=== Simple Editor Control === Contributors: tlloancy Tags: file editor, audit, diff, plugin editor, theme editor, security Requires at least: 5.5 Tested up to: 6.9 Requires PHP: 7.4 Stable tag: 4.1.0 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Audit trail and git-style diff viewer for every file change made through the WordPress plugin and theme file editor. == Description == Simple Editor Control silently records every file change made through the WordPress built-in plugin editor and theme editor. For each save it stores the diff, the editor who made it, and the timestamp — giving you a full, browsable history. **Features** * Automatic tracking — no setup required. Every save through the WP file editor is captured. * Git-style diff viewer with side-by-side and line-by-line modes. * Adjustable context lines (0, 3, 5, 10, 20). * Point-in-time file recovery — download any file as it existed at any past revision. * Works with all plugins and all active themes. * Accurate LCS-based diff engine (same algorithm as GNU diff / git) — handles insertions, deletions and replacements correctly. * Fully translatable. **Use cases** * See exactly what changed when something broke. * Verify that no unauthorised changes were made to your plugin or theme files. * Recover a previous version of a file without restoring a full backup. == Installation == 1. Upload the plugin to `/wp-content/plugins/simple-editor-control/`. 2. Activate through **Plugins → Installed Plugins**. 3. Go to **Tools → Simple Editor Control** to see the audit trail. 4. Start editing plugin or theme files through the WP file editor — changes are captured automatically. == Frequently Asked Questions == = Does it work with the Gutenberg block editor? = Simple Editor Control hooks into the WP file editor (plugin-editor.php / theme-editor.php), not the post editor. It is unrelated to Gutenberg. = Are changes tracked if I edit files via FTP or SSH? = No. Only changes made through the WordPress admin file editor are tracked. = Is the full file stored for every revision? = No. Only the first save stores the full file content (snapshot). Subsequent saves store only the diff, keeping the database footprint small. = Can I delete the history? = Yes. Deactivating the plugin preserves your history. To remove it entirely, delete the plugin — an uninstall hook will drop the database table. = What happens on very large files? = The LCS diff engine works well on files up to a few thousand lines. For very large files (> ~3,000 lines with low similarity), a fast-path algorithm is used that treats the change as a full replacement. == Changelog == ### 4.1.0 (11-May-2026) ### Fixed: Initial Revision Logic: Added a specific case to handle the first-ever revision using the stored snapshot. This allows the diff to display correctly even when no prior history exists in the database. ### 4.0.1 (11-May-2026) ### * Blunderman Syndrome: Fixed incorrect table name reference (sec_revisions). ### 4.0.0 "Reborn" (11-May-2026) ### * Architectural Shift: Complete migration from file_modifications to the new sec_revisions table. Old data is deprecated in favor of a robust LCS-based diff system. * Security (Hardened): All AJAX endpoints now strictly require nonce validation + manage_options capability. * Security (Hardened): File download no longer exposes raw content without authentication. * Security (Hardened): Bulletproof path traversal prevention on snapshot reads. * Security (Hardened): Strict $wpdb->prepare() usage and esc_sql() on all table interpolations. * Fixed: Replaced old diff engine with a high-precision LCS (Longest Common Subsequence) algorithm — accurate insertions and deletions tracking. * Fixed: File content stored as raw PHP text, not HTML-encoded — no more decode/encode round-trip corruption. * Fixed: load_plugin_textdomain() deprecated second parameter removed. * Improved: New two-panel admin UI — sidebar plugin list, timeline, and professional diff viewer. * Improved: Diff viewer powered by diff2html with real-time syntax highlighting. * Improved: Context line count and view mode (side-by-side/inline) switchable live without page reload. * Improved: Revision list grouped by file with download-at-revision button per entry. * Improved: Performance optimization with wp_cache_get/set on revision list queries. * Improved: All enqueued scripts/styles pass plugin version for cache busting. * Removed: Standalone ajax/get_plugin_details.php (replaced by proper wp_ajax_ actions). * Removed: REST API route (replaced by wp_ajax_ actions with nonce + capability check). * i18n: All strings translatable; JS strings passed through wp_localize_script(). = 3.0.1 = * Minor fixes. == Upgrade Notice == = 4.0.0 = Major security and correctness release. Update immediately. Previous versions had unauthenticated AJAX endpoints and a broken diff engine.