=== Flexi Recent Comments ===

Contributors: Mhd Wahyu NZ
Donate link: https://mwahyunz.id/plugin
Tags: comments, recent comments, shortcode, performance, caching
Requires at least: 5.8
Tested up to: 6.8.2
Stable tag: 1.5.2.3
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Display your latest WordPress comments using the [flexicomments] shortcode with advanced caching and security features.

== Description ==
The Flexi Recent Comments WordPress plugin displays the latest comments anywhere using shortcodes. It comes with attributes for customization: avatar, number of comments, comment author visibility, comment character limit, display post title, and comment date. With built-in object caching and transient caching, it's both flexible and blazing fast!

== Installation ==
1. Upload the `flexi-recent-comments` folder to the `/wp-content/plugins/` directory.
2. Activate through 'Plugins' menu in WordPress.
3. Add shortcode '[flexicomments]' anywhere you want.

== Frequently Asked Questions ==

= Does the plugin require any special settings? =
No. Install, activate, and use the shortcode. Plugin works out of the box with intelligent defaults.

= How to use the shortcode? =
Add '[flexicomments]' to posts, pages, or widgets. Use attributes for customization.

= What are the available attributes? =
* number: Number of comments to display (1-50, default: 5)
* avatar: Display avatar (0/1, default: 1)
* size: Avatar size in pixels (20-200, default: 50)
* author: Include comments from post authors (0/1, default: 1)
* limit: Comment character limit (10-500, default: 80)
* title: Display post title (0/1, default: 1)
* date: Display comment date (0/1, default: 1)

= Examples =

Default usage:
[flexicomments]

Advanced usage:
[flexicomments number="3" size="75" author="0" limit="25" title="1" date="0"]

= Does it work with caching plugins? =
Yes! Plugin uses WordPress object caching and transients for optimal performance with any caching plugin.

= Is it secure? =
Yes. All outputs are properly escaped and sanitized following WordPress security standards.

== Changelog ==

= 1.5.2.3 =
* **PHP 8.0+ COMPATIBILITY FIX**: Changed magic methods `__clone()` and `__wakeup()` visibility from `private` to `public` to comply with PHP 8.0+ requirements.
* **CODE QUALITY**: Added proper error messages using `_doing_it_wrong()` for singleton pattern violations.
* **CODE QUALITY**: Added method documentation for magic methods with proper `@return` tags.

= 1.5.2.2 =
* **BUG FIX**: Fixed UTF-8 encoding for bullet separator character (•) in meta section.
* **CODE QUALITY**: Ensured consistent UTF-8 character encoding throughout the plugin.
* **VERIFICATION**: Confirmed that post titles are properly linked to their respective post URLs.

= 1.5.2.1 =
* **CRITICAL CSS FIX**: Added explicit `::marker` pseudo-element removal to prevent disc bullets on certain themes.
* **CSS**: Added `list-style-position: outside` to list items for additional bullet prevention.
* **CSS**: Enhanced specificity for `::marker` with multiple fallback properties (content, display, font-size, color).

= 1.5.2 =
* **CRITICAL BUG FIX**: Fixed UTF-8 ellipsis character encoding issue (was displaying as ÃƒÂ¢Ã¢â€šÂ¬Ã‚Â¦).
* **CRITICAL PERFORMANCE FIX**: Eliminated N+1 queries by implementing batch post loading with `get_posts_batch()`.
* **PERFORMANCE**: Added automatic cache invalidation on comment actions (post, edit, delete, status change).
* **PERFORMANCE**: Disabled unnecessary meta and post caching in comment queries with `update_comment_meta_cache` and `update_comment_post_cache`.
* **PERFORMANCE**: Added proper cache key normalization to prevent duplicate cached entries.
* **PERFORMANCE**: Cache constants for better maintainability.
* **SECURITY**: Enhanced XSS protection by using `strip_tags()` instead of `wp_kses()` for comment content.
* **SECURITY**: Added URL validation for comment links to prevent javascript: URLs.
* **SECURITY**: Added `rel="nofollow noopener"` to all external links.
* **SECURITY**: Added integer casting for author IDs to prevent type juggling issues.
* **CODE QUALITY**: Added `loading="lazy"` attribute to avatars for better page performance.
* **CODE QUALITY**: Improved comment truncation to remove incomplete words at the end.
* **CODE QUALITY**: Added proper translators comment for sprintf placeholders.
* **CODE QUALITY**: Using `get_option('date_format')` for consistent date formatting.
* **CODE QUALITY**: Added method documentation with proper type hints.
* **CODE QUALITY**: Added minimum value validation (e.g., avatar size minimum 20px).
* **CODE QUALITY**: Added semantic CSS classes for better styling control.
* **CODE QUALITY**: Replaced custom SQL with WordPress query builder where possible.
* **CSS**: Increased CSS specificity to prevent theme overrides on list styling.
* **CSS**: Added explicit removal of pseudo-elements (::before, ::after) that themes might inject.
* **CSS**: Added styles for new semantic classes (flexicomments_item, flexicomments_date, flexicomments_post_title, flexicomments_separator).
* **CSS**: Enhanced focus states for keyboard navigation accessibility (outline styling).
* **CSS**: Added smooth transitions for hover/focus effects (0.2s ease).
* **CSS**: Improved responsive layout with flexbox gap property.
* **CSS**: Added empty state styling for "No comments found" message.
* **CSS**: Added print media query for printer-friendly output.
* **CSS**: Added `user-select: none` for separator character.
* **BUGFIX**: Fixed potential issue with invalid comment links falling back to post permalink.

= 1.5.1 =
* Fixed avatar display for guest comments.
* Improved parameter handling in WordPress functions.

= 1.5.0 =
* **CRITICAL BUG FIX**: Fixed deprecated `get_users()` parameter `'who' => 'authors'` replaced with `'capability'`.
* **BUG FIX**: Fixed incorrect parameter usage in `get_comment_author()` and `get_comment_date()`.
* **SECURITY**: Added comprehensive escaping for all outputs using `esc_html()`, `esc_url()`, `wp_kses_post()`.
* **SECURITY**: Added post existence validation before rendering comments.
* **PERFORMANCE**: Implemented Singleton pattern to prevent multiple instances.
* **PERFORMANCE**: Added object caching with `wp_cache_*` for shortcode output (5 min cache).
* **PERFORMANCE**: Added object caching for comment queries (10 min cache).
* **PERFORMANCE**: Added static caching for author IDs to reduce function calls.
* **PERFORMANCE**: Added `'no_found_rows' => true` to comment query for speed.
* **PERFORMANCE**: Implemented output buffering for efficient string building.
* **CODE QUALITY**: Refactored into smaller, focused methods with proper visibility.
* **CODE QUALITY**: Added method documentation and type hints.
* **CODE QUALITY**: Added input validation with maximum value limits.
* **CSS**: Added responsive design for mobile devices.
* **CSS**: Added `box-sizing` and `overflow-wrap` for better layout stability.

= 1.4.0 =
* Changes to the implementation of get_post_authors_ids() with a version that uses get_users() and transient caching.
* Renaming the get_post_authors_ids() function to frc_get_post_authors_ids() and updating its call.
* Moving CSS registration to the wp_enqueue_scripts hook using wp_register_style().

= 1.2.0 =
* Improved security, sanitation, caching, and best practices.

= 1.0.0 =
* Initial release.

== Upgrade Notice ==

= 1.5.2.3 =
PHP 8.0+ compatibility fix for magic methods. Recommended update to eliminate PHP warnings on modern servers.

= 1.5.2.2 =
Minor bug fix for UTF-8 character encoding in separator. Recommended update for proper character display.

= 1.5.2.1 =
CSS fix to prevent bullet points on certain themes. Recommended update if you see unwanted bullets.

= 1.5.2 =
**IMPORTANT UPDATE**: This version fixes critical N+1 query performance issues, UTF-8 encoding bugs, and adds automatic cache invalidation. Highly recommended update for all users.

= 1.5.1 =
Bug fixes for avatar display and function parameters.

= 1.5.0 =
**IMPORTANT UPDATE**: This version fixes critical deprecated function usage and adds comprehensive security and performance improvements. Update immediately.

= 1.4.0 =
Improved security and performance.