Télécharger WP Extended Pro v3.2.7

Quoi de neuf (Journal des modifications - Changelog) dans WP Extended Pro version 3.2.7

## [3.2.7] 2026-06-21


### Features


• **Public Preview Links*(new Pro module): Generate publicly accessible preview links for draft, pending, scheduled, and private posts so reviewers can view unpublished content without logging in. Native integration in both the block editor (sidebar panel) and classic editor (meta box), with expiring tokens, one-click copy, and revoke.
• **Custom User Avatar*(new module): Upload a custom profile picture from the WordPress profile screen, with live preview and one-click revert to Gravatar. Applies site-wide.
• **Admin Customiser**: Defers to each user’s WordPress admin colour scheme — custom colours only apply where explicitly set.
• **Admin Customiser**: New « Item Hover Background Colour » setting for admin bar items.
• **Licensing**: Migrated to FluentCart. Existing licences keep working with no action needed.

### Fixes


• **Duplicate Post**: « Duplicate » button could disappear in the block editor or fail to identify the post in the classic editor. Now stays put and works in both.
• **Quick Add Post**: « New » button could vanish from the block editor toolbar after editor changes. Now stays visible.
• **Admin Customiser**: Fixed the sidebar menu flashing the default colour on hover.
• **Maintenance Mode**: Synced the default body text between the settings screen and the live page.

### Improvements


• **Admin Customiser**: Unified colour field labels across the Admin Bar and Sidebar tabs.

## [3.2.6] 2026-04-21


### Features


• **SMTP Email**: Added third-party email provider integrations (Brevo, SendGrid, Postmark, SparkPost, Emailit, ToSend) as alternatives to raw SMTP credentials. Refactored module into a handler architecture with `EmailHandlerInterface`, `BaseEmailHandler`, and `ProviderRegistry`; `SmtpHandler` is now a thin orchestrator that delegates to the active provider.
• **SMTP Email**: API key verify button with real connection test, improved email logs with auto-refresh, status badges, and error tooltips.
• **Maintenance Mode**: Admin bar one-click toggle with role-based permissions (Pro). New `POST /wpextended/v1/maintenance-mode/toggle` REST endpoint with nonce verification and role-based permission checks.
• **Global**: New `uninstall.php` runs destructive cleanup only when the plugin is uninstalled and `remove_plugin_data` is enabled; deactivation is now non-destructive.

### Fixes


• **Debug Mode**: Pro bootstrap kept registering hooks after module disable, leaving a persistent « WP Debug is currently disabled » admin notice. Bootstrap now bails when the parent module is disabled and clears stored notices.
• **Duplicate Post**: Elementor-built pages lost all styles on duplication because the integration called `files_manager->clear_cache()` (a global cache nuke) instead of regenerating per-post CSS. Now uses `Post_CSS::create($postId)->update()` and clears `_elementor_element_cache`.
• **User Last Login**: Last Login column not rendering values in users list table.
• **Folder Manager**: Block editor folder panel returned « could not move to folder » (404). Fixed by switching from WP core `/wp/v2/{postType}/{postId}` to the plugin’s `wpextended/v1/folder-manager/items/move` endpoint which handles post type resolution internally.
• **Rollback Manager**: `ArgumentCountError: Too few arguments to function themeActionLink()` crashed the Themes screen on multisite. The `theme_action_links` filter passes 3 args, not 4; callback signature corrected to use the `WP_Theme` object passed as the 2nd arg.
• **SMTP Email**: Download Logs button did not trigger the CSV export. Rendered element switched from a button-style `link` type to an anchor tag with `data-allow-default` so the browser follows the download URL [Pro].

### Security


• **SMTP Email**: The admin-post handler for exporting email logs as CSV did not enforce a capability check. Added `manage_options` gating consistent with the REST log endpoints; non-admin users now receive 403 [Pro].

### Design Rationale


• Cleanup moved out of `Deactivator` and into `uninstall.php` so users can temporarily deactivate the plugin without losing module settings or custom table data.
• SMTP module refactor favours per-provider HTTP handlers over a monolithic SMTP class; each provider implements `EmailHandlerInterface` for consistent send/test behaviour.
• Maintenance Mode admin bar is always visible for users with toggle permission (red when active, neutral when disabled); admins get a settings sub-link, non-admin toggle users only see the toggle.

### Notes & Caveats


• Any site relying on deactivation to clear plugin data must now uninstall the plugin (with `remove_plugin_data` enabled) to trigger cleanup.
• Provider-based SMTP requires per-provider API keys and sender configuration stored in module settings.

## [3.2.5] 2026-03-21


### Security


• Fixed privilege escalation vulnerability in Menu Editor module that allowed lower-privileged users to gain elevated capabilities
• Restricted disk usage widget to administrators only
• Removed blanket capability grants on dashboard/profile requests

### Design Rationale


• Menu Editor no longer dynamically grants capabilities to users; instead it validates that the current user already holds the required capability before rendering menu items
• SettingsManager capability field now displays a description warning about high-privilege capabilities rather than injecting runtime grants

### Notes & Caveats


• Users who relied on Menu Editor to grant capabilities to lower roles will need to assign those capabilities via a role management plugin instead