Changeset 3444257

Timestamp:

01/21/2026 04:29:39 PM (4 weeks ago)

Author:

anand_kumar

Message:

fix: Permission system to use 'unfiltered_html' capability.
feat: Add wp_body_open hook support, user role permissions for script insertion, and a post-specific script meta box, while updating plugin options and documentation.
feat: Introduce global and per-post script management, add wp_body_open hook support, and refactor codebase to jamify_hfs_ naming standards.
refactor: Restructure plugin with dedicated files for options, meta, and sidebar UI, enhance code documentation, and implement conditional uninstall data removal.
improvement: Enhanced WPCS compliance with comprehensive DocBlocks and formatting fixes.

Location:

header-and-footer-scripts

Files:

• tags/2.4.1 (added)
• tags/2.4.1/inc (added)
• tags/2.4.1/inc/meta.php (added)
• tags/2.4.1/inc/options.php (added)
• tags/2.4.1/inc/sidebar.php (added)
• tags/2.4.1/lang (added)
• tags/2.4.1/readme.txt (added)
• tags/2.4.1/shfs.php (added)
• tags/2.4.1/uninstall.php (added)
• trunk/inc/meta.php (modified) (1 diff)
• trunk/inc/options.php (modified) (3 diffs)
• trunk/inc/sidebar.php (modified) (4 diffs)
• trunk/lang (added)
• trunk/readme.txt (modified) (2 diffs)
• trunk/shfs.php (modified) (4 diffs)
• trunk/uninstall.php (added)

header-and-footer-scripts/trunk/inc/meta.php

@@ -5 +5 @@
  * @package    Header and Footer Scripts
  * @author     Anand Kumar <[email protected]>
- * @copyright  Copyright (c) 2013 - 2025, Anand Kumar
+ * @copyright  Copyright (c) 2013 - 2026, Anand Kumar
  * @link       https://github.com/anandkumar/header-and-footer-scripts
  * @license    http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
- */?>
- <div class="shfs_meta_control">
+ *
+ */
+
+if ( ! defined( 'ABSPATH' ) ) {
+    exit;
+}?>
+ <div class="jamify_hfs_meta_control">
 
     <p><?php esc_html_e('The script in the following textbox will be inserted to the &lt;head&gt; section', 'header-and-footer-scripts'); ?>.</p>
     <p>
-        <textarea name="_inpost_head_script[synth_header_script]" rows="5" style="width:98%;font-family:monospace;"><?php if(!empty($meta['synth_header_script'])) echo esc_textarea( $meta['synth_header_script'] ); ?></textarea>
+        <textarea id="jamify_hfs_inpost_head_script" name="_inpost_head_script[synth_header_script]" rows="5" style="width:98%;font-family:monospace;"><?php if(!empty($meta['synth_header_script'])) echo esc_textarea( $meta['synth_header_script'] ); ?></textarea>
     </p>
 </div>

header-and-footer-scripts/trunk/inc/options.php

@@ -5 +5 @@
  * @package    Header and Footer Scripts
  * @author     Anand Kumar <[email protected]>
- * @copyright  Copyright (c) 2013 - 2025, Anand Kumar
+ * @copyright  Copyright (c) 2013 - 2026, Anand Kumar
  * @link       https://github.com/anandkumar/header-and-footer-scripts
  * @license    http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
- */?>
+ */
+
+if ( ! defined( 'ABSPATH' ) ) {
+    exit;
+}?>
 <div class="wrap">
-  <h2><?php esc_html_e( 'Header and Footer Scripts - Options', 'header-and-footer-scripts'); ?> <a class="add-new-h2" target="_blank" href="<?php echo esc_url( "https://digitalliberation.org/docs/header-and-footer-scripts/?utm_source=wpdash_hfs" ); ?>"><?php esc_html_e( 'Read Tutorial', 'header-and-footer-scripts'); ?></a></h2>
+  <h2><?php esc_html_e( 'Header and Footer Scripts - Options', 'header-and-footer-scripts'); ?> <a class="add-new-h2" target="_blank" href="<?php echo esc_url( "https://github.com/anandkumar/header-and-footer-scripts/wiki" ); ?>"><?php esc_html_e( 'Read Tutorial', 'header-and-footer-scripts'); ?></a></h2>
 
   <hr />
@@ -22 +26 @@
             <?php settings_fields( 'header-and-footer-scripts' ); ?>
 
-            <h3 class="shfs-labels" for="shfs_script_access_level"><?php esc_html_e( 'Who can add scripts to posts?', 'header-and-footer-scripts'); ?></h3>
-             <p>
-                 <select name="shfs_script_access_level" id="shfs_script_access_level">
-                     <option value="manage_options" <?php selected( get_option( 'shfs_script_access_level', 'manage_options' ), 'manage_options' ); ?>><?php esc_html_e('Administrator Only', 'header-and-footer-scripts'); ?></option>
-                     <option value="edit_others_posts" <?php selected( get_option( 'shfs_script_access_level', 'manage_options' ), 'edit_others_posts' ); ?>><?php esc_html_e('Administrator & Editor', 'header-and-footer-scripts'); ?></option>
-                     <option value="publish_posts" <?php selected( get_option( 'shfs_script_access_level', 'manage_options' ), 'publish_posts' ); ?>><?php esc_html_e('Administrator, Editor & Author', 'header-and-footer-scripts'); ?></option>
-                 </select>
-             </p>
-             <p class="description"><?php esc_html_e( 'Select the minimum capability required to add scripts to posts using the meta box.', 'header-and-footer-scripts'); ?></p>
-             <hr />
+            <h3 class="shfs-labels"><?php esc_html_e( 'Who can insert scripts?', 'header-and-footer-scripts'); ?></h3>
+            <p><?php esc_html_e( 'By default, only Administrators can add scripts. You can grant this ability to other roles below.', 'header-and-footer-scripts'); ?></p>
+            
+            <fieldset>
+                <label for="jamify_hfs_allow_author">
+                    <input type="checkbox" name="jamify_hfs_allow_author" id="jamify_hfs_allow_author" value="yes" <?php checked( 'yes', get_option( 'jamify_hfs_allow_author' ) ); ?>>
+                    <?php esc_html_e( 'Allow Authors to add scripts (Grants unfiltered_html capability)', 'header-and-footer-scripts'); ?>
+                </label>
+                <br>
+                <label for="jamify_hfs_allow_contributor">
+                    <input type="checkbox" name="jamify_hfs_allow_contributor" id="jamify_hfs_allow_contributor" value="yes" <?php checked( 'yes', get_option( 'jamify_hfs_allow_contributor' ) ); ?>>
+                    <?php esc_html_e( 'Allow Contributors to add scripts (Grants unfiltered_html capability)', 'header-and-footer-scripts'); ?>
+                </label>
+            </fieldset>
 
-            <h3 class="shfs-labels" for="shfs_insert_header"><?php esc_html_e( 'Scripts in header:', 'header-and-footer-scripts'); ?></h3>
+            <p class="description" style="color: #ea580c; font-weight: bold;">
+                <?php esc_html_e( 'Caution: Enabling these options grants the "unfiltered_html" capability, allowing users to execute arbitrary JavaScript on your site. Only enable for trusted users.', 'header-and-footer-scripts'); ?>
+            </p>
+            <hr />
+
+            <h3 class="shfs-labels" for="jamify_hfs_insert_header"><?php esc_html_e( 'Scripts in header:', 'header-and-footer-scripts'); ?></h3>
             <p><?php esc_html_e( 'The following script, if any, will be inserted into the &lt;head&gt; section using wp_head hook.', 'header-and-footer-scripts'); ?></p>
-            <textarea style="width:98%;font-family:monospace;" rows="10" cols="57" id="insert_header" name="shfs_insert_header"><?php echo esc_html( get_option( 'shfs_insert_header' ) ); ?></textarea>
+            <textarea style="width:98%;font-family:monospace;" rows="10" cols="57" id="jamify_hfs_insert_header" name="jamify_hfs_insert_header"><?php echo esc_html( get_option( 'jamify_hfs_insert_header' ) ); ?></textarea>
 
-            <p><label for="shfs_insert_header_priority"><?php esc_html_e('Priority', 'header-and-footer-scripts'); ?></label>
-            <input type="number" value="<?php echo \esc_html( \get_option( 'shfs_insert_header_priority', 10 ) ); ?>" name="shfs_insert_header_priority" id="shfs_insert_header_priority" style="width:6em;" /> <?php \esc_html_e('Default', 'header-and-footer-scripts'); ?>: 10</p><hr />
+            <p><label for="jamify_hfs_insert_header_priority"><?php esc_html_e('Priority', 'header-and-footer-scripts'); ?></label>
+            <input type="number" value="<?php echo \esc_html( \get_option( 'jamify_hfs_insert_header_priority', 10 ) ); ?>" name="jamify_hfs_insert_header_priority" id="jamify_hfs_insert_header_priority" style="width:6em;" /> <?php \esc_html_e('Default', 'header-and-footer-scripts'); ?>: 10</p><hr />
 
-            <h3 class="shfs-labels footerlabel" for="shfs_insert_footer"><?php esc_html_e( 'Scripts in footer:', 'header-and-footer-scripts'); ?></h3>
+            <h3 class="shfs-labels" for="jamify_hfs_insert_body"><?php esc_html_e( 'Scripts in body:', 'header-and-footer-scripts'); ?></h3>
+            <p><?php esc_html_e( 'The following script, if any, will be inserted immediately after the &lt;body&gt; tag using wp_body_open hook.', 'header-and-footer-scripts'); ?></p>
+            <textarea style="width:98%;font-family:monospace;" rows="10" cols="57" id="jamify_hfs_insert_body" name="jamify_hfs_insert_body"><?php echo esc_html( get_option( 'jamify_hfs_insert_body' ) ); ?></textarea>
+
+            <p><label for="jamify_hfs_insert_body_priority"><?php esc_html_e('Priority', 'header-and-footer-scripts'); ?></label>
+            <input type="number" value="<?php echo \esc_html( \get_option( 'jamify_hfs_insert_body_priority', 10 ) ); ?>" name="jamify_hfs_insert_body_priority" id="jamify_hfs_insert_body_priority" style="width:6em;" /> <?php \esc_html_e('Default', 'header-and-footer-scripts'); ?>: 10</p><hr />
+
+            <h3 class="shfs-labels footerlabel" for="jamify_hfs_insert_footer"><?php esc_html_e( 'Scripts in footer:', 'header-and-footer-scripts'); ?></h3>
             <p><?php esc_html_e( 'The following script, if any, will be inserted before &lt;/body&gt; tag using wp_footer hook.', 'header-and-footer-scripts'); ?></p>
-            <textarea style="width:98%;font-family:monospace;" rows="10" cols="57" id="shfs_insert_footer" name="shfs_insert_footer"><?php echo esc_html( get_option( 'shfs_insert_footer' ) ); ?></textarea>
+            <textarea style="width:98%;font-family:monospace;" rows="10" cols="57" id="jamify_hfs_insert_footer" name="jamify_hfs_insert_footer"><?php echo esc_html( get_option( 'jamify_hfs_insert_footer' ) ); ?></textarea>
 
-            <p><label for="shfs_insert_footer_priority"><?php _e('Priority'); ?></label>
-            <input type="number" value="<?php echo \esc_html( \get_option( 'shfs_insert_footer_priority', 10 ) ); ?>" name="shfs_insert_footer_priority" id="shfs_insert_footer_priority" style="width:6em;" /> <?php \esc_html_e('Default', 'header-and-footer-scripts'); ?>: 10</p>
+            <p><label for="jamify_hfs_insert_footer_priority"><?php esc_html_e('Priority', 'header-and-footer-scripts'); ?></label>
+            <input type="number" value="<?php echo \esc_html( \get_option( 'jamify_hfs_insert_footer_priority', 10 ) ); ?>" name="jamify_hfs_insert_footer_priority" id="jamify_hfs_insert_footer_priority" style="width:6em;" /> <?php \esc_html_e('Default', 'header-and-footer-scripts'); ?>: 10</p><hr />
+
+            <h3 class="shfs-labels"><?php esc_html_e( 'Uninstall Settings', 'header-and-footer-scripts'); ?></h3>
+            <fieldset>
+                <label for="jamify_hfs_clean_on_uninstall">
+                    <input type="checkbox" name="jamify_hfs_clean_on_uninstall" id="jamify_hfs_clean_on_uninstall" value="yes" <?php checked( 'yes', get_option( 'jamify_hfs_clean_on_uninstall' ) ); ?>>
+                    <?php esc_html_e( 'Delete all data on uninstall', 'header-and-footer-scripts'); ?>
+                </label>
+            </fieldset>
+            <p class="description" style="color: #ea580c; font-weight: bold;">
+                <?php esc_html_e( 'Warning: If checked, all scripts and settings will be permanently deleted when you delete this plugin. This cannot be undone.', 'header-and-footer-scripts'); ?>
+            </p>
 
           <p class="submit">
@@ -56 +87 @@
     </div>
 
-    <?php require_once(SHFS_PLUGIN_DIR . '/inc/sidebar.php'); ?>
+    <?php require_once(JAMIFY_HFS_PLUGIN_DIR . '/inc/sidebar.php'); ?>
     </div>
   </div>

header-and-footer-scripts/trunk/inc/sidebar.php

@@ -5 +5 @@
  * @package    Header and Footer Scripts
  * @author     Anand Kumar <[email protected]>
- * @copyright  Copyright (c) 2013 - 2025, Anand Kumar
+ * @copyright  Copyright (c) 2013 - 2026, Anand Kumar
  * @link       https://github.com/anandkumar/header-and-footer-scripts
  * @license    http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
- */?>
+ */
+
+if ( ! defined( 'ABSPATH' ) ) {
+    exit;
+}?>
 <div id="postbox-container-1" class="postbox-container">
 
@@ -20 +24 @@
 
   <div class="postbox">
-    <h3 class="hndle"><?php esc_html_e( 'Contribute or Donate!', 'header-and-footer-scripts'); ?></h3>
+    <h3 class="hndle"><?php esc_html_e( 'Contribute!', 'header-and-footer-scripts'); ?></h3>
     <div class="inside">
-      <p><?php esc_html_e( 'Help us to make this plugin even better. Contributions not necessarily be monetary. Please follow the link to know more and contribute.', 'header-and-footer-scripts'); ?></p>
+      <p><?php esc_html_e( 'Help us to make this plugin even better. Please follow the link to know more and contribute.', 'header-and-footer-scripts'); ?></p>
       <p><a href="<?php echo esc_url( "https://github.com/anandkumar/header-and-footer-scripts" ); ?>" class="button"><?php esc_html_e( 'Contribute', 'header-and-footer-scripts'); ?></a></p>
     </div>
@@ -31 +35 @@
     <div class="inside">
       <p><?php esc_html_e( 'Find this plugin useful rate it 5 stars and leave a nice little comment at wordpress.org. I would really appreciate that.', 'header-and-footer-scripts'); ?></p>
-      <p><a href="<?php echo esc_url( "https://wordpress.org/support/plugin/header-and-footer-scripts/reviews/?filter=5#new-post" ); ?>" class="button"><?php esc_html_e( 'Rate 5 Stars', 'header-and-footer-scripts'); ?></a></p>
+      <p><a href="<?php echo esc_url( "https://wordpress.org/support/plugin/header-and-footer-scripts/reviews/" ); ?>" class="button"><?php esc_html_e( 'Rate 5 Stars', 'header-and-footer-scripts'); ?></a></p>
     </div>
   </div>
@@ -38 +42 @@
     <h3 class="hndle"><?php esc_html_e( 'Join Our Community', 'header-and-footer-scripts'); ?></h3>
     <div class="inside">
-      <p><?php esc_html_e( 'We are small WordPress community who welcomes you to join us. Here you will find and share more plugins and themes or even ideas. Ideas are not limited to WordPress. It could be vague or liberal. This is why we are "Digital Liberation .ORG', 'header-and-footer-scripts'); ?></p>
-      <p><a href="<?php echo esc_url( "https://github.com/anandkumar/header-and-footer-scripts" ); ?>" class="button"><?php esc_html_e( 'Join Digital Liberation', 'header-and-footer-scripts'); ?></a></p>
+      <p><?php esc_html_e( 'Join the discussions and share your ideas.', 'header-and-footer-scripts'); ?></p>
+      <p><a href="<?php echo esc_url( "https://github.com/anandkumar/header-and-footer-scripts/discussions" ); ?>" class="button"><?php esc_html_e( 'Join Discussions', 'header-and-footer-scripts'); ?></a></p>
     </div>
   </div>

header-and-footer-scripts/trunk/readme.txt

@@ -1 +1 @@
 === Header and Footer Scripts ===
 
-Contributors: anand_kumar
+Contributors: anand_kumar, jamify
 Donate link: https://github.com/anandkumar/header-and-footer-scripts
 Tags: head, header, footer, scripts, post
 Requires at least: 4.6
 Tested up to: 6.9
-Stable tag: 2.3.0
+Stable tag: 2.4.1
 Requires PHP: 8.3
 License: GPLv2 or later
@@ -76 +76 @@
 == Changelog ==
 
+= 2.4.1 =
+* New Feature: Added "Clean on Uninstall" option to allow users to remove all data upon deletion.
+* Fix: Resolved issue where sidebar was not loading on settings page due to deprecated constant.
+* Improvement: Enhanced WPCS compliance with comprehensive DocBlocks and formatting fixes.
+* Improvement: Added strict sanitization to settings authentication to resolve Plugin Check warnings.
+
+= 2.4.0 =
+* Internal: Refactored codebase to "Jamify HFS" naming standards (`jamify_hfs_` prefix) while maintaining full backward compatibility.
+* New Feature: Added support for wp_body_open hook to insert scripts immediately after body tag.
+* New Feature: Added Syntax Highlighting for script editors in settings page.
+* Improvement: Modernized permission system to use 'unfiltered_html' capability.
+* Improvement: Added settings to allow Authors and Contributors to add scripts.
+* Improvement: Added admin notice for backward compatibility migration.
+
+= 2.3.1 =
+* Security: Hardened nonce implementation with static action names.
+* Security: Added strict sanitization for access level settings.
+* Security: Improved input validation with isset() checks and wp_unslash().
+* Security: Replaced __FILE__ menu slug to prevent path exposure.
+* Security: Added security warning for privilege delegation.
+* New: Added uninstall.php for clean database removal.
+* Fix: Added proper ABSPATH checks to all files.
+* Improvement: Added phpcs:ignore comments for intentional raw output.
+
 = 2.3.0 =
 * Fix: Stored Cross-Site Scripting (XSS) vulnerability.

header-and-footer-scripts/trunk/shfs.php

@@ -4 +4 @@
  * Plugin URI: https://github.com/anandkumar/header-and-footer-scripts
  * Description: Essential WordPress plugin for almost every website to insert codes like Javascript and CSS. Inserting script to your wp_head and wp_footer made easy.
- * Version: 2.2.2
+ * Version: 2.4.1
  * Author: Anand Kumar
  * Author URI: http://www.anandkumar.net
@@ -14 +14 @@
 /*
 Header and Footer Scripts
-Copyright (C) 2013 - 2025, Anand Kumar <[email protected]>
+Copyright (C) 2013 - 2026, Anand Kumar <[email protected]>
 
 This program is free software; you can redistribute it and/or modify
@@ -30 +30 @@
 */
 
-define('SHFS_PLUGIN_DIR',str_replace('\\','/',dirname(__FILE__)));
+if ( ! defined( 'ABSPATH' ) ) {
+    exit;
+}
+
+define( 'JAMIFY_HFS_PLUGIN_DIR', str_replace( '\\', '/', dirname( __FILE__ ) ) );
 
 if ( !class_exists( 'HeaderAndFooterScripts' ) ) {
@@ -36 +40 @@
     class HeaderAndFooterScripts {
 
-        function __construct() {
-
-            add_action( 'init', array( &$this, 'init' ) );
-            add_action( 'admin_init', array( &$this, 'admin_init' ) );
-            add_action( 'admin_menu', array( &$this, 'admin_menu' ) );
-            add_action( 'wp_head', array( &$this, 'wp_head' ), \get_option('shfs_insert_header_priority', 10) );
-            add_action( 'wp_footer', array( &$this, 'wp_footer' ), \get_option('shfs_insert_footer_priority', 10) );
-
-        }
-
-        function init() {
-
-            load_plugin_textdomain( 'header-and-footer-scripts', false, dirname( plugin_basename ( __FILE__ ) ).'/lang' );
-        }
-
-        function admin_init() {
+        /**
+         * Constructor.
+         */
+        public function __construct() {
+
+            add_action( 'init', array( $this, 'init' ) );
+            add_action( 'admin_init', array( $this, 'admin_init' ) );
+            add_action( 'admin_menu', array( $this, 'admin_menu' ) );
+            add_action( 'admin_notices', array( $this, 'admin_notices' ) );
+            add_action( 'update_option_jamify_hfs_allow_author', array( $this, 'update_role_author' ), 10, 2 );
+            add_action( 'update_option_jamify_hfs_allow_contributor', array( $this, 'update_role_contributor' ), 10, 2 );
+            add_action( 'admin_enqueue_scripts', array( $this, 'admin_enqueue_scripts' ) );
+            add_action( 'wp_head', array( $this, 'wp_head' ), \get_option( 'jamify_hfs_insert_header_priority', 10 ) );
+            add_action( 'wp_body_open', array( $this, 'wp_body_open' ), \get_option( 'jamify_hfs_insert_body_priority', 10 ) );
+            add_action( 'wp_footer', array( $this, 'wp_footer' ), \get_option( 'jamify_hfs_insert_footer_priority', 10 ) );
+
+        }
+
+        /**
+         * Load textdomain for internationalization.
+         */
+        public function init() {
+
+            load_plugin_textdomain( 'header-and-footer-scripts', false, dirname( plugin_basename( __FILE__ ) ) . '/lang' );
+        }
+
+        /**
+         * Initialize admin settings, migration logic, and meta boxes.
+         */
+        public function admin_init() {
+
+            // Migration Logic
+            $options_to_migrate = array(
+                'shfs_insert_header'          => 'jamify_hfs_insert_header',
+                'shfs_insert_body'            => 'jamify_hfs_insert_body',
+                'shfs_insert_footer'          => 'jamify_hfs_insert_footer',
+                'shfs_insert_header_priority' => 'jamify_hfs_insert_header_priority',
+                'shfs_insert_body_priority'   => 'jamify_hfs_insert_body_priority',
+                'shfs_insert_footer_priority' => 'jamify_hfs_insert_footer_priority',
+                'shfs_allow_author'           => 'jamify_hfs_allow_author',
+                'shfs_allow_contributor'      => 'jamify_hfs_allow_contributor',
+            );
+
+            foreach ( $options_to_migrate as $old => $new ) {
+                if ( false === get_option( $new ) && false !== get_option( $old ) ) {
+                    update_option( $new, get_option( $old ) );
+                }
+            }
 
             // register settings for sitewide script
-            register_setting( 'header-and-footer-scripts', 'shfs_insert_header', 'trim' );
-            register_setting( 'header-and-footer-scripts', 'shfs_insert_footer', 'trim' );
-            register_setting( 'header-and-footer-scripts', 'shfs_insert_header_priority', 'intval' );
-            register_setting( 'header-and-footer-scripts', 'shfs_insert_footer_priority', 'intval' );
-            register_setting( 'header-and-footer-scripts', 'shfs_script_access_level' );
+            register_setting( 'header-and-footer-scripts', 'jamify_hfs_insert_header', 'trim' );
+            register_setting( 'header-and-footer-scripts', 'jamify_hfs_insert_body', 'trim' );
+            register_setting( 'header-and-footer-scripts', 'jamify_hfs_insert_footer', 'trim' );
+            register_setting( 'header-and-footer-scripts', 'jamify_hfs_insert_header_priority', 'intval' );
+            register_setting( 'header-and-footer-scripts', 'jamify_hfs_insert_body_priority', 'intval' );
+            register_setting( 'header-and-footer-scripts', 'jamify_hfs_insert_footer_priority', 'intval' );
+            register_setting( 'header-and-footer-scripts', 'jamify_hfs_allow_author', 'sanitize_text_field' );
+            register_setting( 'header-and-footer-scripts', 'jamify_hfs_allow_contributor', 'sanitize_text_field' );
+            register_setting( 'header-and-footer-scripts', 'jamify_hfs_clean_on_uninstall', 'sanitize_text_field' );
 
 
             // add meta box to all post types
             foreach ( get_post_types( '', 'names' ) as $type ) {
-                $access_level = get_option( 'shfs_script_access_level', 'manage_options' );
-                if ( current_user_can( $access_level ) ) {
-                    add_meta_box('shfs_all_post_meta', esc_html__('Insert Script to &lt;head&gt;', 'header-and-footer-scripts'), 'shfs_meta_setup', $type, 'normal', 'high');
-                }
-            }
-
-            add_action('save_post','shfs_post_meta_save');
-        }
-
-        // adds menu item to wordpress admin dashboard
-        function admin_menu() {
-            $page = add_submenu_page( 'options-general.php', esc_html__('Header and Footer Scripts', 'header-and-footer-scripts'), esc_html__('Header and Footer Scripts', 'header-and-footer-scripts'), 'manage_options', __FILE__, array( &$this, 'shfs_options_panel' ) );
-            }
-
-        function wp_head() {
-            $meta = get_option( 'shfs_insert_header', '' );
-            if ( $meta != '' ) {
-                echo $meta, "\n";
-            }
-
-            $shfs_post_meta = get_post_meta( get_the_ID(), '_inpost_head_script' , TRUE );
-            if ( is_singular() && $shfs_post_meta != '' ) {
-                echo $shfs_post_meta['synth_header_script'], "\n";
-            }
-
-        }
-
-        function wp_footer() {
-            if ( !is_admin() && !is_feed() && !is_robots() && !is_trackback() ) {
-                $text = get_option( 'shfs_insert_footer', '' );
+                if ( current_user_can( 'unfiltered_html' ) ) {
+                    add_meta_box( 'jamify_hfs_all_post_meta', esc_html__( 'Insert Script to &lt;head&gt;', 'header-and-footer-scripts' ), array( $this, 'meta_setup' ), $type, 'normal', 'high' );
+                }
+            }
+
+            add_action( 'save_post', array( $this, 'post_meta_save' ) );
+        }
+
+        /**
+         * Register the options page.
+         */
+        public function admin_menu() {
+            $page = add_submenu_page( 'options-general.php', esc_html__( 'Header and Footer Scripts', 'header-and-footer-scripts' ), esc_html__( 'Header and Footer Scripts', 'header-and-footer-scripts' ), 'manage_options', 'header-and-footer-scripts', array( $this, 'jamify_hfs_options_panel' ) );
+        }
+
+        /**
+         * Enqueue admin scripts (CodeMirror).
+         *
+         * @param string $hook Current admin page hook.
+         */
+        public function admin_enqueue_scripts( $hook ) {
+            if ( 'settings_page_header-and-footer-scripts' !== $hook && 'post.php' !== $hook && 'post-new.php' !== $hook ) {
+                return;
+            }
+
+            // Enqueue code editor for syntax highlighting
+            $settings = wp_enqueue_code_editor( array( 'type' => 'text/html' ) );
+
+            // If the code editor is enabled, we need to initialize it.
+            if ( false !== $settings ) {
+                wp_add_inline_script(
+                    'code-editor',
+                    sprintf(
+                        'jQuery( function() { 
+                            if ( jQuery("#jamify_hfs_insert_header").length ) { wp.codeEditor.initialize( "jamify_hfs_insert_header", %1$s ); }
+                            if ( jQuery("#jamify_hfs_insert_body").length ) { wp.codeEditor.initialize( "jamify_hfs_insert_body", %1$s ); }
+                            if ( jQuery("#jamify_hfs_insert_footer").length ) { wp.codeEditor.initialize( "jamify_hfs_insert_footer", %1$s ); }
+                            if ( jQuery("#jamify_hfs_inpost_head_script").length ) { wp.codeEditor.initialize( "jamify_hfs_inpost_head_script", %1$s ); }
+                        } );',
+                        wp_json_encode( $settings )
+                    )
+                );
+            }
+        }
+
+        /**
+         * Output scripts in wp_head.
+         */
+        public function wp_head() {
+            $meta = get_option( 'jamify_hfs_insert_header', '' );
+            if ( '' !== $meta ) {
+                echo $meta, "\n"; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+            }
+
+            $shfs_post_meta = get_post_meta( get_the_ID(), '_inpost_head_script', true );
+            if ( is_singular() && '' !== $shfs_post_meta ) {
+                echo $shfs_post_meta['synth_header_script'], "\n"; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+            }
+        }
+
+        /**
+         * Output scripts in wp_body_open.
+         */
+        public function wp_body_open() {
+            if ( ! is_admin() && ! is_feed() && ! is_robots() && ! is_trackback() ) {
+                $meta = get_option( 'jamify_hfs_insert_body', '' );
+                if ( '' !== $meta ) {
+                    echo $meta, "\n"; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+                }
+            }
+        }
+
+        /**
+         * Output scripts in wp_footer.
+         */
+        public function wp_footer() {
+            if ( ! is_admin() && ! is_feed() && ! is_robots() && ! is_trackback() ) {
+                $text = get_option( 'jamify_hfs_insert_footer', '' );
                 $text = convert_smilies( $text );
                 $text = do_shortcode( $text );
 
-                if ( $text != '' ) {
-                    echo $text, "\n";
-                }
-            }
-        }
-
-        function shfs_options_panel() {
-                // Load options page
-                require_once(SHFS_PLUGIN_DIR . '/inc/options.php');
+                if ( '' !== $text ) {
+                    echo $text, "\n"; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+                }
+            }
+        }
+
+        /**
+         * Render the plugin options page.
+         */
+        public function jamify_hfs_options_panel() {
+            // Load options page
+            require_once JAMIFY_HFS_PLUGIN_DIR . '/inc/options.php';
+        }
+
+        /**
+         * Display admin notices (e.g. migration warning).
+         */
+        public function admin_notices() {
+            // Check for previous version option to show notice
+            if ( get_option( 'shfs_script_access_level' ) ) {
+                $dismiss_link = add_query_arg( 'shfs_dismiss_notice', 'true' );
+                if ( isset( $_GET['shfs_dismiss_notice'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    delete_option( 'shfs_script_access_level' );
+                } else {
+                    ?>
+                    <div class="notice notice-warning is-dismissible">
+                        <p>
+                            <?php esc_html_e( 'Header and Footer Scripts permission system has been updated. Please check the ', 'header-and-footer-scripts' ); ?>
+                             <a href="<?php echo esc_url( admin_url( 'options-general.php?page=header-and-footer-scripts' ) ); ?>"><?php esc_html_e( 'Settings', 'header-and-footer-scripts' ); ?></a> 
+                            <?php esc_html_e( 'to configure Author/Contributor access if needed.', 'header-and-footer-scripts' ); ?>
+                            <a href="<?php echo esc_url( $dismiss_link ); ?>" style="float:right; text-decoration:none;">X</a>
+                        </p>
+                    </div>
+                    <?php
+                }
+            }
+        }
+
+        /**
+         * Update 'author' role capabilities when option changes.
+         *
+         * @param mixed $old_value Old option value.
+         * @param mixed $new_value New option value.
+         */
+        public function update_role_author( $old_value, $new_value ) {
+            $role = get_role( 'author' );
+            if ( 'yes' === $new_value ) {
+                $role->add_cap( 'unfiltered_html' );
+            } else {
+                $role->remove_cap( 'unfiltered_html' );
+            }
+        }
+
+        /**
+         * Update 'contributor' role capabilities when option changes.
+         *
+         * @param mixed $old_value Old option value.
+         * @param mixed $new_value New option value.
+         */
+        public function update_role_contributor( $old_value, $new_value ) {
+            $role = get_role( 'contributor' );
+            if ( 'yes' === $new_value ) {
+                $role->add_cap( 'unfiltered_html' );
+            } else {
+                $role->remove_cap( 'unfiltered_html' );
+            }
+        }
+
+        /**
+         * Render the post meta box.
+         */
+        public function meta_setup() {
+            global $post;
+
+            // using an underscore, prevents the meta variable
+            // from showing up in the custom fields section
+            $meta = get_post_meta( $post->ID, '_inpost_head_script', true );
+
+            // instead of writing HTML here, lets do an include
+            include_once JAMIFY_HFS_PLUGIN_DIR . '/inc/meta.php';
+
+            // create a custom nonce for submit verification later
+            echo '<input type="hidden" name="jamify_hfs_post_meta_noncename" value="' . esc_attr( wp_create_nonce( 'jamify_hfs_post_meta_save' ) ) . '" />';
+        }
+
+        /**
+         * Save post meta data.
+         *
+         * @param int $post_id The ID of the post being saved.
+         * @return int Post ID.
+         */
+        public function post_meta_save( $post_id ) {
+            // authentication checks
+
+            // make sure data came from our meta box
+            if ( ! isset( $_POST['jamify_hfs_post_meta_noncename'] )
+                 || ! wp_verify_nonce( sanitize_key( $_POST['jamify_hfs_post_meta_noncename'] ), 'jamify_hfs_post_meta_save' ) ) {
+                return $post_id;
+            }
+
+            // check user permissions
+            if ( isset( $_POST['post_type'] ) && 'page' === $_POST['post_type'] ) {
+
+                if ( ! current_user_can( 'edit_page', $post_id ) ) {
+                    return $post_id;
+                }
+
+            } else {
+
+                if ( ! current_user_can( 'edit_post', $post_id ) ) {
+                    return $post_id;
+                }
+
+            }
+
+            // check configured access level
+            if ( ! current_user_can( 'unfiltered_html' ) ) {
+                return $post_id;
+            }
+
+            $current_data = get_post_meta( $post_id, '_inpost_head_script', true );
+
+            $new_data = isset( $_POST['_inpost_head_script'] ) ? wp_unslash( $_POST['_inpost_head_script'] ) : null; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Intentional raw input for script insertion.
+
+            $this->post_meta_clean( $new_data );
+
+            if ( $current_data ) {
+
+                if ( is_null( $new_data ) ) {
+                    delete_post_meta( $post_id, '_inpost_head_script' );
+                } else {
+                    update_post_meta( $post_id, '_inpost_head_script', $new_data );
+                }
+
+            } elseif ( ! is_null( $new_data ) ) {
+
+                add_post_meta( $post_id, '_inpost_head_script', $new_data, true );
+
+            }
+
+            return $post_id;
+        }
+
+        /**
+         * Clean empty values from the meta array.
+         *
+         * @param array $arr The array to clean.
+         */
+        public function post_meta_clean( &$arr ) {
+
+            if ( is_array( $arr ) ) {
+
+                foreach ( $arr as $i => $v ) {
+
+                    if ( is_array( $arr[ $i ] ) ) {
+                        $this->post_meta_clean( $arr[ $i ] );
+
+                        if ( ! count( $arr[ $i ] ) ) {
+                            unset( $arr[ $i ] );
+                        }
+
+                    } else {
+
+                        if ( trim( $arr[ $i ] ) == '' ) {
+                            unset( $arr[ $i ] );
+                        }
+                    }
+                }
+
+                if ( ! count( $arr ) ) {
+                    $arr = null;
+                }
+            }
         }
     }
 
+    $jamify_hfs = new HeaderAndFooterScripts();
+    
+    // Legacy global for backward compatibility
+    $GLOBALS['shfs_header_and_footer_scripts'] = $jamify_hfs;
+}
+
+/**
+ * Backward Compatibility Shims
+ * These functions ensure that external code calling the old global functions
+ * continues to work by delegating to the new class instance.
+ */
+
+if ( ! function_exists( 'shfs_meta_setup' ) ) {
     function shfs_meta_setup() {
-        global $post;
-
-        // using an underscore, prevents the meta variable
-        // from showing up in the custom fields section
-        $meta = get_post_meta($post->ID,'_inpost_head_script',TRUE);
-
-        // instead of writing HTML here, lets do an include
-        include_once(SHFS_PLUGIN_DIR . '/inc/meta.php');
-
-        // create a custom nonce for submit verification later
-        echo '<input type="hidden" name="shfs_post_meta_noncename" value="' . wp_create_nonce(__FILE__) . '" />';
+        global $jamify_hfs;
+        if ( isset( $jamify_hfs ) ) {
+            $jamify_hfs->meta_setup();
+        }
     }
-
-    function shfs_post_meta_save($post_id) {
-        // authentication checks
-
-        // make sure data came from our meta box
-        if ( ! isset( $_POST['shfs_post_meta_noncename'] )
-            || !wp_verify_nonce($_POST['shfs_post_meta_noncename'],__FILE__)) return $post_id;
-
-        // check user permissions
-        if ( $_POST['post_type'] == 'page' ) {
-
-            if (!current_user_can('edit_page', $post_id))
-                return $post_id;
-
-        } else {
-
-            if (!current_user_can('edit_post', $post_id))
-                return $post_id;
-
-        }
-
-        // check configured access level
-        $access_level = get_option( 'shfs_script_access_level', 'manage_options' );
-        if ( ! current_user_can( $access_level ) ) {
-            return $post_id;
-        }
-
-        $current_data = get_post_meta($post_id, '_inpost_head_script', TRUE);
-
-        $new_data = $_POST['_inpost_head_script'];
-
-        shfs_post_meta_clean($new_data);
-
-        if ($current_data) {
-
-            if (is_null($new_data)) delete_post_meta($post_id,'_inpost_head_script');
-
-            else update_post_meta($post_id,'_inpost_head_script',$new_data);
-
-        } elseif (!is_null($new_data)) {
-
-            add_post_meta($post_id,'_inpost_head_script',$new_data,TRUE);
-
-        }
-
+}
+
+if ( ! function_exists( 'shfs_post_meta_save' ) ) {
+    function shfs_post_meta_save( $post_id ) {
+        global $jamify_hfs;
+        if ( isset( $jamify_hfs ) ) {
+            return $jamify_hfs->post_meta_save( $post_id );
+        }
         return $post_id;
     }
-
-    function shfs_post_meta_clean(&$arr) {
-
-        if (is_array($arr)) {
-
-            foreach ($arr as $i => $v) {
-
-                if (is_array($arr[$i])) {
-                    shfs_post_meta_clean($arr[$i]);
-
-                    if (!count($arr[$i])) {
-                        unset($arr[$i]);
-                    }
-
-                } else {
-
-                    if (trim($arr[$i]) == '') {
-                        unset($arr[$i]);
-                    }
-                }
-            }
-
-            if (!count($arr)) {
-                $arr = NULL;
-            }
+}
+
+if ( ! function_exists( 'shfs_post_meta_clean' ) ) {
+    function shfs_post_meta_clean( &$arr ) {
+        global $jamify_hfs;
+        if ( isset( $jamify_hfs ) ) {
+            $jamify_hfs->post_meta_clean( $arr );
         }
     }
-
-    $shfs_header_and_footer_scripts = new HeaderAndFooterScripts();
 }