=== PagePin – Client Feedback & Bug Reporting ===
Contributors: pagepin
Donate link: https://pagepin.io
Tags: feedback, bug reporting, screenshot, client feedback, annotations
Requires at least: 6.4
Tested up to: 6.9
Requires PHP: 8.1
Stable tag: 1.0.3.4
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Pin it. Ship it. Visual feedback infrastructure for WordPress.

== Description ==

**PagePin** gives WordPress agencies and developers two tools for client feedback and bug reporting — **Pinshots** for screenshot-based bug reports and **Pinpoints** for DOM-based comment threads. Self-hosted, GDPR compliant, no cloud dependencies.

= Pinshots — Bug Reporting =

Screenshot-based feedback with visual markers. Place numbered markers anywhere on the page, add notes, and capture everything in a single screenshot. Perfect for quick bug reports, design reviews, and client feedback rounds.

* **Three Marker Types** — Negative (red) for bugs, Positive (green) for approvals, Note (orange) for comments
* **One-Click Screenshots** — Capture the current page instantly with all markers included
* **Email Delivery** — Send feedback with screenshot attachment to up to 5 recipients
* **Custom Watermark** — Brand every screenshot with your own text
* **Adjustable Compression** — Image quality from 10% to 100%
* **Undo/Redo** — Ctrl+Z / Ctrl+Y to undo and redo marker placements
* **Drag & Drop** — Reposition markers by dragging them to the correct location

= Pinpoints — Client Feedback =

DOM-based comment threads attached directly to page elements — like Google Docs comments, but for your live website. Comments persist even when the page layout changes, making it ideal for ongoing collaboration and iterative design feedback.

* **Element-Attached Threads** — Click any element to start a comment thread on it
* **Smart Element Matching** — Comments survive layout changes through CSS selectors, content fingerprinting, and multi-signal scoring
* **@Mentions** — Mention team members or external guests in comments to notify them
* **Resolve & Reopen** — Mark threads as resolved and reopen them when needed
* **Sidebar Overview** — All pinpoints listed in a slide-out sidebar with unread badges
* **Visual Indicators** — Numbered badges on the page show where pinpoints are attached
* **Tag System** — Organize pinpoints with custom colored tags (Bug, Design, Content, Urgent, or your own)

= How It Works =

1. **Pin** — Press Ctrl+Alt+F (or click the floating button) and click anywhere on your site
2. **Capture** — Screenshot, element position, and browser context are captured automatically
3. **Ship** — Feedback is delivered to your inbox or discussed in a pinpoint thread

= Key Features =

**Screenshots & Markers**

* Three annotation tools with automatic numbering
* Keyboard shortcuts: Ctrl+Alt+F to activate, keys 1/2/3 for tool selection
* Customizable floating feedback button with inactivity auto-hide
* Dual screenshot engines (html2canvas and html-to-image)
* Touch support for tablets and mobile devices

**Collaboration**

* **External Collaborators** — Invite anyone via Magic Link email or shareable URL (no WordPress account needed)
* **Collaborator Reuse** — Grant existing guests access to additional pinpoints without creating new links
* **@Mention Notifications** — Mention collaborators in comments to send email notifications with Magic Link access
* **Auto-Grant Access** — Mentioning a collaborator automatically grants them access if they don't have it yet
* **Share Modal** — Internal link for team members, external sharing with guest dropdown or new guest creation
* **Thread Notifications** — All thread participants (including collaborators) are notified of new comments
* **Configurable Link Expiry** — Set Magic Links to expire after 7, 30, or 90 days

**Admin & Management**

* Admin dashboard with feedback statistics and quick links
* Feedback overview with status filters (New, Sent, Resolved) and bulk actions
* Post/Page metabox showing pinpoint count per content
* Admin bar integration with live feedback counter badge
* Collaborator management with type display, inline email editing, and access control
* Tag management with custom colors and usage statistics
* 8-step setup wizard for first-time configuration

**Security & Access Control**

* Role-based access — control who can create, view, and resolve feedback
* Granular pinpoint permissions (create, view, resolve per role)
* Spam protection: honeypot, submission timing, rate limiting with escalation
* Optional CAPTCHA: reCAPTCHA v2/v3, hCaptcha, Cloudflare Turnstile
* Rate limit escalation (5 min → 15 min → 1 hour → 6 hours → 24 hours)

**Privacy & Standards**

* 100% self-hosted — your server, your database, your data
* GDPR compliant — no external calls unless CAPTCHA is enabled
* Clean uninstall — all data removed when plugin is deleted
* Multilingual — English and German included, translation-ready
* WordPress Coding Standards (WPCS 3.0) and PHPStan Level 5

= Use Cases =

* **Web Agencies** — Collect and manage client feedback across projects
* **Developers** — QA testing, bug reporting, and code review workflows
* **Support Teams** — Visual bug reports from users with full context
* **Design Reviews** — Attach comments to specific design elements for iterative feedback
* **Content Teams** — Request page changes with visual annotations
* **Client Onboarding** — Share feedback links with clients who don't have WordPress accounts

= Public Feedback Mode =

Enable public feedback to allow website visitors (even without login) to submit visual feedback. Protected by multiple spam prevention measures:

* Honeypot fields
* Submission timing checks
* Rate limiting per IP and session
* Optional CAPTCHA (reCAPTCHA v2/v3, hCaptcha, Cloudflare Turnstile)

For more information visit [pagepin.io](https://pagepin.io)

== Installation ==

= Automatic Installation =

1. Go to **Plugins > Add New** in your WordPress admin
2. Search for "PagePin"
3. Click **Install Now** and then **Activate**
4. Complete the setup wizard

= Manual Installation =

1. Download the plugin ZIP file
2. Go to **Plugins > Add New > Upload Plugin**
3. Select the ZIP file and click **Install Now**
4. Activate the plugin
5. Complete the setup wizard

= Configuration =

1. The setup wizard guides you through initial configuration on first activation
2. Or navigate to **PagePin > Settings** to configure manually:
3. Set up email recipients for feedback delivery
4. Select authorized user roles for each feature
5. Enable/disable floating button, public feedback, and collaborators
6. Create tags for organizing feedback

== Frequently Asked Questions ==

= What are Pinshots? =

Pinshots are screenshot-based bug reports. Activate the toolbar with Ctrl+Alt+F, place numbered markers (Bug/OK/Note) anywhere on the page, add optional notes, and capture a screenshot. The feedback is sent via email with the screenshot attached.

= What are Pinpoints? =

Pinpoints are DOM-based comment threads attached to specific elements on your page. Click any element to start a discussion thread on it. Comments persist even when the page layout changes, similar to comments in Google Docs.

= What is the difference between Pinshots and Pinpoints? =

**Pinshots** are for quick, one-time bug reports — take a screenshot with markers and send it via email. **Pinpoints** are for ongoing discussions — attach comment threads to page elements for iterative feedback and collaboration.

= What is the keyboard shortcut to activate the tool? =

* **Windows/Linux:** Ctrl + Alt + F
* **Mac:** Cmd + Option + F

You can also use keys 1, 2, 3 to quickly select marker tools, and Ctrl+Z / Ctrl+Y for undo/redo. Alternatively, click the floating feedback button (if enabled in settings).

= Who can use the feedback tool? =

By default, only Administrators. You can enable additional roles (Editor, Author, etc.) in the plugin settings. For pinpoints, you can separately control who can create, view, and resolve threads.

= Can visitors submit feedback without logging in? =

Yes! Enable "Public Feedback" in settings. This allows any website visitor to submit visual feedback. Multiple spam protection measures are included.

= How do external collaborators work? =

Enable "External Collaborators" in Settings > Collaborators. You can then invite guests via the share modal in any pinpoint thread — either with an email (sends a Magic Link) or without (generates a shareable URL). Collaborators can view and comment on assigned pinpoints without a WordPress account. Mentioning a collaborator with @ in a comment automatically grants them access if they don't have it yet.

= Where are screenshots stored? =

Screenshots are stored locally in `/wp-content/uploads/pagepin/`. They are NOT added to the Media Library.

= Can I customize the watermark? =

Yes, you can set custom watermark text in the plugin settings. It appears on every screenshot.

= Is the plugin GDPR compliant? =

Yes. The plugin only stores necessary data locally on your server. No data is sent to external services (unless you enable third-party CAPTCHA).

= Does it work with any theme? =

Yes, the plugin uses isolated CSS with high z-index values that don't conflict with themes. The "Ember Glass" design system provides a consistent dark-mode UI.

= What spam protection is included? =

For public feedback: Honeypot fields, submission timing validation, IP-based rate limiting with escalation (blocks increase from 5 minutes to 24 hours), session rate limiting, and optional CAPTCHA integration (reCAPTCHA v2/v3, hCaptcha, Cloudflare Turnstile).

= Can I use multiple email recipients? =

Yes, you can configure up to 5 email recipients with custom subject lines. The first recipient receives the email directly, others are added as BCC.

= What happens when I uninstall the plugin? =

All data is removed: database tables, plugin options, and uploaded screenshots. This ensures a clean uninstall.

= Does it support touch devices? =

Yes, the tool fully supports touch interactions on tablets and mobile devices.

== Screenshots ==

1. Setup wizard — guided initial configuration
2. Dashboard — Pinshots and Pinpoints at a glance
3. Pinshot tool — annotate pages with markers and notes
4. Send feedback — select recipients and submit annotations
5. Pinshot management — filter, track status, and bulk actions
6. Pinpoints overview — DOM-based comment threads
7. Pinpoint sidebar — threaded comments on page elements

== Changelog ==

= 1.0.3.4 =
* Fix: Plugin frontend not loading when theme deregisters jQuery (e.g. custom themes without jQuery)
* Fix: Robust jQuery re-registration via wp_print_scripts to survive late deregistration

= 1.0.3.3 =
* Fix: jQuery re-registration for themes that deregister it on the frontend

= 1.0.3.2 =
* Fix: Expired collaborator tokens are now auto-renewed when visiting a share link or granting access
* Fix: Collaborator floating button added so guests can reopen the Pinpoint sidebar after closing it
* Fix: AJAX 400 errors for collaborators caused by non-public endpoint calls (updateMatchScore, openPinpointFromUrl)
* New: Guest collaborators can now use @mentions to reference team members and other collaborators
* Improvement: Pinpoint sidebar auto-opens for collaborators on page load

= 1.0.3.1 =
* Fix: Missing vendor libraries (html2canvas, html-to-image, tribute) caused 404 errors and broken frontend feedback mode
* Thanks to Stefan for reporting this issue

= 1.0.3 =
* Improvement: Setup wizard fully localized in English with translation support
* Fix: Contrast issue with Pinpoint role headings in setup wizard
* Fix: Duplicate @mention notifications prevented
* Fix: Self-mention no longer triggers email notification
* Fix: Collaborator and email mentions now work in initial pinpoint comments
* Fix: Guest collaborators show generic avatar in mention autocomplete
* Fix: Pinpoint reply textarea sizing and overflow
* Improvement: Inline styles moved to CSS classes for better maintainability
* Improvement: Refined wizard step descriptions for clarity

= 1.0.2 =
* New: Tag/Label system for organizing feedback and pinpoints
* New: External collaborators via Magic Link (no WordPress account needed)
* New: Token-based shareable links for quick feedback rounds
* New: Redesigned share modal with internal link, guest reuse, and new guest creation
* New: Collaborator reuse — grant existing guests access to additional pinpoints
* New: @mention collaborators in comments with automatic email notification
* New: Auto-grant access when mentioning a collaborator who cannot see the pinpoint yet
* New: Collaborators see all accessible pinpoints across pages in sidebar
* New: Copy link button for active external access entries
* New: Admin collaborator list with type column, inline email editing
* New: Admin bar integration with badge counter
* New: Comment count badges on pinpoint indicators
* New: Extended setup wizard with collaborator and tag configuration
* Improvement: Enhanced mention system with @email invites and !@name share links
* Improvement: Collaborator thread notifications include magic link for direct access

= 1.0.0 =
* Initial WordPress.org release
* Screenshot capture with html2canvas and html-to-image
* Three feedback tools (Negative, Positive, Note) with automatic numbering
* Pinpoint feature: DOM-based comment threads with @mentions
* Email sending with screenshot attachment and watermark
* Admin interface with overview, settings, and bulk actions
* Public feedback mode with spam protection (honeypot, rate limiting, CAPTCHA)
* Role-based access control for authenticated users
* Undo/Redo functionality (Ctrl+Z / Ctrl+Y)
* Drag & Drop marker repositioning with touch support
* Multilingual support (German/English)
* WordPress Coding Standards and PHPStan Level 5 compliance

== Upgrade Notice ==

= 1.0.3 =
Setup wizard fully English and translatable. Fixed duplicate mention notifications, self-mentions, and collaborator mentions in initial pinpoints.

= 1.0.2 =
New collaboration features: Tag system, external collaborators via Magic Link, shareable feedback links, collaborator reuse, @mention notifications, and admin bar integration.

= 1.0.0 =
Initial release of PagePin - Visual feedback infrastructure for WordPress.

== Support ==

* Website: [pagepin.io](https://pagepin.io)
* Support: service@pagepin.io

== Third Party Services ==

This plugin connects to external services ONLY when you explicitly enable CAPTCHA protection:

= Google reCAPTCHA (v2 or v3) =
When enabled, user interaction data is sent to Google for spam verification.
* Service: https://www.google.com/recaptcha/
* Privacy Policy: https://policies.google.com/privacy
* Terms of Service: https://policies.google.com/terms

= hCaptcha =
When enabled, user interaction data is sent to hCaptcha for spam verification.
* Service: https://www.hcaptcha.com/
* Privacy Policy: https://www.hcaptcha.com/privacy
* Terms of Service: https://www.hcaptcha.com/terms

= Cloudflare Turnstile =
When enabled, user interaction data is sent to Cloudflare for spam verification.
* Service: https://www.cloudflare.com/products/turnstile/
* Privacy Policy: https://www.cloudflare.com/privacypolicy/
* Terms of Service: https://www.cloudflare.com/website-terms/

**Important:** No data is sent to external services unless you explicitly enable CAPTCHA in the plugin settings. Without CAPTCHA, the plugin operates entirely on your own server.

== Privacy ==

= Data Collection =

This plugin collects and stores the following data locally on your WordPress server:

**For authenticated users (logged-in):**
* User ID (WordPress user reference)
* Feedback content (screenshots, markers, messages)
* Page URL where feedback was submitted
* Timestamp

**For public/anonymous feedback (when enabled):**
* Email address (if provided by the visitor)
* IP address (for rate limiting only)
* Session token (anonymous identifier)
* Feedback content (screenshots, markers, messages)
* Page URL and timestamp

**For external collaborators (when enabled):**
* Display name
* Email address (optional, for Magic Link invitations and @mention notifications)
* Authentication token (for session-based access)
* Access grants (which pinpoints the collaborator can view)
* Last access timestamp

= Data Retention =

* **Feedback data:** Stored until manually deleted by an administrator
* **Rate limiting data (IP/Session):** Automatically deleted after 24 hours
* **Screenshots:** Stored until feedback is deleted
* **Collaborator data:** Stored until manually deleted by an administrator

= Data Location =

* Database: WordPress database tables (prefixed with your WordPress table prefix)
* Screenshots: `/wp-content/uploads/pagepin/` directory

= GDPR Compliance =

* All data is stored locally on your server
* No analytics or tracking is performed
* No data is shared with third parties (unless CAPTCHA is enabled)
* Data can be exported and deleted upon request via WordPress admin
* IP addresses are pseudonymized after rate limit period

= Consent =

For public feedback mode, we recommend:
* Linking to your privacy policy in the feedback form
* Enabling the GDPR consent checkbox in plugin settings
* Informing visitors about data collection in your site's privacy policy
