=== Simple Support Tickets ===
Contributors: susheelhbti
Tags: support ticket, helpdesk, ticket system, customer support
License: GPLv2

Tested up to: 6.8
Requires PHP: 7.4

Stable tag: 1.1
Version: 1.1

A simple support ticket system allowing users to submit tickets from the front end and admins to respond from the backend.

== Description ==

1. Support Tickets
   Users can submit support tickets from the front end. Admins manage and reply from the backend.

2. Email notifications
   Automatic email notifications are sent when tickets are created or replied to.

3. Restricted access
   Users see only their own tickets. Admins see all tickets.

4. Multiple categories
   Tickets can be categorised as Disputed, Support, or Other.

5. Live Chat
   Admins can use the Live Chat panel for real-time replies on a ticket.

== Installation ==

1. Upload the plugin folder to `wp-content/plugins/`
2. Activate through the Plugins menu in WordPress.
3. Go to Support Tickets → Settings in the admin menu.
4. Create three pages with the following shortcodes and select them in Settings:
   - [sst_add_support_ticket]  — ticket submission form
   - [sst_list_support_ticket] — list of user's tickets
   - [sst_ticket_details]      — individual ticket detail

== Changelog ==

= 1.1.0 =
* Renamed plugin to Simple Support Tickets
* Fixed: XSS via JavaScript injection of ticket_id parameter
* Fixed: Stored XSS — replaced html_entity_decode with wp_kses_post
* Fixed: SQL syntax error (duplicate AND) in front-end close-ticket query
* Fixed: wp_users join used wrong column u.id → u.ID
* Fixed: insert_id captured immediately after INSERT for correct ticket ID in emails
* Fixed: meta http-equiv redirect inside ob_start replaced with wp_redirect + exit
* Fixed: $_REQUEST replaced with $_POST in all POST handlers
* Fixed: description column changed from varchar(100) to text
* Fixed: esc_attr replaced with wp_kses_post for message HTML output
* Fixed: wp_kses_post used for TinyMCE message/description fields instead of sanitize_text_field
* Fixed: Capability checks added throughout (manage_options)
* Fixed: Added ABSPATH guards to all PHP files
* Added: Basic pagination on ticket list (20 per page)
* Removed: Dead commented-out socket.io code
* Removed: Hardcoded contact email from UI

= 1.0.0 =
* First release
