=== RIACO Feedback – User Feedback, Feature Requests & Voting Board ===
Contributors: prototipo88
Tags: feedback, feature-requests, voting, roadmap, user-feedback
Requires at least: 6.2
Tested up to: 7.0
Requires PHP: 8.0
Stable tag: 1.1.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Collect user feedback, feature requests, and votes. Display a public board and product roadmap anywhere on your site with a shortcode.

== Description ==

**RIACO Feedback** lets your visitors submit feature requests, vote on existing ideas, and track progress through a public roadmap — all without leaving your WordPress site. It takes minutes to set up and requires no coding.

Install the plugin, drop a shortcode on any page, and your users can start submitting and voting immediately. Admins review and approve submissions from the WordPress dashboard before they go public.

= Core Features =

**Feedback Board**

* Visitors submit ideas via a clean, customizable form (title + description)
* Submitted feedback is held in a moderation queue until you approve it
* Approved items appear on a public, vote-sorted board
* Filter by status (Open, Planned, In Progress, Completed) or search by keyword
* Sort by most votes, newest, or oldest
* Content cards expand inline — no page reload needed
* Paginated AJAX loading — no page refreshes

**Voting System**

* One vote per visitor, tracked by a salted SHA-256 hash of IP + User-Agent — no account required
* Toggle upvote / unvote with a single click
* Vote counts update live via AJAX
* Voting is automatically disabled on completed items
* Duplicate votes are rejected at the database level (UNIQUE constraint)

**Product Roadmap**

* Three-column kanban view: Planned / In Progress / Completed
* Each column paginates independently
* Compact cards show title, vote button, and completion date (completed items)
* Embed on any page with `[riaco_feedback_roadmap]`

**Admin Tools**

* Dedicated **Feedback** menu in the WordPress admin
* Pending-count bubble on the menu item (mirrors the Comments counter)
* One-click **Approve** action per item; bulk approve supported
* Dashboard widget showing the 5 most recent pending submissions
* Status and Project dropdown filters on the list table
* Admin email notification when new feedback is submitted (opt-in)

**Customization & Settings**

* 8 color pickers for upvote button and form appearance — no CSS required
* Configurable items per page (default 20)
* Multiple **Projects** — scope each shortcode to a project slug
* All colors output as direct CSS class rules so they always win the cascade

**For Developers**

* Clean service-container architecture with a `ServiceInterface` contract
* 5 action hooks: `riaco_feedback_submitted`, `riaco_feedback_upvoted`, `riaco_feedback_unvoted`, `riaco_feedback_approved`, `riaco_feedback_loaded`
* Filterable email recipient, subject, and message body
* `riaco_feedback_submission_data` filter to modify post arguments before creation
* `riaco_feedback_item_html` filter to override the rendered card HTML
* `riaco_feedback_services` filter to add or replace services in the container
* PSR-4 autoloading via Composer

= Perfect For =

* **SaaS and software teams** — let users vote on the next feature to build
* **WordPress theme / plugin developers** — collect roadmap requests from customers
* **Community sites and forums** — give members a structured way to suggest ideas
* **Agencies** — drop a branded feedback board on any client project
* **Internal tools** — gather employee suggestions on a private intranet page

= Shortcodes =

**`[riaco_feedback_features project="main"]`**
Renders the submission form alongside the full feedback board. This is the all-in-one shortcode for most setups.

**`[riaco_feedback_features_board project="main"]`**
Renders only the feedback board (no form). Use this when you want the form and the list on separate pages.

**`[riaco_feedback_roadmap project="main"]`**
Renders the three-column kanban roadmap grouped by status.

All shortcodes accept a `project` attribute that scopes the display to a specific project slug (default: `main`). Create additional projects from **Feedback → Projects** in the admin.

== Installation ==

1. Upload the `riaco-feedback` folder to `/wp-content/plugins/`, or install directly from the WordPress plugin directory.
2. Activate the plugin through **Plugins → Installed Plugins**.
3. Add `[riaco_feedback_features]` to any page or post where you want the submission form and feedback board to appear.
4. Optionally add `[riaco_feedback_roadmap]` to a separate page for the kanban roadmap view.
5. Visit **Feedback → Settings** to configure email notifications, items per page, and button/form colors.

== Frequently Asked Questions ==

= How do I add the feedback form to a page? =

Edit any page or post and insert the shortcode `[riaco_feedback_features]`. The form and the board will both appear at that location. You can also use the Gutenberg shortcode block or a classic text widget.

= Can I have separate boards for different products or projects? =

Yes. Go to **Feedback → Projects** and create a project for each product. Then pass the project slug to the shortcode:

`[riaco_feedback_features project="my-product"]`
`[riaco_feedback_roadmap project="my-product"]`

Each shortcode will only show feedback assigned to that project.

= How does the voting system prevent duplicate votes? =

Each voter is identified by a salted SHA-256 hash of their IP address and User-Agent string — no account or cookie is required. The database enforces a UNIQUE constraint on `(post_id, voter_hash)`, so duplicate votes are impossible at the storage level.

= Can I change the colors of the upvote button and the form? =

Yes. Go to **Feedback → Settings** and use the eight color pickers to set the upvote button background, text, voted-state colors, submit button colors, form background, and form border. Changes take effect immediately — no CSS editing needed.

= What happens to feedback after it is submitted? =

Newly submitted feedback is saved with `pending` status and does not appear on the public board. An admin (or editor) must approve it from **Feedback → Feedback** by clicking **Approve** in the row actions or using the bulk approve action. Once approved, the item is published and visible to visitors.

= Can I get an email when someone submits feedback? =

Yes. Go to **Feedback → Settings** and enable the **Notify admin on new submission** option. The email goes to the address configured in **Settings → General**. You can override the recipient, subject, and message body using the `riaco_feedback_email_to`, `riaco_feedback_email_subject`, and `riaco_feedback_email_message` filters.

= Is there a limit on how many times one person can submit feedback? =

Yes. By default, each IP address is limited to 3 submissions per hour. You can change this limit with the `riaco_feedback_rate_limit` filter:

`add_filter( 'riaco_feedback_rate_limit', fn() => 5 );`

The form also includes a honeypot field that silently rejects most bot submissions.

= Can visitors vote on items in the roadmap? =

Yes. The roadmap shortcode `[riaco_feedback_roadmap]` shows upvote buttons on Planned and In Progress items. Completed items display the completion date but voting is intentionally disabled for them.

= How do I display only the feedback list without the submission form? =

Use `[riaco_feedback_features_board project="main"]` instead of `[riaco_feedback_features]`. This renders the filter bar and paginated list only, with no submission form.

= Is this plugin compatible with multisite? =

The plugin is tested on standard WordPress installations. On multisite, activate it per-site (not network-activated) to ensure each site gets its own database table and settings.

= Does it work with page builders like Elementor or Divi? =

Yes. Any page builder that supports WordPress shortcodes can render RIACO Feedback. Add a Shortcode widget/element and paste in `[riaco_feedback_features]`.

= Is the plugin free? =

Yes, RIACO Feedback is 100% free and open source under the GPLv2 license.

== Screenshots ==

1. **Feedback board** — The public-facing board with filter bar (search, status pills, sort pills) and vote-sorted feedback cards.
2. **Roadmap** — Three-column kanban view showing items grouped by Planned, In Progress, and Completed status.
3. **Admin list table** — The Feedback admin screen with the Approve row action, pending count bubble, and Status/Project filters.
4. **Settings page** — Color pickers, items-per-page setting, and admin notification toggle under Feedback → Settings.
5. **Shortcodes help page** — Quick-start guide and shortcode attribute reference under Feedback → Shortcodes.

== Changelog ==

= 1.1.0 =
* Security: Vote and unvote cookies now set with `HttpOnly`, `Secure`, and `SameSite=Lax` flags.
* Security: Admin single-approve action now validates the target post is a `riaco_feedback` post before publishing.
* Fix: Vote handler now correctly rejects the request when the database insert fails (e.g. duplicate vote after cookie deletion) instead of silently returning success.
* Fix: Unvote handler now returns an error if the vote row does not exist rather than silently returning success.
* Fix: Feedback submission now validates the project slug exists as a taxonomy term before creating the post, preventing orphaned posts and rate-limit bypass.
* Fix: `wp_insert_post()` return value is now checked for `WP_Error` in addition to falsy zero.
* Tooling: Corrected `.phpcs.xml.dist` — prefix was `my-plugin`, now `riaco,RIACO`; text domain was `my-plugin`, now `riaco-feedback`; minimum supported WP version updated to 6.2.

= 1.0.0 =
* Initial release.
* Frontend feedback submission form with honeypot spam protection and IP-based rate limiting.
* AJAX voting system with SHA-256 voter hash and database-level duplicate prevention.
* Feedback board shortcode with filter bar (search, status, sort) and paginated AJAX loading.
* Roadmap shortcode with three-column kanban and independent column pagination.
* Admin moderation queue with single and bulk approve actions and pending count bubble.
* Dashboard widget showing 5 most recent pending submissions.
* Status and Project custom taxonomies with radio-button metaboxes.
* Settings page with 8 color pickers, items-per-page option, and admin email notification.
* Shortcodes help page with attribute reference and quick-start guide.
* Developer hooks: 5 action hooks and multiple filters for full extensibility.
