SDAweb Social Galleri Feed

[sdawsoga_gallery]

Changelog

5.3.1

• Fix: Undefined variable $month_labels in admin settings “Month Names” section. The month label header now correctly reads from $month_defaults. On PHP 8+ this previously emitted PHP warnings; functionally the field labels were empty.
• Compatibility: Verified compatibility with PHP 8.5.

5.3.0

• Developers: Formally documented 21 existing WordPress filter and action hooks as a stable public API. See docs/hooks.md inside the plugin folder for full reference with copy-paste examples. Hooks cover rendering (sdawsoga_shortcode_attributes, sdawsoga_gallery_template_path, sdawsoga_gallery_output, sdawsoga_thumbnail_url, sdawsoga_permalink, sdawsoga_formatted_timestamp, sdawsoga_caption_before_process, sdawsoga_caption_after_process, sdawsoga_is_carousel, sdawsoga_media_type_label, sdawsoga_error_message_html), post filtering (sdawsoga_filtered_posts, sdawsoga_hashtag_filtered_posts, sdawsoga_exclude_hashtags_filtered_posts), API and cached data (sdawsoga_cached_feed_data, sdawsoga_fresh_feed_data, sdawsoga_after_api_fetch, sdawsoga_stories_data), SEO schema (sdawsoga_schema_markup), and lifecycle events (sdawsoga_before_api_fetch, sdawsoga_cache_cleared).
• Developers: All documented hooks are now stable within the 5.x major version — they will not be removed or renamed without going through the standard _deprecated_hook() cycle.
• Documentation: New FAQ entry “Can I extend the plugin from my theme or another plugin?” pointing developers at the hooks documentation.
• No user-visible changes — if you don’t write code against the new public hooks API, the plugin behaves identically to 5.2.4.

5.2.4

• Performance: Gallery item images now have explicit width and height attributes parsed from the Instagram CDN URL pattern (/p640x640/, /s320x320/, etc.). Eliminates Cumulative Layout Shift on masonry and original-aspect-ratio layouts.
• Reliability: Pagination cursor sanitization no longer strips period characters. Meta has historically used several base64 variants in pagination cursors; the previous regex was overly aggressive and could silently break pagination if Meta returned a cursor containing a “.”
• Hygiene: When the Stories feature is toggled off, the plugin now immediately clears any pending Stories cron events for all accounts. Previously they kept consuming Graph API quota until each one fired and saw that stories were disabled.
• i18n: The “Loading gallery…” text in the initial template now respects the admin-customizable label from Components > Translations, matching how the rest of the frontend strings work.
• Documentation: Admin setup guide and readme FAQ now document the additional instagram_manage_insights permission required if you enable Stories.

5.2.3

• Accessibility: Lightbox modal now declares dialog semantics statically (role=”dialog”, aria-modal, aria-label, aria-describedby) so accessibility audits and screen-reader navigation see them on initial render, not only after open
• Accessibility: Added a screen-reader hint inside the lightbox describing the keyboard shortcuts (Escape, arrow keys, swipe-up to close)
• Accessibility: Broadened prefers-reduced-motion coverage from a few elements to a blanket plugin-scoped pattern using the 0.01ms idiom (preserves animationend events for any code waiting on them)
• Accessibility: Expanded :focus-visible outline coverage to include post navigation arrows, dot indicators, and Story viewer controls
• i18n: The block editor script now loads its translations via wp_set_script_translations() so the inserter labels and inspector controls can be localized
• Privacy: Privacy policy content now also discloses that profile pictures, post images, and video thumbnails are loaded directly from Instagram’s CDN (scontent.cdninstagram.com), exposing visitor IPs to Meta on every page render
• Improved: SDAWSOGA_VERSION constant now reads dynamically from the plugin header via get_file_data() — single source of truth, eliminates version drift
• Improved: Build script now auto-syncs block.json and block-editor.asset.php version metadata from the plugin header at build time
• Fixed: block-editor.asset.php fallback version updated from a stale 4.10.1 to current
• Cleanup: Plugin header author corrected — “Rune Stake Stavdal” (the original spelling, restored after a previous propagated error in a sibling plugin’s checklist template)

5.2.2

• Improved: Full internationalization audit — all 36 frontend label defaults now wrapped in translation functions
• Improved: All admin form labels and placeholders in the Translations tab are now properly translatable
• Improved: Replaced hardcoded Norwegian placeholder text with translatable English defaults
• Improved: Created complete POT file (597 entries) — was previously missing entirely
• Improved: Added block.json title and description to POT for block editor translation
• Fixed: Added translator comments for all strings containing %d placeholders

5.2.1

• Fixed: Gallery images no longer flicker or fade-in again when scrolling up and down.
• Performance: Removed content-visibility that caused re-paint flicker on scroll.
• Performance: GPU compositing layers (will-change) now only activate on hover instead of permanently.
• Performance: Removed duplicate hover transform on images to reduce compositing work.
• Changed: Removed grey placeholder background from grid items for a cleaner loading appearance.

5.2.0

• Added: Permanent Page Token support — tokens that never expire now work alongside 60-day User Tokens.
• Added: Setup guide updated with step-by-step instructions for obtaining a non-expiring token.
• Added: Copy-to-clipboard toast notification replaces inline button text swap in Shortcode Builder.
• Changed: All default strings now in English (base language). Existing sites with saved translations are unaffected.
• Changed: Images load with a fast 200ms opacity fade from placeholder background instead of slow staggered animation.
• Fixed: Account deletion now correctly detects and reassigns the default account.
• Fixed: Avatar renders as a plain element (not a button) when Stories are disabled.
• Fixed: Custom bio HTML no longer rendered as plain text on the frontend.
• Fixed: Double clipboard toast no longer fires when copying shortcodes.
• Fixed: Enter key in account fields triggers Add Account instead of submitting the settings form.
• Fixed: Keyboard listeners cleaned up when gallery is removed from DOM during open modal.
• Fixed: Double-escaped gallery ID in template output.
• Fixed: Uninstall now removes all plugin options including Stories and filter settings.
• Fixed: CSS aspect-ratio fallback added for Safari 14 and older.
• Improved: Block editor script now runs in strict mode.
• Improved: Render method docblocks document escaped HTML return contract.

5.1.1

• Fixed: Images no longer flicker or show blank placeholders when scrolling back to the feed on mobile.

5.1.0

• Added: Instagram Stories integration — active Stories display as a gradient ring around the profile avatar.
• Added: Fullscreen Story viewer with progress bars, auto-advance (5s for images, video duration for videos), tap-to-navigate, and keyboard support.
• Added: Per-account Stories cron refresh every 15 minutes (only when Stories feature is enabled).
• Added: “Show Stories” toggle in Behavior tab (default: off).
• Added: show_stories shortcode attribute for per-feed control.
• Added: Stories data injected inline per account for zero-AJAX display.
• Added: Video Stories play automatically with sound in the viewer.
• Note: Stories expire after 24 hours (Instagram API limitation). Only available for accounts you own a token for.

5.0.0

• Added: Multi-account support — connect up to 20 Instagram accounts with individual tokens, caches, and cron schedules.
• Added: Accounts admin tab — add, edit, delete, test connection, and clear cache per account.
• Added: account shortcode attribute and Gutenberg block attribute for selecting which account to display.
• Added: Per-account cache keys, stale backups, and failure counters — accounts don’t interfere with each other.
• Added: REST API ?account= parameter with sanitize_key validation.
• Added: Shortcode Builder redesigned with prominent account selector header showing username and post count.
• Added: Auto-migration from single-account to multi-account storage on upgrade.
• Changed: Admin restructured from 9 tabs to 7 — Header, Buttons, and Lightbox merged into Appearance; API renamed to Global (token management moved to Accounts); Advanced renamed to Behavior.
• Changed: Gallery Name (formerly Feed ID) now has clearer labeling and description.
• Changed: Plugin overview, setup guide, and help documentation updated for multi-account workflow.
• Improved: Per-account WP-Cron scheduling with proper args-based event management.
• Improved: Uninstall cleanup handles all per-account options, transients, and cron events.

4.12.0

• Improved: Lightbox backdrop changed to solid black for full immersion.
• Improved: Grid item hover effect upgraded — snappier scale (1.03), GPU-accelerated with will-change.
• Improved: Hover overlay now slides up with cubic-bezier easing for a premium feel.
• Improved: Grid images fade in smoothly on load instead of popping in.
• Improved: Close button hover uses scale instead of rotate for a modern look.
• Improved: All modal close paths (button, backdrop click, Escape, swipe) now animate consistently.
• Improved: Swipe detection uses velocity + lower threshold (35px) for more responsive touch navigation.
• Improved: Swipe-up-to-close also uses velocity detection for natural feel.
• Improved: Swipe hint shows for 1.5s (was 3s) and repositioned above mobile nav buttons.
• Improved: Focus rings use :focus-visible with Instagram blue (#0095f6) for better keyboard accessibility.
• Improved: Next/previous post images preloaded in lightbox for instant navigation.

4.11.0

• Added: Exponential backoff on API failures — retry interval doubles per consecutive failure (capped at 24h), resuming normal schedule on success.
• Fix: Consecutive failure counter resets when admin changes the API token, so backoff doesn’t carry over to a new token.

4.10.5

• Fix: Consistent cron cleanup — uninstall.php and clear_all() now use wp_clear_scheduled_hook() matching deactivation behavior.

4.10.4

• Fix: Hashtag filtering now uses word-boundary matching — #pizza no longer matches #pizzanight.
• Fix: Instagram API pagination cursor no longer corrupted by over-aggressive sanitization on large feeds.
• Fix: Template path filter validated against plugin/theme directories to prevent arbitrary file inclusion.
• Fix: IP rate limiting uses salted hash (wp_hash) instead of plain MD5.
• Fix: Token encryption uses random_bytes() instead of deprecated openssl_random_pseudo_bytes().
• Fix: Schema.org JSON-LD data sanitized with esc_url_raw() and sanitize_user().
• Fix: Token mask check uses strict pattern to prevent edge-case save bypass.
• Fix: Plugin deactivation uses wp_clear_scheduled_hook() for reliable cron cleanup.
• Fix: Token decryption failures now logged when WP_DEBUG is enabled; base64 decode uses strict mode.
• Accessibility: Admin settings tabs have proper ARIA roles (tablist, tab, tabpanel).
• Accessibility: Gallery grid container has aria-live=”polite” for screen reader announcements on load-more.
• Code quality: Duplicate hex color regex extracted to constants in admin script.
• Code quality: Feed ID attribute capped at 50 characters.

4.10.3

• Fix: SVG icons in lightbox (swipe hint, close button, nav arrows, media type badge) could render at wrong size due to CSS specificity conflict with the modal SVG reset. All SVG rules now use scoped selectors to prevent theme or reset overrides.

4.10.2

• Fix: Removed legacy unprefixed tg_gallery shortcode alias for WordPress.org compliance.
• Improved: Block editor UI strings internationalized with wp.i18n for translation support.
• Added: Tested up to header in main plugin file.

4.10.1

• Fix: Re-tagged release to ensure update delivery to all users.

4.10.0

• Performance: Grid items use DocumentFragment for batched DOM appends (single reflow instead of per-item).
• Performance: Hover overlay DOM created lazily on first mouseenter instead of at render time (~12 fewer nodes per item).
• Performance: CSS content-visibility: auto on grid and highlight layout items skips rendering for off-screen posts.
• Performance: Images use decoding=”async” for off-thread decode in grid and lightbox.

4.9.0

• Added: Gutenberg block — insert the gallery from the block editor with visual settings in the sidebar.
• Added: sdawsoga_max_sync_posts to default options registry (was missing from activation and migration).
• Improved: Stale feed backup now truncated to 50 posts to prevent wp_options table bloat.
• Improved: REST API fetch includes X-WP-Nonce header for authenticated request context.
• Improved: Resize event listener cleanup via MutationObserver prevents memory leaks in SPA environments.
• Fixed: Legacy tg_ prefix options are now cleaned up on plugin uninstall.

4.8.0

• Post navigation arrows in lightbox backdrop — jump between posts on desktop, hidden on mobile where bottom nav bar handles it.
• Shortcode Builder admin tab — visually configure feeds and copy generated shortcodes with live preview.
• Clickable hashtags and @mentions in lightbox captions — matches PHP-rendered hover overlay.
• Enable/disable lightbox setting now wired to frontend — when disabled, grid images link directly to Instagram.
• Schema.org JSON-LD markup injected when feed loads (SocialMediaPosting with author data).
• Admin quick-links (Overview, Setup Guide) now switch to API tab first when clicked from other tabs.
• Updated Overview panel with post navigation docs and expanded shortcode reference table.
• Renamed legacy _tg references, removed duplicate variable declarations, cleaned up file header versions.

4.7.8

• Clear Cache now immediately re-fetches feed data — works reliably when WP-Cron is disabled (DISABLE_WP_CRON).
• Reduced API page size from 100 to 33 posts per request — prevents “reduce data” errors on accounts with carousel/children data.
• Clear Cache shows actual API error message on failure instead of generic text.
• Improved “Posts to show” description — clarifies Load More batch behavior and sync relationship.

4.7.5

• Responsive “Posts to show” — 6-breakpoint system matching responsive columns (desktop, laptop, tablet landscape, tablet portrait, mobile landscape, mobile portrait).
• Debounced resize handler recalculates visible posts on viewport change, preserving Load More state.
• Access token masked in admin HTML source (credential security hardening).
• Unsaved changes warning (beforeunload) in admin settings.
• Fixed stale [TG Admin] prefix in debug log.
• Replaced trademark dashicon (dashicons-instagram) with generic icon.
• Corrected author header format to match WordPress.org standard.

4.7.3

• Max posts to sync increased from 50 to 300 with automatic API pagination.
• Improved admin description for sync setting.

4.7.2

• Admin UI redesign: quick-access pill bar, tabbed Plugin Overview card (Layouts, Lightbox, Content, Performance, Security, Shortcodes), collapsible info cards, info tooltips on technical terms, shortcode reference table with parameter docs
• Fixed unprefixed variables in uninstall.php
• Added missing contributor to readme.txt

4.7.1

• Removed Plugin URI header to comply with WordPress.org guidelines (was identical to Author URI)

4.7.0

• Added: Video badge on grid items — shows a “Video” badge on VIDEO posts (toggle in Advanced > Carousel & Video)
• Added: Keyboard support for carousel dots — dots are focusable with Tab, activatable with Enter/Space
• Added: Default hashtag and exclude filters — set global defaults in Layout tab, shortcode attributes override
• Added: Cache refresh failure counter — red inline count shown in API tab cache status when consecutive failures > 0

4.6.0

• Added: Content moderation — blacklist words filter hides posts with blocked words/phrases
• Added: Video autoplay on hover — muted video preview plays when hovering over video posts in the grid
• Added: Carousel autoplay in lightbox — auto-advance slides with configurable interval and progress bar
• Added: Persistent API failure notice — warning shown on settings page when feed refresh fails 3+ times consecutively

4.5.4

• Fixed missing JS, template, and include files that were absent from the 4.5.3 SVN tag
• Whitespace and trailing-space cleanup across CSS, PHP, and JS files

4.5.3

• Renamed all frontend CSS classes and variables from generic tg- prefix to unique sdawsoga- prefix for better namespace compliance

4.5.2

• Fixed fatal error: wp_salt() called before pluggable.php is loaded
• Deferred cron scheduling to init hook for compatibility with all hosting environments

4.5.1

• Removed custom CSS editor per WordPress.org guidelines
• Fixed inline CSS escaping with wp_strip_all_tags()
• Fixed main plugin filename to match plugin slug
• Fixed settings link URL on Plugins page

4.5.0

• Security: Constant definition guards, CSS sanitizer hardened, IP validation, error code sanitization
• Fixed: XSS — lightbox and caption rendering switched to DOM element creation
• Added: 6-breakpoint responsive column cascade via CSS variables
• Improved: Conditional asset loading, smart cache clearing

4.4.0

• Max posts to sync setting, translatable post counter, improved cache status and mobile follow button

4.3.1

• WordPress.org trademark compliance: renamed plugin, added directory protection and license

4.3.0

• Inline JSON feed loading, REST API endpoint, stale-while-revalidate caching, WP-Cron background refresh

4.2.0

• Lightbox engagement stats, translations tab, swipe-up-to-close, security hardening (Bearer auth, CSRF, XSS)

4.1.0

• Initial release with grid/masonry/highlight layouts, lightbox, profile header, responsive columns