One Two Three Post

Changelog

1.6.0

• Added a Delete button on each row of the Scheduled-posts list view, alongside the existing Edit and Open ↗ buttons. Previously the only way to drop a scheduled post was to navigate to One Two Three Post → All Posts and use WordPress’s standard row Trash action — a noticeable extra click whenever the operator just wanted to clear a queue entry from the natural “where I look at upcoming posts” view. Pre-publish posts (status not yet publish) are hard-deleted; already-sent posts move to trash so the operator can recover the record of an actual Facebook publish if needed. Native confirm() dialog before the action fires. Capability-gated to edit_posts and CSRF-nonced per row.

1.5.0

• Added three extension hooks in OTTPOST_Scheduler::publish_post() so add-on plugins (such as the separately-distributed One Two Three Post Pro) can plug a pre-publish validator chain into the existing scheduler without forking. New hooks: ottpost_pre_publish_validate (filter — return a WP_Error to block the publish and record the reason as a failure), ottpost_publish_args (filter — mutate the Graph API payload before send), and ottpost_after_publish (action — fires post-attempt with the result array, useful for log-table writes). No behaviour change for sites that don’t have an add-on installed; the filters return their inputs unchanged when no listeners are attached.

1.4.0

• Renamed the internal code prefix from OTP_* / otp_* / otp-* to OTTPOST_* / ottpost_* / ottpost-* across all classes, constants, option keys, post meta, cron hooks, REST namespaces, and CSS / JS handles. The 3-character otp prefix was too short per wp.org’s plugin-naming guidelines and risked colliding with other plugins (One Time Passwords, OpenTelemetry, etc.). All seven class-otp-*.php files were renamed to class-ottpost-*.php to match. Breaking for existing installs: option keys, the otp_fb_post custom post type slug, the otp_scheduled post status, and the otp_fire_scheduled_posts cron hook have all been renamed. After upgrading, you will need to re-connect Facebook (re-OAuth) and re-create any pending scheduled posts. New installs are unaffected.
• Fixed a pre-existing parse error in admin/views/settings.php (line 11 had a stray <?php opener inside an already-open PHP block — Settings page would crash on load). Caught by linting the renamed codebase.
• Added file-level phpcs:disable WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound to the four view / uninstall files. Plugin Check reports those files’ top-level $variables as potentially global, but they’re always included from inside an admin class method (or, for uninstall.php, WP core’s uninstall include) — function-scoped at runtime. Documented inline so future readers know why the rule is suppressed.

1.3.3

• Removed the redundant Plugin URI from the plugin header. wp.org’s reviewer flagged Plugin URI and Author URI being identical (both pointed at the author site) — Plugin URI dropped, Author URI kept since it’s the more accurate one for this header set.

1.3.2

• Plugin Check follow-up: moved the slow_db_query_meta_query phpcs:ignore directly above the meta_query array key in OTTPOST_Scheduler::tick() so the suppression actually applies (the previous placement above the WP_Query call was too high to silence the warning on the inner array key).

1.3.1

• Plugin Check pass. Removed the discouraged load_plugin_textdomain() call (WP 4.6+ auto-loads translations for wp.org plugins). Switched the OAuth-start wp_redirect() to wp_safe_redirect() with www.facebook.com whitelisted via the allowed_redirect_hosts filter. Added wp_unslash() ahead of sanitize_text_field() for $_GET['cal_month'] and $_GET['day'] on the Scheduled view. Documented intentional $_POST['app_secret'] non-sanitization with a phpcs:ignore note (the value is encrypted before storage). Added phpcs:ignore comments for read-only $_GET flag checks and the meta_query / meta_key slow-query notices on small admin queries. Trimmed the readme short-description to fit the 150-char wp.org cap.

1.3.0

• Initial wp.org submission. Menu label changed from “FB Posts” to “One Two Three Post” so the plugin doesn’t render an abbreviated trademark in the admin sidebar. Adds a bundled uninstall.php that drops plugin options, OAuth credentials, and the cron event when the user deletes the plugin from Plugins → Delete.

1.2.4

• List view now sorts the next post going out to the top; older / past posts follow in reverse chronological order.

1.2.3

• Optional First Comment field on the composer — posted automatically on the published post immediately after it goes live. Comment failures do not roll back the main post.

1.2.2

• Coloured-background picker now ships 41 known-good Facebook text_format_preset_id values with visual swatches plus a custom-preset-ID override.

1.2.0

• Edit on any saved post now returns to the composer with every field hydrated (page, message, image, schedule, type, background, first comment).
• Scheduled-posts list grows a Preview column with a thumbnail per row (image / coloured tile / text excerpt).

1.1.0

• New “Scheduled” admin page with a month Calendar view and a chronological List view of every drafted / scheduled / pending / sent post.
• Coloured-background text post type added to the composer.

1.0.0

• Initial release. Facebook OAuth flow (App ID + App Secret → user token → page tokens), composer with message + image + Page picker, three modes (Post Now, Schedule, Save as Draft), WP-Cron background worker, encrypted at-rest storage of App Secret and Page tokens.