=== Frontend File Explorer ===
Contributors:      itsmeshafat
Requires at least: 5.6
Requires PHP:      7.4
Tested up to:      6.9
Stable tag:        1.0.5
License:           GPLv2 or later
License URI:       https://www.gnu.org/licenses/gpl-2.0.html
Donate link:       https://itsmeshafat.com
Tags:              file manager, files, downloads, frontend, media library

A modern, Windows Explorer–inspired file manager for WordPress with admin interface and frontend shortcode.

== Description ==

Frontend File Explorer is a modern, Windows Explorer–inspired file manager for WordPress. It gives you a clean admin interface to organize and share files plus a responsive frontend explorer powered by a simple shortcode.

Use it to create download areas for courses, client file portals, or resource libraries — without relying on heavy external file management tools.

The plugin provides a seamless experience for both administrators and frontend users:

* **Explorer-style UI:** Navigate with breadcrumbs, toolbar actions, pagination, and Material Icons.
* **Dedicated Directory:** Files are stored in a secured `wp-content/uploads/downloads` directory.
* **Admin Management:** Create folders, upload files, delete items, and download ZIPs directly from the admin dashboard.
* Frontend Integration: Embed the explorer anywhere using the `[frontend_file_explorer]` shortcode.
* **AJAX-Powered:** Fast, smooth navigation and pagination without page reloads.
* **Translation Ready:** Fully localized with the `frontend-file-explorer` text domain.

**How to use the Explorer:**

* **Admin Interface:** 
    Navigate to **File Upload** in your WordPress admin sidebar. From this dedicated dashboard, administrators can create nested folders, upload bulk files (featuring multi-select and drag-and-drop), import existing Media Library assets, delete items, and download entire directories as ZIP archives.

* **Frontend Shortcode:** 
    Embed the user-facing explorer interface on any Page, Post, or Custom Post Type using the following shortcode setup:
    
    `[frontend_file_explorer]`
    *(Renders the explorer starting at the root storage directory)*
    
    **Advanced Shortcode Usage:**
    You can explicitly define the starting folder path relative to the root `uploads/downloads` directory by using the `folder` attribute:
    
    `[frontend_file_explorer folder="/course-materials"]`
    `[frontend_file_explorer folder="/clients/acme-corp"]`

    * **Frontend Capabilities:** Visitors browsing the frontend can view contents, click files to download them, and copy direct sharing links.
    * **Security:** Destructive or mutating actions (like file upload, folder creation, or deletion) remain strictly hidden and blocked from public visitors. They are only accessible to logged-in users who possess the WordPress `upload_files` capability.

**Who is this plugin for?**

* Course creators who need a simple, branded downloads area.
* Agencies and freelancers who share files with clients.
* Site owners who want a lightweight, Explorer-like file manager in WordPress.

== Upgrade Notice ==

= 1.0.5 =

This release includes important security improvements and coding standards updates. No manual action is required.

= 1.0.4 =

This release includes security enhancements for file upload handling. No manual action is required.

= 1.0.3 =

This is a major security release addressing multiple vulnerabilities. Please update immediately. No manual action is required.

== Installation ==

= Installation from within WordPress =

1. Visit **Plugins > Add New**.
2. Search for **Frontend File Explorer**.
3. Install and activate the Frontend File Explorer plugin.
4. On activation, the plugin will create `wp-content/uploads/downloads`.

= Manual installation =

1. Upload the plugin folder to the `/wp-content/plugins/` directory.
2. Visit **Plugins**.
3. Activate the Frontend File Explorer plugin.

== Frequently Asked Questions ==

= Can I point the explorer to a different base folder? =

Yes. You can override the constants in a custom mu-plugin before File Explorer loads, or use filters/hooks (e.g. on `wp_loaded`) to adjust the base path/URL. This is an advanced customization and should be done carefully.

= Does the plugin work in multisite? =

Yes. Each site manages its own `uploads/downloads` directory. You can network-activate the plugin for consistency across sites.

= Are file types restricted? =

By default, allowed file types are defined via options during activation. You can adjust the allowed extensions by updating the plugin options (e.g., `file_explorer_allowed_file_types`).

= How do I translate the UI? =

The plugin is fully localization-ready and uses the `frontend-file-explorer` text domain. You can use tools like Loco Translate or Poedit to create translations and drop `.mo` files in the `languages/` directory.

== Screenshots ==

1. Admin file explorer with folders, uploads, and toolbar actions (backend).
2. Frontend file explorer embedded via shortcode (frontend view).

== Changelog ==

= 1.0.5 =

* **Security:** Added comprehensive array structure validation for `$_FILES` superglobal before accessing elements.
* **Security:** Moved `is_uploaded_file()` validation to immediately after accessing tmp_name for improved security.
* **Security:** Removed PHPCS ignore comment and implemented proper sanitization for file upload handling.
* **Standards:** Replaced `$_REQUEST` with `$_POST` for AJAX POST requests per WordPress coding standards.
* **Standards:** Replaced PHP `basename()` with WordPress `wp_basename()` for i18n compatibility with multibyte characters.

= 1.0.4 =

* **Security:** Sanitized and validated all `$_FILES` upload fields individually (name, type, tmp_name, error, size).
* **Security:** Added `is_uploaded_file()` guard against path injection on file uploads.
* **Standards:** Fixed unordered placeholders in translatable strings per WordPress i18n guidelines.

= 1.0.3 =

* **Security:** Fixed unauthenticated file downloads, arbitrary PHP uploads, XSS via eval(), and server path disclosure.
* **Standards:** Migrated all filesystem operations to WP_Filesystem API, bundled Material Icons locally, added proper nonce verification and capability checks to all AJAX endpoints.
* **Standards:** Renamed classes to use WordPress underscore convention (Frontend_File_Explorer, Frontend_File_Explorer_Ajax).
* **Standards:** Removed discouraged load_plugin_textdomain() call, added proper prefixing to all handles and identifiers.

= 1.0.2 =

* **Fix:** Resolved a critical bug causing the frontend explorer to execute filesystem deletion logic instead of listing directory contents.
* **Fix:** Repaired the "Download as ZIP" mechanism to eliminate `ERR_INVALID_RESPONSE` failures by safely building ZipArchive temp files and explicitly managing PHP output buffers and Safari download headers.
* **Feature:** Fully integrated the missing backend endpoints required for the UI, enabling seamless frontend and backend folder creation, file uploads, and Media Library imports.
* **Security & Standards:** Swept codebase for strict WordPress PHPCS warnings. Corrected all variable unslashing, resolved missing nonce verification checks, migrated deprecated filesystem functions to `WP_Filesystem`, and reinforced `esc_html__` translation domain strings and translators comments.

= 1.0.1 =

* Rename plugin to "Frontend File Explorer"
* Align text domain and translation loading with slug `frontend-file-explorer`
* Improve README and readme.txt descriptions and screenshots
