=== WaffleDB ===
Contributors: tokitam
Tags: database, db, form, no-code
Requires at least: 6.2
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.5
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Create and manage custom database tables in WordPress. Flexible columns, CRUD forms, REST API, CSV export, and shortcodes. No coding required.

== Description ==
WaffleDB is a no-code database management plugin for WordPress. You can define custom tables with any column structure directly from the admin dashboard, then create, read, update, and delete records through a built-in web interface or via REST API.

**Features**

* Create custom tables with a flexible column structure
* CRUD operations (create, read, update, delete) via web interface
* Role-based access control (read / write / update / delete per table)
* 11 column types: text, textarea, int, float, date, datetime, URL, image URL, image upload, file upload, YouTube
* CSV export
* REST API with API token authentication
* Shortcode support: `[waffledb table_id="X"]` and `[waffledb_item table_id="X" item_id="Y"]`
* DataTables integration for large datasets (switches to AJAX for 1,000+ records)

**Limits**

* Up to 6 tables per site
* Up to 15 columns per table

== Installation ==
1. Upload the `waffledb` folder to the `/wp-content/plugins/` directory, or install it directly through the WordPress plugin screen.
2. Activate the plugin through the **Plugins** screen in WordPress.
3. Go to **WaffleDB** in the admin menu to create your first table.
4. Add columns to define your data structure, then start entering records.

== Screenshots ==
1. Edit data
2. Table list
3. Column list

== Changelog ==
= 1.5 =
- Security: escaped shortcode/callback return values, including the WP_List_Table column callbacks rendered by WordPress
- Security: added a delete-permission check to the front-end detail view before deleting a record
- Security: hardened nonce and capability checks across admin AJAX handlers and form controllers
- Security: switched dynamic SQL identifiers to the %i placeholder with strict identifier/type allowlist validation, and parameterized values with prepare()
- Added email column type
- Fixed malformed SHOW TABLES queries (missing closing quote) in the activation/migration routine

= 1.2 =
- Added float (double) column type
- Fixed CSV download returning empty content
- Fixed CSV download encoding to UTF-8
- Fixed API syntax errors
- Improved component type display names
- Removed deprecated load_plugin_textdomain() call (auto-loaded since WordPress 4.6)
- Code and directory structure refactoring

= 1.1 =
- Corrections after review

= 1.0 =
*Release Date - 30 March 2024*

* First Release
