{
    "name": "R2 Media Folders",
    "slug": "r2-media-folders",
    "version": "1.2.0",
    "requires": "6.0",
    "tested": "6.7",
    "requires_php": "8.0",
    "author": "<a href='https://rise2.studio'>RISE2 Studio</a>",
    "author_profile": "https://rise2.studio",
    "homepage": "https://rise2.studio",
    "last_updated": "2026-06-05",
    "download_url": "https://plugins.rise2.studio/r2-media-folders/r2-media-folders-1.2.0.zip",
    "sections": {
        "description": "<p>Organize the WordPress Media Library into nestable folders — a lightweight, dependency-free alternative to FileBird. Folders are stored as a native taxonomy, so they survive exports and uninstall cleanly. Your files are never moved or deleted.</p><h4>Features</h4><ul><li>Folder tree sidebar in both grid and list Media Library views, with All Files / Unsorted virtual folders and live counts</li><li>Create, rename, delete and nest folders (deleting a folder moves its files to Unsorted and lifts subfolders up one level)</li><li>Drag files (single or multi-select) into folders; bulk move</li><li>Drag folders to reorder and re-nest, with cycle protection and saved manual order</li><li>Filter the library by folder — live in the grid, by URL in the list view</li><li>Folder filter inside the Add Media / block editor media picker</li><li>Optional per-user private folders</li><li>One-click, idempotent FileBird importer (folders + file assignments)</li><li>Settings: per-user folders, default order, opt-in delete-on-uninstall</li></ul><p>Built with no build step and no external libraries — vanilla JS plus the jQuery UI WordPress already ships. Every action is nonce- and capability-checked.</p>",
        "changelog": "<h4>1.2.0</h4><ul><li><strong>Added self-hosted update support.</strong> The plugin now checks <code>plugins.rise2.studio</code> for updates and integrates with WordPress core: updates appear under <strong>Dashboard &rarr; Updates</strong> and a <strong>Check for updates</strong> link is added on the Plugins page. Downloads are restricted to the trusted host and manual checks are nonce- and capability-gated.</li><li><strong>Added a \"Settings\" shortcut link</strong> on the Plugins page row, jumping straight to Settings &rarr; R2 Media Folders.</li><li><strong>Renamed the admin menu item</strong> from \"Media Folders\" to \"R2 Media Folders\".</li></ul><h4>1.1.1</h4><ul><li><strong>Fixed: search box icon overlapped the placeholder text</strong> (WP admin's <code>input[type=search]</code> rule was resetting the left padding).</li><li><strong>SEO hardening:</strong> made the <code>media_folder</code> taxonomy explicitly non-public (<code>publicly_queryable=false</code>) and added belt-and-suspenders sitemap exclusions for WordPress core (<code>wp_sitemaps_taxonomies</code>) and Yoast (<code>wpseo_sitemap_exclude_taxonomy</code>). It was already excluded from sitemaps and SEO plugins; this guarantees it. No front-end term URLs exist, so nothing was ever listed.</li></ul><h4>1.1.0</h4><ul><li><strong>Inline create &amp; rename.</strong> Creating/renaming folders now happens in the tree (folder field + Cancel/Save, Enter/Esc), FileBird-style — no browser prompt.</li><li><strong>Folder search.</strong> A search box at the top of the tree live-filters folders by name (and reveals their parent paths); clearing restores the tree.</li><li><strong>First-activation FileBird prompt.</strong> On first activation, if FileBird is detected, a dismissible admin notice offers to import its folders, with an Import button and a persistent \"Not now\".</li></ul><h4>1.0.4</h4><ul><li><strong>Security (pre-production review).</strong> Turned off REST exposure for the <code>media_folder</code> taxonomy — it was registered <code>show_in_rest=true</code>, so <code>GET /wp/v2/media-folder</code> let anyone (incl. anonymous) enumerate every folder's name, hierarchy and count, bypassing per-user owner scoping; the UI uses admin-ajax so nothing breaks. Also: <code>reorder()</code> now enforces the manage-capability (a non-admin could renumber shared folders' order in per-user mode), and the <code>?r2mf_folder=</code> filter is now visibility-gated (an unknown/other-user folder id falls back to All). The review found no injection, XSS, CSRF, privilege-escalation or data-loss issues.</li></ul><h4>1.0.3</h4><ul><li><strong>Per-file upload progress (FileBird-style).</strong> Uploading multiple files now shows a small floating panel listing each file with its own progress bar and status (spinner → green check, or red on failure), a header count (\"Uploading X of N…\"), auto-dismiss on success and a close button if anything failed.</li></ul><h4>1.0.2</h4><ul><li><strong>Added: upload progress indicator</strong> (a status pill shown during uploads, since the native grid progress isn't visible while a folder filter is active).</li><li><strong>Fixed: uploaded files now appear in the folder immediately — no page refresh.</strong> In a folder-filtered grid the live collection is a server query, so a locally-added file doesn't show; the grid now re-queries on upload completion and the file (already carrying its folder term) appears right away. Sidebar counts refresh too.</li></ul><h4>1.0.1</h4><ul><li><strong>Fixed: folder clicks went dead after opening/closing an image in the grid.</strong> wp.media left the grid stuck on the closed attachment view (no collection), so filtering silently no-op'd. The sidebar no longer re-parents the media frame (floated layout instead), and grid filtering now recovers reliably, falling back to a reload onto the filtered grid when the live collection is unreachable.</li><li><strong>Fixed: uploading inside a folder now lands the file in that folder</strong> (and shows normal upload progress) instead of going to All Files — the selected folder is injected into the upload params and assigned server-side on add_attachment (capability-checked).</li></ul><h4>1.0.0</h4><ul><li><strong>Initial release.</strong> A dependency-free, FileBird-style folder system for the Media Library: folder tree in grid + list views with All Files / Unsorted and live counts; create / rename / delete / unlimited nesting; drag files (single or multi-select) into folders; bulk move; drag folders to reorder and re-nest with cycle protection and saved manual order; live grid filtering via wp.media and list filtering via ?r2mf_folder=; a folder dropdown inside the Add Media / block editor media picker; optional per-user private folders; settings for per-user folders, default order, and opt-in delete-on-uninstall. Folders are stored as a native hierarchical <code>media_folder</code> taxonomy (no custom tables), with accurate counts via <code>_update_generic_term_count</code>. Hardened: every AJAX endpoint checks a nonce and the <code>upload_files</code> capability, per-attachment moves also check <code>edit_post</code>, and per-user mode enforces folder ownership. Includes a one-click, idempotent <strong>FileBird importer</strong> (recreates folders + file assignments, parents-before-children, batched, collections skipped; reads FileBird's tables without modifying them). Clean uninstall preserves your folders by default and removes them only if you opt in; files are never deleted.</li></ul>"
    }
}