Security: Added comprehensive array structure validation for $_FILES superglobal before accessing elements.
Security: Moved is_uploaded_file() validation to immediately after accessing tmp_name for improved security.
Security: Removed PHPCS ignore comment and implemented proper sanitization for file upload handling.
Standards: Replaced $_REQUEST with $_POST for AJAX POST requests per WordPress coding standards.
Standards: Replaced PHP basename() with WordPress wp_basename() for i18n compatibility with multibyte characters.
1.0.4
Security: Sanitized and validated all $_FILES upload fields individually (name, type, tmp_name, error, size).
Security: Added is_uploaded_file() guard against path injection on file uploads.
Standards: Fixed unordered placeholders in translatable strings per WordPress i18n guidelines.
1.0.3
Security: Fixed unauthenticated file downloads, arbitrary PHP uploads, XSS via eval(), and server path disclosure.
Standards: Migrated all filesystem operations to WP_Filesystem API, bundled Material Icons locally, added proper nonce verification and capability checks to all AJAX endpoints.
Standards: Renamed classes to use WordPress underscore convention (Frontend_File_Explorer, Frontend_File_Explorer_Ajax).
Standards: Removed discouraged load_plugin_textdomain() call, added proper prefixing to all handles and identifiers.
1.0.2
Fix: Resolved a critical bug causing the frontend explorer to execute filesystem deletion logic instead of listing directory contents.
Fix: Repaired the “Download as ZIP” mechanism to eliminate ERR_INVALID_RESPONSE failures by safely building ZipArchive temp files and explicitly managing PHP output buffers and Safari download headers.
Feature: Fully integrated the missing backend endpoints required for the UI, enabling seamless frontend and backend folder creation, file uploads, and Media Library imports.
Security & Standards: Swept codebase for strict WordPress PHPCS warnings. Corrected all variable unslashing, resolved missing nonce verification checks, migrated deprecated filesystem functions to WP_Filesystem, and reinforced esc_html__ translation domain strings and translators comments.
1.0.1
Rename plugin to “Frontend File Explorer”
Align text domain and translation loading with slug frontend-file-explorer
Improve README and readme.txt descriptions and screenshots
