D11 Random Quote Loader

Changelog

2.3

• Security: renamed database table from {prefix}quotes to {prefix}d11rql_quotes, eliminating collision risk with other plugins. Existing installs are migrated automatically.
• Security: replaced TRUNCATE TABLE with DELETE FROM inside the CSV import transaction. TRUNCATE causes an implicit commit in MySQL, meaning a failed import could not be rolled back. DELETE FROM is fully transactional.
• Security: replaced explode()/str_getcsv() CSV parser with a php://memory stream + fgetcsv(). The previous approach broke on quoted multi-line fields. The memory stream approach has no filesystem writes and correctly handles all RFC 4180 CSV edge cases.
• Synced D11RQL_MIN_WP_VERSION constant and plugin header to 6.9 to match readme.txt.

2.2

• Renamed all internal function, constant, option, and transient prefixes from rqw_ (3 chars, too short) to d11rql_ to comply with WordPress.org prefix length requirements (minimum 4 characters).
• Updated plugin_signature value in database from rqw_v1 to d11rql_v1.
• No database schema changes — existing installs upgrade cleanly on next page load.

2.1

• Changed shortcode tag from [random_quote] to [d11rql_random_quote] to comply with WordPress.org prefix requirements.
• Rewrote CSV import to use in-memory str_getcsv() parsing — no temporary filesystem writes.
• Removed load_plugin_textdomain() call, which is no longer needed for WordPress.org hosted plugins since WordPress 4.6.
• Fixed Contributors field in readme.txt to use correct WordPress.org username (briz_dad).

2.0.6

• Compatibility: updated « Tested up to » to WordPress 7.0.
• Updated « Requires at least » to WordPress 6.9.
• No code or database changes.

2.0.5

• Admin: added pagination to the Manage Quotes page. Defaults to 10 quotes per page with numbered page links and Previous/Next controls.
• Admin: added a per-page dropdown (10, 25, 50, 75, 100) that persists across page navigation and category filtering.
• Admin: quote count display shows current range and total (e.g. « Showing 1–10 of 74 quotes »).
• Admin: category filter links now reset to page 1 and preserve the current per-page setting.
• Admin: export description clarified to confirm all quotes are exported regardless of current page or filter.

2.0.4

• Database: added an index on the category column for faster category-filtered queries on larger quote libraries. Applied automatically via dbDelta on next page load — no manual steps required.

2.0.3

• Fix: Added DONOTCACHEPAGE constant to both the shortcode and widget output functions. This tells WP Super Cache, W3 Total Cache, WP Rocket, and other major caching plugins not to serve a static cached copy of pages containing a random quote — ensuring the quote is genuinely random on every page load for logged-out visitors.
• Data: encoding fix for smart quotes, em dashes, and emoji in imported CSV data (Mojibake caused by Windows-1252 bytes being mis-interpreted as UTF-8 during export).

2.0.2

• Database: replaced all SELECT * queries with explicit column lists (id, quote, author, category) across all files.
• Database: CSV import now runs inside a MySQL transaction — if any insert fails mid-import, a ROLLBACK fully restores the original quotes rather than leaving a partial data set.
• Database: admin quote listing queries now use explicit column selection.
• No database schema changes — safe drop-in replacement for 2.0.1.

2.0.1

• Security: capability check in admin form handler now fires before any superglobal access, closing a trivial bypass via spoofed $_GET[‘page’].
• Security: admin success notices (added/updated/deleted) now use per-user transients instead of URL parameters, preventing anyone from flashing misleading notices via crafted URLs.
• Security: uninstall.php now verifies the table exists before running SHOW COLUMNS, preventing a DB error on edge-case removal.
• Reliability: rqw_maybe_upgrade_db() now uses a static guard to prevent repeated dbDelta calls if update_option() fails transiently.
• Reliability: rqw_get_random_quote() now handles the COUNT/OFFSET race condition — if a quote is deleted between the two queries, it falls back to the first available quote instead of silently returning nothing.
• Version bump to 2.0.1 (no database changes).

2.0

• Added quote categories — assign a category to each quote and filter by category in the widget, shortcode, and admin page.
• Shortcode now accepts a category parameter: [d11rql_random_quote category= »inspiration »].
• Widget settings now include an optional Category field.
• Admin page: Category column added to the quotes table, category field in Add/Edit forms, filter bar to view quotes by category, category autocomplete using HTML datalist.
• CSV export now includes the category column. CSV import supports an optional category column (backwards compatible with old files).
• Database: added category column (varchar 100) via dbDelta — safe, non-destructive upgrade for existing installations.
• Uncategorized quotes (empty category) appear in all category-filtered queries as a fallback.

1.9

• Added [d11rql_random_quote] shortcode for displaying a random quote in any post or page.
• Shortcode supports an optional title parameter: [d11rql_random_quote title= »Daily Quote »].
• Shortcode output uses semantic blockquote/cite markup with CSS class hooks (rqw-shortcode, rqw-shortcode-quote, rqw-shortcode-title).

1.8

• WordPress.org submission release.
• Added Requires PHP: 7.4 header and runtime PHP/WP version checks on activation.
• Added RQW_VERSION constant.
• Full WordPress Coding Standards pass: tabs for indentation, absint() replacing intval(), wp_rand() replacing rand(), gmdate() replacing date().
• All user-facing strings now use the d11-random-quote-loader text domain (previously some used the bare text_domain placeholder).
• Widget output updated to use semantic blockquote/cite markup with CSS class hooks.
• Widget now renders before_title/after_title when a title is set.
• Admin page function renamed to rqw_render_admin_page for consistent rqw_ namespacing.
• All $wpdb insert/update/delete calls now pass explicit format arrays.
• Added GPL-2.0-or-later SPDX licence identifier and @package docblock to every file.

1.7

• CSV import: added per-row UTF-8 validation with skip-and-report for unreadable characters.
• CSV import: 5,000-row limit with count of skipped rows reported to the user.

1.6

• CSV import: added BOM stripping and Windows-1252 to UTF-8 encoding conversion.
• CSV import: server-side MIME type and file-extension validation.

1.5

• CSV export moved to admin-post.php for a proper browser file-download response.

1.4

• Added CSV import and export functionality.

1.3

• Added inline edit functionality for existing quotes.

1.2

• Security pass: nonces added to all forms, current_user_can() checks on all admin actions.

1.1

• Replaced ORDER BY RAND() with COUNT + OFFSET strategy for better database performance.

1.0

• Initial release.