LDAP Staff Directory

Zapis promijena

1.0.6

• Fix: Removed custom CSS input feature (admin panel textarea and Beaver Builder Advanced tab) per WordPress.org guideline prohibiting arbitrary CSS/JS/PHP injection.
• Fix: Added phpcs:ignore annotation with justification to echo do_shortcode() output in Beaver Builder frontend template; changed per_page shortcode argument from esc_attr() to absint() for correct integer escaping.

1.0.5

• Fix: Replace inline <style> tags in Elementor widget and Beaver Builder module with wp_add_inline_style() and Elementor's native add_render_attribute() API to comply with WordPress.org plugin guidelines (Guideline 11 / wp_enqueue best practices).

1.0.4

• Security: LDAP bind password is now encrypted at rest using libsodium (XSalsa20-Poly1305). The encryption key is derived from WordPress's built-in security keys — no configuration required.
• Security: Existing plaintext passwords continue to work and are automatically re-encrypted on the next settings save (transparent migration).
• Security: An admin notice is shown when WordPress security keys (wp-config.php) have been regenerated, prompting the administrator to re-enter the bind password.
• Note: Regenerating WordPress security keys requires re-entering the bind password once in Settings → LDAP Staff Directory.

1.0.3

• Fix: Plugin now activates without the PHP LDAP extension; a persistent admin notice informs the administrator when the extension is missing instead of blocking activation with a fatal error.
• Fix: /* translators: */ comment repositioned inside sprintf(), immediately above __(), to satisfy the WordPress Plugin Checker i18n rule.
• Fix: All local variables in included template files (directory.php, beaver-builder/frontend.php) renamed with ldap_ed_ prefix to comply with WPCS global-variable naming requirements.
• Fix: absint() applied to $columns in Elementor widget printf() output to satisfy the WPCS escaping rule for integer values.
• Fix: load_plugin_textdomain() removed — not required for WordPress.org-hosted plugins since WordPress 4.6.
• Fix: Domain Path header removed from plugin file — no local translation files are bundled.
• Chore: “Tested up to” updated to WordPress 6.9.
• Chore: Tag list reduced to five entries per WordPress.org limit.

1.0.2

• Feat: Added telephoneNumber field — read from LDAP, displayed on cards as a clickable tel: link, included in client-side search, and available in admin panel, Elementor and Beaver Builder controls.
• Feat: New “Exclude Disabled Accounts” setting (connection section) — filters out disabled Active Directory accounts using the userAccountControl bit flag. Leave unchecked for OpenLDAP/other servers.
• Feat: Resilient cache — when the LDAP server is unreachable after cache expiry, the last successfully fetched data (stale copy) is served silently to visitors. Only a manual “Clear Cache” action removes the stale copy entirely.

1.0.1

• Fix: LDAP server URL no longer lost on save — replaced esc_url_raw() (which strips ldap:///ldaps:// schemes) with a dedicated sanitizer that validates the scheme and shows an admin error on invalid input.
• Fix: Added runtime admin notice when the PHP LDAP extension is missing, covering cases where the extension is disabled after activation or the plugin is activated via WP-CLI/DB without going through the activation hook.

1.0.0

• Initial release.