aswinikumar

Subject: Re: Cutmap Editorial Workflow Feedback Response

Hello,

Thank you so much for taking the time to review the plugin so thoroughly. Your feedback was very accurate and genuinely helpful I have gone through each point carefully and addressed all of them in version 1.4.6.

Here is what was fixed:

1. Hardcoded password — Completely removed. Sample users are now created with wp_generate_password(16, true), generating a unique random password per user. The password is shown once in the admin panel at creation time and never stored in code.
2. REST API bypass — Added a rest_pre_insert_{post_type} filter that blocks any publish attempt via the REST API if the post is under active workflow and has not been approved. It returns a proper 403 error response.
3. Approved snapshot overwritten on rejection — This was a real bug, thank you for catching it. The set_approved_snapshot() call has been removed from the reject() function entirely. The approved snapshot now only updates when an approver explicitly approves — so visitors always see the last correctly approved version.
4. DB schema check on every page load — Fixed. The schema check is now version-guarded using a wp_options flag and only runs on plugin activation or version upgrade, not on every request.
5. Uninstall leaving data behind — The uninstall handler now drops all custom database tables, removes all plugin post meta, and deletes all plugin options. No manual cleanup needed after deletion.
6. Audit log overwriting rows — Fixed. The log_event() function now always inserts a new row (append-only). The full history of intermediate changes is preserved.

Your analysis was spot-on across all six points. I really appreciate the depth of review — it made the plugin significantly more solid. Please do let me know if you notice anything else.

Best regards
M.Aswini kumar