=== Roobely – Advanced Blocks ===
Contributors: tiger12, gteigland
Donate link: https://roobely.com
Tags: blocks, page-builder, gutenberg, responsive, custom-blocks
Requires at least: 6.1
Tested up to: 7.0
Stable tag: 1.0.6
Requires PHP: 7.4
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Fast and lightweight advanced blocks plugin for the WordPress block editor.

== Description ==

Roobely is a modern WordPress block plugin designed for performance, flexibility, and a clean editing experience.

It provides a collection of advanced blocks and design tools that help you build responsive websites directly inside the WordPress block editor.

Roobely focuses on:

* Faster editor performance
* Lightweight asset loading
* Clean and maintainable architecture
* Responsive design controls
* Better compatibility with modern themes
* Optimized frontend performance

== Features ==

* Advanced block collection
* Responsive layout controls
* Typography and spacing customization
* Gradient, shadow, and animation support
* Lightweight frontend assets
* Flexible design system
* Compatible with modern WordPress themes
* Performance-focused architecture

== Included Blocks ==

* Row & Column
* Heading
* Advanced Text
* Button
* Button Group
* Icon
* Icon List
* Image
* Divider
* Info Box
* Pricing Table
* Team Member
* Testimonial
* Counter
* Progress Bar
* Tabs
* Accordion
* Social Icons
* Video Popup
* Google Map
* Post Grid
* Timeline
* Contact Form
* Block Wrapper

== Pro Features ==

Roobely Pro will include:

* WooCommerce blocks
* Forms builder
* Carousel blocks
* Additional premium design components
* Migration tools
* Extended customization options

More information: https://roobely.com

== External Services ==

This plugin connects to several external services to provide additional functionality. All services are optional and require explicit user configuration.

### 1. Google Fonts API
- **Purpose**: Loads custom fonts for better typography in Roobely blocks
- **Data Sent**: Font family names selected by the user in block settings
- **When**: When a Roobely block uses custom fonts AND the user enables Google Fonts in plugin settings (OFF by default)
- **Service Provider**: Google LLC
- **Privacy Policy**: https://policies.google.com/privacy
- **Terms of Service**: https://developers.google.com/fonts/terms

### 2. Google reCAPTCHA
- **Purpose**: Prevents spam submissions in Roobely Contact Form blocks
- **Data Sent**: User's interaction with the contact form, CAPTCHA response token, page URL
- **When**: When the Contact Form block is configured with reCAPTCHA enabled
- **Service Provider**: Google LLC
- **Privacy Policy**: https://policies.google.com/privacy
- **Terms of Service**: https://policies.google.com/terms

### 3. Google Maps API
- **Purpose**: Displays interactive maps in the Map block
- **Data Sent**: Location data, place IDs, map coordinates, API key (provided by site owner)
- **When**: When the Map block is added to a page and configured with a Google Maps API key
- **Service Provider**: Google LLC
- **Privacy Policy**: https://policies.google.com/privacy
- **Terms of Service**: https://cloud.google.com/maps-platform/terms

### 4. Roobely Licensing Server (Pro Version Only)
- **Purpose**: Validates Pro license keys for premium features
- **Data Sent**: License key, site URL, product ID
- **When**: During license activation and periodic validation checks
- **Service Provider**: Roobely (tiger12)
- **Privacy Policy**: https://roobely.com/privacy-policy
- **Terms of Service**: https://roobely.com/terms

### 5. YouTube
This plugin connects to YouTube's embedding service to display video content in the Video Popup block.

When a user loads a page containing the Video Popup block, the plugin:
- Builds an embedded YouTube player URL
- Loads the YouTube iframe player API
- The visitor's browser connects to YouTube and may send standard request data such as IP address, browser details, cookies, and the page URL/referrer according to Google's policies

This service is provided by YouTube (Google):
- Terms of Service: https://www.youtube.com/t/terms
- Privacy Policy: https://policies.google.com/privacy

### 6. Vimeo
This plugin connects to Vimeo's embedding service to display video content in the Video Popup block when a Vimeo URL is used.

When a user loads a page containing the Video Popup block configured with a Vimeo video, the plugin:
- Builds an embedded Vimeo player URL (player.vimeo.com)
- The visitor's browser connects to Vimeo and may send standard request data such as IP address, browser details, cookies, and the page URL/referrer according to Vimeo's policies

This service is provided by Vimeo, Inc.:
- Terms of Service: https://vimeo.com/terms
- Privacy Policy: https://vimeo.com/privacy

### 7. Mailchimp
This plugin optionally connects to Mailchimp to submit form data.

When: When a contact form block is configured with Mailchimp as the form action
Data Sent: Form field values submitted to Mailchimp's form endpoint
Service Provider: Mailchimp (The Rocket Science Group)
Privacy Policy: https://mailchimp.com/legal/privacy/
Terms of Service: https://mailchimp.com/legal/terms/

== Source Code ==

This plugin ships with compiled and minified JavaScript assets for best performance and smaller download size.

The complete original unminified source code (React components, build tools, and all development files) used to generate these assets is publicly available at:

**https://bitbucket.org/tiger12/roobely**

**Build Instructions:**

cd assets/reactjs
npm install
npm run build


You can browse the full unminified source code (including the React source) directly in the public repository above (no login required).

**Note:** The minified `.js` files included in this plugin were built from the sources in the repository linked above.

**Primary source location:** `assets/reactjs/src/` in the repository above contains the primary, hand-edited React source code for this plugin. Files such as `assets/js/roobely.js` are generated webpack bundles produced from that source via the build instructions above, not source files themselves.

**Minified asset sources**

In the public Bitbucket repository (these unminified `.js` files are not included in the plugin ZIP; they are only available in the repository linked above):

* assets/js/roobely.min.js → assets/js/roobely.js
* assets/js/license-activation.min.js → assets/js/license-activation.js
* assets/js/common-script.min.js → assets/js/common-script.js
* assets/js/custom-roobely.min.js → assets/js/custom-roobely.js
* assets/js/htmlDecoder.min.js → assets/js/htmlDecoder.js
* assets/js/interaction.min.js → assets/js/interaction.js
* assets/js/jquery.animatedheadline.min.js → assets/js/jquery.animatedheadline.js
* assets/js/roobely-video-popup.min.js → assets/js/roobely-video-popup.js
* assets/js/blocks/contactform.min.js → assets/js/blocks/contactform.js
* assets/js/blocks/image-comparison.min.js → assets/js/blocks/image-comparison.js
* assets/js/blocks/map.min.js → assets/js/blocks/map.js

== Third-Party Libraries ==

Library: Font Awesome
Version: 7.2.0
License: MIT
Source: https://fontawesome.com/
Status: Actively maintained

Library: Roobely Video Popup (Custom Implementation)
Version: 1.0
License: GPLv2 or later (original code, bundled with this plugin — not a fork of Magnific Popup, and MIT terms do not apply)
Source: https://bitbucket.org/tiger12/roobely/src/main/assets/js/roobely-video-popup.js
Status: Maintained by the Roobely team
Notes: A small, dependency-free custom lightbox used by the Video Popup block to embed YouTube and Vimeo videos.

Library: jQuery
Version: WP Core
License: MIT
Source: https://jquery.com/
Status: Actively maintained

== Installation ==

Upload the plugin folder to /wp-content/plugins/roobely
Activate the plugin through the 'Plugins' menu in WordPress
Start using Roobely blocks in the Block Editor

== Frequently Asked Questions ==
= Is Roobely free? =
Yes. The core plugin is free.
= Does Roobely work with all themes? =
Roobely works with most modern block editor compatible themes.
= Is the plugin optimized for performance? =
Yes. Google Fonts are disabled by default.
= How do I enable Google Fonts? =
Go to Roobely → Settings → Advanced and set "Load Google Fonts" to Yes.
== Changelog ==
= 1.0.6 =

Bugfix: Fixed a typo in an internal function name (`roobely_resigter_rest_order_by_fields` → `roobely_register_rest_order_by_fields`) and its hook registration
Security/Compliance: Removed remaining `class_exists()` self-guards around the plugin's own classes (`ROOBELY_Options`, `ROOBELY_Initial_Setup`) — these guards are only appropriate for shared libraries, and the classes are already uniquely named
Bugfix: Moved a helper function (`roobely_excerpt_max_charlength`) that was being redeclared inside the Post Grid block's render callback (guarded by `function_exists()`) out to a proper top-level declaration, so it's defined once per request instead of relying on a redeclare guard - fixes a latent fatal-error risk when multiple Post Grid blocks appear on one page
Security/Compliance: Renamed two internal post meta keys that used a double-underscore (`__`) prefix, which is reserved for WordPress core, to single-underscore/no-underscore equivalents consistent with the rest of the plugin: `__roobely_available_blocks` → `_roobely_available_blocks`, and `__roobely_global_settings` → `roobely_global_settings` (this also fixes the "saved preset" lookup, which was silently reading the wrong meta key and always returning empty)
Security: `check_ajax_referer()` is now used for the Settings AJAX handler's nonce check, in place of a manual `wp_verify_nonce()` call, for consistency with WordPress's recommended AJAX security pattern
Security: Dynamic CSS generation in CssEngine.php now runs numeric values through an additional sanitization step before they're inserted into generated CSS rules, as defense-in-depth against a malformed/tampered stored attribute value breaking out of its declaration
Documentation: Updated WPML config to match the renamed post meta key

= 1.0.5 =

Security/Compliance: Renamed the AJAX action and handler used by the Settings page from `wp_ajax_update_roobely_options` / `ajax_update_roobely_options` to `wp_ajax_roobely_update_options` / `roobely_ajax_update_options`, so the action name no longer starts with the generic word "update" and is unique to the plugin
Security/Compliance: Renamed the localized block-editor script object from `wpApiSettings` to `roobelyApiSettings`, since the `wp` prefix is reserved for WordPress core
Cleanup: Removed `if (!function_exists())` guards around the plugin's own functions in roobely.php; all function names are already uniquely prefixed, and this pattern is only appropriate for shared libraries, not a plugin's own always-loaded functions
Bugfix: Animated Heading block now enqueues the minified `jquery.animatedheadline.min.js` asset instead of the unminified source file, consistent with how the rest of the plugin's scripts are loaded

= 1.0.4 =

Security: Google Maps API key is now entirely omitted from the data sent to the block editor for Editors/Authors (not just blanked) - only Administrators (`manage_options`) receive the key at all; other roles see the existing "please configure an API key" notice
Security: Removed the Mailchimp API key from the data sent to the block editor - it was never read by any editor script
Documentation: Added Contact Form to the Included Blocks list
Compatibility: `align-wide` theme support is now declared as a fallback on `after_setup_theme` instead of unconditionally at plugin load, so themes that opt out are respected
Bugfix: Minimum PHP/WordPress version checks in code now match the readme/plugin header (PHP 7.4, WordPress 6.1) instead of long-outdated values
Cleanup: Excluded `build-tools/` from the release package
Cleanup: Removed unused `sanitize_interaction_json()` method
Documentation: Noted that `assets/reactjs/src/` is the primary editable source, since `assets/js/roobely.js` is a generated build output

= 1.0.3 =

Cleanup: Removed the read-only fallback that checked for a legacy `roobely-json-{id}.json` file in the uploads directory; interaction data is now read exclusively from the `_roobely_interaction_json` post meta, which has been the sole write path since 1.0.2
Cleanup: Removed the unused `roobely_interactions` REST post meta registration, which was never read from or written to; `_roobely_interaction_json` is the single, consistent meta key for interaction data end-to-end

= 1.0.2 =

Security: Fixed .htaccess rule that was blocking the plugin's own generated stylesheets on Apache (previously denied .css as well as .json in the uploads/roobely directory)
Security: Hardened `roobely_global_settings` post meta with auth and sanitize callbacks
Bugfix: Block preview now generates CSS and interaction data live from the post's current content instead of relying on static preview files that were never populated
Bugfix: Interaction (scroll/mouse animation) data is now regenerated from saved block attributes on every post save, instead of only being read from a field nothing wrote to
Bugfix: The "File System" CSS location setting now actually writes/removes the per-post CSS file it relies on
Cleanup: Removed unused legacy roobely-preview.css/json file-writer and a stray undefined-variable reference in the Google Fonts loader
Documentation: Corrected readme Third-Party Libraries entry (custom video modal, not a Magnific Popup fork) and added the missing Vimeo external service disclosure
Documentation: Improved Source Code section in readme.txt with clear public repository link (Bitbucket)

= 1.0.1 =

Security: Strengthened REST API permission callbacks
Privacy: Google Fonts disabled by default
Security: Improved CSS and JSON sanitization
Security: Better escaping in Post Grid block
Documentation: Full external services and source code disclosure
Maintenance: Updated Font Awesome to 7.2.0
Compatibility: Tested up to WordPress 7.0

= 1.0.0 =

Initial release

== Upgrade Notice ==
= 1.0.1 =