=== LGPD Cookies ===
Contributors: marciobrandao
Tags: lgpd, cookies, consent, privacy, gdpr
Requires at least: 5.0
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 1.4.1
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

A lightweight cookie consent manager compliant with the Brazilian LGPD, featuring real script blocking and Google Consent Mode v2 integration.

== Description ==

**LGPD Cookies** is a lightweight and efficient WordPress plugin that displays a fully customizable cookie consent modal, meeting the requirements of the Brazilian General Data Protection Law (LGPD – Law No. 13,709/2018).

= Key Features =

* **Cookie consent modal** with categorized cookies (Functional, Analytics, Marketing, and Uncategorized)
* **Real script blocking** until the user gives consent (not just cosmetic)
* **Google Consent Mode v2** natively integrated
* **Consent history** stored in the database for auditing purposes
* **CSV export** of the consent history
* **Full color customization** (background, title, text, buttons, and hover states)
* **Floating icon** so users can review their preferences at any time
* **Complete cleanup** on uninstall (removes options and database table)
* **Extensible** via the `lgpd_cookies_blocked_scripts` filter to add custom blocked scripts

= Cookie Categories =

* **Functional** – Required. Necessary for the basic operation of the site.
* **Analytics** – Google Analytics and similar tools.
* **Marketing** – Tracking pixels and ads (Facebook, Google Ads, etc.).
* **Uncategorized** – Cookies not yet classified.

= Compatibility =

* WordPress 5.0+
* PHP 7.4+
* Compatible with all major modern browsers
* Responsive and mobile-friendly

== Installation ==

1. Upload the `lgpd-cookies` folder to the `/wp-content/plugins/` directory.
2. Activate the plugin through the **Plugins** menu in WordPress.
3. Go to **Settings > LGPD Cookies** to customize the modal.

== Frequently Asked Questions ==

= Does the plugin actually block scripts? =

Yes. The plugin uses the WordPress `script_loader_tag` filter to change the script `type` attribute to `text/plain`, preventing execution until the user grants consent.

= How does the Google Consent Mode v2 integration work? =

The plugin automatically sends consent signals via `gtag('consent', 'update', ...)` when the user accepts or rejects cookie categories, allowing Google Tag Manager and Google Analytics to respect user preferences.

= Is the consent history required by the LGPD? =

The LGPD requires data controllers to be able to prove that consent was obtained. The history stores the IP address (anonymizable), user agent, date/time, and the accepted categories.

= Can I add my own scripts to the blocking list? =

Yes. Use the `lgpd_cookies_blocked_scripts` filter in your theme or plugin:

`add_filter( 'lgpd_cookies_blocked_scripts', function( $scripts ) {
    $scripts['my-tracking-script'] = array(
        'category' => 'marketing',
        'pattern'  => '/mydomain\.com\/tracking/',
    );
    return $scripts;
} );`

= How do I export the consent history? =

Go to **Settings > LGPD Cookies > History** and click the **Export to CSV** button.

= What happens when the plugin is uninstalled? =

All saved options and the history database table are automatically removed.

== Screenshots ==

1. Cookie consent modal displayed on the frontend.
2. Settings panel with color customization.
3. Consent history with CSV export option.

== Changelog ==

= 1.4.0 =
* Full WordPress Coding Standards (WPCS) compliance.
* Separated admin code into `includes/admin.php`.
* Dedicated admin JS file (`assets/js/lgpd-admin.js`).
* Plugin constants for version, paths, and basename.
* Nonce verification and capability checks on all actions.
* Input sanitization and output escaping throughout.
* Full internationalization (i18n) with Text Domain.
* `register_uninstall_hook` for proper cleanup on uninstall.
* `lgpd_cookies_blocked_scripts` filter for extensibility.
* Conditional admin script enqueuing via `$hook_suffix`.

= 1.3.0 =
* Fixed whitespace before `<?php` causing "Headers already sent" error.
* Moved CSV export to `admin_init` hook with nonce and capability verification.
* Normalized indentation across all files.

= 1.0.0 =
* Initial release.

== Upgrade Notice ==

= 1.4.0 =
Recommended update. Significant security improvements, code quality, and full WordPress Coding Standards compliance.
