=== Simple Editor Control ===
Contributors: tlloancy
Tags: file editor, audit, diff, plugin editor, theme editor, security
Requires at least: 5.5
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 4.1.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Audit trail and git-style diff viewer for every file change made through the WordPress plugin and theme file editor.

== Description ==

Simple Editor Control silently records every file change made through the WordPress built-in plugin editor and theme editor. For each save it stores the diff, the editor who made it, and the timestamp — giving you a full, browsable history.

**Features**

* Automatic tracking — no setup required. Every save through the WP file editor is captured.
* Git-style diff viewer with side-by-side and line-by-line modes.
* Adjustable context lines (0, 3, 5, 10, 20).
* Point-in-time file recovery — download any file as it existed at any past revision.
* Works with all plugins and all active themes.
* Accurate LCS-based diff engine (same algorithm as GNU diff / git) — handles insertions, deletions and replacements correctly.
* Fully translatable.

**Use cases**

* See exactly what changed when something broke.
* Verify that no unauthorised changes were made to your plugin or theme files.
* Recover a previous version of a file without restoring a full backup.

== Installation ==

1. Upload the plugin to `/wp-content/plugins/simple-editor-control/`.
2. Activate through **Plugins → Installed Plugins**.
3. Go to **Tools → Simple Editor Control** to see the audit trail.
4. Start editing plugin or theme files through the WP file editor — changes are captured automatically.

== Frequently Asked Questions ==

= Does it work with the Gutenberg block editor? =
Simple Editor Control hooks into the WP file editor (plugin-editor.php / theme-editor.php), not the post editor. It is unrelated to Gutenberg.

= Are changes tracked if I edit files via FTP or SSH? =
No. Only changes made through the WordPress admin file editor are tracked.

= Is the full file stored for every revision? =
No. Only the first save stores the full file content (snapshot). Subsequent saves store only the diff, keeping the database footprint small.

= Can I delete the history? =
Yes. Deactivating the plugin preserves your history. To remove it entirely, delete the plugin — an uninstall hook will drop the database table.

= What happens on very large files? =
The LCS diff engine works well on files up to a few thousand lines. For very large files (> ~3,000 lines with low similarity), a fast-path algorithm is used that treats the change as a full replacement.

== Changelog ==

### 4.1.0 (11-May-2026) ###
Fixed: Initial Revision Logic: Added a specific case to handle the first-ever revision using the stored snapshot. This allows the diff to display correctly even when no prior history exists in the database.

### 4.0.1 (11-May-2026) ###
* Blunderman Syndrome: Fixed incorrect table name reference (sec_revisions).

### 4.0.0 "Reborn" (11-May-2026) ###
* Architectural Shift: Complete migration from file_modifications to the new sec_revisions table. Old data is deprecated in favor of a robust LCS-based diff system.
* Security (Hardened): All AJAX endpoints now strictly require nonce validation + manage_options capability.
* Security (Hardened): File download no longer exposes raw content without authentication.
* Security (Hardened): Bulletproof path traversal prevention on snapshot reads.
* Security (Hardened): Strict $wpdb->prepare() usage and esc_sql() on all table interpolations.
* Fixed: Replaced old diff engine with a high-precision LCS (Longest Common Subsequence) algorithm — accurate insertions and deletions tracking.
* Fixed: File content stored as raw PHP text, not HTML-encoded — no more decode/encode round-trip corruption.
* Fixed: load_plugin_textdomain() deprecated second parameter removed.
* Improved: New two-panel admin UI — sidebar plugin list, timeline, and professional diff viewer.
* Improved: Diff viewer powered by diff2html with real-time syntax highlighting.
* Improved: Context line count and view mode (side-by-side/inline) switchable live without page reload.
* Improved: Revision list grouped by file with download-at-revision button per entry.
* Improved: Performance optimization with wp_cache_get/set on revision list queries.
* Improved: All enqueued scripts/styles pass plugin version for cache busting.
* Removed: Standalone ajax/get_plugin_details.php (replaced by proper wp_ajax_ actions).
* Removed: REST API route (replaced by wp_ajax_ actions with nonce + capability check).
* i18n: All strings translatable; JS strings passed through wp_localize_script().

= 3.0.1 =
* Minor fixes.

== Upgrade Notice ==

= 4.0.0 =
Major security and correctness release. Update immediately. Previous versions had unauthenticated AJAX endpoints and a broken diff engine.
