Malin
c06d6e4352
Two bugs fixed: 1. sanitize_text_field() was stripping special characters from Azure AD client secrets (e.g. %XX sequences, angle brackets). Replaced with trim() to preserve the raw secret before encryption. 2. All settings tabs shared one option group (wbc_settings), so saving from any tab would trigger sanitize callbacks for ALL settings. This caused checkboxes on other tabs to reset to 'no' and could interfere with the client secret. Split into per-tab groups: wbc_connection, wbc_sync, wbc_orders. Also clears OAuth token cache when client secret is changed. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>