=== Cutmap Editorial Workflow ===
Contributors: aswinikumar
Tags: workflow, content management, editorial, assignments, review
Requires at least: 5.8
Tested up to: 6.9
Stable tag: 1.4.7
Requires PHP: 7.4
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Professional content workflow system for managing creators, approvers, and editorial cycles.

== Description ==

Cutmap Editorial Workflow is a robust, professional-grade content management solution designed for publishers, news portals, and content-heavy websites. It brings structure, accountability, and security to your editorial team by implementing a controlled content creation and review workflow.

Say goodbye to accidental publishes and unreviewed edits. With Cutmap Editorial Workflow, every piece of content goes through a defined chain of command before reaching your audience.

== Key Features ==

*   **Role-Based Access Control**: Empowers your team with specialized 'Creator' and 'Approver' roles, restricting access to only what they need.
*   **Content Isolation**: Creators and Approvers only see the tasks assigned to them, reducing clutter and preventing unauthorized edits on other content.
*   **Safe Live Editing**: Edit published content safely in the background. The public continues to see the approved version while your team works on revisions.
*   **Centralized Assignment Dashboard**: A dedicated space for administrators to monitor all active workflows and assign tasks effortlessly.
*   **Automated Notifications**: Keep the workflow moving with real-time email and admin alerts for assignments and status changes.
*   **Audit Trail**: Maintain a transparent history of who created, edited, and approved each piece of content.

== Installation ==

1. Upload the `cutmap-editorial-workflow` folder to the `/wp-content/plugins/` directory.
2. Activate the plugin through the 'Plugins' menu in WordPress.
3. Use the 'Workflows' menu in the admin dashboard to start assigning content.

== Frequently Asked Questions ==

= Can I use this for Custom Post Types? =

Yes, the Cutmap Editorial Workflow supports Posts, Pages, and all registered Custom Post Types.

= How do I add a Creator? =

The plugin automatically creates a 'Creator' role upon activation. You can assign this role to any user from the WordPress 'Users' menu.

== Screenshots ==

1. The central assignments dashboard showing all active workflows.
2. The post editor screen with the Workflow Management metabox.
3. Audit log showing the history of a specific content piece.

== Changelog ==

= 1.4.7 =
* Security: Hardened database queries by replacing serialized lookups with direct relational structures for improved performance and safety.
* Security: Eliminated inline JavaScript by moving workflow actions to a dedicated static file.
* Security: Added explicit early exits after redirects to ensure execution flow integrity.
* Code Quality: Standardized line endings to LF and added .gitattributes for repository consistency.
* Cosmetic: Cleaned up package docblocks across the codebase.

= 1.4.6 =
* Security: Removed hardcoded sample-user password (`Workflow@123`). Each new sample user now receives a unique password generated via `wp_generate_password(16, true)`, displayed once in the admin notice and never stored in source.
* Security: Added `rest_pre_insert_{post_type}` enforcement to block unauthorized publish attempts via the REST API. Admin-role REST tokens can no longer bypass the editorial workflow when a post has an active assignment.
* Bug fix: `reject()` no longer overwrites the approved content snapshot with the rejected draft. Visitors continue seeing the last explicitly approved version while the creator revises and re-submits.
* Performance: `dbDelta()` schema checks in `CUTMAP_DB` and `CUTMAP_WNS` are now guarded by a version option (`cew_db_version`, `cew_wns_version`). The expensive schema introspection runs only on activation/upgrade, not on every page load.
* Cleanup: `uninstall.php` now deletes all `_cew_*` post meta rows and removes plugin version options, leaving no orphaned data after deletion.
* Reliability: The `ALTER TABLE … DROP INDEX` migration for the audit-log unique key now runs reliably on every upgrade because the schema version option is cleared on activation.

= 1.4.5 =
* Resolved remaining critical security checklist issues including strict nonce validation across all forms/actions.
* Sanitized remaining raw $_POST and $_GET superglobal accesses and strictly avoided empty() checks for them.
* Re-audited output escaping inside admin tables and guaranteed all display logic passes through esc_html() and esc_url().
* Ensured every single admin_post action starts with a firm current_user_can() capability check followed by wp_die().

= 1.4.4 =
* Hardened admin actions with strict `current_user_can()` capability checks.
* Improved security by ensuring complete table cleanup on uninstall.
* Verified input sanitization and output escaping across the plugin.

= 1.4.3 =
* Removed UTF-8 Byte Order Marks (BOM) from PHP files to satisfy automated checks.

= 1.4.2 =
* Fixed unescaped translatable label strings in the frontend shortcode output by using `esc_html__`.

= 1.4.1 =
* Fixed `the_title` escaping context from `wp_kses_post` to `esc_html`.
* Fixed stale admin hook slug to ensure assets enqueue correctly.

= 1.4.0 =
* Fixed `wp_enqueue` issues by converting raw script/style tags.
* Added rigorous escaping output (`wp_kses_post`) to all filter callbacks.
* Cleaned up unclosed `ob_start` buffers to ensure safe hook flows.
* Changed short prefixes to longer `CUTMAP_` prefixes.

= 1.3.0 =
* Fixed plugin header metadata parsing issues for strict WordPress.org compatibility.

= 1.2.0 =
* Renamed plugin to Cutmap Editorial Workflow.
* Enhanced security: Enqueued all inline scripts and styles using WP core APIs.
* Refactored prefixes to comply with WordPress official plugin guidelines.
* Improved dashboard UI and workflow assignment screen.

= 1.1.0 =
* Hardened security and addressed plugin review feedback.
* Refined capabilities and user role checks.
* Removed redundant database tables for improved performance.

= 1.0.0 =
* Initial release.
* Added Creator and Approver roles.
* Added assignment tracking for posts and pages.
* Added email notification system.
