# Changelog

All notable changes to this project will be documented in this file.

## [1.0.10] - 2026-02-25

### Fixed

- **Title double-encoding in Twig templates** (`inc/Template/ContextBuilder.php`): WordPress's `get_the_title()` pre-encodes `&` as `&`. When passed to Twig with autoescape enabled, the `&` in `&` was escaped again to `&`, rendering as literal `&` in the browser (e.g. "Bewerbungen & Nachrichten" instead of "Bewerbungen & Nachrichten"). Fixed by wrapping all 6 `get_the_title()` calls with `wp_specialchars_decode()` to decode WordPress entities before Twig. Twig autoescape then properly re-encodes `&` → `&`. This is XSS-safe because Twig still escapes all output.

## [1.0.9] - 2026-02-19

### Performance

- **Color variation CSS transient caching** (`functions.php`): `wp_bootstrap_variation_colors()` now caches the generated inline CSS in a 24-hour WordPress transient keyed by `wp_bootstrap_variation_css_` + an MD5 of the active stylesheet slug. Previously the palette iteration and CSS string building ran on every frontend page load. The transient is immediately invalidated on `switch_theme` and `save_post_wp_global_styles`, so changes made via the Design Editor are reflected instantly.
- **Twig template recompilation gated behind `WP_DEBUG`** (`inc/Twig/TwigService.php`): `auto_reload` in the Twig `Environment` constructor was hardcoded to `true`, causing Twig to stat every compiled template file on every request to check for source changes. Changed to `WP_DEBUG` so template recompilation only occurs during development. In production (`WP_DEBUG = false`) compiled Twig templates are served from cache without filesystem mtime checks.

## [1.0.8] - 2026-02-19

### Security

- **Archive XSS hardening**: `ContextBuilder::getArchiveData()` now wraps `get_the_archive_title()` and `get_the_archive_description()` with `wp_kses_post()`. Term descriptions are user-editable by Editors and above; without sanitization an injected `<script>` tag would execute via the `|raw` filter in `archive.html.twig`
- **Comment author XSS hardening**: `ContextBuilder::buildCommentTree()` now applies `esc_html()` to `comment_author` and `esc_url()` to `comment_author_url` at the data source, preventing injection via user-supplied comment fields
- **Dark mode localStorage whitelist**: `getPreferredTheme()` in `dark-mode.js` now validates the stored theme value against `['dark', 'light']` before use, preventing attribute injection from a tampered localStorage value written by a third-party script
- **Twig escaping functions marked safe**: `esc_html()`, `esc_attr()`, and `esc_url()` registered in `TwigService` are now declared with `['is_safe' => ['html']]`, preventing double-encoding if Twig autoescape is ever enabled

### Changed

- `views/partials/comment-item.html.twig`: Comment author URL now output via `{{ comment.author_url|raw }}` (escaped in PHP) instead of calling `esc_url()` from the template, keeping escaping logic in one place

## [1.0.7] - 2026-02-18

### Added

- `do_shortcode()` registered as a Twig function in `TwigService`, allowing shortcodes to be rendered directly from Twig templates via `{{ do_shortcode('[shortcode]') }}`

## [1.0.6] - 2026-02-14

### Fixed

- Sidebar widgets not rendered on pages using the "Page with Sidebar" template — `ContextBuilder::build()` only populated `sidebar` context for `is_home()`, so `page-sidebar.html.twig` received no widget data

## [1.0.5] - 2026-02-11

### Added

- 11 new translation files: de_CH_informal, de_DE, de_DE_informal, en_GB, es_ES, fr_CH, it_CH, it_IT, nl_NL, pl_PL, pt_PT (total: 13 locales + en_US base)
- Compiled .mo files for all 13 translations

### Changed

- Standardized all .po file names to use `wp-bootstrap-` prefix (WordPress convention: `{text-domain}-{locale}.po`)

## [1.0.4] - 2026-02-11

### Added

- `wp_bootstrap_should_render_template` filter in `TemplateController::render()` — allows plugins and child themes to prevent the theme from rendering a specific request, enabling clean separation of concerns when plugins handle their own page rendering

## [1.0.3] - 2026-02-11

### Fixed

- Double `<h1>` headings on pages where plugins provide their own titles — `page.html.twig` now wraps `<h1>` in `{% if post.title is not empty %}` guard so plugins can suppress it by passing empty `post.title`

## [1.0.2] - 2026-02-10

### Fixed

- Missing HTML `<title>` tag on all pages — theme never declared `add_theme_support('title-tag')`, so WordPress's `_wp_render_title_tag()` hook was inactive during `wp_head()` output in Twig templates

## [1.0.1] - 2026-02-09

### Added

- Bootstrap Icons web font integration — all 2,000+ icons available via `<i class="bi bi-*"></i>` CSS classes
- `copy:icons` build step to copy icon font files (`.woff`, `.woff2`) from `node_modules` to `assets/fonts/`
- Bootstrap Icons SCSS imported in both frontend and editor stylesheets for icon support in templates and block editor

## [1.0.0] - 2026-02-08

### Added

- Sidebar widget area (`primary-sidebar`) registered via `register_sidebar()` — manageable in Appearance > Widgets
- Widget area rendering in Twig sidebar with fallback to built-in content (recent posts, search, tags) when no widgets assigned
- Widget area description strings added to all translation files (en_US, de_CH, fr_FR)

### Changed

- Updated README.md with accurate feature counts (15 style variations, 41 patterns, 3 translations)
- Added documentation for style variation bridge, widget areas, RTL support, and accessibility features

## [0.3.3] - 2026-02-08

### Fixed

- Style variation colors not applied to Bootstrap frontend — bridge function checked wrong palette origin (`custom` instead of `theme`)
- Variation detection now compares `theme` origin against base theme.json defaults instead of looking for slugs in `custom` origin

## [0.3.2] - 2026-02-08

### Fixed

- Dark mode body colors overridden by WordPress global styles (`styles.color` in `theme.json` generated conflicting `body` CSS)
- Dark mode styling for plugin-generated form elements (`select`, `input`, `textarea`) that lack Bootstrap classes
- Footer columns template used hardcoded `bg-dark text-light` instead of semantic `bg-body-tertiary`
- Style variation bridge function ran with default palette when no variation was active, causing unnecessary CSS overrides

### Changed

- Removed `styles.color` from `theme.json` to prevent WordPress from generating body background/text CSS that conflicts with Bootstrap dark mode
- Added `!important` override in `_custom.scss` for `html[data-bs-theme="dark"] body` to ensure Bootstrap dark mode takes precedence
- Added broad dark mode rules for native form elements in `_custom.scss`

## [0.3.1] - 2026-02-08

### Added

- 4 new light style variations: Rose, Sand, Lavender, Mint
- 4 new dark style variations: Slate, Mocha, Nebula, Obsidian
- Total of 15 color palettes available in the Design Editor (7 light, 7 dark, plus default)

## [0.3.0] - 2026-02-08

### Added

- Skip-to-content link for keyboard navigation accessibility
- ARIA labels on all navigation landmarks (`<nav>`, `<aside>`)
- `aria-current="page"` on active dropdown menu items across all header variants
- Lazy loading (`loading="lazy"`) on all below-fold images (post thumbnails, cards, avatars)
- Screen reader announcement for dark mode toggle via `aria-live` status region
- Font preload hints for Inter and Lora variable fonts
- RTL language support: conditional RTL stylesheet, logical CSS properties for blockquote and list styles
- French (fr_FR) translation with all ~216 strings translated
- CSS classes for post thumbnails, card thumbnails, sidebar headings, and hero overlays (replacing inline styles)

### Fixed

- XSS vulnerability in search results template (`search_query` now escaped with `|e('html')`)
- Comment author URLs now explicitly escaped with `esc_url()` in Twig templates

### Changed

- Block style `blockquote-accent` uses `border-inline-start` instead of `border-left` for RTL compatibility
- Block style `list-unstyled` uses `padding-inline-start` instead of `padding-left` for RTL compatibility
- Inline styles in Twig templates replaced with CSS classes for maintainability
- Updated translation files (`.pot` and `de_CH.po`) with new accessibility strings
- Build pipeline includes RTL SCSS compilation step

## [0.2.0] - 2026-02-08

### Added

- Full Design Editor compatibility: Bootstrap JS in block editor, full Bootstrap SCSS in editor stylesheet
- 3 custom block categories: Bootstrap Layout, Bootstrap Components, Bootstrap Navigation
- 3 custom pattern categories: Layout, Components, Navigation
- 4 layout patterns: container, 2-column, 3-column, full-width section
- 2 component patterns: card group, accordion
- 3 full-page patterns: about, services, contact
- 4 custom page templates (FSE + Twig): landing (no header/footer), full-width, hero, sidebar
- 2 header variations (FSE + Twig): centered, transparent
- 2 footer variations (FSE + Twig): minimal, multi-column
- 2 navigation patterns: dark navbar, offcanvas mobile navigation
- Offcanvas navigation Twig partial with Bootstrap offcanvas component
- Editor SCSS overrides for alignment and spacing consistency
- Shadow presets (sm, md, lg), aspect ratio presets, and custom layout values in `theme.json`
- Header/footer variant support via `get_theme_mod()` in `ContextBuilder`
- Twig block inheritance in `base.html.twig` for header/footer variant overrides
- Custom page template routing via `get_page_template_slug()` in `TemplateController`
- Transparent header and offcanvas dark mode SCSS styles

### Changed

- Enhanced `editor-style.scss` to import full Bootstrap for WYSIWYG editor fidelity
- Enhanced `theme.json` with custom templates and template parts registration
- Enhanced `functions.php` with block editor assets, block categories, and pattern categories
- Enhanced `ContextBuilder` with header/footer variant methods
- Enhanced `TemplateController` with custom page template slug routing
- Updated translation files (`.pot` and `de_CH.po`) with all new translatable strings

## [0.1.1] - 2026-02-08

### Added

- Twig-based frontend rendering via `template_redirect` hook, bypassing FSE block markup on the frontend while preserving Site Editor functionality
- `TemplateController` class: resolves and renders Twig templates for all page types (home, single, page, archive, search, 404)
- `ContextBuilder` class: gathers WordPress data (posts, menus, pagination, comments, sidebar, archive info) into structured arrays for Twig
- `NavWalker` class: converts flat `wp_get_nav_menu_items()` into nested tree for Bootstrap dropdown menus
- 20 Twig templates with proper Bootstrap 5 HTML: base layout, 5 page templates, 9 partials (header, footer, pagination, sidebar, comments, search form, dark mode toggle, meta, post navigation), 3 components (post card, post grid card, post loop)
- Bootstrap 5 navbar with responsive collapse, brand, dropdown support, and dark mode toggle
- Bootstrap 5 card components for post listings
- Bootstrap 5 pagination component
- Bootstrap 5 comment section with threaded replies and Bootstrap-styled form fields
- Bootstrap 5 sidebar with recent posts, search, and tag cloud (badges)
- Previous/next post navigation and "More posts" grid on single posts
- WordPress functions in Twig: `wp_head`, `wp_footer`, `wp_body_open`, `language_attributes`, `body_class`, `home_url`, `get_bloginfo`, `get_search_query`, `wp_kses_post`, `number_format_i18n`, `_n`
- Twig globals: `site_name`, `site_description`, `site_url`, `theme_uri`, `charset`, `current_year`
- Twig filters: `wpautop`, `wp_kses_post`
- `primary` and `footer` navigation menu locations
- Comment form fields filter for Bootstrap classes (`form-control`, `form-label`, `form-check`, `btn`)
- Fallback menu from published pages when no menu is assigned
- Sidebar layout detection for "Blog with Sidebar" template
- README.md with project documentation

### Changed

- Enhanced `TwigService` with WordPress output-buffering functions, globals, and filters

## [0.1.0] - 2026-02-08

### Added

- Dark mode toggle with Bootstrap 5.3 `data-bs-theme` attribute, localStorage persistence, and `prefers-color-scheme` support
- 16 new block patterns: hero (cover, split, centered), features (3-col, icon list, 2-col offset), CTA (banner, newsletter), testimonials (2-col, centered), pricing (3-col), contact info, FAQ, about section, sidebar, dark mode toggle
- 17 custom block styles: cards (2), alerts (4), table variants (3), quote accent, image effects (2), button sizes (2), list styles (2), separator wide
- 4 style variations (color schemes): Ocean, Forest, Sunset, Midnight
- Sidebar template part with recent posts, search, and tag cloud
- "Blog with Sidebar" custom page template
- Inter (sans-serif) and Lora (serif) variable web fonts
- "Display" font size for hero headings
- 7 new pattern categories: hero, CTA, features, testimonials, pricing, contact, text
- Dark mode overrides for alert and card block styles in SCSS

### Changed

- Header pattern now includes dark mode toggle button
- Build pipeline adds theme JS copy step (`copy:theme-js`)

## [0.0.1] - 2026-02-08

### Added

- Initial theme scaffolding
- Bootstrap 5 CSS and JS integration (served locally via npm)
- SASS build pipeline with Dart Sass, PostCSS, Autoprefixer, cssnano
- Twig 3.0 template engine integration via Composer
- FSE templates: index, home, single, page, archive, search, 404
- Template parts: header, footer
- Block patterns: header, footer, query loop, comments, post navigation, more posts, 404, search, blog heading, written by
- `theme.json` with Bootstrap 5-aligned design tokens (colors, typography, spacing)
- WordPress i18n support with `en_US` (base) and `de_CH` translations
- Gitea CI/CD workflow for automated release packages
- Editor styles for block editor compatibility