diff --git a/Changelog.md b/Changelog.md new file mode 100644 index 0000000..da0c9cf --- /dev/null +++ b/Changelog.md @@ -0,0 +1,87 @@ +# Changelog + +All notable changes to MokoSuiteOpenGraph are documented in this file. For the full changelog, see [CHANGELOG.md](https://git.mokoconsulting.tech/MokoConsulting/MokoSuiteOpenGraph/src/branch/dev/CHANGELOG.md). + +## [Unreleased] + +### Added +- OG coverage **dashboard** as the default admin view — SVG donut gauge, coverage by content type, and a list of articles missing OG tags with a batch-generate shortcut (#94) +- Single OG tag **create/edit screen** in the admin (the tag manager was previously read-only) (#98) +- **CSV import** button and upload form in the tag manager (#103) +- Component **Options** screen with a Permissions tab, plus `access.xml` ACL actions `mokoog.batch` and `mokoog.import` (#95) +- `og_video`, `event_data`, `recipe_data`, and `custom_schema` are now included in CSV import/export and the REST API (#101) +- Unit tests for `JsonLdBuilder::buildLocalBusiness()` and `toScriptTag()` (#33) + +### Changed +- **Require Joomla 6.0+ and PHP 8.2+** (enforced at install) +- Renamed the product from *MokoJoomOpenGraph* to **MokoSuiteOpenGraph** +- Forward-compatibility for Joomla 7: replaced deprecated `Factory::getDbo/getUser/getSession/getLanguage`, `Joomla\CMS\Filesystem\File/Folder`, and `jexit()` (#102) +- Aligned OG/SEO form `maxlength` values with the database column limits (#77) +- Moved coverage metrics out of the tag list into a dedicated model (no longer runs uncached `COUNT` queries on every list load) + +### Fixed +- Fatal frontend error (HTTP 500) when a non-object value was saved into the custom JSON-LD field — values are now validated as objects/arrays on save and guarded on render (#97) +- Stored XSS via the canonical URL field — now restricted to `http`/`https` (#79) +- Use the `mysqli` driver in the component manifest so install/upgrade SQL actually runs on Joomla 4/5/6 +- `loadArticle()` now caches negative lookups; zero dates are no longer emitted as `article:published_time`/`article:modified_time` (#106) + +### Security +- AI meta-generation endpoint now requires article-edit permission and enforces an HTTP timeout and status check — previously any authenticated back-end user could trigger paid API calls (#99) +- XML sitemap now excludes content above the public view level (no longer leaks registered/special-access articles) and writes atomically (#100) + +### Removed +- Unused `ImageGenerator` class and `JsonLdBuilder::buildOrganization()`; generated OG images are now pruned after 30 days to bound disk usage (#104) +- Empty `src/Field` and `src/Service` stub directories; packaged the `en-US` language folder (#107) + +--- + +## [01.05.00] --- 2026-06-28 + +### Security +- Fix JSON-LD XSS vulnerability via `` injection in content data (#34) +- Add ACL permission checks to Batch and ImportExport controllers (#37) +- Add CSV import file type, MIME type, size, and content_type validation (#35) +- Fix multilingual data corruption in content plugin load/save (#41) + +### Added +- Fediverse/Mastodon `fediverse:creator` meta tag (#57) +- Live character count indicators on OG title, OG description, SEO title, meta description fields with color-coded warnings (#58) +- LinkedIn social preview card in article/menu editor alongside Facebook and Twitter/X previews (#61) +- `og:video` meta tag support with per-article video URL field, auto-detect MIME type for YouTube/Vimeo/direct files (#59) +- Pinterest rich pin tags: `article:tag` from Joomla content tags, `product:availability` from MokoSuiteShop stock (#60) +- FAQ JSON-LD schema with auto-detection from article h3/h4 headings (#62) +- HowTo JSON-LD schema with auto-detection from ordered lists (#63) +- Event JSON-LD schema with per-article event fields (dates, venue, tickets) (#64) +- LocalBusiness JSON-LD schema with global plugin configuration (#65) +- Recipe JSON-LD schema with per-article fields (times, ingredients, nutrition) (#66) +- VideoObject JSON-LD schema for articles with video URLs (#67) +- SEO content scoring panel with 7 checks and pass/fail indicators (#68) +- Discord, Mastodon, and Slack social preview cards in editor (#69) +- Custom JSON-LD schema builder — per-article textarea for any schema.org type (#70) +- AI-powered meta tag generation with Claude and OpenAI API support (#71) +- XML sitemap generation on article save, respects noindex directives (#72) +- Per-platform image resizing: Twitter 1200x600, Pinterest 1000x1500, WhatsApp 400x400 (#74) +- PHPUnit test suite with 16 unit tests for JsonLdBuilder (#75) +- OpenAPI 3.0 specification for REST API (#80) +- Joomla Web Services API for OG tags — full CRUD at `/api/v1/mokoog/tags` (#27) +- Live social preview in article/menu editors (Facebook and Twitter/X card mockups) (#3) +- CSV import/export for bulk OG tag management (#12) +- Multilingual OG tag support with per-language records (#11) +- JSON-LD structured data: Article, Product, WebPage, BreadcrumbList schemas (#6) +- Batch OG tag generation for existing articles (#1) +- Auto-resize OG images to 1200x630px with center crop (#2) +- SEO meta tag management: title, description, robots, canonical URL (#8) + +### Fixed +- Fix SQL driver attribute `mysql` → `mysqli` in component manifest preventing fresh installs +- Add exception logging to BatchController batch skip (#76) +- Align form maxlength attributes with DB schema limits (#77) + +### Changed +- Consolidated article DB queries into single cached lookup — 5 queries reduced to 1 (#38) +- Dynamic `og:image:width`/`og:image:height` from actual image dimensions instead of hardcoded (#39) +- TagTable::check() validates og_type, field lengths, canonical_url, robots directives (#43) +- Batch process limit capped at 200 per request (#42) + +### Removed +- Removed dead ContentType adapters — not targeting these platforms (#36)