================================================================================
Customer Feedback to Notion - CHANGELOG
================================================================================

Version 1.0.3 (2025-09)
================================================================================

DESIGN IMPROVEMENTS:
- Redesigned documentation with professional blue color scheme
- Changed from purple gradient to business-friendly blue tones (#2c5282, #1a365d)
- Removed emojis from section headers and feature cards for cleaner look
- Simplified visual effects and transitions for more conservative design
- Updated feature cards with subtle shadows and professional styling

================================================================================

Version 1.0.2 (2025-09)
================================================================================

NEW FEATURES:
- Added customizable email subject setting
- Added customizable email body text with placeholders
- Added configurable token expiry days (1-30 days, default: 5)
- Added creator homepage link to main dashboard
- Added professional HTML documentation

EMAIL CUSTOMIZATION:
- Email subject now fully customizable in settings
- Email body supports placeholders: {customer_name}, {order_number}, {feedback_url}, {expiry_days}
- Token expiry changed from 7 to 5 days default (configurable)
- All email settings properly saved and cleaned up on uninstall

DUPLICATE PREVENTION:
- Email won't be sent if feedback already exists for order
- Enhanced duplicate check before Notion sync
- Added safety check in sync status update
- Multiple layers of protection against duplicate submissions

IMPROVEMENTS:
- Dashboard now displays COOD3 branding and links
- Documentation link points to https://cood3.com/en/cftn_documentation
- Support link with anchor: https://cood3.com/en/cftn_documentation/#support
- Better UX with helpful placeholder descriptions in settings

================================================================================

Version 1.0.1 (2025-09)
================================================================================

SECURITY FIXES:
- Added comprehensive input validation for all POST parameters
- Implemented sanitization callbacks for all settings fields
- Masked Notion API token in admin (shows only last 4 characters)
- Fixed SQL injection vulnerability in cleanup_expired_tokens()
- Added URL validation for Google review redirect (whitelist approach)
- Improved IP detection for rate limiting (proxy-aware)
- Added nonce verification to all AJAX handlers (already present)

ENHANCEMENTS:
- Upgraded token generation to cryptographically secure (bin2hex + random_bytes)
- Added UNIQUE constraint on order_id column to prevent duplicates
- Added filter hooks for email customization (subject, message, headers)
- Implemented proper email headers (From, Reply-To)
- Added transient cleanup to prevent database bloat
- Defined class constants for all magic numbers (better maintainability)
- Improved error handling and validation messages

CODE CLEANUP:
- Removed all console.log() statements from JavaScript
- Removed excessive debug logging from PHP
- Removed test files (test-*.php, tests/ directory)
- Removed unused debug code from production
- Simplified feedback redirect handlers
- Reduced file size from 1570 to 1655 lines (after adding features, net cleanup)

PERFORMANCE:
- Wrapped audit logging in WP_DEBUG checks (production performance)
- Optimized database queries with proper escaping
- Improved rate limiting efficiency

SECURITY AUDIT COMPLETED:
- All 4 Critical issues fixed
- All 5 High Priority issues fixed
- All 6 Medium Priority issues fixed
- Key Low Priority issues fixed
- Full security review documented in SECURITY_REVIEW.txt

================================================================================

Version 1.0.0 (Initial Release)
================================================================================
- Initial plugin release
- Basic feedback collection functionality
- Notion API integration
- Star rating system
- Email notification system
- Google review redirect feature
- Admin dashboard and analytics
- Rate limiting and security features
