=== Maennche Tools ===
Contributors: teammaennche
Tags: analytics, tracking, google-analytics, clarity, spam-guard, smtp
Requires at least: 5.2
Tested up to: 6.8
Requires PHP: 8.0
Stable tag: 2.5.11
License: GPLv3
License URI: https://www.gnu.org/licenses/gpl.html

WordPress utilities and Maennche Studio API integration. Analytics tracking, spam protection, SMTP, script management, and secure OAuth 2.0 API access.

== Description ==

Maennche Tools is a comprehensive WordPress plugin that connects your site to Maennche Studio and provides essential utilities:

* **Maennche Studio Integration:** Secure OAuth 2.0 connection with automatic token refresh
* Track website analytics with Google Analytics, Microsoft Clarity, and more
* Manage custom scripts (JavaScript, CSS, PHP)
* Configure SMTP email settings with detailed logging
* Protect forms from spam with AI-powered detection via Maennche Studio API
* Enhance SEO with meta tag management
* Database search and replace tool

**Features:**

* **Studio API Integration:** OAuth 2.0 with PKCE, automatic token refresh, encrypted token storage
* **Analytics Tracking:** Google Analytics, Microsoft Clarity integration
* **Script Management:** Add custom JavaScript, CSS, and PHP snippets to your site
* **SMTP Configuration:** Send emails via SMTP with full logging and testing
* **Spam Guard:** Honeypot-based spam protection with AI detection for Contact Form 7, Gravity Forms, and WordPress comments
* **SEO Tools:** Meta tag management and optimization
* **Email Logs:** View detailed email sending logs and transcripts
* **Admin Notices:** Manage and dismiss WordPress admin notices
* **Database Tools:** Search and replace text across entire database
* **Database Debug:** Authenticated SQL inspection for developers (opt-in, admin only)

== Installation ==

1. Upload the `yoda-tools` folder to `/wp-content/plugins/`
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Navigate to Maennche Tools in the admin menu to configure settings

== Frequently Asked Questions ==

= Is this plugin compatible with WordPress 6.8? =

Yes, Maennche Tools is fully tested with WordPress 6.8.3.

= Does this work with WooCommerce? =

Yes, the plugin is compatible with WooCommerce 10.3.5+.

= Why is the plugin folder named "yoda-tools"? =

This plugin was originally named "Yoda Tools" and has been rebranded to "Maennche Tools" for consistency with Maennche Studio branding. The folder name, internal constants, and database options retain the "yoda" naming for backward compatibility with existing installations, ensuring seamless updates without breaking functionality.

= What happened to PHP snippet execution? =

As of version 1.8.0, PHP snippets no longer execute via eval() due to security concerns. Use the new action hook system instead. See the changelog for migration instructions.

= How do I configure SMTP? =

Go to Maennche Tools > SMTP Tools and enter your SMTP server details. You can test the configuration before saving.

= Can I view email sending logs? =

Yes, go to Maennche Tools > SMTP Tools > Email Logs to view detailed logs of all emails sent through WordPress.

== Screenshots ==

1. Dashboard overview
2. Analytics tracking configuration
3. Script management interface
4. SMTP settings and email logs
5. Spam guard configuration

== Changelog ==

= 2.5.11 - 2026-06-29 =
* List and delete redirects. POST-based delete works on hosts that block the DELETE method.

= 2.5.10 - 2026-06-29 =
* Added POST /maennche-tools/v1/pages/{id}/delete and POST /maennche-tools/v1/posts/{id}/delete endpoints so Studio can delete content on hosts that block the DELETE HTTP method.
* Updates now honor status=trash for posts and pages.
* Created posts and pages now derive a slug from the title when no slug is supplied.

= 2.5.9 - 2026-06-28 =
* Added POST /maennche-tools/v1/redirects endpoint using the Redirection wrapper.
* Added authenticated GET /maennche-tools/v1/pages endpoint for lean page lists.

= 2.5.1 - 2026-06-06 =
* Added authenticated REST media sideload endpoint for creating WordPress attachments from image URLs.

= 2.1.6 - 2026-02-04 =
* Fixed fatal error: Class "yoda_tools\Maennche_Tools_Database_Controller" not found (missing use statements in namespaced file)
* Fixed fatal error: Class "yoda_tools\Maennche_Tools_File_Management_Controller" not found (same root cause)
* Added PHPStan static analysis (level 5) with WordPress extension
* Fixed 18 real bugs caught by PHPStan: PHPMailer case mismatch, missing returns, undefined variables, type mismatches
* Added standalone unit test suite (42 tests, no WordPress required)
* Added CI workflow for PHPStan and unit tests
* Cleaned up 68 PHPStan baseline issues (redundant logic, PHPDoc, unused properties)

= 2.1.5 - 2026-02-03 =
* Fixed Spam Guard to fail-closed (block submissions when API unreachable) instead of fail-open
* Added connection timeouts to AI spam scoring to prevent forms from hanging

= 2.1.3 - 2026-01-30 =
* Fixed plugin icon not rendering on WordPress update screen (was 20px, now 128px/256px)
* Enriched "View details" modal with Description, Installation, and Changelog tabs

= 2.1.2 - 2026-01-30 =
* Fixed plugin icon not showing on WordPress update screen
* Fixed "Clear Update Transients" button not reporting success
* Clears stale update transient after upgrade to prevent false update notifications

= 2.1.1 - 2026-01-30 =
* Fixed encryption key security warning showing after plugin update (keys now auto-generate on upgrade, no deactivate/reactivate needed)
* Updated plugin description and feature list to reflect Studio API, OAuth 2.0, and database debug tools

= 2.1.0 - 2026-01-30 =

**Fixes:**
* Restored Spam Guard API integration (migrated from deprecated API key to OAuth authentication)
* Fixed PHP 8.x null-safety warnings in REST authenticator, file management, database controller, and analytics settings
* Fixed PHPUnit test suite compatibility with conditional OAuth loading

**Improvements:**
* OAuth classes now load conditionally (admin, REST API, or Spam Guard only) for better frontend performance

**Added:**
* Database debug endpoints for authenticated MCP integration (SELECT-only, rate-limited, audit-logged)
* Admin toggle for debug features (disabled by default)
* 57 PHPUnit tests covering security, OAuth, and API functionality

= 2.0.1 - 2025-11-26 =
* Fixed OAuth token auto-refresh (client_id now stored permanently)
* Added diagnostics and enhanced error logging for token refresh

= 2.0.0 - 2025-11-24 =
* Added OAuth 2.0 integration with PKCE for Maennche Studio API
* Added secure token storage with AES-256-CBC encryption
* Added API client with automatic token refresh
* Added admin settings page for Studio connection management

= 1.8.1 - 2025-11-24 =
* Removed ~70 lines of dead code
* Improved error message consistency and internationalization
* Added confirmation dialogs for destructive actions

= 1.8.0 - 2025-11-24 =
**CRITICAL SECURITY UPDATE - Update immediately**

**Security Fixes:**
* Fixed SQL injection vulnerabilities in database tools
* Fixed SQL injection in email log deletion
* Removed arbitrary PHP code execution (eval)
* Fixed XSS vulnerabilities in admin output
* Secured hardcoded encryption keys
* Fixed IDOR in email log access
* Added capability checks to 9 AJAX handlers
* Fixed unsanitized GET parameter usage

**Breaking Changes:**
* PHP snippets no longer execute via eval() - use action hooks instead

**Improvements:**
* Standardized AJAX error handling
* Added comprehensive input validation
* Fixed nonce verification order
* Removed duplicate code
* Added PHPUnit testing infrastructure

See CHANGELOG.md for complete details.

= 1.7.4 =
*Previous version*

== Upgrade Notice ==

= 2.1.6 =
Fixes fatal error on sites using Database Controller or File Management features. Adds PHPStan static analysis and unit test CI.

= 2.1.5 =
Security fix: Spam Guard now blocks submissions when API is unreachable instead of allowing them through.

= 2.1.3 =
Fixes plugin icon rendering (proper 128px/256px sizes) and enriches View Details modal content.

= 2.1.2 =
Fixes plugin icon on update screen, transient button, and stale update notifications.

= 2.1.1 =
Fixes encryption key warning after update. No deactivate/reactivate needed.

= 2.1.0 =
Restores Spam Guard API integration (broken since May 2025), fixes PHP 8.x warnings, adds database debug tools, and optimizes OAuth loading performance. Recommended update.

= 1.8.0 =
CRITICAL SECURITY UPDATE: Fixes 17 security vulnerabilities including SQL injection, XSS, and code execution. Update immediately. Custom PHP snippets require migration - see changelog.

== Additional Info ==

**Support:** https://maennche.com/support
**Documentation:** See README-TESTING.md for testing infrastructure setup
