Fix: Added phpcs:ignore annotation with justification to echo do_shortcode() output in Beaver Builder frontend template; changed per_page shortcode argument from esc_attr() to absint() for correct integer escaping.
1.0.5
Fix: Replace inline <style> tags in Elementor widget and Beaver Builder module with wp_add_inline_style() and Elementor’s native add_render_attribute() API to comply with WordPress.org plugin guidelines (Guideline 11 / wp_enqueue best practices).
1.0.4
Security: LDAP bind password is now encrypted at rest using libsodium (XSalsa20-Poly1305). The encryption key is derived from WordPress’s built-in security keys — no configuration required.
Security: Existing plaintext passwords continue to work and are automatically re-encrypted on the next settings save (transparent migration).
Security: An admin notice is shown when WordPress security keys (wp-config.php) have been regenerated, prompting the administrator to re-enter the bind password.
Note: Regenerating WordPress security keys requires re-entering the bind password once in Settings → LDAP Staff Directory.
1.0.3
Fix: Plugin now activates without the PHP LDAP extension; a persistent admin notice informs the administrator when the extension is missing instead of blocking activation with a fatal error.
Fix: /* translators: */ comment repositioned inside sprintf(), immediately above __(), to satisfy the WordPress Plugin Checker i18n rule.
Fix: All local variables in included template files (directory.php, beaver-builder/frontend.php) renamed with ldap_ed_ prefix to comply with WPCS global-variable naming requirements.
Fix: absint() applied to $columns in Elementor widget printf() output to satisfy the WPCS escaping rule for integer values.
Fix: load_plugin_textdomain() removed — not required for WordPress.org-hosted plugins since WordPress 4.6.
Fix: Domain Path header removed from plugin file — no local translation files are bundled.
Chore: “Tested up to” updated to WordPress 6.9.
Chore: Tag list reduced to five entries per WordPress.org limit.
1.0.2
Feat: Added telephoneNumber field — read from LDAP, displayed on cards as a clickable tel: link, included in client-side search, and available in admin panel, Elementor and Beaver Builder controls.
Feat: New “Exclude Disabled Accounts” setting (connection section) — filters out disabled Active Directory accounts using the userAccountControl bit flag. Leave unchecked for OpenLDAP/other servers.
Feat: Resilient cache — when the LDAP server is unreachable after cache expiry, the last successfully fetched data (stale copy) is served silently to visitors. Only a manual “Clear Cache” action removes the stale copy entirely.
1.0.1
Fix: LDAP server URL no longer lost on save — replaced esc_url_raw() (which strips ldap:///ldaps:// schemes) with a dedicated sanitizer that validates the scheme and shows an admin error on invalid input.
Fix: Added runtime admin notice when the PHP LDAP extension is missing, covering cases where the extension is disabled after activation or the plugin is activated via WP-CLI/DB without going through the activation hook.
