Two bugs fixed:
1. sanitize_text_field() was stripping special characters from Azure AD
client secrets (e.g. %XX sequences, angle brackets). Replaced with
trim() to preserve the raw secret before encryption.
2. All settings tabs shared one option group (wbc_settings), so saving
from any tab would trigger sanitize callbacks for ALL settings. This
caused checkboxes on other tabs to reset to 'no' and could interfere
with the client secret. Split into per-tab groups: wbc_connection,
wbc_sync, wbc_orders.
Also clears OAuth token cache when client secret is changed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Malin
c06d6e4352