=== Pipe9 WSOD Debugger ===
Contributors: altunyurt
Tags: wsod, white screen of death, debug, error recovery, fatal error
Requires at least: 6.4
Tested up to: 7.0
Stable tag: 1.3.3
License: GPLv2 or later

Automatically detects White Screen of Death crashes, identifies the culprit plugin/theme, and provides an emergency rescue panel to recover your site.

== Description ==

Pipe9 WSOD Debugger is an emergency recovery tool for WordPress. When a fatal error causes a White Screen of Death, this plugin:

* Captures the error snapshot automatically (shutdown handler)
* Identifies the plugin or theme that caused the crash
* Provides a secret rescue URL that works even during a WSOD
* Renders a full debug/rescue panel before any other plugin loads
* Allows you to disable the culprit plugin, switch themes, or manage plugins/themes from the rescue panel

== Installation ==

1. Upload the `pipe9-wsod-debugger` folder to `/wp-content/plugins/`
2. Activate the plugin through the WordPress admin
3. Find the Rescue URL in Tools → Pipe9 WSOD Debugger
4. Bookmark the Rescue URL — use it when your site crashes with a white screen

== Frequently Asked Questions ==

= How does it work without breaking during a WSOD? =

The plugin registers a PHP shutdown handler at the earliest possible moment during WordPress boot (priority `PHP_INT_MIN` on `plugins_loaded`). When a fatal error occurs, the shutdown handler captures the error, identifies the culprit, saves a crash snapshot, and writes a recovery flag file. On the next request, the recovery flag triggers a filter that strips all other plugins, and the rescue panel loads safely without interference from the broken plugin or theme.

= How do I access the rescue panel? =

Go to Tools → Pipe9 WSOD Debugger in the admin panel. Copy the Rescue URL (contains a secret key). Bookmark it — use it when your site crashes. Paste it directly into your browser's address bar when you see a white screen.

= How does the recovery flag system work? =

When a fatal error is detected, the plugin writes a small JSON flag file to `wp-content/uploads/pipe9-wsod-debugger/`. On the next request, this flag causes an `option_active_plugins` filter to activate only this plugin — all other plugins are temporarily stripped. This prevents the broken plugin from crashing again, giving you access to the rescue panel to disable the culprit plugin or switch themes. Once the issue is resolved, exiting recovery mode deletes the flag and the site returns to normal.

== Changelog ==

= 1.3.3 =
* Fix: replace wp_redirect() with wp_safe_redirect()
* Fix: remove load_plugin_textdomain() (automatic since WP 4.6)
* Fix: widen rescue URL input for full URL visibility
* Fix: enqueue rescue CSS on admin tools page
* Refactor: scope rescue-page CSS under body class to prevent admin layout leaks

= 1.3.2 =
* Fix: sanitize crash snapshot fields with sanitize_text_field() instead of raw string casts
* Fix: add capability checks (manage_options) and proper input sanitization to rescue actions
* Fix: add FILTER_UNSAFE_RAW + wp_unslash() to all filter_input() calls
* Fix: sanitize nonce with wp_unslash() + sanitize_text_field() before wp_verify_nonce()
* Fix: missing load_plugin_textdomain() call for proper i18n
* Fix: replace scandir() with WP_Filesystem::dirlist() for hosting compatibility
* Fix: replace raw header() calls with WordPress functions (wp_redirect, status_header)
* Fix: replace file_exists() with $wp_filesystem->exists() in WP_Filesystem contexts
* Fix: remove inline style attributes, move to CSS classes
* Fix: culprit mis-attribution when previous crash blamed our own plugin
* Fix: plugin disable/enable/toggle actions now use WP activation API directly
* Fix: lift option_active_plugins filter during plugin operations so deactivate/activate work correctly
* Refactor: centralise path resolution into shared Path_Resolver class
* Refactor: centralise wp-admin includes into ensure_* helper methods
* Refactor: remove redundant ABSPATH guard checks from method bodies
* i18n: add 4 missing translatable strings with full locale coverage
* i18n: rebuild .mo binaries for all 9 locales

= 1.3.0 =
* Flag-based WSOD recovery system with option_active_plugins filtering
* Restored full rescue panel: Dashboard, Plugins, Themes, Logs, System Info tabs
* Removed mu-plugin dependency — everything runs from the regular plugin
* Replaced PHP stdlib file ops with WP_Filesystem equivalents
* Replaced manual path building with WordPress constants (WPINC, WP_CONTENT_DIR)
* Used wp_normalize_path() for cross-platform path normalization
* Used wp_get_themes() instead of manual theme directory scanning

= 1.2.2 =
* Bump requires-at-least to 6.4, tested-up-to to 7.0
* Fix variable prefixing and add direct access protection in place-mu-plugin.php
* Fix author attribution

= 1.2.1 =
* Initial release
* WSOD detection via shutdown handler
* Crash snapshot with culprit identification
* Secret rescue URL
* Early-load rescue panel (MU-plugin — replaced by flag-based recovery in v1.3.0)
* Plugin/theme management in rescue mode
