=== Typo Hunter ===
Contributors: skyminds
Tags: spelling, typo, proofreading, corrections, crowdsource
Requires at least: 5.0
Tested up to: 6.9
Stable tag: 1.4.0
Requires PHP: 8.1
License: GPLv3 or later
License URI: https://www.gnu.org/licenses/gpl-3.0.html

Turn your readers into proofreaders. Crowdsource spelling and typo corrections with a simple, gamified interface.

== Description ==

Typo Hunter transforms your readers into active contributors by gamifying the proofreading process. Let your audience help you maintain professional, error-free content while building community engagement.

= Key Features =

* **🎯 Gamified Experience** - Turn typo hunting into an engaging activity for your readers
* **⚡ Quick Reporting** - Keyboard shortcut (Ctrl/Cmd + Enter) for instant submissions
* **🛡️ Spam Protection** - Rate limiting (5 reports/hour) and duplicate detection
* **📊 Admin Dashboard** - Clean, sortable table to manage all typo reports
* **🚀 Performance First** - Assets only load where needed, optimized for PHP 8.3+
* **🔒 Enterprise Security** - SQL injection protection, input validation, nonce verification
* **💾 Smart Storage** - Optional database logging with indexed queries
* **🎨 Modern UI** - Native HTML dialog with beautiful, responsive design

= How It Works =

1. Reader spots a typo on your site
2. Selects the incorrect text
3. Presses Ctrl/Cmd + Enter (or clicks footer link)
4. Submits correction in sleek modal form
5. You review and fix in the admin dashboard
6. Content quality improves continuously!

= Perfect For =

* **📰 Blogs & News Sites** - Crowdsource proofreading at scale
* **📚 Documentation Sites** - Community-driven accuracy improvements
* **🎓 Educational Platforms** - Maintain high-quality learning content
* **🛒 E-commerce Stores** - Professional product descriptions
* **🏢 Corporate Websites** - Brand reputation through polished content
* **📖 Publishing Platforms** - Engage readers as quality contributors

= Security & Privacy =

* ✅ Rate limiting prevents abuse (5 reports/hour per IP)
* ✅ IP addresses hashed for privacy compliance
* ✅ All inputs sanitized and validated
* ✅ SQL injection protection with prepared statements
* ✅ Nonce verification for all AJAX requests
* ✅ GDPR-friendly (no personal data stored)

== Installation ==

= Automatic Installation =

1. Log in to your WordPress admin panel
2. Navigate to Plugins > Add New
3. Search for "Typo Hunter"
4. Click "Install Now" and then "Activate"

= Manual Installation =

1. Download the plugin ZIP file
2. Log in to your WordPress admin panel
3. Navigate to Plugins > Add New > Upload Plugin
4. Choose the ZIP file and click "Install Now"
5. Activate the plugin

= Configuration =

1. Go to Settings > Typo Hunter
2. Enable "Text Highlighting" for keyboard shortcut (Ctrl/Cmd+Enter)
3. Enable "Database Logging" to store reports
4. Save and start hunting typos!

== Frequently Asked Questions ==

= How do visitors report typos? =

Two easy methods:
1. Click the "Report a typo" link at the bottom of posts
2. Select text and press Ctrl+Enter (Cmd+Enter on Mac) - fastest way!

= Where can I view typo reports? =

Go to the WordPress admin panel and click "Typo Hunter" in the sidebar menu. You'll see all reports in a clean, sortable table.

= Can I prevent spam submissions? =

Yes! The plugin includes built-in rate limiting (5 reports per hour per IP) and duplicate detection to prevent spam.

= Does this work with all themes? =

Absolutely! Typo Hunter works with any WordPress theme. The report link is automatically added to single posts and pages.

= Will this slow down my site? =

Not at all! Assets only load on single posts/pages. Built with PHP 8.3+ optimizations, typed properties, and indexed database queries for maximum performance.

= Can I customize the look? =

Yes! Add custom CSS to override default styles. All elements use standard CSS classes (`.typohunter-*`) for easy customization.

= Is it GDPR compliant? =

The plugin doesn't collect personal information. IP addresses are hashed for rate limiting purposes only and are not stored permanently.

= Does it work with caching plugins? =

Yes, the plugin is fully compatible with caching plugins as it uses AJAX for form submissions.

= Can I export the reports? =

Currently, reports are stored in the database and can be viewed in the admin panel. Export functionality may be added in future versions.

= What happens to old reports? =

Reports are stored indefinitely. You can manually delete them from the admin panel. An auto-cleanup feature may be added in future versions.

== Screenshots ==

1. Sleek modal form with selected text pre-filled
2. Admin dashboard - clean, sortable typo reports
3. Simple settings page - enable features in seconds
4. Unobtrusive report link at post footer

== Changelog ==

= 1.4.0 - March 2026 =
* 📊 **Free Analytics Dashboard** - Free users now see basic stats (Total, Today, This Week, This Month) on the Analytics tab instead of a locked screen
* 🖼️ **SVG Icon Fix** - Added viewBox attribute to plugin SVG icons so they scale correctly on the Freemius pricing page
* 🎨 **Modern Modal Redesign** - Glassmorphism backdrop, slide-up entrance animation, refined typography, gradient submit button with hover lift, modern focus rings, and polished inline close button
* 🐛 **Theme Compatibility** - Fixed "Report a typo" link not appearing on some themes by replacing timing-dependent wp_script_is guard with did_action('wp') check

= 1.3.0 - March 2026 =
* 🛒 **WooCommerce Compatibility** - Fixed "Report a typo" link appearing in WooCommerce emails by guarding against non-frontend contexts
* ✏️ **Custom Link Text** - New free setting to customize the "Report a typo" link text shown to visitors
* 🌐 **String Consistency** - Unified all link text strings to "Report a typo" (removed inconsistent "Report a spelling mistake")
* 📝 **Translation Cleanup** - Removed stale translation entries from .pot and .po files
* 🚀 **Zero-Dependency Chart** - Replaced Chart.js CDN (65 KB) with lightweight inline SVG chart (~80 lines of vanilla JS)

= 1.2.0 - February 2026 =
* 🔒 **Security Hardening** - Comprehensive security re-audit with all findings resolved
* 🛡️ **XSS Prevention** - Escaped all dynamic output in admin templates (esc_html, esc_url, esc_attr)
* 🔐 **Input Sanitization** - Added wp_unslash() consistently before all sanitization calls
* ✅ **Allowlist Validation** - Email frequency setting validated against strict allowlist
* 🌐 **Internationalization** - Full i18n support with wp_localize_script for all frontend strings
* 📝 **Translation Ready** - Added .pot file and French (fr_FR) translation
* 🛡️ **SRI Protection** - Subresource Integrity hash for Chart.js CDN to prevent supply-chain attacks
* ⚡ **jQuery Removed** - Frontend report.js now uses native Fetch API (zero jQuery dependency)
* ⌨️ **Accessibility** - Escape key closes the report modal
* 🔒 **Directory Protection** - Added index.php silence files to all plugin directories
* 📄 **CSV Export Fix** - Quoted filename in Content-Disposition header per RFC 6266
* 🐛 **JS Guard** - Protected premium-only JS (email test, chart rendering) from ReferenceError on free version
* 🧹 **Code Quality** - Consistent escaping across admin interface, email templates, and PDF export

= 1.1.0 - February 2026 =
* 🎉 **NEW PRO VERSION**: Premium features now available!
* 📊 **Analytics Dashboard** - View comprehensive stats, 30-day trends, and most reported posts (Pro)
* 📧 **Email Notifications** - Instant, daily, and weekly digest options with configurable recipients (Pro)
* 📤 **Export Features** - Export reports to CSV or PDF with date/post filtering (Pro)
* 🎨 **Tabbed Admin Interface** - Modern, organized admin experience with Analytics, Reports, Settings, and Email tabs
* ⚡ **Enhanced Rate Limiting** - Pro users get 30 reports/hour (vs 5/hour for free)
* 🚀 **Performance Boost** - Added 5-minute object caching for analytics and reports list
* 🔒 **Security Enhancement** - Replaced md5() with wp_hash() for IP hashing
* 🏢 **VIP Compliance** - Fully WordPress VIP compliant (replaced file operations, optimized queries)
* 💾 **Query Optimization** - SELECT specific columns instead of SELECT *, added proper indexes
* 🔐 **Capability Checks** - Added current_user_can() checks on all admin methods
* 🐛 **Bug Fix**: Fixed admin notice display to prevent duplicates
* 📝 **Code Quality**: Improved error handling and logging throughout
* 🌐 **Freemius Integration** - Seamless license management and updates

= 1.0.1 - January 2026 =
* ✨ **Enhancement**: Added proper output escaping with esc_attr() for checkbox values
* 🧹 **Cleanup**: Added uninstall.php to properly clean up database table and options on uninstall

= 1.0.0 - December 2025 =
* 🎉 Initial release of Typo Hunter
* ⚡ Lightning-fast keyboard shortcut (Ctrl/Cmd + Enter)
* 🎨 Beautiful native HTML dialog interface
* 📊 Admin dashboard with sortable reports
* 🛡️ Rate limiting (5 reports/hour per IP)
* 🔍 Duplicate detection (5-minute window)
* 💾 Optional database logging
* 🔒 Enterprise-grade security (SQL injection protection)
* 🚀 PHP 8.3+ optimizations (typed properties, match expressions)
* ⚡ Performance-first (conditional asset loading, DB indexes)
* 🎯 Gamified user experience

== Upgrade Notice ==

= 1.3.0 =
Fixes "Report a typo" link appearing in WooCommerce emails. Adds customizable link text setting (free). Cleans up inconsistent translation strings.

= 1.2.0 =
Security hardening release. Comprehensive re-audit with full output escaping, input sanitization, SRI for CDN assets, i18n support, and jQuery removal from frontend. Recommended update for all users.

= 1.1.0 =
🎉 Major update! Pro version now available with Analytics Dashboard, Email Notifications, and Export features. Free version includes performance improvements and VIP compliance. Fully backward compatible.

= 1.0.1 =
Minor improvements to output escaping and uninstall cleanup.

= 1.0.0 =
Welcome to Typo Hunter! Turn your readers into proofreaders with this gamified typo reporting tool.

== Technical Details ==

= Database Schema =

Custom table: `typohunter_reports`
* `id` - Unique report identifier (bigint, primary key)
* `post_id` - Associated WordPress post ID (bigint, indexed)
* `text` - Incorrect text (varchar 255)
* `suggestion` - Suggested correction (varchar 255)
* `url` - Page URL (varchar 500)
* `timestamp` - Submission time (datetime, indexed)

Optimized with indexes on `post_id` and `timestamp` for fast queries.

= Security Features =

* 🔒 SQL injection protection (`$wpdb->prepare()` with placeholders)
* ✅ Nonce verification for all AJAX requests
* 🛡️ Rate limiting via WordPress transients
* 🧹 Input sanitization (`sanitize_text_field()`, `esc_url_raw()`)
* 🔍 Duplicate detection (5-minute window)
* ✓ Post validation (ensures posts exist)
* 🔐 Secure IP detection with fallback

= Performance Optimizations =

* ⚡ Assets only load on single posts/pages (conditional loading)
* 💾 Options cached in class property (reduces DB calls)
* 📊 Database indexes on `post_id` and `timestamp`
* 🎯 Minimal JavaScript footprint (vanilla JS, no jQuery)
* 🚀 PHP 8.3+ features (typed properties, readonly, match expressions)
* 🔥 First-class callable syntax for hooks
* ⚡ Null coalescing operators for cleaner code

== Support ==

For support, feature requests, or bug reports:
🐛 GitHub: https://github.com/skyminds/typo-hunter
💬 Support Forum: WordPress.org support tab

== Roadmap ==

**Available in Pro Version (v1.1.0+):**
* 📊 Analytics dashboard with stats and 30-day trend charts
* 📧 Email notifications (instant, daily digest, weekly digest)
* 📤 Export reports (CSV/PDF with filtering)
* ⚡ Enhanced rate limiting (30 reports/hour vs 5/hour)
* 🎨 Modern tabbed admin interface

**Coming in Future Updates:**
* 🤖 AI-powered correction suggestions
* 👥 Team collaboration features
* 🎨 Custom branding options
* 🔌 Grammarly API integration
* 🌍 Multi-language improvements

== Credits ==

Developed with ❤️ by Matt Biscay
🌐 https://mattbiscay.com
🐙 https://github.com/skyminds

**Like Typo Hunter?** Please rate it ⭐⭐⭐⭐⭐ on WordPress.org!
