=== Godhuli ===
Contributors: emtiaz51921
Author URI: https://imtiazshamim.com/
Donate link: https://imtiazshamim.com/donate
Requires at least: 6.0
Tested up to: 6.9.4
Requires PHP: 7.4
License: GPLv3 or later
License URI: https://www.gnu.org/licenses/gpl-3.0.html
Tags: blog, one-column, two-columns, three-columns, right-sidebar, custom-background, custom-logo, custom-colors, custom-header, custom-menu, featured-images, full-width-template, sticky-post, theme-options, threaded-comments, editor-style, translation-ready


== Copyright ==
Godhuli, Copyright 2024 Imtiaz Shamim
Godhuli is distributed under the terms of the GNU GPL v3 or later.

== Description ==

Minimal, fast, and responsive WordPress blog theme with flexible layouts, custom widgets, and full Customizer support—perfect for modern bloggers.

== Installation ==

1. In your admin panel, go to Appearance > Themes and click the Add New button.
2. Click Upload Theme and Choose File, then select the theme's .zip file. Click Install Now.
3. Click Activate to use your new theme right away.

== Frequently Asked Questions ==

= How to install the Godhuli theme? =
1. Login to your WordPress dashboard.
2. Go to "Appearance" -> "Themes" and click on "Add New".
3. Click on "Upload Theme" and choose the theme's zip file.
4. Click "Install Now", then "Activate".
5. Go to "Appearance" -> "Customize" to configure theme options.

Alternatively, search for "Godhuli" in the theme directory and install directly.

If you need any help or assistance we'd be happy to help. Just drop a line here - https://imtiazshamim.com/contact

= Does this theme support any plugins? =
Godhuli includes support for Infinite Scroll in Jetpack and Contact Form 7.

= Does this theme support Gutenberg? =
Yes. Full block editor support with block styles and editor styles included.

= Can I use WooCommerce with this theme? =
Not at this time.


== Upgrade Notice ==

= 3.0.0 =
Major release. Full PHP 8.x and WordPress 6.x compatibility. Complete security audit with sanitization and output escaping hardening. CSS architecture refactored with custom properties (design tokens). All deprecated WordPress functions replaced with modern alternatives.

= Method 1 =
Go to "Your site address"/wp-admin/update-core.php

= Method 2 =
Go to "Appearance" > Themes. You will see the theme upgrade notice. Just click on Update.


== Credits ==
Godhuli bundles the following third-party resources:

* Based on Underscores https://underscores.me/, (C) 2012-2017 Automattic, Inc., [GPLv2 or later](https://www.gnu.org/licenses/gpl-2.0.html)
* normalize.css https://necolas.github.io/normalize.css/, (C) 2012-2016 Nicolas Gallagher and Jonathan Neal, [MIT](http://opensource.org/licenses/MIT)

* Bootstrap
License : MIT License (MIT) - https://github.com/twbs/bootstrap/blob/master/LICENSE
Source: https://github.com/twbs/bootstrap

* Colorbox - a jQuery lightbox
License : MIT License (MIT) - https://github.com/jackmoore/colorbox/blob/master/LICENSE.md
Source: https://github.com/jackmoore/colorbox

* Owl Carousel 2
License : MIT License (MIT) - https://github.com/OwlCarousel2/OwlCarousel2/blob/develop/LICENSE
Source: https://github.com/OwlCarousel2/OwlCarousel2

* Popper.js
License : MIT License - https://github.com/FezVrasta/popper.js/blob/master/LICENSE.md
Source: https://github.com/FezVrasta/popper.js

* WP Bootstrap Navwalker
License : GNU - https://github.com/wp-bootstrap/wp-bootstrap-navwalker/blob/master/LICENSE.txt
Source: https://github.com/wp-bootstrap/wp-bootstrap-navwalker

* Responsive Nav
License : MIT
Source: https://github.com/viljamis/responsive-nav.js

* Select2
License : MIT - https://github.com/select2/select2/blob/develop/LICENSE.md
Source: https://github.com/select2/select2

* Fonts
Lora
Source: https://fonts.google.com/specimen/Lora
License : Open Font License - http://scripts.sil.org/cms/scripts/page.php?site_id=nrsi&id=OFL_web

* Icons (Material Design Icons)
materialdesignicons-webfont.eot
materialdesignicons-webfont.ttf
materialdesignicons-webfont.woff
materialdesignicons-webfont.woff2
License : Apache License 2.0 - https://github.com/google/material-design-icons/blob/master/LICENSE
Source: https://github.com/google/material-design-icons


== Screenshots ==
Images used in theme screenshot (all CC0 licensed):
License : https://stocksnap.io/license
Source:
https://stocksnap.io/photo/1046FC32D9
https://stocksnap.io/photo/T6W4P0LDDK
https://stocksnap.io/photo/7PBFL1ERJT
https://stocksnap.io/photo/4RH8BGXSVJ
https://logoipsum.com/assets/logo/logo-3.svg


* Images included in theme file
border.png
controls.png
loading.gif
loading_background.png
overlay.png
Source: https://github.com/jackmoore/colorbox/tree/master/example1/images
License : MIT License (MIT) - https://github.com/jackmoore/colorbox/blob/master/LICENSE.md

* placeholder.jpg
Graphical Image


== Changelog ==

= 3.0.0 - April 2026 =

* Added: Centralized CSS design token system (`css/godhuli-tokens.css`) with 60+ custom properties covering colors, typography, spacing, layout, and effects.
* Added: `Requires at least: 6.0` header to `style.css` for WordPress.org compliance.
* Added: `wp_body_open()` call and skip-to-content link for full Gutenberg and accessibility compatibility.
* Added: `aria-expanded`, `aria-controls`, and `aria-label` ARIA attributes to the navigation toggle button.
* Added: `aria-hidden="true"` to all decorative icon elements.
* Added: `loading="lazy"` attribute to archive, related post, and slider images.
* Added: `loading="eager"` to singular featured images for LCP performance optimization.
* Added: Dedicated `godhuli_sanitize_layout()`, `godhuli_sanitize_order()`, and `godhuli_sanitize_orderby()` sanitization callbacks for Customizer settings.
* Added: Google Fonts API v2 with `display=swap` to prevent flash of unstyled text (FOUT).
* Added: `Requires PHP: 7.4` compatibility declaration.

* Updated: Theme version to 3.0.0.
* Updated: Minimum WordPress requirement to 6.0 (was 4.0).
* Updated: Minimum PHP requirement to 7.4 (was 5.5).
* Updated: Tested up to WordPress 6.8.
* Updated: Google Fonts URL from legacy API v1 (`/css`) to API v2 (`/css2`).
* Updated: All stylesheet and script enqueue calls now use the theme version string dynamically for cache busting.
* Updated: Custom logo now uses core `get_custom_logo()` / `has_custom_logo()` API, gaining `srcset`, `sizes`, and `width`/`height` attributes automatically.
* Updated: `$content_width` global corrected from `$godhuli_content_width` to WordPress standard `$content_width`.
* Updated: `add_theme_support('html5')` to include `style` and `script` for block editor compatibility.
* Updated: CSS `main.css`, `blocks.css`, and `style.css` fully refactored to use CSS custom properties throughout.
* Updated: `inc/dynamic-style.php` now updates the `:root` custom property block first, so the entire color scheme cascades from a single Customizer value.
* Updated: Footer copyright sanitization callback changed from `wp_filter_nohtml_kses` (strips all HTML) to `wp_kses_post` (allows safe markup such as links).
* Updated: Customizer footer copyright control ID corrected to match its setting ID (`godhuli_footer_copyright`).
* Updated: `godhuli-tokens.css` added to `add_editor_style()` so CSS custom properties resolve in the block editor preview.
* Updated: Sidebar ID in `godhuli_body_classes()` corrected from `sidebar-1` to `godhuli-default-sidebar`.

* Fixed: Critical bug in `Godhuli_Aboutme_Widget::update()` — switch statement was comparing against undefined array keys, causing all widget sanitization to fall through to the default case. Image IDs, URLs, and text fields were all sanitized as HTML instead of their correct types.
* Fixed: Same critical switch-statement bug in `Godhuli_Recentpost_Widget::update()`.
* Fixed: `$commenter` variable undefined in `comments.php`, causing a PHP 8 notice on every page with comments open.
* Fixed: `esc_html_e()` used inside `printf()` in `comments.php` — function echoes and returns `null`, producing a blank format string.
* Fixed: Email and URL comment form fields changed from `type="text"` to `type="email"` and `type="url"` respectively.
* Fixed: Pingback `<link>` tag in `header.php` was calling `esc_url()` without `echo`, silently producing an empty `href`.
* Fixed: `gmpg.org` profile link changed from `http://` to `https://`.
* Fixed: `bloginfo('name', 'display')` deprecated second parameter removed throughout.
* Fixed: `esc_attr__()` replaced with `esc_html__()` for all visible translatable text in footer.
* Fixed: PHP 8 deprecation — removed `$content` argument from `prepend_attachment` filter callback.
* Fixed: Duplicate `blockquote`, `.blockquote`, and `.wp-block-quote` rule groups collapsed into shared selectors.
* Fixed: Duplicate pagination active/hover rule groups (6 separate groups) collapsed into one canonical selector.
* Fixed: Duplicate `.widget select` styles (existed identically in `main.css` and `blocks.css`) merged into one.
* Fixed: Related post thumbnail `alt` attribute was empty — now uses post title.
* Fixed: `<h1>` used as logo text in `godhuli_text_logo_display()` causing duplicate H1 per page.
* Fixed: `wpcf7` input and textarea duplicate `display:block; width:100%` declarations consolidated.

* Removed: IE8 and IE9 legacy stylesheet enqueue (`ie8.css`, `ie9.css`).
* Removed: `html5shiv` script enqueue (IE8 compatibility — no longer needed).
* Removed: Redundant `-webkit-`, `-moz-`, `-ms-`, `-o-` vendor prefixes for `transition`, `transform`, `border-radius`, `box-sizing`, and `user-select` (supported natively in all browsers since 2015–2018).
* Removed: Hardcoded script/style version strings — replaced with dynamic `wp_get_theme()->get('Version')`.
* Removed: `add_theme_support('starter-content')` — no starter content was defined, causing a no-op warning.

* Security: All `theme_mod` values used in `WP_Query` arguments (`orderby`, `order`, `category_name`, `posts_per_page`) are now sanitized before use.
* Security: Widget `update()` methods now apply correct sanitization per field type: `absint()` for attachment IDs, `esc_url_raw()` for URLs, `sanitize_textarea_field()` for description, `sanitize_text_field()` for text.
* Security: `get_avatar_url()` output now wrapped in `esc_url()` in the author box.
* Security: All Customizer output in template files wrapped with appropriate escaping (`esc_html()`, `esc_url()`, `wp_kses_post()`).
* Security: `godhuli_sanitize_select()` replaced with strict allowlist functions for layout, order, and orderby settings — no longer relies on control choices lookup which can fail in AJAX context.

= 2.0.4 - June 24, 2021 =
* Bug fix

= 2.0.3 - May 26 2020 =
* Bug fix

= 2.0.2 - May 24 2020 =
* Bug fix

= 2.0.1 - May 13 2020 =
* Bug fix

= 2.0.0 - March 28 2020 =
* Bug fix
* Slider added
* Theme customizer improvement
* Fix responsiveness
* Some new feature added.

= 1.1.0 - October 29 2019 =
* Modify readme file error

= 1.0.0 - October 28 2019 =
* Initial release
