=== Cutmap Editorial Workflow === Contributors: aswinikumar Tags: workflow, content management, editorial, assignments, review Requires at least: 5.8 Tested up to: 6.9 Stable tag: 1.4.7 Requires PHP: 7.4 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Professional content workflow system for managing creators, approvers, and editorial cycles. == Description == Cutmap Editorial Workflow is a robust, professional-grade content management solution designed for publishers, news portals, and content-heavy websites. It brings structure, accountability, and security to your editorial team by implementing a controlled content creation and review workflow. Say goodbye to accidental publishes and unreviewed edits. With Cutmap Editorial Workflow, every piece of content goes through a defined chain of command before reaching your audience. == Key Features == * **Role-Based Access Control**: Empowers your team with specialized 'Creator' and 'Approver' roles, restricting access to only what they need. * **Content Isolation**: Creators and Approvers only see the tasks assigned to them, reducing clutter and preventing unauthorized edits on other content. * **Safe Live Editing**: Edit published content safely in the background. The public continues to see the approved version while your team works on revisions. * **Centralized Assignment Dashboard**: A dedicated space for administrators to monitor all active workflows and assign tasks effortlessly. * **Automated Notifications**: Keep the workflow moving with real-time email and admin alerts for assignments and status changes. * **Audit Trail**: Maintain a transparent history of who created, edited, and approved each piece of content. == Installation == 1. Upload the `cutmap-editorial-workflow` folder to the `/wp-content/plugins/` directory. 2. Activate the plugin through the 'Plugins' menu in WordPress. 3. Use the 'Workflows' menu in the admin dashboard to start assigning content. == Frequently Asked Questions == = Can I use this for Custom Post Types? = Yes, the Cutmap Editorial Workflow supports Posts, Pages, and all registered Custom Post Types. = How do I add a Creator? = The plugin automatically creates a 'Creator' role upon activation. You can assign this role to any user from the WordPress 'Users' menu. == Screenshots == 1. The central assignments dashboard showing all active workflows. 2. The post editor screen with the Workflow Management metabox. 3. Audit log showing the history of a specific content piece. == Changelog == = 1.4.7 = * Security: Hardened database queries by replacing serialized lookups with direct relational structures for improved performance and safety. * Security: Eliminated inline JavaScript by moving workflow actions to a dedicated static file. * Security: Added explicit early exits after redirects to ensure execution flow integrity. * Code Quality: Standardized line endings to LF and added .gitattributes for repository consistency. * Cosmetic: Cleaned up package docblocks across the codebase. = 1.4.6 = * Security: Removed hardcoded sample-user password (`Workflow@123`). Each new sample user now receives a unique password generated via `wp_generate_password(16, true)`, displayed once in the admin notice and never stored in source. * Security: Added `rest_pre_insert_{post_type}` enforcement to block unauthorized publish attempts via the REST API. Admin-role REST tokens can no longer bypass the editorial workflow when a post has an active assignment. * Bug fix: `reject()` no longer overwrites the approved content snapshot with the rejected draft. Visitors continue seeing the last explicitly approved version while the creator revises and re-submits. * Performance: `dbDelta()` schema checks in `CUTMAP_DB` and `CUTMAP_WNS` are now guarded by a version option (`cew_db_version`, `cew_wns_version`). The expensive schema introspection runs only on activation/upgrade, not on every page load. * Cleanup: `uninstall.php` now deletes all `_cew_*` post meta rows and removes plugin version options, leaving no orphaned data after deletion. * Reliability: The `ALTER TABLE … DROP INDEX` migration for the audit-log unique key now runs reliably on every upgrade because the schema version option is cleared on activation. = 1.4.5 = * Resolved remaining critical security checklist issues including strict nonce validation across all forms/actions. * Sanitized remaining raw $_POST and $_GET superglobal accesses and strictly avoided empty() checks for them. * Re-audited output escaping inside admin tables and guaranteed all display logic passes through esc_html() and esc_url(). * Ensured every single admin_post action starts with a firm current_user_can() capability check followed by wp_die(). = 1.4.4 = * Hardened admin actions with strict `current_user_can()` capability checks. * Improved security by ensuring complete table cleanup on uninstall. * Verified input sanitization and output escaping across the plugin. = 1.4.3 = * Removed UTF-8 Byte Order Marks (BOM) from PHP files to satisfy automated checks. = 1.4.2 = * Fixed unescaped translatable label strings in the frontend shortcode output by using `esc_html__`. = 1.4.1 = * Fixed `the_title` escaping context from `wp_kses_post` to `esc_html`. * Fixed stale admin hook slug to ensure assets enqueue correctly. = 1.4.0 = * Fixed `wp_enqueue` issues by converting raw script/style tags. * Added rigorous escaping output (`wp_kses_post`) to all filter callbacks. * Cleaned up unclosed `ob_start` buffers to ensure safe hook flows. * Changed short prefixes to longer `CUTMAP_` prefixes. = 1.3.0 = * Fixed plugin header metadata parsing issues for strict WordPress.org compatibility. = 1.2.0 = * Renamed plugin to Cutmap Editorial Workflow. * Enhanced security: Enqueued all inline scripts and styles using WP core APIs. * Refactored prefixes to comply with WordPress official plugin guidelines. * Improved dashboard UI and workflow assignment screen. = 1.1.0 = * Hardened security and addressed plugin review feedback. * Refined capabilities and user role checks. * Removed redundant database tables for improved performance. = 1.0.0 = * Initial release. * Added Creator and Approver roles. * Added assignment tracking for posts and pages. * Added email notification system.