance forms (Settings API redirect was previously silent).
• Improved: responsive admin layout — tab strip wraps to a second row on narrow screens instead of clipping; mobile-friendly header, tighter card padding on small viewports, single-column support grid, stacked footer.
• Improved: input font-size raised to 16px on mobile to prevent iOS zoom-on-focus.
• Improved: shortcodes table scrolls horizontally on narrow screens instead of overflowing.
• i18n: regenerated the empty .pot template with all 112 unique strings — translators can now contribute via Poedit, Loco Translate, or the WordPress.org translation platform.
• Internal: moved inline admin JavaScript to assets/admin.js, properly enqueued via wp_enqueue_script with wp_localize_script for translatable strings. Cleaner code and CSP-friendly (no inline <script> blocks).
• Polish: tighter one-line plugin header description matching the readme; removed the email link from the dashboard footer (still available in the Resources sidebar and Support tab).

3.0.0

Major release: redesigned admin, brand refresh, security hardening, developer extensibility.

• New: ZendForce-branded admin dashboard — modular cards, tabbed navigation, click-to-copy shortcodes, and an “At a Glance” overview (custom shortcode count, active host, connection protocol).
• New: built-in Support tab with WordPress.org forum link, direct email contact (shipon@zendforce.com), system info card, and a “before you contact” checklist.
• New: five developer filter hooks — dsfwhmcs_whmcs_url, dsfwhmcs_placeholder, dsfwhmcs_form_action, dsfwhmcs_form_method, dsfwhmcs_shortcode_html.
• New: logo mark, status pill, and a polished plugin footer with quick links.
• New: translation-ready strings across the entire admin UI.
• Changed: “Tested up to” raised to WordPress 6.7.5.
• Fixed: uninstall.php was deleting stale option keys and left actual plugin data behind. It now correctly removes all plugin options on uninstall.
• Fixed: removed a non-functional WordPress nonce from the front-end search form. Because the form posts to an external WHMCS URL, the nonce could never validate — it was just a leakable token on every page.
• Changed: the search form now submits via GET (matching WHMCS cart.php convention) and opens in a new tab with rel=”noopener”.
• Hardened: explicit current_user_can(‘manage_options’) checks on the settings handler and rendering function. Safer sanitization on $_GET parameters and shortcode IDs (sanitize_key).
• Improved: admin assets only load on the plugin’s settings page; asset versions tied to the plugin version for clean cache busting.
• Improved: plugin headers now declare Requires at least, Tested up to, and Requires PHP so WordPress can warn users on incompatible installs.
• Removed: stray https:/ directory accidentally bundled in earlier releases.
• Internal: introduced DSFWHMCS_VERSION, DSFWHMCS_FILE, DSFWHMCS_DIR, and DSFWHMCS_URL constants for cleaner internals.

2.1.0

• Redesigned admin dashboard with a modern, card-based UI and tabbed navigation.
• Fixed: uninstall.php removes the correct option keys.
• Fixed: removed the unused nonce from the front-end search form.
• Changed: search form submits via GET and opens in a new tab.
• Hardened: explicit capability checks; safer sanitization of $_GET[‘message’].
• Improved: admin assets only load on the plugin’s settings page.
• Removed: stray https:/ directory bundled in prior releases.

2.0.0

• Added admin settings for WHMCS URL and placeholder text.
• Improved security with nonce verification.
• Enhanced shortcode management functionality.
• Optimized code for better performance and compatibility.
• Added the ability to create and delete multiple shortcodes.
• Improved admin panel UI for better user experience.

1.5.0

• Improved shortcode functionality.
• Added basic security improvements.
• Fixed minor styling issues.

1.0.0

• Initial release.