From fdd837bdc1d36f9f005308b16e84aa41e8089c48 Mon Sep 17 00:00:00 2001
From: d0ubIeU <github@wadewitz.it>
Date: Wed, 7 Jan 2026 18:35:26 +0100
Subject: [PATCH 1/9] Feature: Extension of the plugin system to include
 configuration and activation options

---
 phpmyfaq/admin/assets/src/api/index.ts        |   1 +
 phpmyfaq/admin/assets/src/api/plugins.ts      |  58 ++++
 .../admin/assets/src/configuration/index.ts   |   1 +
 .../admin/assets/src/configuration/plugins.ts | 199 +++++++++++++
 phpmyfaq/admin/assets/src/index.ts            |   4 +
 .../admin/configuration/plugins.twig          |  71 ++++-
 .../HelloWorld/HelloWorldConfiguration.php    |  27 ++
 .../plugins/HelloWorld/HelloWorldPlugin.php   |  44 ++-
 .../HelloWorldPluginConfiguration.php         |  31 ++
 phpmyfaq/src/admin-routes.php                 |  10 +
 phpmyfaq/src/phpMyFAQ/Configuration.php       |   2 +-
 .../Administration/Api/PluginController.php   |  70 +++++
 .../Administration/PluginController.php       |   7 +
 phpmyfaq/src/phpMyFAQ/Database/Mysqli.php     |   1 +
 phpmyfaq/src/phpMyFAQ/Database/PdoMysql.php   |   1 +
 phpmyfaq/src/phpMyFAQ/Database/PdoPgsql.php   |   1 +
 phpmyfaq/src/phpMyFAQ/Database/PdoSqlite.php  |   1 +
 phpmyfaq/src/phpMyFAQ/Database/PdoSqlsrv.php  |   1 +
 phpmyfaq/src/phpMyFAQ/Database/Pgsql.php      |   1 +
 phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php    |   1 +
 phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php     |   1 +
 .../src/phpMyFAQ/Instance/Database/Mysqli.php |   6 +
 .../phpMyFAQ/Instance/Database/PdoMysql.php   |   6 +
 .../phpMyFAQ/Instance/Database/PdoPgsql.php   |   5 +
 .../phpMyFAQ/Instance/Database/PdoSqlite.php  |   5 +
 .../phpMyFAQ/Instance/Database/PdoSqlsrv.php  |   5 +
 .../src/phpMyFAQ/Instance/Database/Pgsql.php  |   5 +
 .../phpMyFAQ/Instance/Database/Sqlite3.php    |   5 +
 .../src/phpMyFAQ/Instance/Database/Sqlsrv.php |   5 +
 .../src/phpMyFAQ/Plugin/PluginManager.php     | 264 +++++++++++++++---
 phpmyfaq/src/phpMyFAQ/Setup/Update.php        |  56 ++++
 .../Twig/Extensions/PluginTwigExtension.php   |   2 +-
 phpmyfaq/src/services.php                     |   5 +-
 phpmyfaq/translations/language_de.php         |  16 ++
 phpmyfaq/translations/language_en.php         |  16 ++
 35 files changed, 882 insertions(+), 52 deletions(-)
 create mode 100644 phpmyfaq/admin/assets/src/api/plugins.ts
 create mode 100644 phpmyfaq/admin/assets/src/configuration/plugins.ts
 create mode 100644 phpmyfaq/content/plugins/HelloWorld/HelloWorldConfiguration.php
 create mode 100644 phpmyfaq/content/plugins/HelloWorld/HelloWorldPluginConfiguration.php
 create mode 100644 phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php

diff --git a/phpmyfaq/admin/assets/src/api/index.ts b/phpmyfaq/admin/assets/src/api/index.ts
index d7e8270a1e..3daaa1da36 100644
--- a/phpmyfaq/admin/assets/src/api/index.ts
+++ b/phpmyfaq/admin/assets/src/api/index.ts
@@ -12,6 +12,7 @@ export * from './markdown';
 export * from './media-browser';
 export * from './news';
 export * from './opensearch';
+export * from './plugins';
 export * from './question';
 export * from './statistics';
 export * from './stop-words';
diff --git a/phpmyfaq/admin/assets/src/api/plugins.ts b/phpmyfaq/admin/assets/src/api/plugins.ts
new file mode 100644
index 0000000000..2172feca17
--- /dev/null
+++ b/phpmyfaq/admin/assets/src/api/plugins.ts
@@ -0,0 +1,58 @@
+/**
+ * Plugin API calls
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public License,
+ * v. 2.0. If a copy of the MPL was not distributed with this file, You can
+ * obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * @package   phpMyFAQ
+ * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
+ * @copyright 2025-2026 phpMyFAQ Team
+ * @license   http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
+ * @link      https://www.phpmyfaq.de
+ * @since     2025-01-07
+ */
+
+import { Response } from '../interfaces';
+
+/**
+ * Toggle plugin status
+ *
+ * @param name
+ * @param active
+ */
+export const togglePluginStatus = async (name: string, active: boolean): Promise<Response> => {
+    const response = await fetch('api/plugin/toggle', {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+        },
+        body: JSON.stringify({
+            name,
+            active,
+        }),
+    });
+
+    return (await response.json()) as Response;
+};
+
+/**
+ * Save plugin configuration
+ *
+ * @param name
+ * @param config
+ */
+export const savePluginConfig = async (name: string, config: Record<string, any>): Promise<Response> => {
+    const response = await fetch('api/plugin/config', {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+        },
+        body: JSON.stringify({
+            name,
+            config,
+        }),
+    });
+
+    return (await response.json()) as Response;
+};
diff --git a/phpmyfaq/admin/assets/src/configuration/index.ts b/phpmyfaq/admin/assets/src/configuration/index.ts
index f3113ba55a..d1cdc81019 100644
--- a/phpmyfaq/admin/assets/src/configuration/index.ts
+++ b/phpmyfaq/admin/assets/src/configuration/index.ts
@@ -3,5 +3,6 @@ export * from './elasticsearch';
 export * from './forms';
 export * from './instance';
 export * from './opensearch';
+export * from './plugins';
 export * from './stopwords';
 export * from './upgrade';
diff --git a/phpmyfaq/admin/assets/src/configuration/plugins.ts b/phpmyfaq/admin/assets/src/configuration/plugins.ts
new file mode 100644
index 0000000000..8919c29b24
--- /dev/null
+++ b/phpmyfaq/admin/assets/src/configuration/plugins.ts
@@ -0,0 +1,199 @@
+/**
+ * Plugin management logic for phpMyFAQ admin backend
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public License,
+ * v. 2.0. If a copy of the MPL was not distributed with this file, You can
+ * obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * @package   phpMyFAQ
+ * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
+ * @copyright 2025-2026 phpMyFAQ Team
+ * @license   http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
+ * @link      https://www.phpmyfaq.de
+ * @since     2025-01-07
+ */
+
+import { togglePluginStatus, savePluginConfig } from '../api';
+import { pushNotification, pushErrorNotification } from '../../../../assets/src/utils';
+
+/**
+ * Handles plugin status toggling and configuration modal
+ */
+export const handlePlugins = (): void => {
+    const toggleCheckboxes = document.querySelectorAll<HTMLInputElement>('.plugin-toggle');
+    toggleCheckboxes.forEach((checkbox) => {
+        checkbox.addEventListener('change', async (event) => {
+            const target = event.target as HTMLInputElement;
+            const row = target.closest('tr');
+            const pluginName = row ? row.getAttribute('data-plugin-name') : null;
+            const active = target.checked;
+
+            if (!pluginName) {
+                return;
+            }
+
+            try {
+                const result = await togglePluginStatus(pluginName, active);
+
+                if (!result.success) {
+                    target.checked = !active; // Revert
+                    pushErrorNotification('Failed to update plugin status: ' + (result.message || 'Unknown error'));
+                } else {
+                    pushNotification('Plugin status updated successfully.');
+                }
+            } catch (error) {
+                target.checked = !active; // Revert
+                console.error('Error toggling plugin:', error);
+                pushErrorNotification('An error occurred while updating plugin status.');
+            }
+        });
+    });
+
+    // Configuration Modal
+    const configModalEl = document.getElementById('pluginConfigModal');
+    if (configModalEl) {
+        configModalEl.addEventListener('show.bs.modal', (event: any) => {
+            const button = event.relatedTarget as HTMLElement;
+            const pluginName = button.getAttribute('data-plugin-name');
+            const pluginDescription = button.getAttribute('data-plugin-description');
+            const pluginImplementation = button.getAttribute('data-plugin-implementation');
+            const configJson = button.getAttribute('data-plugin-config');
+
+            const modalTitle = configModalEl.querySelector('.modal-title');
+            const nameInput = configModalEl.querySelector<HTMLInputElement>('#configPluginName');
+            const container = configModalEl.querySelector('#configFieldsContainer');
+            const descText = configModalEl.querySelector('#pluginDescriptionText');
+            const implContainer = configModalEl.querySelector('#pluginImplementationContainer');
+            const implCode = configModalEl.querySelector('#pluginImplementationCode');
+            const noConfigMsg = configModalEl.querySelector('#pluginNoConfigMsg');
+            const saveBtn = document.getElementById('savePluginConfigBtn');
+
+            if (modalTitle && pluginName) {
+                modalTitle.textContent = 'Configuration: ' + pluginName;
+            }
+            if (nameInput && pluginName) {
+                nameInput.value = pluginName;
+            }
+            if (descText) {
+                descText.textContent = pluginDescription || '-';
+            }
+
+            if (implContainer && implCode) {
+                if (pluginImplementation) {
+                    implCode.textContent = pluginImplementation;
+                    implContainer.classList.remove('d-none');
+                } else {
+                    implContainer.classList.add('d-none');
+                }
+            }
+
+            if (container) {
+                container.innerHTML = ''; // Clear previous fields
+            }
+            if (noConfigMsg) noConfigMsg.classList.add('d-none');
+            if (saveBtn) saveBtn.style.display = 'none';
+
+            let hasConfig = false;
+
+            if (configJson) {
+                try {
+                    const configData = JSON.parse(configJson);
+
+                    if (configData && typeof configData === 'object' && Object.keys(configData).length > 0) {
+                        hasConfig = true;
+                        if (saveBtn) saveBtn.style.display = 'block';
+
+                        Object.keys(configData).forEach((key) => {
+                            const value = configData[key];
+                            const div = document.createElement('div');
+                            div.className = 'mb-3';
+
+                            const label = document.createElement('label');
+                            label.className = 'form-label';
+                            label.textContent = key;
+                            label.htmlFor = 'config_' + key;
+
+                            let input: HTMLInputElement;
+
+                            if (typeof value === 'boolean') {
+                                div.className = 'form-check form-switch mb-3';
+                                input = document.createElement('input');
+                                input.type = 'checkbox';
+                                input.className = 'form-check-input';
+                                input.checked = value;
+                                input.value = '1';
+                                label.className = 'form-check-label';
+                                div.appendChild(input);
+                                div.appendChild(label);
+                            } else {
+                                input = document.createElement('input');
+                                input.type = 'text';
+                                input.className = 'form-control';
+                                input.value = String(value);
+                                div.appendChild(label);
+                                div.appendChild(input);
+                            }
+
+                            input.id = 'config_' + key;
+                            input.setAttribute('name', 'config[' + key + ']');
+
+                            if (container) {
+                                container.appendChild(div);
+                            }
+                        });
+                    }
+                } catch (e) {
+                    console.error('Error parsing config:', e);
+                }
+            }
+
+            if (!hasConfig && noConfigMsg) {
+                noConfigMsg.classList.remove('d-none');
+            }
+        });
+    }
+
+    // Save Configuration
+    const saveBtn = document.getElementById('savePluginConfigBtn');
+    if (saveBtn) {
+        saveBtn.addEventListener('click', async () => {
+            const form = document.getElementById('pluginConfigForm') as HTMLFormElement;
+            const container = document.getElementById('configFieldsContainer');
+            if (!form || !container) return;
+
+            const nameInput = form.querySelector<HTMLInputElement>('input[name="name"]');
+            const pluginName = nameInput?.value;
+            const configData: Record<string, any> = {};
+
+            const inputs = container.querySelectorAll<HTMLInputElement | HTMLSelectElement | HTMLTextAreaElement>(
+                'input, select, textarea',
+            );
+            inputs.forEach((input) => {
+                const nameAttr = input.getAttribute('name');
+                if (nameAttr && nameAttr.startsWith('config[')) {
+                    const key = nameAttr.substring(7, nameAttr.length - 1);
+                    if (input instanceof HTMLInputElement && input.type === 'checkbox') {
+                        configData[key] = input.checked;
+                    } else {
+                        configData[key] = input.value;
+                    }
+                }
+            });
+
+            if (!pluginName) return;
+
+            try {
+                const result = await savePluginConfig(pluginName, configData);
+
+                if (result.success) {
+                    window.location.reload();
+                } else {
+                    pushErrorNotification('Failed to save configuration: ' + (result.message || 'Unknown error'));
+                }
+            } catch (error) {
+                console.error('Error saving config:', error);
+                pushErrorNotification('An error occurred while saving configuration.');
+            }
+        });
+    }
+};
diff --git a/phpmyfaq/admin/assets/src/index.ts b/phpmyfaq/admin/assets/src/index.ts
index eaf6ae4d75..43ad5e123c 100644
--- a/phpmyfaq/admin/assets/src/index.ts
+++ b/phpmyfaq/admin/assets/src/index.ts
@@ -35,6 +35,7 @@ import {
   handleFormEdit,
   handleFormTranslations,
   handleOpenSearch,
+  handlePlugins,
 } from './configuration';
 import {
   handleAttachmentUploads,
@@ -165,6 +166,9 @@ document.addEventListener('DOMContentLoaded', async (): Promise<void> => {
   await handleElasticsearch();
   await handleOpenSearch();
 
+  // Configuration → Plugins
+  handlePlugins();
+
   // Import & Export → Import Records
   await handleUploadCSVForm();
 
diff --git a/phpmyfaq/assets/templates/admin/configuration/plugins.twig b/phpmyfaq/assets/templates/admin/configuration/plugins.twig
index 554a50b254..e323e967e2 100644
--- a/phpmyfaq/assets/templates/admin/configuration/plugins.twig
+++ b/phpmyfaq/assets/templates/admin/configuration/plugins.twig
@@ -20,22 +20,91 @@
         <tr>
           <th>{{ 'msgPluginName' | translate }}</th>
           <th>{{ 'msgPluginVersion' | translate }}</th>
+          <th>{{ 'msgActive' | translate }}</th>
           <th>{{ 'msgPluginAuthor' | translate }}</th>
           <th>{{ 'msgPluginDescription' | translate }}</th>
+          <th class="text-end">{{ 'msgActions' | translate }}</th>
         </tr>
       </thead>
       <tbody>
         {% for plugin in pluginList %}
-        <tr>
+        <tr data-plugin-name="{{ plugin.name }}">
           <td>{{ plugin.name }}</td>
           <td>{{ plugin.version }}</td>
+          <td>
+            <div class="form-check form-switch">
+              <input class="form-check-input plugin-toggle" type="checkbox" id="active_{{ plugin.name }}" {% if activePlugins[plugin.name] %}checked{% endif %}>
+              <label class="form-check-label visually-hidden" for="active_{{ plugin.name }}">
+                {{ 'msgActive' | translate }}
+              </label>
+            </div>
+          </td>
           <td>{{ plugin.author }}</td>
           <td>{{ plugin.description }}</td>
+          <td class="text-end">
+              <button
+              class="btn btn-sm btn-secondary plugin-config-btn"
+              type="button"
+              data-bs-toggle="modal"
+              data-bs-target="#pluginConfigModal"
+              data-plugin-name="{{ plugin.name }}"
+              data-plugin-description="{{ plugin.getAdvDescription()|default(plugin.description) }}"
+              data-plugin-implementation="{{ plugin.getImplementation()|default('') }}"
+              data-plugin-config='{{ plugin.config | json_encode }}'
+              title="{{ 'msgConfig' | translate }}"
+            >
+              <i class="bi bi-gear-fill" aria-hidden="true"></i>
+            </button>
+          </td>
         </tr>
         {% endfor %}
       </tbody>
     </table>
 
+    <div class="modal fade" id="pluginConfigModal" tabindex="-1" aria-labelledby="pluginConfigModalLabel" aria-hidden="true">
+      <div class="modal-dialog modal-lg modal-dialog-scrollable">
+        <div class="modal-content">
+          <div class="modal-header">
+            <h5 class="modal-title" id="pluginConfigModalLabel">{{ 'msgConfig' | translate }}</h5>
+            <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+          </div>
+          <div class="modal-body">
+              <div class="mb-3">
+                  <strong>{{ 'msgPluginDescription' | translate }}:</strong>
+                  <p id="pluginDescriptionText" class="mt-1"></p>
+              </div>
+
+              <div id="pluginImplementationContainer" class="mb-3 d-none">
+                  <strong>{{ 'msgPluginImplementation' | translate|default('Implementation') }}:</strong>
+                  <div class="card bg-light mt-1">
+                      <div class="card-body py-2">
+                          <code id="pluginImplementationCode"></code>
+                      </div>
+                  </div>
+              </div>
+
+              <hr>
+
+              <form id="pluginConfigForm">
+                <input type="hidden" id="configPluginName" name="name">
+                <div id="configFieldsContainer">
+                  <!-- Config fields will be generated here -->
+                </div>
+                <div id="pluginNoConfigMsg" class="alert alert-info d-none">
+                  {{ 'msgNoPluginConfig' | translate }}
+                </div>
+              </form>
+          </div>
+          <div class="modal-footer">
+            <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">{{ 'msgCancel' | translate }}</button>
+            <button type="button" class="btn btn-primary" id="savePluginConfigBtn">{{ 'msgSave' | translate }}</button>
+          </div>
+        </div>
+      </div>
+    </div>
+    
+
+
     {% if incompatiblePlugins is not empty %}
     <div class="alert alert-warning mt-4" role="alert">
       <h5 class="alert-heading">
diff --git a/phpmyfaq/content/plugins/HelloWorld/HelloWorldConfiguration.php b/phpmyfaq/content/plugins/HelloWorld/HelloWorldConfiguration.php
new file mode 100644
index 0000000000..a457bb7bef
--- /dev/null
+++ b/phpmyfaq/content/plugins/HelloWorld/HelloWorldConfiguration.php
@@ -0,0 +1,27 @@
+<?php
+
+/**
+ * The Hello World Plugin Configuration
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public License,
+ * v. 2.0. If a copy of the MPL was not distributed with this file, You can
+ * obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * @package   phpMyFAQ
+ * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
+ * @copyright 2026 phpMyFAQ Team
+ * @license   https://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
+ * @link      https://www.phpmyfaq.de
+ * @since     2026-01-06
+ */
+
+declare(strict_types=1);
+
+namespace phpMyFAQ\Plugin\HelloWorld;
+
+use phpMyFAQ\Plugin\PluginConfigurationInterface;
+
+class HelloWorldConfiguration implements PluginConfigurationInterface
+{
+    public string $greeting = 'Hello, World!';
+}
diff --git a/phpmyfaq/content/plugins/HelloWorld/HelloWorldPlugin.php b/phpmyfaq/content/plugins/HelloWorld/HelloWorldPlugin.php
index a6b0478201..14781a6bc1 100755
--- a/phpmyfaq/content/plugins/HelloWorld/HelloWorldPlugin.php
+++ b/phpmyfaq/content/plugins/HelloWorld/HelloWorldPlugin.php
@@ -21,6 +21,8 @@
 
 namespace phpMyFAQ\Plugin\HelloWorld;
 
+require_once __DIR__ . '/HelloWorldPluginConfiguration.php';
+
 use phpMyFAQ\Plugin\PluginEvent;
 use phpMyFAQ\Plugin\PluginInterface;
 use phpMyFAQ\Plugin\PluginConfigurationInterface;
@@ -36,7 +38,7 @@ public function getName(): string
 
     public function getVersion(): string
     {
-        return '0.2.0';
+        return '0.3.0';
     }
 
     public function getDescription(): string
@@ -49,40 +51,58 @@ public function getAuthor(): string
         return 'phpMyFAQ Team';
     }
 
-    public function getDependencies(): array
+    public function getAdvDescription(): string
     {
-        return [];
+        return 'A simple Hello World plugin that demonstrates event handling in phpMyFAQ and with Configuration options.';
     }
 
-    public function getConfig(): ?PluginConfigurationInterface
+    public function getImplementation(): string
     {
-        return null; // No configuration needed for this simple plugin
+        return '{{ phpMyFAQPlugin(\'hello.world\', \'Hello, World!\') | raw }} oder {{ phpMyFAQPlugin(\'user.login\', \'John Doe\') | raw }}';
     }
 
-    public function getStylesheets(): array
+    public function getDependencies(): array
     {
-        return []; // No stylesheets for this simple plugin
+        return [];
     }
 
-    public function getTranslationsPath(): ?string
+    private ?HelloWorldPluginConfiguration $config = null;
+
+    public function getConfig(): ?PluginConfigurationInterface
     {
-        return null; // No translations for this simple plugin
+        if ($this->config === null) {
+            if (!class_exists(HelloWorldPluginConfiguration::class)) {
+                require_once __DIR__ . '/HelloWorldPluginConfiguration.php';
+            }
+            $this->config = new HelloWorldPluginConfiguration();
+        }
+        return $this->config;
     }
 
-    public function getScripts(): array
+    public function getTranslationsPath(): ?string
     {
-        return []; // No scripts for this simple plugin
+        return null; // No translations for this simple plugin
     }
 
     public function registerEvents(EventDispatcherInterface $eventDispatcher): void
     {
         $eventDispatcher->addListener('hello.world', [$this, 'onContentLoaded']);
+        $eventDispatcher->addListener('user.login', [$this, 'onUserLogin']);
     }
 
     public function onContentLoaded(PluginEvent $event): void
     {
         $content = $event->getData();
-        $output = 'phpMyFAQ says ' . $content . '<br>';
+        $greeting = $this->getConfig()->greeting;
+        $output = 'phpMyFAQ says ' . $greeting . ' (Content: ' . $content . ')';
+        $event->setOutput($output);
+    }
+
+    public function onUserLogin(PluginEvent $event): void
+    {
+        $username = $event->getData();
+        $configuredUsername = $this->getConfig()->username;
+        $output = 'Welcome back, ' . $username . '! (Configured: ' . $configuredUsername . ')<br>';
         $event->setOutput($output);
     }
 }
diff --git a/phpmyfaq/content/plugins/HelloWorld/HelloWorldPluginConfiguration.php b/phpmyfaq/content/plugins/HelloWorld/HelloWorldPluginConfiguration.php
new file mode 100644
index 0000000000..66acd731b1
--- /dev/null
+++ b/phpmyfaq/content/plugins/HelloWorld/HelloWorldPluginConfiguration.php
@@ -0,0 +1,31 @@
+<?php
+
+/**
+ * Configuration class for Hello World Plugin
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public License,
+ * v. 2.0. If a copy of the MPL was not distributed with this file, You can
+ * obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * @package   phpMyFAQ
+ * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
+ * @copyright 2024-2026 phpMyFAQ Team
+ * @license   https://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
+ * @link      https://www.phpmyfaq.de
+ * @since     2024-12-28
+ */
+
+declare(strict_types=1);
+
+namespace phpMyFAQ\Plugin\HelloWorld;
+
+use phpMyFAQ\Plugin\PluginConfigurationInterface;
+
+class HelloWorldPluginConfiguration implements PluginConfigurationInterface
+{
+    public function __construct(
+        public string $greeting = 'Hello, World!',
+        public string $username = 'John Doe',
+    ) {
+    }
+}
diff --git a/phpmyfaq/src/admin-routes.php b/phpmyfaq/src/admin-routes.php
index 9d2c613058..5030f2c611 100644
--- a/phpmyfaq/src/admin-routes.php
+++ b/phpmyfaq/src/admin-routes.php
@@ -166,6 +166,16 @@
         'controller' => [PluginController::class, 'index'],
         'methods' => 'GET',
     ],
+    'admin.configuration.plugins.config' => [
+        'path' => '/plugins/config',
+        'controller' => [PluginController::class, 'saveConfig'],
+        'methods' => 'POST',
+    ],
+    'admin.configuration.plugins.toggle' => [
+        'path' => '/plugins/toggle',
+        'controller' => [PluginController::class, 'toggleStatus'],
+        'methods' => 'POST',
+    ],
     'admin.dashboard' => [
         'path' => '/',
         'controller' => [DashboardController::class, 'index'],
diff --git a/phpmyfaq/src/phpMyFAQ/Configuration.php b/phpmyfaq/src/phpMyFAQ/Configuration.php
index 2aff891329..8a20476d94 100644
--- a/phpmyfaq/src/phpMyFAQ/Configuration.php
+++ b/phpmyfaq/src/phpMyFAQ/Configuration.php
@@ -506,7 +506,7 @@ public function getCustomCss(): string
      */
     public function setPluginManager(): Configuration
     {
-        $this->pluginManager = new PluginManager();
+        $this->pluginManager = new PluginManager($this);
         $this->pluginManager->loadPlugins();
 
         $this->config['core.pluginManager'] = $this->pluginManager;
diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php
new file mode 100644
index 0000000000..0443fd54fc
--- /dev/null
+++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php
@@ -0,0 +1,70 @@
+<?php
+
+/**
+ * The Plugin API Controller
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public License,
+ * v. 2.0. If a copy of the MPL was not distributed with this file, You can
+ * obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * @package   phpMyFAQ
+ * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
+ * @copyright 2025-2026 phpMyFAQ Team
+ * @license   https://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
+ * @link      https://www.phpmyfaq.de
+ * @since     2025-01-07
+ */
+
+declare(strict_types=1);
+
+namespace phpMyFAQ\Controller\Administration\Api;
+
+use phpMyFAQ\Controller\Administration\AbstractAdministrationController;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\Attribute\Route;
+
+final class PluginController extends AbstractAdministrationController
+{
+    #[Route(path: '/api/plugin/toggle', methods: ['POST'])]
+    public function toggleStatus(Request $request): JsonResponse
+    {
+        $pluginManager = $this->container->get(id: 'phpmyfaq.plugin.plugin-manager');
+        $pluginManager->loadPlugins();
+
+        $data = json_decode($request->getContent(), true);
+        $name = $data['name'] ?? null;
+        $active = (bool) ($data['active'] ?? false);
+
+        if ($name === null || !array_key_exists($name, $pluginManager->getPlugins())) {
+            return new JsonResponse(['success' => false, 'message' => 'Plugin not found'], 404);
+        }
+
+        if ($active) {
+            $pluginManager->activatePlugin($name);
+        } else {
+            $pluginManager->deactivatePlugin($name);
+        }
+
+        return new JsonResponse(['success' => true]);
+    }
+
+    #[Route(path: '/api/plugin/config', methods: ['POST'])]
+    public function saveConfig(Request $request): JsonResponse
+    {
+        $pluginManager = $this->container->get(id: 'phpmyfaq.plugin.plugin-manager');
+        $pluginManager->loadPlugins();
+
+        $data = json_decode($request->getContent(), true);
+        $name = $data['name'] ?? null;
+        $config = (array) ($data['config'] ?? []);
+
+        if ($name === null || !array_key_exists($name, $pluginManager->getPlugins())) {
+            return new JsonResponse(['success' => false, 'message' => 'Plugin not found'], 404);
+        }
+
+        $pluginManager->savePluginConfig($name, $config);
+
+        return new JsonResponse(['success' => true]);
+    }
+}
diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/PluginController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/PluginController.php
index da97275d30..11e56f4ff0 100644
--- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/PluginController.php
+++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/PluginController.php
@@ -20,6 +20,7 @@
 namespace phpMyFAQ\Controller\Administration;
 
 use phpMyFAQ\Core\Exception;
+use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Attribute\Route;
@@ -38,10 +39,16 @@ public function index(Request $request): Response
         $pluginManager = $this->container->get(id: 'phpmyfaq.plugin.plugin-manager');
         $pluginManager->loadPlugins();
 
+        $activePlugins = [];
+        foreach ($pluginManager->getPlugins() as $plugin) {
+            $activePlugins[$plugin->getName()] = $pluginManager->isPluginActive($plugin->getName());
+        }
+
         return $this->render('@admin/configuration/plugins.twig', [
             ...$this->getHeader($request),
             ...$this->getFooter(),
             'pluginList' => $pluginManager->getPlugins(),
+            'activePlugins' => $activePlugins,
             'incompatiblePlugins' => $pluginManager->getIncompatiblePlugins(),
         ]);
     }
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php b/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php
index 24b1432c99..a72ab70d23 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php
@@ -252,6 +252,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
+            $prefix . 'faqdata_plugins',
         ];
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Database/PdoMysql.php b/phpmyfaq/src/phpMyFAQ/Database/PdoMysql.php
index d55563a8b8..4bf268d533 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/PdoMysql.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/PdoMysql.php
@@ -219,6 +219,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
+            $prefix . 'faqdata_plugins',
         ];
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Database/PdoPgsql.php b/phpmyfaq/src/phpMyFAQ/Database/PdoPgsql.php
index 0583b4f8a7..d5abe3dc97 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/PdoPgsql.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/PdoPgsql.php
@@ -218,6 +218,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
+            $prefix . 'faqdata_plugins',
         ];
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Database/PdoSqlite.php b/phpmyfaq/src/phpMyFAQ/Database/PdoSqlite.php
index b2cd3f218d..96d34f27c5 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/PdoSqlite.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/PdoSqlite.php
@@ -243,6 +243,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
+            $prefix . 'faqdata_plugins',
         ];
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Database/PdoSqlsrv.php b/phpmyfaq/src/phpMyFAQ/Database/PdoSqlsrv.php
index b9ed060eb3..0c7ec09102 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/PdoSqlsrv.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/PdoSqlsrv.php
@@ -219,6 +219,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
+            $prefix . 'faqdata_plugins',
         ];
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php b/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
index e073c5586b..73ed5f7d43 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
@@ -314,6 +314,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
+            $prefix . 'faqdata_plugins',
         ];
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php b/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php
index 0bd8352c26..f8b5dc634d 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php
@@ -270,6 +270,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
+            $prefix . 'faqdata_plugins',
         ];
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php b/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
index c069115a4d..fdb3878f2e 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
@@ -309,6 +309,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
+            $prefix . 'faqdata_plugins',
         ];
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/Mysqli.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/Mysqli.php
index 7dd6671748..886a8b846e 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/Mysqli.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/Mysqli.php
@@ -180,6 +180,12 @@ class Mysqli extends Database implements DriverInterface
             record_id INT(11) NOT NULL,
             group_id INT(11) NOT NULL,
             PRIMARY KEY (record_id, group_id))',
+        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+            name VARCHAR(255) NOT NULL,
+            active INT(1) NOT NULL DEFAULT 0,
+            config LONGTEXT DEFAULT NULL,
+            PRIMARY KEY (name)) 
+            DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci ENGINE = InnoDB',
         'faqdata_tags' => 'CREATE TABLE %sfaqdata_tags (
             record_id INT(11) NOT NULL,
             tagging_id INT(11) NOT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoMysql.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoMysql.php
index 1f7f07068f..81c1dc3a56 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoMysql.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoMysql.php
@@ -179,6 +179,12 @@ class PdoMysql extends Database implements DriverInterface
             record_id INT(11) NOT NULL,
             group_id INT(11) NOT NULL,
             PRIMARY KEY (record_id, group_id))',
+        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+            name VARCHAR(255) NOT NULL,
+            active INT(1) NOT NULL DEFAULT 0,
+            config LONGTEXT DEFAULT NULL,
+            PRIMARY KEY (name)) 
+            DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci ENGINE = InnoDB',
         'faqdata_tags' => 'CREATE TABLE %sfaqdata_tags (
             record_id INT(11) NOT NULL,
             tagging_id INT(11) NOT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoPgsql.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoPgsql.php
index a4f7209a20..9961bbfb56 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoPgsql.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoPgsql.php
@@ -176,6 +176,11 @@ class PdoPgsql extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
+        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+            name VARCHAR(255) NOT NULL,
+            active INTEGER NOT NULL DEFAULT 0,
+            config TEXT DEFAULT NULL,
+            PRIMARY KEY (name))',
         'faqdata_tags' => 'CREATE TABLE %sfaqdata_tags (
             record_id INTEGER NOT NULL,
             tagging_id INTEGER NOT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlite.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlite.php
index 366fb85280..58fda2c48a 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlite.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlite.php
@@ -173,6 +173,11 @@ class PdoSqlite extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
+        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+            name VARCHAR(255) NOT NULL,
+            active INTEGER NOT NULL DEFAULT 0,
+            config TEXT DEFAULT NULL,
+            PRIMARY KEY (name))',
         'faqdata_tags' => 'CREATE TABLE %sfaqdata_tags (
             record_id INTEGER NOT NULL,
             tagging_id INTEGER NOT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlsrv.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlsrv.php
index d30f483c75..80e54057bf 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlsrv.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlsrv.php
@@ -173,6 +173,11 @@ class PdoSqlsrv extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
+        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+            name NVARCHAR(255) NOT NULL,
+            active INTEGER NOT NULL DEFAULT 0,
+            config NVARCHAR(MAX) DEFAULT NULL,
+            PRIMARY KEY (name))',
         'faqdata_tags' => 'CREATE TABLE %sfaqdata_tags (
             record_id INTEGER NOT NULL,
             tagging_id INTEGER NOT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/Pgsql.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/Pgsql.php
index 8d64c8490e..194f9c97d8 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/Pgsql.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/Pgsql.php
@@ -177,6 +177,11 @@ class Pgsql extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
+        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+            name VARCHAR(255) NOT NULL,
+            active INTEGER NOT NULL DEFAULT 0,
+            config TEXT DEFAULT NULL,
+            PRIMARY KEY (name))',
         'faqdata_tags' => 'CREATE TABLE %sfaqdata_tags (
             record_id INTEGER NOT NULL,
             tagging_id INTEGER NOT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlite3.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlite3.php
index 45688376fc..f8e6931417 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlite3.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlite3.php
@@ -174,6 +174,11 @@ class Sqlite3 extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
+        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+            name VARCHAR(255) NOT NULL,
+            active INTEGER NOT NULL DEFAULT 0,
+            config TEXT DEFAULT NULL,
+            PRIMARY KEY (name))',
         'faqdata_tags' => 'CREATE TABLE %sfaqdata_tags (
             record_id INTEGER NOT NULL,
             tagging_id INTEGER NOT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlsrv.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlsrv.php
index 4b746758c9..05280e3a04 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlsrv.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlsrv.php
@@ -174,6 +174,11 @@ class Sqlsrv extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
+        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+            name NVARCHAR(255) NOT NULL,
+            active INTEGER NOT NULL DEFAULT 0,
+            config NVARCHAR(MAX) DEFAULT NULL,
+            PRIMARY KEY (name))',
         'faqdata_tags' => 'CREATE TABLE %sfaqdata_tags (
             record_id INTEGER NOT NULL,
             tagging_id INTEGER NOT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php b/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
index e2cfe0059c..d9f7732eba 100644
--- a/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
+++ b/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
@@ -52,8 +52,9 @@ class PluginManager
 
     private readonly ContainerBuilder $containerBuilder;
 
-    public function __construct()
-    {
+    public function __construct(
+        private readonly \phpMyFAQ\Configuration $configuration
+    ) {
         $this->eventDispatcher = new EventDispatcher();
         $this->containerBuilder = new ContainerBuilder();
     }
@@ -85,6 +86,10 @@ public function registerPlugin(string $pluginClass): void
      */
     public function loadPlugins(): void
     {
+        if (!empty($this->loadedPlugins)) {
+            return;
+        }
+
         $pluginDir = PMF_ROOT_DIR . '/content/plugins/';
         $pluginFiles = glob($pluginDir . '*/*Plugin.php');
 
@@ -96,51 +101,231 @@ public function loadPlugins(): void
             $this->registerPlugin($fullClassName);
         }
 
+        // Fetch plugin states and config from database
+        $dbPlugins = $this->getPluginsFromDatabase();
+        
         foreach ($this->plugins as $plugin) {
-            if ($this->areDependenciesMet($plugin)) {
+            $pluginName = $plugin->getName();
+            $isActive = false;
+
+            // Apply configuration and check status from DB
+            if (isset($dbPlugins[$pluginName])) {
+                $isActive = (bool)$dbPlugins[$pluginName]['active'];
+                if (!empty($dbPlugins[$pluginName]['config']) && $plugin->getConfig()) {
+                    $configArray = json_decode($dbPlugins[$pluginName]['config'], true);
+                    if (is_array($configArray)) {
+                        $configObject = $plugin->getConfig();
+                        foreach ($configArray as $key => $value) {
+                            if (property_exists($configObject, $key)) {
+                                try {
+                                    $rp = new \ReflectionProperty($configObject, $key);
+                                    if ($type = $rp->getType()) {
+                                        $typeName = $type instanceof \ReflectionNamedType ? $type->getName() : null;
+                                        switch ($typeName) {
+                                            case 'int':
+                                                $value = (int)$value;
+                                                break;
+                                            case 'bool':
+                                                $value = filter_var($value, FILTER_VALIDATE_BOOLEAN);
+                                                break;
+                                            case 'float':
+                                                $value = (float)$value;
+                                                break;
+                                        }
+                                    }
+                                } catch (\ReflectionException $e) {
+                                    // Fallback to direct assignment if reflection fails
+                                }
+                                $configObject->$key = $value;
+                            }
+                        }
+                    }
+                }
+            } else {
+                // Determine if we should treat new plugins as active or inactive.
+                // For safety, inactivity is better, but existing users expect plugins to work if folder exists.
+                // However, user requested "Activation/Deactivation".
+                // If I default to false, all current plugins will stop working until activated.
+                // I should probably insert them as active=0 initially, or maybe active=1 if migrating?
+                // The implementation plan said: "Benutzer muss entscheiden, ob vorhandene Plugins standardmäßig als 'inaktiv'..."
+                // User said "ok sounds good".
+                // I will default to inactive (false) for new plugins found on disk but not in DB.
+                $isActive = false; 
+            }
+            
+            // Allow checking if it IS active.
+            // But we only REGISTER events and LOAD scripts if active.
+            
+            if ($isActive && $this->areDependenciesMet($plugin)) {
                 $this->loadedPlugins[] = $plugin->getName();
+                
                 $plugin->registerEvents($this->eventDispatcher);
+                
                 if (!empty($plugin->getConfig())) {
                     $this->loadPluginConfig($plugin->getName(), $plugin->getConfig());
+                    // Apply DB config overrides here if possible
                 }
 
                 // Register plugin translations
-                $translationsPath = $plugin->getTranslationsPath();
+                $translationsPath = null;
+                if (method_exists($plugin, 'getTranslationsPath')) {
+                    $translationsPath = $plugin->getTranslationsPath();
+                }
+                
                 if ($translationsPath !== null) {
                     $pluginDir = $this->getPluginDirectory($plugin->getName());
                     $absoluteTranslationsPath = $pluginDir . '/' . $translationsPath;
 
                     if (is_dir($absoluteTranslationsPath)) {
-                        Translation::getInstance()->registerPluginTranslations(
-                            $plugin->getName(),
-                            $absoluteTranslationsPath,
-                        );
+                        $translation = Translation::getInstance();
+                        if (method_exists($translation, 'registerPluginTranslations')) {
+                            $translation->registerPluginTranslations(
+                                $plugin->getName(),
+                                $absoluteTranslationsPath,
+                            );
+                        }
                     }
                 }
 
+
                 // Register plugin stylesheets
-                $stylesheets = $plugin->getStylesheets();
-                if (!empty($stylesheets)) {
-                    $this->registerPluginStylesheets($plugin->getName(), $stylesheets);
+                if (method_exists($plugin, 'getStylesheets')) {
+                    $this->registerPluginStylesheets($plugin->getName(), $plugin->getStylesheets());
                 }
 
                 // Register plugin scripts
-                $scripts = $plugin->getScripts();
-                if (!empty($scripts)) {
-                    $this->registerPluginScripts($plugin->getName(), $scripts);
+                if (method_exists($plugin, 'getScripts')) {
+                    $this->registerPluginScripts($plugin->getName(), $plugin->getScripts());
                 }
-            } else {
+            } elseif (!$this->areDependenciesMet($plugin)) {
+
                 $missingDeps = $this->getMissingDependencies($plugin);
                 $this->incompatiblePlugins[$plugin->getName()] = [
                     'plugin' => $plugin,
                     'reason' => sprintf('Missing dependencies: %s', implode(', ', $missingDeps)),
                 ];
-                // Remove plugin from the plugins array since it's incompatible
+                // Remove plugin from the plugins array since it's incompatible (actually, maybe keep it but mark inactive?)
+                // Original code removed it. I'll stick to original behavior for incompatible ones.
                 unset($this->plugins[$plugin->getName()]);
             }
         }
     }
 
+    /**
+     * Activates a plugin
+     */
+    public function activatePlugin(string $pluginName): void
+    {
+        $this->updatePluginStatus($pluginName, true);
+    }
+
+    /**
+     * Deactivates a plugin
+     */
+    public function deactivatePlugin(string $pluginName): void
+    {
+        $this->updatePluginStatus($pluginName, false);
+    }
+    
+    /**
+     * Checks if a plugin is active
+     */
+    public function isPluginActive(string $pluginName): bool
+    {
+        return in_array($pluginName, $this->loadedPlugins, true);
+    }
+
+    /**
+     * Saves plugin configuration
+     */
+    public function savePluginConfig(string $pluginName, array $configData): void
+    {
+        $jsonConfig = json_encode($configData);
+        $db = $this->configuration->getDb();
+        $table = \phpMyFAQ\Database::getTablePrefix() . 'faqdata_plugins';
+
+        // Check if exists
+        $select = sprintf("SELECT name FROM %s WHERE name = '%s'", $table, $db->escape($pluginName));
+        $result = $db->query($select);
+
+        if ($db->numRows($result) > 0) {
+            $update = sprintf(
+                "UPDATE %s SET config = '%s' WHERE name = '%s'",
+                $table,
+                $db->escape($jsonConfig),
+                $db->escape($pluginName)
+            );
+            $db->query($update);
+        } else {
+             $insert = sprintf(
+                "INSERT INTO %s (name, active, config) VALUES ('%s', 0, '%s')",
+                $table,
+                $db->escape($pluginName),
+                $db->escape($jsonConfig)
+            );
+            $db->query($insert);
+        }
+    }
+
+    /**
+     * Updates plugin status in DB
+     */
+    private function updatePluginStatus(string $pluginName, bool $active): void
+    {
+        $db = $this->configuration->getDb();
+        $table = \phpMyFAQ\Database::getTablePrefix() . 'faqdata_plugins';
+        $activeInt = $active ? 1 : 0;
+
+        // Check if exists
+        $select = sprintf("SELECT name FROM %s WHERE name = '%s'", $table, $db->escape($pluginName));
+        $result = $db->query($select);
+
+        if ($db->numRows($result) > 0) {
+            $query = sprintf(
+                "UPDATE %s SET active = %d WHERE name = '%s'",
+                $table,
+                $activeInt,
+                $db->escape($pluginName)
+            );
+        } else {
+            $query = sprintf(
+                "INSERT INTO %s (name, active) VALUES ('%s', %d)",
+                $table,
+                $db->escape($pluginName),
+                $activeInt
+            );
+        }
+        $db->query($query);
+    }
+
+    /**
+     * Fetch plugins from DB
+     */
+    private function getPluginsFromDatabase(): array
+    {
+        $db = $this->configuration->getDb();
+        $table = \phpMyFAQ\Database::getTablePrefix() . 'faqdata_plugins';
+        
+        // Ensure table exists to avoid crashes during update/install if not yet run
+        // But we expect it to exist if we are running. 
+        // We can catch exception or just query.
+        try {
+            $result = $db->query("SELECT name, active, config FROM $table");
+        } catch (\Exception $e) {
+            // Table might not exist yet
+            return [];
+        }
+
+        $plugins = [];
+        while ($row = $db->fetchObject($result)) {
+            $plugins[$row->name] = [
+                'active' => $row->active,
+                'config' => $row->config
+            ];
+        }
+        return $plugins;
+    }
+
     /**
      * Handles the triggered event
      *
@@ -225,23 +410,30 @@ private function getPluginDirectory(string $pluginName): string
     }
 
     /**
-     * Registers stylesheets for a plugin
-     *
-     * @param string[] $stylesheets Relative paths to CSS files
+     * Gets the relative web path for a plugin
      */
+    private function getPluginWebPath(string $pluginName): string
+    {
+        return 'content/plugins/' . $pluginName;
+    }
+
+
     private function registerPluginStylesheets(string $pluginName, array $stylesheets): void
     {
         $pluginDir = $this->getPluginDirectory($pluginName);
         $validatedStylesheets = [];
 
+        // Normalize the path for comparison (slashes and case)
+        $realPluginDir = str_replace('\\', '/', realpath($pluginDir) ?: $pluginDir);
+        $realPluginDir = rtrim($realPluginDir, '/') . '/';
+
         foreach ($stylesheets as $stylesheet) {
-            // Security: Validate a path to prevent directory traversal
-            $absolutePath = realpath($pluginDir . '/' . $stylesheet);
+            $fullPath = $pluginDir . '/' . $stylesheet;
+            $absolutePath = str_replace('\\', '/', realpath($fullPath) ?: $fullPath);
 
-            if ($absolutePath && str_starts_with($absolutePath, $pluginDir) && file_exists($absolutePath)) {
-                // Store relative path from web root for use in templates
-                $webPath = 'content/plugins/' . $pluginName . '/' . $stylesheet;
-                $validatedStylesheets[] = $webPath;
+            // Security check: Must be inside the plugin directory (case-insensitive for Windows)
+            if (str_starts_with(strtolower($absolutePath), strtolower($realPluginDir)) && file_exists($fullPath)) {
+                $validatedStylesheets[] = 'content/plugins/' . $pluginName . '/' . $stylesheet;
             }
         }
 
@@ -250,6 +442,7 @@ private function registerPluginStylesheets(string $pluginName, array $stylesheet
         }
     }
 
+
     /**
      * Returns all registered plugin stylesheets for template injection
      *
@@ -276,24 +469,22 @@ public function getPluginStylesheets(string $pluginName): array
         return $this->pluginStylesheets[$pluginName] ?? [];
     }
 
-    /**
-     * Registers scripts for a plugin
-     *
-     * @param string[] $scripts Relative paths to JavaScript files
-     */
     private function registerPluginScripts(string $pluginName, array $scripts): void
     {
         $pluginDir = $this->getPluginDirectory($pluginName);
         $validatedScripts = [];
 
+        // Normalize the path for comparison (slashes and case)
+        $realPluginDir = str_replace('\\', '/', realpath($pluginDir) ?: $pluginDir);
+        $realPluginDir = rtrim($realPluginDir, '/') . '/';
+
         foreach ($scripts as $script) {
-            // Security: Validate path to prevent directory traversal
-            $absolutePath = realpath($pluginDir . '/' . $script);
+            $fullPath = $pluginDir . '/' . $script;
+            $absolutePath = str_replace('\\', '/', realpath($fullPath) ?: $fullPath);
 
-            if ($absolutePath && str_starts_with($absolutePath, $pluginDir) && file_exists($absolutePath)) {
-                // Store relative path from web root for use in templates
-                $webPath = 'content/plugins/' . $pluginName . '/' . $script;
-                $validatedScripts[] = $webPath;
+            // Security check: Must be inside the plugin directory (case-insensitive for Windows)
+            if (str_starts_with(strtolower($absolutePath), strtolower($realPluginDir)) && file_exists($fullPath)) {
+                $validatedScripts[] = 'content/plugins/' . $pluginName . '/' . $script;
             }
         }
 
@@ -302,6 +493,7 @@ private function registerPluginScripts(string $pluginName, array $scripts): void
         }
     }
 
+
     /**
      * Returns all registered plugin scripts for template injection
      *
diff --git a/phpmyfaq/src/phpMyFAQ/Setup/Update.php b/phpmyfaq/src/phpMyFAQ/Setup/Update.php
index b3f4cb5c81..64db6947dd 100644
--- a/phpmyfaq/src/phpMyFAQ/Setup/Update.php
+++ b/phpmyfaq/src/phpMyFAQ/Setup/Update.php
@@ -184,6 +184,9 @@ public function applyUpdates(): bool
         $this->applyUpdates410Alpha2();
         $this->applyUpdates410Alpha3();
 
+        // 4.2 updates
+        $this->applyUpdates420Alpha();
+
         // Optimize the tables
         $this->optimizeTables();
 
@@ -1122,6 +1125,59 @@ private function applyUpdates410Alpha3(): void
         }
     }
 
+    private function applyUpdates420Alpha(): void
+    {
+        if (version_compare($this->version, '4.2.0-alpha', '<')) {
+            switch (Database::getType()) {
+                case 'mysqli':
+                case 'pdo_mysql':
+                    $this->queries[] = sprintf(
+                        'CREATE TABLE %sfaqdata_plugins (
+                            name VARCHAR(255) NOT NULL,
+                            active INT(1) NOT NULL DEFAULT 0,
+                            config LONGTEXT DEFAULT NULL,
+                            PRIMARY KEY (name))
+                            DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci ENGINE = InnoDB',
+                        Database::getTablePrefix(),
+                    );
+                    break;
+                case 'pgsql':
+                case 'pdo_pgsql':
+                     $this->queries[] = sprintf(
+                        'CREATE TABLE %sfaqdata_plugins (
+                            name VARCHAR(255) NOT NULL,
+                            active INTEGER NOT NULL DEFAULT 0,
+                            config TEXT DEFAULT NULL,
+                            PRIMARY KEY (name))',
+                        Database::getTablePrefix(),
+                    );
+                    break;
+                case 'sqlite3':
+                case 'pdo_sqlite':
+                     $this->queries[] = sprintf(
+                        'CREATE TABLE %sfaqdata_plugins (
+                            name VARCHAR(255) NOT NULL,
+                            active INTEGER NOT NULL DEFAULT 0,
+                            config TEXT DEFAULT NULL,
+                            PRIMARY KEY (name))',
+                        Database::getTablePrefix(),
+                    );
+                    break;
+                case 'sqlsrv':
+                case 'pdo_sqlsrv':
+                     $this->queries[] = sprintf(
+                        'CREATE TABLE %sfaqdata_plugins (
+                            name NVARCHAR(255) NOT NULL,
+                            active INTEGER NOT NULL DEFAULT 0,
+                            config NVARCHAR(MAX) DEFAULT NULL,
+                            PRIMARY KEY (name))',
+                        Database::getTablePrefix(),
+                    );
+                    break;
+            }
+        }
+    }
+
     private function updateVersion(): void
     {
         $this->configuration->update(['main.currentApiVersion' => System::getApiVersion()]);
diff --git a/phpmyfaq/src/phpMyFAQ/Twig/Extensions/PluginTwigExtension.php b/phpmyfaq/src/phpMyFAQ/Twig/Extensions/PluginTwigExtension.php
index 84e52fcc36..1d835dfba8 100644
--- a/phpmyfaq/src/phpMyFAQ/Twig/Extensions/PluginTwigExtension.php
+++ b/phpmyfaq/src/phpMyFAQ/Twig/Extensions/PluginTwigExtension.php
@@ -28,6 +28,6 @@ class PluginTwigExtension extends AbstractExtension
     #[AsTwigFunction(name: 'phpMyFAQPlugin')]
     public static function triggerPluginEvent(string $eventName, mixed $data = null): string
     {
-        return Configuration::getConfigurationInstance()->getPluginManager()->triggerEvent($eventName, $data);
+        return Configuration::getConfigurationInstance()->getPluginManager()->triggerEvent($eventName, $data ?? '');
     }
 }
diff --git a/phpmyfaq/src/services.php b/phpmyfaq/src/services.php
index f386e4ac4b..787fc1df68 100644
--- a/phpmyfaq/src/services.php
+++ b/phpmyfaq/src/services.php
@@ -297,7 +297,10 @@
         service('phpmyfaq.configuration'),
     ]);
 
-    $services->set('phpmyfaq.plugin.plugin-manager', PluginManager::class);
+    $services->set('phpmyfaq.plugin.plugin-manager', PluginManager::class)->factory([
+        service('phpmyfaq.configuration'),
+        'getPluginManager',
+    ]);
 
     $services->set('phpmyfaq.question', Question::class)->args([
         service('phpmyfaq.configuration'),
diff --git a/phpmyfaq/translations/language_de.php b/phpmyfaq/translations/language_de.php
index 84be1c4fc9..7a0946a651 100755
--- a/phpmyfaq/translations/language_de.php
+++ b/phpmyfaq/translations/language_de.php
@@ -1539,4 +1539,20 @@
 $PMF_LANG['msgErrorDetails'] = 'Fehlerdetails';
 $PMF_LANG['msgTryAgain'] = 'Erneut versuchen';
 
+// Plugins
+$PMF_LANG["msgPlugins"] = "Plugins";
+$PMF_LANG["msgPluginListing"] = "Plugin-Übersicht";
+$PMF_LANG["msgPluginName"] = "Plugin-Name";
+$PMF_LANG["msgPluginVersion"] = "Version";
+$PMF_LANG["msgPluginAuthor"] = "Autor";
+$PMF_LANG["msgPluginDescription"] = "Beschreibung";
+$PMF_LANG["msgActions"] = "Aktionen";
+$PMF_LANG["msgConfig"] = "Konfiguration";
+$PMF_LANG["msgIncompatiblePlugins"] = "Inkompatible Plugins";
+$PMF_LANG["msgIncompatiblePluginsInfo"] = "Die folgenden Plugins sind mit Ihrer phpMyFAQ-Version inkompatibel und können nicht aktiviert werden.";
+$PMF_LANG["msgPluginReason"] = "Grund";
+$PMF_LANG["msgNoPluginConfig"] = "Keine Konfiguration verfügbar.";
+$PMF_LANG["msgPluginImplementation"] = "Implementierung";
+
 return $PMF_LANG;
+
diff --git a/phpmyfaq/translations/language_en.php b/phpmyfaq/translations/language_en.php
index 8d251a608e..31032d6569 100644
--- a/phpmyfaq/translations/language_en.php
+++ b/phpmyfaq/translations/language_en.php
@@ -1538,4 +1538,20 @@
 $PMF_LANG['msgErrorDetails'] = 'Error Details';
 $PMF_LANG['msgTryAgain'] = 'Try Again';
 
+// Plugins
+$PMF_LANG["msgPlugins"] = "Plugins";
+$PMF_LANG["msgPluginListing"] = "Plugin Listing";
+$PMF_LANG["msgPluginName"] = "Plugin Name";
+$PMF_LANG["msgPluginVersion"] = "Version";
+$PMF_LANG["msgPluginAuthor"] = "Author";
+$PMF_LANG["msgPluginDescription"] = "Description";
+$PMF_LANG["msgActions"] = "Actions";
+$PMF_LANG["msgConfig"] = "Configuration";
+$PMF_LANG["msgIncompatiblePlugins"] = "Incompatible Plugins";
+$PMF_LANG["msgIncompatiblePluginsInfo"] = "The following plugins are incompatible with your current phpMyFAQ version and cannot be activated.";
+$PMF_LANG["msgPluginReason"] = "Reason";
+$PMF_LANG["msgNoPluginConfig"] = "No configuration available.";
+$PMF_LANG["msgPluginImplementation"] = "Implementation";
+
 return $PMF_LANG;
+

From 0b1f72b29a38eabdb22ca942e346cd0181fd16cb Mon Sep 17 00:00:00 2001
From: d0ubIeU <github@wadewitz.it>
Date: Wed, 7 Jan 2026 18:56:25 +0100
Subject: [PATCH 2/9] remove comment

---
 phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php b/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
index d9f7732eba..a69bfa62e9 100644
--- a/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
+++ b/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
@@ -142,13 +142,7 @@ public function loadPlugins(): void
                     }
                 }
             } else {
-                // Determine if we should treat new plugins as active or inactive.
-                // For safety, inactivity is better, but existing users expect plugins to work if folder exists.
-                // However, user requested "Activation/Deactivation".
-                // If I default to false, all current plugins will stop working until activated.
-                // I should probably insert them as active=0 initially, or maybe active=1 if migrating?
-                // The implementation plan said: "Benutzer muss entscheiden, ob vorhandene Plugins standardmäßig als 'inaktiv'..."
-                // User said "ok sounds good".
+
                 // I will default to inactive (false) for new plugins found on disk but not in DB.
                 $isActive = false; 
             }
@@ -307,8 +301,6 @@ private function getPluginsFromDatabase(): array
         $table = \phpMyFAQ\Database::getTablePrefix() . 'faqdata_plugins';
         
         // Ensure table exists to avoid crashes during update/install if not yet run
-        // But we expect it to exist if we are running. 
-        // We can catch exception or just query.
         try {
             $result = $db->query("SELECT name, active, config FROM $table");
         } catch (\Exception $e) {

From 2ea3fe2d372eb2ab40783859ab82092334d39d5e Mon Sep 17 00:00:00 2001
From: d0ubIeU <github@wadewitz.it>
Date: Wed, 7 Jan 2026 19:45:51 +0100
Subject: [PATCH 3/9] fix

---
 phpmyfaq/admin/assets/src/api/plugins.ts      | 23 ++++++-
 .../admin/assets/src/configuration/plugins.ts | 62 +++++++++++++++----
 .../admin/configuration/plugins.twig          |  7 ++-
 .../Administration/Api/PluginController.php   | 34 +++++++++-
 .../phpMyFAQ/Instance/Database/PdoSqlsrv.php  |  2 +-
 .../src/phpMyFAQ/Plugin/PluginManager.php     |  8 +--
 phpmyfaq/src/phpMyFAQ/Setup/Update.php        |  8 +--
 phpmyfaq/translations/language_de.php         | 24 +++----
 phpmyfaq/translations/language_en.php         | 26 +++-----
 9 files changed, 127 insertions(+), 67 deletions(-)

diff --git a/phpmyfaq/admin/assets/src/api/plugins.ts b/phpmyfaq/admin/assets/src/api/plugins.ts
index 2172feca17..c06481312b 100644
--- a/phpmyfaq/admin/assets/src/api/plugins.ts
+++ b/phpmyfaq/admin/assets/src/api/plugins.ts
@@ -20,12 +20,14 @@ import { Response } from '../interfaces';
  *
  * @param name
  * @param active
+ * @param csrfToken
  */
-export const togglePluginStatus = async (name: string, active: boolean): Promise<Response> => {
+export const togglePluginStatus = async (name: string, active: boolean, csrfToken: string): Promise<Response> => {
     const response = await fetch('api/plugin/toggle', {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',
+            'X-CSRF-Token': csrfToken,
         },
         body: JSON.stringify({
             name,
@@ -33,6 +35,11 @@ export const togglePluginStatus = async (name: string, active: boolean): Promise
         }),
     });
 
+    if (!response.ok) {
+        const errorData = await response.json().catch(() => ({}));
+        throw new Error(errorData.message || `HTTP error! status: ${response.status} ${response.statusText}`);
+    }
+
     return (await response.json()) as Response;
 };
 
@@ -41,18 +48,30 @@ export const togglePluginStatus = async (name: string, active: boolean): Promise
  *
  * @param name
  * @param config
+ * @param csrfToken
  */
-export const savePluginConfig = async (name: string, config: Record<string, any>): Promise<Response> => {
+export const savePluginConfig = async (
+    name: string,
+    config: Record<string, any>,
+    csrfToken: string
+): Promise<Response> => {
     const response = await fetch('api/plugin/config', {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',
+            'X-CSRF-Token': csrfToken,
         },
         body: JSON.stringify({
             name,
             config,
+            csrf: csrfToken, // Also including in body as requested for backend validation
         }),
     });
 
+    if (!response.ok) {
+        const errorData = await response.json().catch(() => ({}));
+        throw new Error(errorData.message || `HTTP error! status: ${response.status} ${response.statusText}`);
+    }
+
     return (await response.json()) as Response;
 };
diff --git a/phpmyfaq/admin/assets/src/configuration/plugins.ts b/phpmyfaq/admin/assets/src/configuration/plugins.ts
index 8919c29b24..717c0ffd06 100644
--- a/phpmyfaq/admin/assets/src/configuration/plugins.ts
+++ b/phpmyfaq/admin/assets/src/configuration/plugins.ts
@@ -20,6 +20,8 @@ import { pushNotification, pushErrorNotification } from '../../../../assets/src/
  * Handles plugin status toggling and configuration modal
  */
 export const handlePlugins = (): void => {
+    const getCsrfToken = () => document.querySelector('meta[name="csrf-token"]')?.getAttribute('content') || '';
+
     const toggleCheckboxes = document.querySelectorAll<HTMLInputElement>('.plugin-toggle');
     toggleCheckboxes.forEach((checkbox) => {
         checkbox.addEventListener('change', async (event) => {
@@ -27,13 +29,14 @@ export const handlePlugins = (): void => {
             const row = target.closest('tr');
             const pluginName = row ? row.getAttribute('data-plugin-name') : null;
             const active = target.checked;
+            const csrfToken = getCsrfToken();
 
             if (!pluginName) {
                 return;
             }
 
             try {
-                const result = await togglePluginStatus(pluginName, active);
+                const result = await togglePluginStatus(pluginName, active, csrfToken);
 
                 if (!result.success) {
                     target.checked = !active; // Revert
@@ -41,10 +44,10 @@ export const handlePlugins = (): void => {
                 } else {
                     pushNotification('Plugin status updated successfully.');
                 }
-            } catch (error) {
+            } catch (error: any) {
                 target.checked = !active; // Revert
                 console.error('Error toggling plugin:', error);
-                pushErrorNotification('An error occurred while updating plugin status.');
+                pushErrorNotification(error.message || 'An error occurred while updating plugin status.');
             }
         });
     });
@@ -113,18 +116,47 @@ export const handlePlugins = (): void => {
                             label.textContent = key;
                             label.htmlFor = 'config_' + key;
 
-                            let input: HTMLInputElement;
+                            let input: HTMLInputElement | HTMLSelectElement | HTMLTextAreaElement;
 
                             if (typeof value === 'boolean') {
                                 div.className = 'form-check form-switch mb-3';
-                                input = document.createElement('input');
-                                input.type = 'checkbox';
-                                input.className = 'form-check-input';
-                                input.checked = value;
-                                input.value = '1';
+                                const checkInput = document.createElement('input');
+                                checkInput.type = 'checkbox';
+                                checkInput.className = 'form-check-input';
+                                checkInput.checked = value;
+                                checkInput.value = '1';
                                 label.className = 'form-check-label';
+                                div.appendChild(checkInput);
+                                div.appendChild(label);
+                                input = checkInput;
+                            } else if (typeof value === 'number' || !isNaN(Number(value)) && String(value).trim() !== '') {
+                                input = document.createElement('input');
+                                input.type = 'number';
+                                input.className = 'form-control';
+                                input.value = String(value);
+                                div.appendChild(label);
+                                div.appendChild(input);
+                            } else if (key.toLowerCase().includes('email')) {
+                                input = document.createElement('input');
+                                input.type = 'email';
+                                input.className = 'form-control';
+                                input.value = String(value);
+                                div.appendChild(label);
+                                div.appendChild(input);
+                            } else if (key.toLowerCase().includes('date')) {
+                                input = document.createElement('input');
+                                input.type = 'date';
+                                input.className = 'form-control';
+                                input.value = String(value);
+                                div.appendChild(label);
                                 div.appendChild(input);
+                            } else if (String(value).length > 50) {
+                                input = document.createElement('textarea');
+                                input.className = 'form-control';
+                                input.rows = 3;
+                                input.value = String(value);
                                 div.appendChild(label);
+                                div.appendChild(input);
                             } else {
                                 input = document.createElement('input');
                                 input.type = 'text';
@@ -163,6 +195,7 @@ export const handlePlugins = (): void => {
 
             const nameInput = form.querySelector<HTMLInputElement>('input[name="name"]');
             const pluginName = nameInput?.value;
+            const csrfToken = getCsrfToken();
             const configData: Record<string, any> = {};
 
             const inputs = container.querySelectorAll<HTMLInputElement | HTMLSelectElement | HTMLTextAreaElement>(
@@ -174,6 +207,11 @@ export const handlePlugins = (): void => {
                     const key = nameAttr.substring(7, nameAttr.length - 1);
                     if (input instanceof HTMLInputElement && input.type === 'checkbox') {
                         configData[key] = input.checked;
+                    } else if (input instanceof HTMLInputElement && input.type === 'number') {
+                        configData[key] = input.value.includes('.') ? parseFloat(input.value) : parseInt(input.value, 10);
+                        if (isNaN(configData[key])) {
+                            configData[key] = 0;
+                        }
                     } else {
                         configData[key] = input.value;
                     }
@@ -183,16 +221,16 @@ export const handlePlugins = (): void => {
             if (!pluginName) return;
 
             try {
-                const result = await savePluginConfig(pluginName, configData);
+                const result = await savePluginConfig(pluginName, configData, csrfToken);
 
                 if (result.success) {
                     window.location.reload();
                 } else {
                     pushErrorNotification('Failed to save configuration: ' + (result.message || 'Unknown error'));
                 }
-            } catch (error) {
+            } catch (error: any) {
                 console.error('Error saving config:', error);
-                pushErrorNotification('An error occurred while saving configuration.');
+                pushErrorNotification(error.message || 'An error occurred while saving configuration.');
             }
         });
     }
diff --git a/phpmyfaq/assets/templates/admin/configuration/plugins.twig b/phpmyfaq/assets/templates/admin/configuration/plugins.twig
index e323e967e2..e5953eb594 100644
--- a/phpmyfaq/assets/templates/admin/configuration/plugins.twig
+++ b/phpmyfaq/assets/templates/admin/configuration/plugins.twig
@@ -32,9 +32,10 @@
           <td>{{ plugin.name }}</td>
           <td>{{ plugin.version }}</td>
           <td>
+            {% set safePluginName = plugin.name | replace({'.': '_', ' ': '_'}) %}
             <div class="form-check form-switch">
-              <input class="form-check-input plugin-toggle" type="checkbox" id="active_{{ plugin.name }}" {% if activePlugins[plugin.name] %}checked{% endif %}>
-              <label class="form-check-label visually-hidden" for="active_{{ plugin.name }}">
+              <input class="form-check-input plugin-toggle" type="checkbox" id="active_{{ safePluginName }}" {% if activePlugins[plugin.name] %}checked{% endif %}>
+              <label class="form-check-label visually-hidden" for="active_{{ safePluginName }}">
                 {{ 'msgActive' | translate }}
               </label>
             </div>
@@ -50,7 +51,7 @@
               data-plugin-name="{{ plugin.name }}"
               data-plugin-description="{{ plugin.getAdvDescription()|default(plugin.description) }}"
               data-plugin-implementation="{{ plugin.getImplementation()|default('') }}"
-              data-plugin-config='{{ plugin.config | json_encode }}'
+              data-plugin-config="{{ plugin.config | json_encode | e('html_attr') }}"
               title="{{ 'msgConfig' | translate }}"
             >
               <i class="bi bi-gear-fill" aria-hidden="true"></i>
diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php
index 0443fd54fc..74c11b5b44 100644
--- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php
+++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php
@@ -20,19 +20,32 @@
 namespace phpMyFAQ\Controller\Administration\Api;
 
 use phpMyFAQ\Controller\Administration\AbstractAdministrationController;
+use phpMyFAQ\Session\Token;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Routing\Attribute\Route;
+use Exception;
 
 final class PluginController extends AbstractAdministrationController
 {
     #[Route(path: '/api/plugin/toggle', methods: ['POST'])]
     public function toggleStatus(Request $request): JsonResponse
     {
+        $csrfToken = $request->headers->get('X-CSRF-Token');
+        if (!Token::getInstance($this->session)->verifyToken($csrfToken, 'admin-plugins')) {
+            return new JsonResponse(['success' => false, 'message' => 'Invalid CSRF token'], 403);
+        }
+
         $pluginManager = $this->container->get(id: 'phpmyfaq.plugin.plugin-manager');
         $pluginManager->loadPlugins();
 
-        $data = json_decode($request->getContent(), true);
+        $content = $request->getContent();
+        $data = json_decode($content, true);
+
+        if (json_last_error() !== JSON_ERROR_NONE || !is_array($data)) {
+            return new JsonResponse(['success' => false, 'message' => 'Invalid JSON payload: ' . json_last_error_msg()], 400);
+        }
+
         $name = $data['name'] ?? null;
         $active = (bool) ($data['active'] ?? false);
 
@@ -52,10 +65,21 @@ public function toggleStatus(Request $request): JsonResponse
     #[Route(path: '/api/plugin/config', methods: ['POST'])]
     public function saveConfig(Request $request): JsonResponse
     {
+        $content = $request->getContent();
+        $data = json_decode($content, true);
+
+        if (json_last_error() !== JSON_ERROR_NONE || !is_array($data)) {
+            return new JsonResponse(['success' => false, 'message' => 'Invalid JSON payload: ' . json_last_error_msg()], 400);
+        }
+
+        $csrfToken = $data['csrf'] ?? $request->headers->get('X-CSRF-Token');
+        if (!Token::getInstance($this->session)->verifyToken($csrfToken, 'admin-plugins')) {
+            return new JsonResponse(['success' => false, 'message' => 'Invalid CSRF token'], 403);
+        }
+
         $pluginManager = $this->container->get(id: 'phpmyfaq.plugin.plugin-manager');
         $pluginManager->loadPlugins();
 
-        $data = json_decode($request->getContent(), true);
         $name = $data['name'] ?? null;
         $config = (array) ($data['config'] ?? []);
 
@@ -63,7 +87,11 @@ public function saveConfig(Request $request): JsonResponse
             return new JsonResponse(['success' => false, 'message' => 'Plugin not found'], 404);
         }
 
-        $pluginManager->savePluginConfig($name, $config);
+        try {
+            $pluginManager->savePluginConfig($name, $config);
+        } catch (Exception $e) {
+            return new JsonResponse(['success' => false, 'message' => 'Failed to save configuration: ' . $e->getMessage()], 500);
+        }
 
         return new JsonResponse(['success' => true]);
     }
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlsrv.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlsrv.php
index 80e54057bf..474ce413cf 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlsrv.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlsrv.php
@@ -176,7 +176,7 @@ class PdoSqlsrv extends Database implements DriverInterface
         'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
             name NVARCHAR(255) NOT NULL,
             active INTEGER NOT NULL DEFAULT 0,
-            config NVARCHAR(MAX) DEFAULT NULL,
+            config VARCHAR(MAX) DEFAULT NULL,
             PRIMARY KEY (name))',
         'faqdata_tags' => 'CREATE TABLE %sfaqdata_tags (
             record_id INTEGER NOT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php b/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
index a69bfa62e9..42e5a26bd9 100644
--- a/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
+++ b/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
@@ -401,13 +401,7 @@ private function getPluginDirectory(string $pluginName): string
         return PMF_ROOT_DIR . '/content/plugins/' . $pluginName;
     }
 
-    /**
-     * Gets the relative web path for a plugin
-     */
-    private function getPluginWebPath(string $pluginName): string
-    {
-        return 'content/plugins/' . $pluginName;
-    }
+
 
 
     private function registerPluginStylesheets(string $pluginName, array $stylesheets): void
diff --git a/phpmyfaq/src/phpMyFAQ/Setup/Update.php b/phpmyfaq/src/phpMyFAQ/Setup/Update.php
index 64db6947dd..004ba8025b 100644
--- a/phpmyfaq/src/phpMyFAQ/Setup/Update.php
+++ b/phpmyfaq/src/phpMyFAQ/Setup/Update.php
@@ -1143,7 +1143,7 @@ private function applyUpdates420Alpha(): void
                     break;
                 case 'pgsql':
                 case 'pdo_pgsql':
-                     $this->queries[] = sprintf(
+                    $this->queries[] = sprintf(
                         'CREATE TABLE %sfaqdata_plugins (
                             name VARCHAR(255) NOT NULL,
                             active INTEGER NOT NULL DEFAULT 0,
@@ -1154,7 +1154,7 @@ private function applyUpdates420Alpha(): void
                     break;
                 case 'sqlite3':
                 case 'pdo_sqlite':
-                     $this->queries[] = sprintf(
+                    $this->queries[] = sprintf(
                         'CREATE TABLE %sfaqdata_plugins (
                             name VARCHAR(255) NOT NULL,
                             active INTEGER NOT NULL DEFAULT 0,
@@ -1165,11 +1165,11 @@ private function applyUpdates420Alpha(): void
                     break;
                 case 'sqlsrv':
                 case 'pdo_sqlsrv':
-                     $this->queries[] = sprintf(
+                    $this->queries[] = sprintf(
                         'CREATE TABLE %sfaqdata_plugins (
                             name NVARCHAR(255) NOT NULL,
                             active INTEGER NOT NULL DEFAULT 0,
-                            config NVARCHAR(MAX) DEFAULT NULL,
+                            config VARCHAR(MAX) DEFAULT NULL,
                             PRIMARY KEY (name))',
                         Database::getTablePrefix(),
                     );
diff --git a/phpmyfaq/translations/language_de.php b/phpmyfaq/translations/language_de.php
index af63906de6..b0fc9b3500 100755
--- a/phpmyfaq/translations/language_de.php
+++ b/phpmyfaq/translations/language_de.php
@@ -1461,14 +1461,18 @@
 $LANG_CONF['seo.contentLlmsText'] = ['area', 'Inhalt für die llms.txt', ''];
 $PMF_LANG['msgActivateMaintenanceMode'] = 'Wartungs-Modus aktivieren';
 $PMF_LANG['msgPlugins'] = 'Plugins';
-$PMF_LANG['msgPluginListing'] = 'Liste der installierten Plugins und ihrer Versionen';
+$PMF_LANG['msgPluginListing'] = 'Plugin-Übersicht';
 $PMF_LANG['msgPluginName'] = 'Plugin-Name';
 $PMF_LANG['msgPluginVersion'] = 'Version';
 $PMF_LANG['msgPluginAuthor'] = 'Autor';
 $PMF_LANG['msgPluginDescription'] = 'Beschreibung';
-$PMF_LANG['msgPluginReason'] = 'Grund';
+$PMF_LANG['msgActions'] = 'Aktionen';
+$PMF_LANG['msgConfig'] = 'Konfiguration';
 $PMF_LANG['msgIncompatiblePlugins'] = 'Inkompatible Plugins';
-$PMF_LANG['msgIncompatiblePluginsInfo'] = 'Die folgenden Plugins konnten aufgrund von Kompatibilitätsproblemen nicht geladen werden.';
+$PMF_LANG['msgIncompatiblePluginsInfo'] = 'Die folgenden Plugins sind mit Ihrer phpMyFAQ-Version inkompatibel und können nicht aktiviert werden.';
+$PMF_LANG['msgPluginReason'] = 'Grund';
+$PMF_LANG['msgNoPluginConfig'] = 'Keine Konfiguration verfügbar.';
+$PMF_LANG['msgPluginImplementation'] = 'Implementierung';
 
 // added v4.1.0-alpha.2 - 2025-02-23 by Thorsten
 $PMF_LANG['msgReportABug'] = 'Melde einen Fehler';
@@ -1540,20 +1544,6 @@
 $PMF_LANG['msgTryAgain'] = 'Erneut versuchen';
 $PMF_LANG['msgAdminLogExportCsv'] = "Admin-Logs als CSV exportieren";
 
-// Plugins
-$PMF_LANG["msgPlugins"] = "Plugins";
-$PMF_LANG["msgPluginListing"] = "Plugin-Übersicht";
-$PMF_LANG["msgPluginName"] = "Plugin-Name";
-$PMF_LANG["msgPluginVersion"] = "Version";
-$PMF_LANG["msgPluginAuthor"] = "Autor";
-$PMF_LANG["msgPluginDescription"] = "Beschreibung";
-$PMF_LANG["msgActions"] = "Aktionen";
-$PMF_LANG["msgConfig"] = "Konfiguration";
-$PMF_LANG["msgIncompatiblePlugins"] = "Inkompatible Plugins";
-$PMF_LANG["msgIncompatiblePluginsInfo"] = "Die folgenden Plugins sind mit Ihrer phpMyFAQ-Version inkompatibel und können nicht aktiviert werden.";
-$PMF_LANG["msgPluginReason"] = "Grund";
-$PMF_LANG["msgNoPluginConfig"] = "Keine Konfiguration verfügbar.";
-$PMF_LANG["msgPluginImplementation"] = "Implementierung";
 
 return $PMF_LANG;
 
diff --git a/phpmyfaq/translations/language_en.php b/phpmyfaq/translations/language_en.php
index b50645d22d..9bacb72847 100644
--- a/phpmyfaq/translations/language_en.php
+++ b/phpmyfaq/translations/language_en.php
@@ -1460,14 +1460,18 @@
 $LANG_CONF['seo.contentLlmsText'] = ['area', 'Content for llms.txt', ''];
 $PMF_LANG['msgActivateMaintenanceMode'] = 'Activate maintenance mode';
 $PMF_LANG['msgPlugins'] = 'Plugins';
-$PMF_LANG['msgPluginListing'] = 'List of the installed plugins and their versions';
-$PMF_LANG['msgPluginName'] = 'Plugin name';
+$PMF_LANG['msgPluginListing'] = 'Plugin Listing';
+$PMF_LANG['msgPluginName'] = 'Plugin Name';
 $PMF_LANG['msgPluginVersion'] = 'Version';
 $PMF_LANG['msgPluginAuthor'] = 'Author';
 $PMF_LANG['msgPluginDescription'] = 'Description';
-$PMF_LANG['msgPluginReason'] = 'Reason';
+$PMF_LANG['msgActions'] = 'Actions';
+$PMF_LANG['msgConfig'] = 'Configuration';
 $PMF_LANG['msgIncompatiblePlugins'] = 'Incompatible Plugins';
-$PMF_LANG['msgIncompatiblePluginsInfo'] = 'The following plugins could not be loaded due to compatibility issues.';
+$PMF_LANG['msgIncompatiblePluginsInfo'] = 'The following plugins are incompatible with your current phpMyFAQ version and cannot be activated.';
+$PMF_LANG['msgPluginReason'] = 'Reason';
+$PMF_LANG['msgNoPluginConfig'] = 'No configuration available.';
+$PMF_LANG['msgPluginImplementation'] = 'Implementation';
 
 // added v4.1.0-alpha.2 - 2025-02-23 by Thorsten
 $PMF_LANG['msgReportABug'] = 'Report a bug';
@@ -1539,20 +1543,6 @@
 $PMF_LANG['msgTryAgain'] = 'Try Again';
 $PMF_LANG['msgAdminLogExportCsv'] = 'Export admin logs as CSV';
 
-// Plugins
-$PMF_LANG["msgPlugins"] = "Plugins";
-$PMF_LANG["msgPluginListing"] = "Plugin Listing";
-$PMF_LANG["msgPluginName"] = "Plugin Name";
-$PMF_LANG["msgPluginVersion"] = "Version";
-$PMF_LANG["msgPluginAuthor"] = "Author";
-$PMF_LANG["msgPluginDescription"] = "Description";
-$PMF_LANG["msgActions"] = "Actions";
-$PMF_LANG["msgConfig"] = "Configuration";
-$PMF_LANG["msgIncompatiblePlugins"] = "Incompatible Plugins";
-$PMF_LANG["msgIncompatiblePluginsInfo"] = "The following plugins are incompatible with your current phpMyFAQ version and cannot be activated.";
-$PMF_LANG["msgPluginReason"] = "Reason";
-$PMF_LANG["msgNoPluginConfig"] = "No configuration available.";
-$PMF_LANG["msgPluginImplementation"] = "Implementation";
 
 return $PMF_LANG;
 

From 27ab9dd0cb7eb27b969d3b99952b555c40dc374c Mon Sep 17 00:00:00 2001
From: d0ubIeU <github@wadewitz.it>
Date: Wed, 7 Jan 2026 20:23:26 +0100
Subject: [PATCH 4/9] fix2

---
 phpmyfaq/admin/assets/src/api/plugins.ts      |   4 +-
 .../admin/assets/src/configuration/plugins.ts | 144 ++++++++----------
 .../Administration/Api/PluginController.php   |   2 +-
 .../src/phpMyFAQ/Database/DatabaseDriver.php  |  18 +++
 phpmyfaq/src/phpMyFAQ/Database/Mysqli.php     |  46 +++++-
 phpmyfaq/src/phpMyFAQ/Database/PdoMysql.php   |   2 +-
 phpmyfaq/src/phpMyFAQ/Database/PdoPgsql.php   |   2 +-
 phpmyfaq/src/phpMyFAQ/Database/PdoSqlite.php  |   2 +-
 phpmyfaq/src/phpMyFAQ/Database/PdoSqlsrv.php  |   2 +-
 phpmyfaq/src/phpMyFAQ/Database/Pgsql.php      |  30 +++-
 phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php    |  42 ++++-
 phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php     |  30 +++-
 .../src/phpMyFAQ/Instance/Database/Mysqli.php |   2 +-
 .../phpMyFAQ/Instance/Database/PdoMysql.php   |   2 +-
 .../phpMyFAQ/Instance/Database/PdoPgsql.php   |   2 +-
 .../phpMyFAQ/Instance/Database/PdoSqlite.php  |   2 +-
 .../phpMyFAQ/Instance/Database/PdoSqlsrv.php  |   2 +-
 .../src/phpMyFAQ/Instance/Database/Pgsql.php  |   2 +-
 .../phpMyFAQ/Instance/Database/Sqlite3.php    |   2 +-
 .../src/phpMyFAQ/Instance/Database/Sqlsrv.php |   2 +-
 .../src/phpMyFAQ/Plugin/PluginManager.php     |  67 ++++----
 phpmyfaq/src/phpMyFAQ/Setup/Update.php        |   8 +-
 phpmyfaq/translations/language_de.php         |   5 +
 phpmyfaq/translations/language_en.php         |   5 +
 24 files changed, 286 insertions(+), 139 deletions(-)

diff --git a/phpmyfaq/admin/assets/src/api/plugins.ts b/phpmyfaq/admin/assets/src/api/plugins.ts
index c06481312b..1e69c31d73 100644
--- a/phpmyfaq/admin/assets/src/api/plugins.ts
+++ b/phpmyfaq/admin/assets/src/api/plugins.ts
@@ -6,9 +6,9 @@
  * obtain one at https://mozilla.org/MPL/2.0/.
  *
  * @package   phpMyFAQ
- * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
+ * @author    Thorsten Rinne
  * @copyright 2025-2026 phpMyFAQ Team
- * @license   http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
+ * @license   https://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
  * @link      https://www.phpmyfaq.de
  * @since     2025-01-07
  */
diff --git a/phpmyfaq/admin/assets/src/configuration/plugins.ts b/phpmyfaq/admin/assets/src/configuration/plugins.ts
index 717c0ffd06..a03c150ccb 100644
--- a/phpmyfaq/admin/assets/src/configuration/plugins.ts
+++ b/phpmyfaq/admin/assets/src/configuration/plugins.ts
@@ -6,20 +6,23 @@
  * obtain one at https://mozilla.org/MPL/2.0/.
  *
  * @package   phpMyFAQ
- * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
+ * @author    Thorsten Rinne
  * @copyright 2025-2026 phpMyFAQ Team
- * @license   http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
+ * @license   https://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
  * @link      https://www.phpmyfaq.de
  * @since     2025-01-07
  */
 
 import { togglePluginStatus, savePluginConfig } from '../api';
-import { pushNotification, pushErrorNotification } from '../../../../assets/src/utils';
+import { addElement, pushNotification, pushErrorNotification, TranslationService } from '../../../../assets/src/utils';
 
 /**
  * Handles plugin status toggling and configuration modal
  */
-export const handlePlugins = (): void => {
+export const handlePlugins = async (): Promise<void> => {
+    const Translator = new TranslationService();
+    await Translator.loadTranslations(document.documentElement.lang);
+
     const getCsrfToken = () => document.querySelector('meta[name="csrf-token"]')?.getAttribute('content') || '';
 
     const toggleCheckboxes = document.querySelectorAll<HTMLInputElement>('.plugin-toggle');
@@ -40,39 +43,41 @@ export const handlePlugins = (): void => {
 
                 if (!result.success) {
                     target.checked = !active; // Revert
-                    pushErrorNotification('Failed to update plugin status: ' + (result.message || 'Unknown error'));
+                    pushErrorNotification(
+                        Translator.translate('msgPluginStatusError') + ' ' + (result.message || Translator.translate('msgUnknownError')),
+                    );
                 } else {
-                    pushNotification('Plugin status updated successfully.');
+                    pushNotification(Translator.translate('msgPluginStatusSuccess'));
                 }
             } catch (error: any) {
                 target.checked = !active; // Revert
                 console.error('Error toggling plugin:', error);
-                pushErrorNotification(error.message || 'An error occurred while updating plugin status.');
+                pushErrorNotification(error.message || Translator.translate('msgUnknownError'));
             }
         });
     });
 
     // Configuration Modal
-    const configModalEl = document.getElementById('pluginConfigModal');
-    if (configModalEl) {
-        configModalEl.addEventListener('show.bs.modal', (event: any) => {
+    const pluginConfigModal = document.getElementById('pluginConfigModal');
+    if (pluginConfigModal) {
+        pluginConfigModal.addEventListener('show.bs.modal', (event: any) => {
             const button = event.relatedTarget as HTMLElement;
             const pluginName = button.getAttribute('data-plugin-name');
             const pluginDescription = button.getAttribute('data-plugin-description');
             const pluginImplementation = button.getAttribute('data-plugin-implementation');
             const configJson = button.getAttribute('data-plugin-config');
 
-            const modalTitle = configModalEl.querySelector('.modal-title');
-            const nameInput = configModalEl.querySelector<HTMLInputElement>('#configPluginName');
-            const container = configModalEl.querySelector('#configFieldsContainer');
-            const descText = configModalEl.querySelector('#pluginDescriptionText');
-            const implContainer = configModalEl.querySelector('#pluginImplementationContainer');
-            const implCode = configModalEl.querySelector('#pluginImplementationCode');
-            const noConfigMsg = configModalEl.querySelector('#pluginNoConfigMsg');
+            const modalTitle = pluginConfigModal.querySelector('.modal-title');
+            const nameInput = pluginConfigModal.querySelector<HTMLInputElement>('#configPluginName');
+            const container = pluginConfigModal.querySelector('#configFieldsContainer');
+            const descText = pluginConfigModal.querySelector('#pluginDescriptionText');
+            const implContainer = pluginConfigModal.querySelector('#pluginImplementationContainer');
+            const implCode = pluginConfigModal.querySelector('#pluginImplementationCode');
+            const noConfigMsg = pluginConfigModal.querySelector('#pluginNoConfigMsg');
             const saveBtn = document.getElementById('savePluginConfigBtn');
 
             if (modalTitle && pluginName) {
-                modalTitle.textContent = 'Configuration: ' + pluginName;
+                modalTitle.textContent = Translator.translate('msgConfig') + ': ' + pluginName;
             }
             if (nameInput && pluginName) {
                 nameInput.value = pluginName;
@@ -108,69 +113,51 @@ export const handlePlugins = (): void => {
 
                         Object.keys(configData).forEach((key) => {
                             const value = configData[key];
-                            const div = document.createElement('div');
-                            div.className = 'mb-3';
-
-                            const label = document.createElement('label');
-                            label.className = 'form-label';
-                            label.textContent = key;
-                            label.htmlFor = 'config_' + key;
-
-                            let input: HTMLInputElement | HTMLSelectElement | HTMLTextAreaElement;
+                            let input: HTMLElement;
 
                             if (typeof value === 'boolean') {
-                                div.className = 'form-check form-switch mb-3';
-                                const checkInput = document.createElement('input');
-                                checkInput.type = 'checkbox';
-                                checkInput.className = 'form-check-input';
-                                checkInput.checked = value;
-                                checkInput.value = '1';
-                                label.className = 'form-check-label';
-                                div.appendChild(checkInput);
-                                div.appendChild(label);
-                                input = checkInput;
-                            } else if (typeof value === 'number' || !isNaN(Number(value)) && String(value).trim() !== '') {
-                                input = document.createElement('input');
-                                input.type = 'number';
-                                input.className = 'form-control';
-                                input.value = String(value);
-                                div.appendChild(label);
-                                div.appendChild(input);
-                            } else if (key.toLowerCase().includes('email')) {
-                                input = document.createElement('input');
-                                input.type = 'email';
-                                input.className = 'form-control';
-                                input.value = String(value);
-                                div.appendChild(label);
-                                div.appendChild(input);
-                            } else if (key.toLowerCase().includes('date')) {
-                                input = document.createElement('input');
-                                input.type = 'date';
-                                input.className = 'form-control';
-                                input.value = String(value);
-                                div.appendChild(label);
-                                div.appendChild(input);
-                            } else if (String(value).length > 50) {
-                                input = document.createElement('textarea');
-                                input.className = 'form-control';
-                                input.rows = 3;
-                                input.value = String(value);
-                                div.appendChild(label);
-                                div.appendChild(input);
+                                input = addElement('div', { className: 'form-check form-switch mb-3' }, [
+                                    addElement('input', {
+                                        type: 'checkbox',
+                                        className: 'form-check-input',
+                                        checked: value,
+                                        value: '1',
+                                        id: 'config_' + key,
+                                        name: 'config[' + key + ']',
+                                    }),
+                                    addElement('label', {
+                                        className: 'form-check-label',
+                                        textContent: key,
+                                        htmlFor: 'config_' + key,
+                                    }),
+                                ]);
                             } else {
-                                input = document.createElement('input');
-                                input.type = 'text';
-                                input.className = 'form-control';
-                                input.value = String(value);
-                                div.appendChild(label);
-                                div.appendChild(input);
+                                const type = (typeof value === 'number' || !isNaN(Number(value)) && String(value).trim() !== '') ? 'number' :
+                                    (key.toLowerCase().includes('email')) ? 'email' :
+                                        (key.toLowerCase().includes('date')) ? 'date' : 'text';
+
+                                const props: Record<string, any> = {
+                                    className: 'form-control',
+                                    value: String(value),
+                                    id: 'config_' + key,
+                                    name: 'config[' + key + ']',
+                                };
+
+                                if (String(value).length > 50 && type === 'text') {
+                                    input = addElement('div', { className: 'mb-3' }, [
+                                        addElement('label', { className: 'form-label', textContent: key, htmlFor: 'config_' + key }),
+                                        addElement('textarea', { ...props, rows: 3 }),
+                                    ]);
+                                } else {
+                                    input = addElement('div', { className: 'mb-3' }, [
+                                        addElement('label', { className: 'form-label', textContent: key, htmlFor: 'config_' + key }),
+                                        addElement('input', { ...props, type }),
+                                    ]);
+                                }
                             }
 
-                            input.id = 'config_' + key;
-                            input.setAttribute('name', 'config[' + key + ']');
-
                             if (container) {
-                                container.appendChild(div);
+                                container.appendChild(input);
                             }
                         });
                     }
@@ -224,13 +211,16 @@ export const handlePlugins = (): void => {
                 const result = await savePluginConfig(pluginName, configData, csrfToken);
 
                 if (result.success) {
+                    pushNotification(Translator.translate('msgPluginConfigSuccess'));
                     window.location.reload();
                 } else {
-                    pushErrorNotification('Failed to save configuration: ' + (result.message || 'Unknown error'));
+                    pushErrorNotification(
+                        Translator.translate('msgPluginConfigError') + ' ' + (result.message || Translator.translate('msgUnknownError')),
+                    );
                 }
             } catch (error: any) {
                 console.error('Error saving config:', error);
-                pushErrorNotification(error.message || 'An error occurred while saving configuration.');
+                pushErrorNotification(error.message || Translator.translate('msgUnknownError'));
             }
         });
     }
diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php
index 74c11b5b44..11ef006813 100644
--- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php
+++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php
@@ -8,7 +8,7 @@
  * obtain one at https://mozilla.org/MPL/2.0/.
  *
  * @package   phpMyFAQ
- * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
+ * @author    Thorsten Rinne
  * @copyright 2025-2026 phpMyFAQ Team
  * @license   https://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
  * @link      https://www.phpmyfaq.de
diff --git a/phpmyfaq/src/phpMyFAQ/Database/DatabaseDriver.php b/phpmyfaq/src/phpMyFAQ/Database/DatabaseDriver.php
index 88c89bdcd3..25dd802920 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/DatabaseDriver.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/DatabaseDriver.php
@@ -137,4 +137,22 @@ public function close();
      * @return string String that you can pass to SQL as in: SELECT <result of phpMyFAQ\DatabaseDriver->now()>
      */
     public function now(): string;
+
+    /**
+     * Prepares a statement for execution and returns a statement object.
+     *
+     * @param string $query   The SQL query
+     * @param array  $options The driver options
+     * @return mixed
+     */
+    public function prepare(string $query, array $options = []): mixed;
+
+    /**
+     * Executes a prepared statement.
+     *
+     * @param mixed $statement The prepared statement
+     * @param array $params    The parameters
+     * @return bool
+     */
+    public function execute(mixed $statement, array $params = []): bool;
 }
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php b/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php
index a72ab70d23..7ec8645c48 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php
@@ -252,7 +252,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
-            $prefix . 'faqdata_plugins',
+            $prefix . 'faqplugins',
         ];
     }
 
@@ -316,6 +316,50 @@ public function query(string $query, int $offset = 0, int $rowcount = 0): mixed
         return $result;
     }
 
+    /**
+     * Prepares a statement for execution and returns a statement object.
+     *
+     * @param string $query   The SQL query
+     * @param array  $options The driver options
+     * @return \mysqli_stmt|false
+     */
+    public function prepare(string $query, array $options = []): \mysqli_stmt|false
+    {
+        return $this->conn->prepare($query);
+    }
+
+    /**
+     * Executes a prepared statement.
+     *
+     * @param mixed $statement The prepared statement
+     * @param array $params    The parameters
+     * @return bool
+     */
+    public function execute(mixed $statement, array $params = []): bool
+    {
+        if (!$statement instanceof \mysqli_stmt) {
+            return false;
+        }
+
+        if (!empty($params)) {
+            $types = '';
+            foreach ($params as $param) {
+                if (is_int($param)) {
+                    $types .= 'i';
+                } elseif (is_float($param)) {
+                    $types .= 'd';
+                } elseif (is_string($param)) {
+                    $types .= 's';
+                } else {
+                    $types .= 'b';
+                }
+            }
+            $statement->bind_param($types, ...$params);
+        }
+
+        return $statement->execute();
+    }
+
     /**
      * Returns the client version string.
      */
diff --git a/phpmyfaq/src/phpMyFAQ/Database/PdoMysql.php b/phpmyfaq/src/phpMyFAQ/Database/PdoMysql.php
index 4bf268d533..47079e3922 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/PdoMysql.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/PdoMysql.php
@@ -219,7 +219,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
-            $prefix . 'faqdata_plugins',
+            $prefix . 'faqplugins',
         ];
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Database/PdoPgsql.php b/phpmyfaq/src/phpMyFAQ/Database/PdoPgsql.php
index d5abe3dc97..c16ad887af 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/PdoPgsql.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/PdoPgsql.php
@@ -218,7 +218,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
-            $prefix . 'faqdata_plugins',
+            $prefix . 'faqplugins',
         ];
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Database/PdoSqlite.php b/phpmyfaq/src/phpMyFAQ/Database/PdoSqlite.php
index 96d34f27c5..2d9b97c5cf 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/PdoSqlite.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/PdoSqlite.php
@@ -243,7 +243,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
-            $prefix . 'faqdata_plugins',
+            $prefix . 'faqplugins',
         ];
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Database/PdoSqlsrv.php b/phpmyfaq/src/phpMyFAQ/Database/PdoSqlsrv.php
index 0c7ec09102..811bbc21fb 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/PdoSqlsrv.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/PdoSqlsrv.php
@@ -219,7 +219,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
-            $prefix . 'faqdata_plugins',
+            $prefix . 'faqplugins',
         ];
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php b/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
index 73ed5f7d43..d44a49e446 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
@@ -314,10 +314,38 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
-            $prefix . 'faqdata_plugins',
+            $prefix . 'faqplugins',
         ];
     }
 
+    /**
+     * Prepares a statement for execution and returns a statement object.
+     *
+     * @param string $query   The SQL query
+     * @param array  $options The driver options
+     * @return string|false
+     */
+    public function prepare(string $query, array $options = []): string|false
+    {
+        $stmtName = 'pmf_stmt_' . md5($query);
+        if (pg_prepare($this->conn, $stmtName, $query)) {
+            return $stmtName;
+        }
+        return false;
+    }
+
+    /**
+     * Executes a prepared statement.
+     *
+     * @param mixed $statement The prepared statement (name)
+     * @param array $params    The parameters
+     * @return bool
+     */
+    public function execute(mixed $statement, array $params = []): bool
+    {
+        return (bool) pg_execute($this->conn, (string) $statement, $params);
+    }
+
     /**
      * Closes the connection to the database.
      */
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php b/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php
index f8b5dc634d..b90d9ac105 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php
@@ -270,7 +270,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
-            $prefix . 'faqdata_plugins',
+            $prefix . 'faqplugins',
         ];
     }
 
@@ -304,6 +304,46 @@ public function clientVersion(): string
         return $version['versionString'];
     }
 
+    /**
+     * Prepares a statement for execution and returns a statement object.
+     *
+     * @param string $query   The SQL query
+     * @param array  $options The driver options
+     * @return \SQLite3Stmt|false
+     */
+    public function prepare(string $query, array $options = []): \SQLite3Stmt|false
+    {
+        return $this->conn->prepare($query);
+    }
+
+    /**
+     * Executes a prepared statement.
+     *
+     * @param mixed $statement The prepared statement
+     * @param array $params    The parameters
+     * @return bool
+     */
+    public function execute(mixed $statement, array $params = []): bool
+    {
+        if (!$statement instanceof \SQLite3Stmt) {
+            return false;
+        }
+
+        foreach ($params as $index => $param) {
+            $type = SQLITE3_TEXT;
+            if (is_int($param)) {
+                $type = SQLITE3_INTEGER;
+            } elseif (is_float($param)) {
+                $type = SQLITE3_FLOAT;
+            } elseif (is_null($param)) {
+                $type = SQLITE3_NULL;
+            }
+            $statement->bindValue($index + 1, $param, $type);
+        }
+
+        return (bool) $statement->execute();
+    }
+
     /**
      * Closes the connection to the database.
      */
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php b/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
index fdb3878f2e..4e938ab8ac 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
@@ -309,10 +309,38 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
-            $prefix . 'faqdata_plugins',
+            $prefix . 'faqplugins',
         ];
     }
 
+    /**
+     * Prepares a statement for execution and returns a statement object.
+     *
+     * @param string $query   The SQL query
+     * @param array  $options The driver options
+     * @return resource|false
+     */
+    public function prepare(string $query, array $options = []): mixed
+    {
+        return sqlsrv_prepare($this->conn, $query, [], $options);
+    }
+
+    /**
+     * Executes a prepared statement.
+     *
+     * @param mixed $statement The prepared statement
+     * @param array $params    The parameters
+     * @return bool
+     */
+    public function execute(mixed $statement, array $params = []): bool
+    {
+        if (!is_resource($statement)) {
+            return false;
+        }
+
+        return sqlsrv_execute($statement);
+    }
+
     /**
      * Closes the connection to the database.
      */
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/Mysqli.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/Mysqli.php
index 886a8b846e..d1bc4c81f8 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/Mysqli.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/Mysqli.php
@@ -180,7 +180,7 @@ class Mysqli extends Database implements DriverInterface
             record_id INT(11) NOT NULL,
             group_id INT(11) NOT NULL,
             PRIMARY KEY (record_id, group_id))',
-        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+        'faqplugins' => 'CREATE TABLE %sfaqplugins (
             name VARCHAR(255) NOT NULL,
             active INT(1) NOT NULL DEFAULT 0,
             config LONGTEXT DEFAULT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoMysql.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoMysql.php
index 81c1dc3a56..dd2611f0d4 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoMysql.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoMysql.php
@@ -179,7 +179,7 @@ class PdoMysql extends Database implements DriverInterface
             record_id INT(11) NOT NULL,
             group_id INT(11) NOT NULL,
             PRIMARY KEY (record_id, group_id))',
-        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+        'faqplugins' => 'CREATE TABLE %sfaqplugins (
             name VARCHAR(255) NOT NULL,
             active INT(1) NOT NULL DEFAULT 0,
             config LONGTEXT DEFAULT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoPgsql.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoPgsql.php
index 9961bbfb56..811a78ac8e 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoPgsql.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoPgsql.php
@@ -176,7 +176,7 @@ class PdoPgsql extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
-        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+        'faqplugins' => 'CREATE TABLE %sfaqplugins (
             name VARCHAR(255) NOT NULL,
             active INTEGER NOT NULL DEFAULT 0,
             config TEXT DEFAULT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlite.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlite.php
index 58fda2c48a..c22dc4c3b6 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlite.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlite.php
@@ -173,7 +173,7 @@ class PdoSqlite extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
-        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+        'faqplugins' => 'CREATE TABLE %sfaqplugins (
             name VARCHAR(255) NOT NULL,
             active INTEGER NOT NULL DEFAULT 0,
             config TEXT DEFAULT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlsrv.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlsrv.php
index 474ce413cf..eb271edba7 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlsrv.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlsrv.php
@@ -173,7 +173,7 @@ class PdoSqlsrv extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
-        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+        'faqplugins' => 'CREATE TABLE %sfaqplugins (
             name NVARCHAR(255) NOT NULL,
             active INTEGER NOT NULL DEFAULT 0,
             config VARCHAR(MAX) DEFAULT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/Pgsql.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/Pgsql.php
index 194f9c97d8..92a5289be1 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/Pgsql.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/Pgsql.php
@@ -177,7 +177,7 @@ class Pgsql extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
-        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+        'faqplugins' => 'CREATE TABLE %sfaqplugins (
             name VARCHAR(255) NOT NULL,
             active INTEGER NOT NULL DEFAULT 0,
             config TEXT DEFAULT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlite3.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlite3.php
index f8e6931417..6d63d3657b 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlite3.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlite3.php
@@ -174,7 +174,7 @@ class Sqlite3 extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
-        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+        'faqplugins' => 'CREATE TABLE %sfaqplugins (
             name VARCHAR(255) NOT NULL,
             active INTEGER NOT NULL DEFAULT 0,
             config TEXT DEFAULT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlsrv.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlsrv.php
index 05280e3a04..2245ed2697 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlsrv.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlsrv.php
@@ -174,7 +174,7 @@ class Sqlsrv extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
-        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+        'faqplugins' => 'CREATE TABLE %sfaqplugins (
             name NVARCHAR(255) NOT NULL,
             active INTEGER NOT NULL DEFAULT 0,
             config NVARCHAR(MAX) DEFAULT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php b/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
index 42e5a26bd9..b1ca0bc3f8 100644
--- a/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
+++ b/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
@@ -8,7 +8,7 @@
  * obtain one at https://mozilla.org/MPL/2.0/.
  *
  * @package   phpMyFAQ
- * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
+ * @author    Thorsten Rinne
  * @copyright 2024-2026 phpMyFAQ Team
  * @license   https://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
  * @link      https://www.phpmyfaq.de
@@ -236,28 +236,22 @@ public function savePluginConfig(string $pluginName, array $configData): void
     {
         $jsonConfig = json_encode($configData);
         $db = $this->configuration->getDb();
-        $table = \phpMyFAQ\Database::getTablePrefix() . 'faqdata_plugins';
+        $table = \phpMyFAQ\Database::getTablePrefix() . 'faqplugins';
 
         // Check if exists
-        $select = sprintf("SELECT name FROM %s WHERE name = '%s'", $table, $db->escape($pluginName));
-        $result = $db->query($select);
-
-        if ($db->numRows($result) > 0) {
-            $update = sprintf(
-                "UPDATE %s SET config = '%s' WHERE name = '%s'",
-                $table,
-                $db->escape($jsonConfig),
-                $db->escape($pluginName)
-            );
-            $db->query($update);
+        $select = sprintf('SELECT name FROM %s WHERE name = ?', $table);
+        $stmt = $db->prepare($select);
+        $db->execute($stmt, [$pluginName]);
+        $result = $stmt->fetchAll();
+
+        if (count($result) > 0) {
+            $update = sprintf('UPDATE %s SET config = ? WHERE name = ?', $table);
+            $stmt = $db->prepare($update);
+            $db->execute($stmt, [$jsonConfig, $pluginName]);
         } else {
-             $insert = sprintf(
-                "INSERT INTO %s (name, active, config) VALUES ('%s', 0, '%s')",
-                $table,
-                $db->escape($pluginName),
-                $db->escape($jsonConfig)
-            );
-            $db->query($insert);
+            $insert = sprintf('INSERT INTO %s (name, active, config) VALUES (?, 0, ?)', $table);
+            $stmt = $db->prepare($insert);
+            $db->execute($stmt, [$pluginName, $jsonConfig]);
         }
     }
 
@@ -267,29 +261,24 @@ public function savePluginConfig(string $pluginName, array $configData): void
     private function updatePluginStatus(string $pluginName, bool $active): void
     {
         $db = $this->configuration->getDb();
-        $table = \phpMyFAQ\Database::getTablePrefix() . 'faqdata_plugins';
+        $table = \phpMyFAQ\Database::getTablePrefix() . 'faqplugins';
         $activeInt = $active ? 1 : 0;
 
         // Check if exists
-        $select = sprintf("SELECT name FROM %s WHERE name = '%s'", $table, $db->escape($pluginName));
-        $result = $db->query($select);
-
-        if ($db->numRows($result) > 0) {
-            $query = sprintf(
-                "UPDATE %s SET active = %d WHERE name = '%s'",
-                $table,
-                $activeInt,
-                $db->escape($pluginName)
-            );
+        $select = sprintf('SELECT name FROM %s WHERE name = ?', $table);
+        $stmt = $db->prepare($select);
+        $db->execute($stmt, [$pluginName]);
+        $result = $stmt->fetchAll();
+
+        if (count($result) > 0) {
+            $query = sprintf('UPDATE %s SET active = ? WHERE name = ?', $table);
+            $params = [$activeInt, $pluginName];
         } else {
-            $query = sprintf(
-                "INSERT INTO %s (name, active) VALUES ('%s', %d)",
-                $table,
-                $db->escape($pluginName),
-                $activeInt
-            );
+            $query = sprintf('INSERT INTO %s (name, active) VALUES (?, ?)', $table);
+            $params = [$pluginName, $activeInt];
         }
-        $db->query($query);
+        $stmt = $db->prepare($query);
+        $db->execute($stmt, $params);
     }
 
     /**
@@ -298,7 +287,7 @@ private function updatePluginStatus(string $pluginName, bool $active): void
     private function getPluginsFromDatabase(): array
     {
         $db = $this->configuration->getDb();
-        $table = \phpMyFAQ\Database::getTablePrefix() . 'faqdata_plugins';
+        $table = \phpMyFAQ\Database::getTablePrefix() . 'faqplugins';
         
         // Ensure table exists to avoid crashes during update/install if not yet run
         try {
diff --git a/phpmyfaq/src/phpMyFAQ/Setup/Update.php b/phpmyfaq/src/phpMyFAQ/Setup/Update.php
index 004ba8025b..6178583b1d 100644
--- a/phpmyfaq/src/phpMyFAQ/Setup/Update.php
+++ b/phpmyfaq/src/phpMyFAQ/Setup/Update.php
@@ -1132,7 +1132,7 @@ private function applyUpdates420Alpha(): void
                 case 'mysqli':
                 case 'pdo_mysql':
                     $this->queries[] = sprintf(
-                        'CREATE TABLE %sfaqdata_plugins (
+                        'CREATE TABLE %sfaqplugins (
                             name VARCHAR(255) NOT NULL,
                             active INT(1) NOT NULL DEFAULT 0,
                             config LONGTEXT DEFAULT NULL,
@@ -1144,7 +1144,7 @@ private function applyUpdates420Alpha(): void
                 case 'pgsql':
                 case 'pdo_pgsql':
                     $this->queries[] = sprintf(
-                        'CREATE TABLE %sfaqdata_plugins (
+                        'CREATE TABLE %sfaqplugins (
                             name VARCHAR(255) NOT NULL,
                             active INTEGER NOT NULL DEFAULT 0,
                             config TEXT DEFAULT NULL,
@@ -1155,7 +1155,7 @@ private function applyUpdates420Alpha(): void
                 case 'sqlite3':
                 case 'pdo_sqlite':
                     $this->queries[] = sprintf(
-                        'CREATE TABLE %sfaqdata_plugins (
+                        'CREATE TABLE %sfaqplugins (
                             name VARCHAR(255) NOT NULL,
                             active INTEGER NOT NULL DEFAULT 0,
                             config TEXT DEFAULT NULL,
@@ -1166,7 +1166,7 @@ private function applyUpdates420Alpha(): void
                 case 'sqlsrv':
                 case 'pdo_sqlsrv':
                     $this->queries[] = sprintf(
-                        'CREATE TABLE %sfaqdata_plugins (
+                        'CREATE TABLE %sfaqplugins (
                             name NVARCHAR(255) NOT NULL,
                             active INTEGER NOT NULL DEFAULT 0,
                             config VARCHAR(MAX) DEFAULT NULL,
diff --git a/phpmyfaq/translations/language_de.php b/phpmyfaq/translations/language_de.php
index b0fc9b3500..9350b71a08 100755
--- a/phpmyfaq/translations/language_de.php
+++ b/phpmyfaq/translations/language_de.php
@@ -1543,6 +1543,11 @@
 $PMF_LANG['msgErrorDetails'] = 'Fehlerdetails';
 $PMF_LANG['msgTryAgain'] = 'Erneut versuchen';
 $PMF_LANG['msgAdminLogExportCsv'] = "Admin-Logs als CSV exportieren";
+$PMF_LANG['msgPluginStatusSuccess'] = 'Plugin-Status erfolgreich aktualisiert.';
+$PMF_LANG['msgPluginStatusError'] = 'Plugin-Status konnte nicht aktualisiert werden:';
+$PMF_LANG['msgPluginConfigSuccess'] = 'Plugin-Konfiguration erfolgreich gespeichert.';
+$PMF_LANG['msgPluginConfigError'] = 'Konfiguration konnte nicht gespeichert werden:';
+$PMF_LANG['msgUnknownError'] = 'Unbekannter Fehler';
 
 
 return $PMF_LANG;
diff --git a/phpmyfaq/translations/language_en.php b/phpmyfaq/translations/language_en.php
index 9bacb72847..0c2f0b1f18 100644
--- a/phpmyfaq/translations/language_en.php
+++ b/phpmyfaq/translations/language_en.php
@@ -1542,6 +1542,11 @@
 $PMF_LANG['msgErrorDetails'] = 'Error Details';
 $PMF_LANG['msgTryAgain'] = 'Try Again';
 $PMF_LANG['msgAdminLogExportCsv'] = 'Export admin logs as CSV';
+$PMF_LANG['msgPluginStatusSuccess'] = 'Plugin status updated successfully.';
+$PMF_LANG['msgPluginStatusError'] = 'Failed to update plugin status:';
+$PMF_LANG['msgPluginConfigSuccess'] = 'Plugin configuration saved.';
+$PMF_LANG['msgPluginConfigError'] = 'Failed to save configuration:';
+$PMF_LANG['msgUnknownError'] = 'Unknown error';
 
 
 return $PMF_LANG;

From c52c3eca8299acf7372042531b7d002dc13cbfba Mon Sep 17 00:00:00 2001
From: d0ubIeU <github@wadewitz.it>
Date: Wed, 7 Jan 2026 20:44:37 +0100
Subject: [PATCH 5/9] Fix_sql

---
 phpmyfaq/src/phpMyFAQ/Database/Pgsql.php  |  8 +++++++-
 phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php | 18 +++++++++++++-----
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php b/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
index d44a49e446..39883f3b1c 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
@@ -52,6 +52,11 @@ class Pgsql implements DatabaseDriver
      */
     private Connection|bool $conn = false;
 
+    /**
+     * Prepared statements.
+     */
+    private array $preparedStatements = [];
+
     /**
      * Connects to the database.
      *
@@ -327,8 +332,9 @@ public function getTableNames(string $prefix = ''): array
      */
     public function prepare(string $query, array $options = []): string|false
     {
-        $stmtName = 'pmf_stmt_' . md5($query);
+        $stmtName = 'pmf_stmt_' . (count($this->preparedStatements) + 1);
         if (pg_prepare($this->conn, $stmtName, $query)) {
+            $this->preparedStatements[$stmtName] = $query;
             return $stmtName;
         }
         return false;
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php b/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
index 4e938ab8ac..0c749f9d02 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
@@ -318,27 +318,35 @@ public function getTableNames(string $prefix = ''): array
      *
      * @param string $query   The SQL query
      * @param array  $options The driver options
-     * @return resource|false
+     * @return resource|string|false
      */
     public function prepare(string $query, array $options = []): mixed
     {
+        if (str_contains($query, '?')) {
+            return $query;
+        }
+
         return sqlsrv_prepare($this->conn, $query, [], $options);
     }
 
     /**
      * Executes a prepared statement.
      *
-     * @param mixed $statement The prepared statement
+     * @param mixed $statement The prepared statement (resource or SQL string)
      * @param array $params    The parameters
      * @return bool
      */
     public function execute(mixed $statement, array $params = []): bool
     {
-        if (!is_resource($statement)) {
-            return false;
+        if (is_resource($statement) && empty($params)) {
+            return sqlsrv_execute($statement);
+        }
+
+        if (is_string($statement)) {
+            return (bool) sqlsrv_query($this->conn, $statement, $params);
         }
 
-        return sqlsrv_execute($statement);
+        return false;
     }
 
     /**

From 8aa2adc91744063e445bf05b25d96ee17fcddabf Mon Sep 17 00:00:00 2001
From: d0ubIeU <github@wadewitz.it>
Date: Thu, 8 Jan 2026 13:58:49 +0100
Subject: [PATCH 6/9] fix

---
 phpmyfaq/src/phpMyFAQ/Database/Mysqli.php     | 51 +++++++++++--
 phpmyfaq/src/phpMyFAQ/Database/Pgsql.php      | 50 ++++++++++++-
 phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php    | 51 +++++++++++--
 phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php     | 74 +++++++++++++++++--
 .../src/phpMyFAQ/Plugin/PluginManager.php     | 28 +++----
 5 files changed, 216 insertions(+), 38 deletions(-)

diff --git a/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php b/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php
index 7ec8645c48..f9e3180d68 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php
@@ -27,6 +27,32 @@
 use phpMyFAQ\Database;
 use SensitiveParameter;
 
+/**
+ * Class MysqliStatement
+ */
+class MysqliStatement
+{
+    public function __construct(
+        public \mysqli_stmt $stmt,
+        public mixed $result = null
+    ) {
+    }
+
+    /**
+     * @deprecated Use DatabaseDriver::fetchAll() instead.
+     */
+    public function fetchAll(): array
+    {
+        $ret = [];
+        if ($this->result) {
+            while ($row = $this->result->fetch_object()) {
+                $ret[] = $row;
+            }
+        }
+        return $ret;
+    }
+}
+
 /**
  * Class Mysqli
  *
@@ -140,6 +166,10 @@ public function fetchRow(mixed $result): mixed
      */
     public function fetchAll(mixed $result): ?array
     {
+        if ($result instanceof MysqliStatement) {
+            $result = $result->result;
+        }
+
         $ret = [];
         if (false === $result) {
             throw new Exception('Error while fetching result: ' . $this->error());
@@ -321,11 +351,15 @@ public function query(string $query, int $offset = 0, int $rowcount = 0): mixed
      *
      * @param string $query   The SQL query
      * @param array  $options The driver options
-     * @return \mysqli_stmt|false
+     * @return MysqliStatement|false
      */
-    public function prepare(string $query, array $options = []): \mysqli_stmt|false
+    public function prepare(string $query, array $options = []): MysqliStatement|false
     {
-        return $this->conn->prepare($query);
+        $stmt = $this->conn->prepare($query);
+        if ($stmt) {
+            return new MysqliStatement($stmt);
+        }
+        return false;
     }
 
     /**
@@ -337,7 +371,7 @@ public function prepare(string $query, array $options = []): \mysqli_stmt|false
      */
     public function execute(mixed $statement, array $params = []): bool
     {
-        if (!$statement instanceof \mysqli_stmt) {
+        if (!$statement instanceof MysqliStatement) {
             return false;
         }
 
@@ -354,10 +388,15 @@ public function execute(mixed $statement, array $params = []): bool
                     $types .= 'b';
                 }
             }
-            $statement->bind_param($types, ...$params);
+            $statement->stmt->bind_param($types, ...$params);
+        }
+
+        $success = $statement->stmt->execute();
+        if ($success) {
+            $statement->result = $statement->stmt->get_result();
         }
 
-        return $statement->execute();
+        return $success;
     }
 
     /**
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php b/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
index 39883f3b1c..5fadc8dbc4 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
@@ -27,6 +27,37 @@
 use phpMyFAQ\Database;
 use SensitiveParameter;
 
+/**
+ * Class PgsqlStatement
+ */
+class PgsqlStatement
+{
+    public function __construct(
+        private string $name,
+        public mixed $result = null
+    ) {
+    }
+
+    public function __toString(): string
+    {
+        return $this->name;
+    }
+
+    /**
+     * @deprecated Use DatabaseDriver::fetchAll() instead.
+     */
+    public function fetchAll(): array
+    {
+        $ret = [];
+        if ($this->result) {
+            while ($row = pg_fetch_object($this->result)) {
+                $ret[] = $row;
+            }
+        }
+        return $ret;
+    }
+}
+
 /**
  * Class Pgsql
  *
@@ -150,6 +181,10 @@ public function escape(string $string): string
      */
     public function fetchAll(mixed $result): ?array
     {
+        if ($result instanceof PgsqlStatement) {
+            $result = $result->result;
+        }
+
         $ret = [];
         if (false === $result) {
             throw new Exception('Error while fetching result: ' . $this->error());
@@ -328,14 +363,14 @@ public function getTableNames(string $prefix = ''): array
      *
      * @param string $query   The SQL query
      * @param array  $options The driver options
-     * @return string|false
+     * @return PgsqlStatement|false
      */
-    public function prepare(string $query, array $options = []): string|false
+    public function prepare(string $query, array $options = []): PgsqlStatement|false
     {
         $stmtName = 'pmf_stmt_' . (count($this->preparedStatements) + 1);
         if (pg_prepare($this->conn, $stmtName, $query)) {
             $this->preparedStatements[$stmtName] = $query;
-            return $stmtName;
+            return new PgsqlStatement($stmtName);
         }
         return false;
     }
@@ -349,7 +384,14 @@ public function prepare(string $query, array $options = []): string|false
      */
     public function execute(mixed $statement, array $params = []): bool
     {
-        return (bool) pg_execute($this->conn, (string) $statement, $params);
+        $name = (string) $statement;
+        $result = pg_execute($this->conn, $name, $params);
+
+        if ($statement instanceof PgsqlStatement) {
+            $statement->result = $result;
+        }
+
+        return (bool) $result;
     }
 
     /**
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php b/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php
index b90d9ac105..e96e51c1b8 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php
@@ -22,6 +22,32 @@
 use phpMyFAQ\Core\Exception;
 use SensitiveParameter;
 
+/**
+ * Class Sqlite3Statement
+ */
+class Sqlite3Statement
+{
+    public function __construct(
+        public \SQLite3Stmt $stmt,
+        public mixed $result = null
+    ) {
+    }
+
+    /**
+     * @deprecated Use DatabaseDriver::fetchAll() instead.
+     */
+    public function fetchAll(): array
+    {
+        $ret = [];
+        if ($this->result) {
+            while ($row = $this->result->fetchArray(SQLITE3_ASSOC)) {
+                $ret[] = (object) $row;
+            }
+        }
+        return $ret;
+    }
+}
+
 /**
  * Class Sqlite3
  *
@@ -113,6 +139,10 @@ public function fetchRow(mixed $result): mixed
      */
     public function fetchAll(mixed $result): ?array
     {
+        if ($result instanceof Sqlite3Statement) {
+            $result = $result->result;
+        }
+
         $ret = [];
         if (false === $result) {
             throw new Exception('Error while fetching result: ' . $this->error());
@@ -309,11 +339,15 @@ public function clientVersion(): string
      *
      * @param string $query   The SQL query
      * @param array  $options The driver options
-     * @return \SQLite3Stmt|false
+     * @return Sqlite3Statement|false
      */
-    public function prepare(string $query, array $options = []): \SQLite3Stmt|false
+    public function prepare(string $query, array $options = []): Sqlite3Statement|false
     {
-        return $this->conn->prepare($query);
+        $stmt = $this->conn->prepare($query);
+        if ($stmt) {
+            return new Sqlite3Statement($stmt);
+        }
+        return false;
     }
 
     /**
@@ -325,7 +359,7 @@ public function prepare(string $query, array $options = []): \SQLite3Stmt|false
      */
     public function execute(mixed $statement, array $params = []): bool
     {
-        if (!$statement instanceof \SQLite3Stmt) {
+        if (!$statement instanceof Sqlite3Statement) {
             return false;
         }
 
@@ -338,10 +372,15 @@ public function execute(mixed $statement, array $params = []): bool
             } elseif (is_null($param)) {
                 $type = SQLITE3_NULL;
             }
-            $statement->bindValue($index + 1, $param, $type);
+            $statement->stmt->bindValue($index + 1, $param, $type);
+        }
+
+        $result = $statement->stmt->execute();
+        if ($result) {
+            $statement->result = $result;
         }
 
-        return (bool) $statement->execute();
+        return (bool) $result;
     }
 
     /**
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php b/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
index 0c749f9d02..0e9c3665bf 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
@@ -24,6 +24,37 @@
 use phpMyFAQ\Database;
 use SensitiveParameter;
 
+/**
+ * Class SqlsrvStatement
+ */
+class SqlsrvStatement
+{
+    public function __construct(
+        public mixed $statement,
+        public mixed $result = null
+    ) {
+    }
+
+    public function __toString(): string
+    {
+        return is_string($this->statement) ? $this->statement : '';
+    }
+
+    /**
+     * @deprecated Use DatabaseDriver::fetchAll() instead.
+     */
+    public function fetchAll(): array
+    {
+        $ret = [];
+        if ($this->result) {
+            while ($row = sqlsrv_fetch_object($this->result)) {
+                $ret[] = $row;
+            }
+        }
+        return $ret;
+    }
+}
+
 /**
  * Class Sqlsrv
  *
@@ -113,6 +144,10 @@ public function fetchRow(mixed $result): mixed
      */
     public function fetchAll(mixed $result): ?array
     {
+        if ($result instanceof SqlsrvStatement) {
+            $result = $result->result;
+        }
+
         $ret = [];
         if (false === $result) {
             throw new Exception('Error while fetching result: ' . $this->error());
@@ -320,30 +355,53 @@ public function getTableNames(string $prefix = ''): array
      * @param array  $options The driver options
      * @return resource|string|false
      */
-    public function prepare(string $query, array $options = []): mixed
+    /**
+     * Prepares a statement for execution and returns a statement object.
+     *
+     * @param string $query   The SQL query
+     * @param array  $options The driver options
+     * @return SqlsrvStatement|false
+     */
+    public function prepare(string $query, array $options = []): SqlsrvStatement|false
     {
         if (str_contains($query, '?')) {
-            return $query;
+            return new SqlsrvStatement($query);
         }
 
-        return sqlsrv_prepare($this->conn, $query, [], $options);
+        $stmt = sqlsrv_prepare($this->conn, $query, [], $options);
+        if ($stmt) {
+            return new SqlsrvStatement($stmt);
+        }
+        return false;
     }
 
     /**
      * Executes a prepared statement.
      *
-     * @param mixed $statement The prepared statement (resource or SQL string)
+     * @param mixed $statement The prepared statement (SqlsrvStatement resource or SQL string)
      * @param array $params    The parameters
      * @return bool
      */
     public function execute(mixed $statement, array $params = []): bool
     {
-        if (is_resource($statement) && empty($params)) {
-            return sqlsrv_execute($statement);
+        if (!$statement instanceof SqlsrvStatement) {
+            return false;
+        }
+
+        if (is_resource($statement->statement) && empty($params)) {
+            $success = sqlsrv_execute($statement->statement);
+            if ($success) {
+                $statement->result = $statement->statement;
+            }
+            return $success;
         }
 
-        if (is_string($statement)) {
-            return (bool) sqlsrv_query($this->conn, $statement, $params);
+        if (is_string($statement->statement)) {
+            $result = sqlsrv_query($this->conn, $statement->statement, $params);
+            if ($result) {
+                $statement->result = $result;
+            }
+            return (bool) $result;
         }
 
         return false;
diff --git a/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php b/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
index b1ca0bc3f8..3c8d5bd7da 100644
--- a/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
+++ b/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
@@ -8,7 +8,7 @@
  * obtain one at https://mozilla.org/MPL/2.0/.
  *
  * @package   phpMyFAQ
- * @author    Thorsten Rinne
+ * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
  * @copyright 2024-2026 phpMyFAQ Team
  * @license   https://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
  * @link      https://www.phpmyfaq.de
@@ -146,15 +146,15 @@ public function loadPlugins(): void
                 // I will default to inactive (false) for new plugins found on disk but not in DB.
                 $isActive = false; 
             }
-            
+
             // Allow checking if it IS active.
             // But we only REGISTER events and LOAD scripts if active.
-            
+
             if ($isActive && $this->areDependenciesMet($plugin)) {
                 $this->loadedPlugins[] = $plugin->getName();
-                
+
                 $plugin->registerEvents($this->eventDispatcher);
-                
+
                 if (!empty($plugin->getConfig())) {
                     $this->loadPluginConfig($plugin->getName(), $plugin->getConfig());
                     // Apply DB config overrides here if possible
@@ -165,7 +165,7 @@ public function loadPlugins(): void
                 if (method_exists($plugin, 'getTranslationsPath')) {
                     $translationsPath = $plugin->getTranslationsPath();
                 }
-                
+
                 if ($translationsPath !== null) {
                     $pluginDir = $this->getPluginDirectory($plugin->getName());
                     $absoluteTranslationsPath = $pluginDir . '/' . $translationsPath;
@@ -220,7 +220,7 @@ public function deactivatePlugin(string $pluginName): void
     {
         $this->updatePluginStatus($pluginName, false);
     }
-    
+
     /**
      * Checks if a plugin is active
      */
@@ -242,7 +242,7 @@ public function savePluginConfig(string $pluginName, array $configData): void
         $select = sprintf('SELECT name FROM %s WHERE name = ?', $table);
         $stmt = $db->prepare($select);
         $db->execute($stmt, [$pluginName]);
-        $result = $stmt->fetchAll();
+        $result = $db->fetchAll($stmt);
 
         if (count($result) > 0) {
             $update = sprintf('UPDATE %s SET config = ? WHERE name = ?', $table);
@@ -268,7 +268,7 @@ private function updatePluginStatus(string $pluginName, bool $active): void
         $select = sprintf('SELECT name FROM %s WHERE name = ?', $table);
         $stmt = $db->prepare($select);
         $db->execute($stmt, [$pluginName]);
-        $result = $stmt->fetchAll();
+        $result = $db->fetchAll($stmt);
 
         if (count($result) > 0) {
             $query = sprintf('UPDATE %s SET active = ? WHERE name = ?', $table);
@@ -390,9 +390,11 @@ private function getPluginDirectory(string $pluginName): string
         return PMF_ROOT_DIR . '/content/plugins/' . $pluginName;
     }
 
-
-
-
+    /**
+     * Registers stylesheets for a plugin
+     *
+     * @param string[] $stylesheets Relative paths to CSS files
+     */
     private function registerPluginStylesheets(string $pluginName, array $stylesheets): void
     {
         $pluginDir = $this->getPluginDirectory($pluginName);
@@ -417,7 +419,6 @@ private function registerPluginStylesheets(string $pluginName, array $stylesheet
         }
     }
 
-
     /**
      * Returns all registered plugin stylesheets for template injection
      *
@@ -468,7 +469,6 @@ private function registerPluginScripts(string $pluginName, array $scripts): void
         }
     }
 
-
     /**
      * Returns all registered plugin scripts for template injection
      *

From fbddd00d4717f4f2271dbf39d9e62dd0a7e3b660 Mon Sep 17 00:00:00 2001
From: d0ubIeU <github@wadewitz.it>
Date: Thu, 8 Jan 2026 14:42:08 +0100
Subject: [PATCH 7/9] fix formatting

---
 .../Administration/Api/PluginController.php   | 17 ++++++--
 .../src/phpMyFAQ/Plugin/PluginManager.php     | 40 +++++++------------
 2 files changed, 28 insertions(+), 29 deletions(-)

diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php
index 74c11b5b44..14041a04cc 100644
--- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php
+++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php
@@ -19,12 +19,12 @@
 
 namespace phpMyFAQ\Controller\Administration\Api;
 
+use Exception;
 use phpMyFAQ\Controller\Administration\AbstractAdministrationController;
 use phpMyFAQ\Session\Token;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Routing\Attribute\Route;
-use Exception;
 
 final class PluginController extends AbstractAdministrationController
 {
@@ -43,7 +43,10 @@ public function toggleStatus(Request $request): JsonResponse
         $data = json_decode($content, true);
 
         if (json_last_error() !== JSON_ERROR_NONE || !is_array($data)) {
-            return new JsonResponse(['success' => false, 'message' => 'Invalid JSON payload: ' . json_last_error_msg()], 400);
+            return new JsonResponse([
+                'success' => false,
+                'message' => 'Invalid JSON payload: ' . json_last_error_msg(),
+            ], 400);
         }
 
         $name = $data['name'] ?? null;
@@ -69,7 +72,10 @@ public function saveConfig(Request $request): JsonResponse
         $data = json_decode($content, true);
 
         if (json_last_error() !== JSON_ERROR_NONE || !is_array($data)) {
-            return new JsonResponse(['success' => false, 'message' => 'Invalid JSON payload: ' . json_last_error_msg()], 400);
+            return new JsonResponse([
+                'success' => false,
+                'message' => 'Invalid JSON payload: ' . json_last_error_msg(),
+            ], 400);
         }
 
         $csrfToken = $data['csrf'] ?? $request->headers->get('X-CSRF-Token');
@@ -90,7 +96,10 @@ public function saveConfig(Request $request): JsonResponse
         try {
             $pluginManager->savePluginConfig($name, $config);
         } catch (Exception $e) {
-            return new JsonResponse(['success' => false, 'message' => 'Failed to save configuration: ' . $e->getMessage()], 500);
+            return new JsonResponse([
+                'success' => false,
+                'message' => 'Failed to save configuration: ' . $e->getMessage(),
+            ], 500);
         }
 
         return new JsonResponse(['success' => true]);
diff --git a/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php b/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
index 42e5a26bd9..d0f359aee8 100644
--- a/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
+++ b/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
@@ -53,7 +53,7 @@ class PluginManager
     private readonly ContainerBuilder $containerBuilder;
 
     public function __construct(
-        private readonly \phpMyFAQ\Configuration $configuration
+        private readonly \phpMyFAQ\Configuration $configuration,
     ) {
         $this->eventDispatcher = new EventDispatcher();
         $this->containerBuilder = new ContainerBuilder();
@@ -103,14 +103,14 @@ public function loadPlugins(): void
 
         // Fetch plugin states and config from database
         $dbPlugins = $this->getPluginsFromDatabase();
-        
+
         foreach ($this->plugins as $plugin) {
             $pluginName = $plugin->getName();
             $isActive = false;
 
             // Apply configuration and check status from DB
             if (isset($dbPlugins[$pluginName])) {
-                $isActive = (bool)$dbPlugins[$pluginName]['active'];
+                $isActive = (bool) $dbPlugins[$pluginName]['active'];
                 if (!empty($dbPlugins[$pluginName]['config']) && $plugin->getConfig()) {
                     $configArray = json_decode($dbPlugins[$pluginName]['config'], true);
                     if (is_array($configArray)) {
@@ -123,13 +123,13 @@ public function loadPlugins(): void
                                         $typeName = $type instanceof \ReflectionNamedType ? $type->getName() : null;
                                         switch ($typeName) {
                                             case 'int':
-                                                $value = (int)$value;
+                                                $value = (int) $value;
                                                 break;
                                             case 'bool':
                                                 $value = filter_var($value, FILTER_VALIDATE_BOOLEAN);
                                                 break;
                                             case 'float':
-                                                $value = (float)$value;
+                                                $value = (float) $value;
                                                 break;
                                         }
                                     }
@@ -144,17 +144,17 @@ public function loadPlugins(): void
             } else {
 
                 // I will default to inactive (false) for new plugins found on disk but not in DB.
-                $isActive = false; 
+                $isActive = false;
             }
-            
+
             // Allow checking if it IS active.
             // But we only REGISTER events and LOAD scripts if active.
-            
+
             if ($isActive && $this->areDependenciesMet($plugin)) {
                 $this->loadedPlugins[] = $plugin->getName();
-                
+
                 $plugin->registerEvents($this->eventDispatcher);
-                
+
                 if (!empty($plugin->getConfig())) {
                     $this->loadPluginConfig($plugin->getName(), $plugin->getConfig());
                     // Apply DB config overrides here if possible
@@ -165,7 +165,7 @@ public function loadPlugins(): void
                 if (method_exists($plugin, 'getTranslationsPath')) {
                     $translationsPath = $plugin->getTranslationsPath();
                 }
-                
+
                 if ($translationsPath !== null) {
                     $pluginDir = $this->getPluginDirectory($plugin->getName());
                     $absoluteTranslationsPath = $pluginDir . '/' . $translationsPath;
@@ -173,15 +173,11 @@ public function loadPlugins(): void
                     if (is_dir($absoluteTranslationsPath)) {
                         $translation = Translation::getInstance();
                         if (method_exists($translation, 'registerPluginTranslations')) {
-                            $translation->registerPluginTranslations(
-                                $plugin->getName(),
-                                $absoluteTranslationsPath,
-                            );
+                            $translation->registerPluginTranslations($plugin->getName(), $absoluteTranslationsPath);
                         }
                     }
                 }
 
-
                 // Register plugin stylesheets
                 if (method_exists($plugin, 'getStylesheets')) {
                     $this->registerPluginStylesheets($plugin->getName(), $plugin->getStylesheets());
@@ -192,7 +188,6 @@ public function loadPlugins(): void
                     $this->registerPluginScripts($plugin->getName(), $plugin->getScripts());
                 }
             } elseif (!$this->areDependenciesMet($plugin)) {
-
                 $missingDeps = $this->getMissingDependencies($plugin);
                 $this->incompatiblePlugins[$plugin->getName()] = [
                     'plugin' => $plugin,
@@ -220,7 +215,7 @@ public function deactivatePlugin(string $pluginName): void
     {
         $this->updatePluginStatus($pluginName, false);
     }
-    
+
     /**
      * Checks if a plugin is active
      */
@@ -299,7 +294,7 @@ private function getPluginsFromDatabase(): array
     {
         $db = $this->configuration->getDb();
         $table = \phpMyFAQ\Database::getTablePrefix() . 'faqdata_plugins';
-        
+
         // Ensure table exists to avoid crashes during update/install if not yet run
         try {
             $result = $db->query("SELECT name, active, config FROM $table");
@@ -312,7 +307,7 @@ private function getPluginsFromDatabase(): array
         while ($row = $db->fetchObject($result)) {
             $plugins[$row->name] = [
                 'active' => $row->active,
-                'config' => $row->config
+                'config' => $row->config,
             ];
         }
         return $plugins;
@@ -401,9 +396,6 @@ private function getPluginDirectory(string $pluginName): string
         return PMF_ROOT_DIR . '/content/plugins/' . $pluginName;
     }
 
-
-
-
     private function registerPluginStylesheets(string $pluginName, array $stylesheets): void
     {
         $pluginDir = $this->getPluginDirectory($pluginName);
@@ -428,7 +420,6 @@ private function registerPluginStylesheets(string $pluginName, array $stylesheet
         }
     }
 
-
     /**
      * Returns all registered plugin stylesheets for template injection
      *
@@ -479,7 +470,6 @@ private function registerPluginScripts(string $pluginName, array $scripts): void
         }
     }
 
-
     /**
      * Returns all registered plugin scripts for template injection
      *

From e3a2210fc6b1eb2214c8b91d45fca2a807718422 Mon Sep 17 00:00:00 2001
From: d0ubIeU <github@wadewitz.it>
Date: Thu, 8 Jan 2026 19:18:25 +0100
Subject: [PATCH 8/9] formatting und enhanced plugin doc

---
 docs/plugins.md                               |  25 ++-
 phpmyfaq/admin/assets/src/api/plugins.ts      |   4 +-
 .../admin/assets/src/configuration/plugins.ts | 144 ++++++++----------
 .../Administration/Api/PluginController.php   |   2 +-
 .../src/phpMyFAQ/Database/DatabaseDriver.php  |  18 +++
 phpmyfaq/src/phpMyFAQ/Database/Mysqli.php     |  88 ++++++++++-
 phpmyfaq/src/phpMyFAQ/Database/PdoMysql.php   |   2 +-
 phpmyfaq/src/phpMyFAQ/Database/PdoPgsql.php   |   2 +-
 phpmyfaq/src/phpMyFAQ/Database/PdoSqlite.php  |   2 +-
 phpmyfaq/src/phpMyFAQ/Database/PdoSqlsrv.php  |   2 +-
 phpmyfaq/src/phpMyFAQ/Database/Pgsql.php      |  78 +++++++++-
 phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php    |  84 +++++++++-
 phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php     |  89 ++++++++++-
 .../src/phpMyFAQ/Instance/Database/Mysqli.php |   2 +-
 .../phpMyFAQ/Instance/Database/PdoMysql.php   |   2 +-
 .../phpMyFAQ/Instance/Database/PdoPgsql.php   |   2 +-
 .../phpMyFAQ/Instance/Database/PdoSqlite.php  |   2 +-
 .../phpMyFAQ/Instance/Database/PdoSqlsrv.php  |   2 +-
 .../src/phpMyFAQ/Instance/Database/Pgsql.php  |   2 +-
 .../phpMyFAQ/Instance/Database/Sqlite3.php    |   2 +-
 .../src/phpMyFAQ/Instance/Database/Sqlsrv.php |   2 +-
 .../src/phpMyFAQ/Plugin/PluginManager.php     |  77 +++++-----
 phpmyfaq/src/phpMyFAQ/Setup/Update.php        |   8 +-
 phpmyfaq/translations/language_de.php         |   5 +
 phpmyfaq/translations/language_en.php         |   5 +
 25 files changed, 512 insertions(+), 139 deletions(-)

diff --git a/docs/plugins.md b/docs/plugins.md
index d63b86aef8..26f5ea5779 100644
--- a/docs/plugins.md
+++ b/docs/plugins.md
@@ -9,6 +9,7 @@ The plugin system is based on the Symfony Dependency Injection component.
 Plugins are installed in the `content/plugins` directory of your phpMyFAQ installation.
 The plugin directory should contain a subdirectory for each plugin, e.g. `content/plugins/HelloWorld`.
 The plugin directory should contain a `HelloWorldPlugin.php` file that implements the `PluginInterface` interface.
+The plugin must then be activated in the backend and can be deactivated again at any time without a complete uninstallation.
 If you want to remove a plugin, you can delete the plugin in the plugin directory.
 
 ## 9.2 Configuration
@@ -17,7 +18,7 @@ Plugins can have configuration options, implemented via the `PluginConfiguration
 Configuration options can be defined in the plugin configuration class with Constructor Property Promotion by adding 
 public properties. There are no other options to configure plugins at this time.
 
-### 9.3.1 Example configuration class
+### 9.2.1 Example configuration class
 
 ```php
 class MyPluginConfiguration implements PluginConfigurationInterface
@@ -29,6 +30,7 @@ class MyPluginConfiguration implements PluginConfigurationInterface
     }
 }
 ```
+These predefined values ​​in the file form the basis for the configuration options in the backend plugin overview. All future changes to these values ​​in the backend plugin settings will be saved in the database.
 
 ## 9.3 Plugin development
 
@@ -79,6 +81,26 @@ class MyPlugin implements PluginInterface
         return '0.2.0';
     }
 
+    public function getDescription(): string
+    {
+        return 'A simple Hello World plugin';
+    }
+
+    public function getAuthor(): string
+    {
+        return 'phpMyFAQ Team';
+    }
+
+    public function getAdvDescription(): string
+    {
+        return 'A simple Hello World plugin that demonstrates event handling in phpMyFAQ and with Configuration options.';
+    }
+
+    public function getImplementation(): string
+    {
+        return '{{ phpMyFAQPlugin(\'hello.world\', \'Hello, World!\') | raw }} oder {{ phpMyFAQPlugin(\'user.login\', \'John Doe\') | raw }}';
+    }
+
     public function getDependencies(): array
     {
         return [];
@@ -139,6 +161,7 @@ class MyPlugin implements PluginInterface
     {{ phpMyFAQPlugin('user.login', 'John Doe') | raw }}
 </div>
 ```
+Note: If the fields "Extended Description" and "Implementation" are defined in the plugin, you will find explanations on how to integrate the plugin in the plugin's configuration settings.
 
 ## 9.6 Stylesheets
 
diff --git a/phpmyfaq/admin/assets/src/api/plugins.ts b/phpmyfaq/admin/assets/src/api/plugins.ts
index c06481312b..1e69c31d73 100644
--- a/phpmyfaq/admin/assets/src/api/plugins.ts
+++ b/phpmyfaq/admin/assets/src/api/plugins.ts
@@ -6,9 +6,9 @@
  * obtain one at https://mozilla.org/MPL/2.0/.
  *
  * @package   phpMyFAQ
- * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
+ * @author    Thorsten Rinne
  * @copyright 2025-2026 phpMyFAQ Team
- * @license   http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
+ * @license   https://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
  * @link      https://www.phpmyfaq.de
  * @since     2025-01-07
  */
diff --git a/phpmyfaq/admin/assets/src/configuration/plugins.ts b/phpmyfaq/admin/assets/src/configuration/plugins.ts
index 717c0ffd06..a03c150ccb 100644
--- a/phpmyfaq/admin/assets/src/configuration/plugins.ts
+++ b/phpmyfaq/admin/assets/src/configuration/plugins.ts
@@ -6,20 +6,23 @@
  * obtain one at https://mozilla.org/MPL/2.0/.
  *
  * @package   phpMyFAQ
- * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
+ * @author    Thorsten Rinne
  * @copyright 2025-2026 phpMyFAQ Team
- * @license   http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
+ * @license   https://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
  * @link      https://www.phpmyfaq.de
  * @since     2025-01-07
  */
 
 import { togglePluginStatus, savePluginConfig } from '../api';
-import { pushNotification, pushErrorNotification } from '../../../../assets/src/utils';
+import { addElement, pushNotification, pushErrorNotification, TranslationService } from '../../../../assets/src/utils';
 
 /**
  * Handles plugin status toggling and configuration modal
  */
-export const handlePlugins = (): void => {
+export const handlePlugins = async (): Promise<void> => {
+    const Translator = new TranslationService();
+    await Translator.loadTranslations(document.documentElement.lang);
+
     const getCsrfToken = () => document.querySelector('meta[name="csrf-token"]')?.getAttribute('content') || '';
 
     const toggleCheckboxes = document.querySelectorAll<HTMLInputElement>('.plugin-toggle');
@@ -40,39 +43,41 @@ export const handlePlugins = (): void => {
 
                 if (!result.success) {
                     target.checked = !active; // Revert
-                    pushErrorNotification('Failed to update plugin status: ' + (result.message || 'Unknown error'));
+                    pushErrorNotification(
+                        Translator.translate('msgPluginStatusError') + ' ' + (result.message || Translator.translate('msgUnknownError')),
+                    );
                 } else {
-                    pushNotification('Plugin status updated successfully.');
+                    pushNotification(Translator.translate('msgPluginStatusSuccess'));
                 }
             } catch (error: any) {
                 target.checked = !active; // Revert
                 console.error('Error toggling plugin:', error);
-                pushErrorNotification(error.message || 'An error occurred while updating plugin status.');
+                pushErrorNotification(error.message || Translator.translate('msgUnknownError'));
             }
         });
     });
 
     // Configuration Modal
-    const configModalEl = document.getElementById('pluginConfigModal');
-    if (configModalEl) {
-        configModalEl.addEventListener('show.bs.modal', (event: any) => {
+    const pluginConfigModal = document.getElementById('pluginConfigModal');
+    if (pluginConfigModal) {
+        pluginConfigModal.addEventListener('show.bs.modal', (event: any) => {
             const button = event.relatedTarget as HTMLElement;
             const pluginName = button.getAttribute('data-plugin-name');
             const pluginDescription = button.getAttribute('data-plugin-description');
             const pluginImplementation = button.getAttribute('data-plugin-implementation');
             const configJson = button.getAttribute('data-plugin-config');
 
-            const modalTitle = configModalEl.querySelector('.modal-title');
-            const nameInput = configModalEl.querySelector<HTMLInputElement>('#configPluginName');
-            const container = configModalEl.querySelector('#configFieldsContainer');
-            const descText = configModalEl.querySelector('#pluginDescriptionText');
-            const implContainer = configModalEl.querySelector('#pluginImplementationContainer');
-            const implCode = configModalEl.querySelector('#pluginImplementationCode');
-            const noConfigMsg = configModalEl.querySelector('#pluginNoConfigMsg');
+            const modalTitle = pluginConfigModal.querySelector('.modal-title');
+            const nameInput = pluginConfigModal.querySelector<HTMLInputElement>('#configPluginName');
+            const container = pluginConfigModal.querySelector('#configFieldsContainer');
+            const descText = pluginConfigModal.querySelector('#pluginDescriptionText');
+            const implContainer = pluginConfigModal.querySelector('#pluginImplementationContainer');
+            const implCode = pluginConfigModal.querySelector('#pluginImplementationCode');
+            const noConfigMsg = pluginConfigModal.querySelector('#pluginNoConfigMsg');
             const saveBtn = document.getElementById('savePluginConfigBtn');
 
             if (modalTitle && pluginName) {
-                modalTitle.textContent = 'Configuration: ' + pluginName;
+                modalTitle.textContent = Translator.translate('msgConfig') + ': ' + pluginName;
             }
             if (nameInput && pluginName) {
                 nameInput.value = pluginName;
@@ -108,69 +113,51 @@ export const handlePlugins = (): void => {
 
                         Object.keys(configData).forEach((key) => {
                             const value = configData[key];
-                            const div = document.createElement('div');
-                            div.className = 'mb-3';
-
-                            const label = document.createElement('label');
-                            label.className = 'form-label';
-                            label.textContent = key;
-                            label.htmlFor = 'config_' + key;
-
-                            let input: HTMLInputElement | HTMLSelectElement | HTMLTextAreaElement;
+                            let input: HTMLElement;
 
                             if (typeof value === 'boolean') {
-                                div.className = 'form-check form-switch mb-3';
-                                const checkInput = document.createElement('input');
-                                checkInput.type = 'checkbox';
-                                checkInput.className = 'form-check-input';
-                                checkInput.checked = value;
-                                checkInput.value = '1';
-                                label.className = 'form-check-label';
-                                div.appendChild(checkInput);
-                                div.appendChild(label);
-                                input = checkInput;
-                            } else if (typeof value === 'number' || !isNaN(Number(value)) && String(value).trim() !== '') {
-                                input = document.createElement('input');
-                                input.type = 'number';
-                                input.className = 'form-control';
-                                input.value = String(value);
-                                div.appendChild(label);
-                                div.appendChild(input);
-                            } else if (key.toLowerCase().includes('email')) {
-                                input = document.createElement('input');
-                                input.type = 'email';
-                                input.className = 'form-control';
-                                input.value = String(value);
-                                div.appendChild(label);
-                                div.appendChild(input);
-                            } else if (key.toLowerCase().includes('date')) {
-                                input = document.createElement('input');
-                                input.type = 'date';
-                                input.className = 'form-control';
-                                input.value = String(value);
-                                div.appendChild(label);
-                                div.appendChild(input);
-                            } else if (String(value).length > 50) {
-                                input = document.createElement('textarea');
-                                input.className = 'form-control';
-                                input.rows = 3;
-                                input.value = String(value);
-                                div.appendChild(label);
-                                div.appendChild(input);
+                                input = addElement('div', { className: 'form-check form-switch mb-3' }, [
+                                    addElement('input', {
+                                        type: 'checkbox',
+                                        className: 'form-check-input',
+                                        checked: value,
+                                        value: '1',
+                                        id: 'config_' + key,
+                                        name: 'config[' + key + ']',
+                                    }),
+                                    addElement('label', {
+                                        className: 'form-check-label',
+                                        textContent: key,
+                                        htmlFor: 'config_' + key,
+                                    }),
+                                ]);
                             } else {
-                                input = document.createElement('input');
-                                input.type = 'text';
-                                input.className = 'form-control';
-                                input.value = String(value);
-                                div.appendChild(label);
-                                div.appendChild(input);
+                                const type = (typeof value === 'number' || !isNaN(Number(value)) && String(value).trim() !== '') ? 'number' :
+                                    (key.toLowerCase().includes('email')) ? 'email' :
+                                        (key.toLowerCase().includes('date')) ? 'date' : 'text';
+
+                                const props: Record<string, any> = {
+                                    className: 'form-control',
+                                    value: String(value),
+                                    id: 'config_' + key,
+                                    name: 'config[' + key + ']',
+                                };
+
+                                if (String(value).length > 50 && type === 'text') {
+                                    input = addElement('div', { className: 'mb-3' }, [
+                                        addElement('label', { className: 'form-label', textContent: key, htmlFor: 'config_' + key }),
+                                        addElement('textarea', { ...props, rows: 3 }),
+                                    ]);
+                                } else {
+                                    input = addElement('div', { className: 'mb-3' }, [
+                                        addElement('label', { className: 'form-label', textContent: key, htmlFor: 'config_' + key }),
+                                        addElement('input', { ...props, type }),
+                                    ]);
+                                }
                             }
 
-                            input.id = 'config_' + key;
-                            input.setAttribute('name', 'config[' + key + ']');
-
                             if (container) {
-                                container.appendChild(div);
+                                container.appendChild(input);
                             }
                         });
                     }
@@ -224,13 +211,16 @@ export const handlePlugins = (): void => {
                 const result = await savePluginConfig(pluginName, configData, csrfToken);
 
                 if (result.success) {
+                    pushNotification(Translator.translate('msgPluginConfigSuccess'));
                     window.location.reload();
                 } else {
-                    pushErrorNotification('Failed to save configuration: ' + (result.message || 'Unknown error'));
+                    pushErrorNotification(
+                        Translator.translate('msgPluginConfigError') + ' ' + (result.message || Translator.translate('msgUnknownError')),
+                    );
                 }
             } catch (error: any) {
                 console.error('Error saving config:', error);
-                pushErrorNotification(error.message || 'An error occurred while saving configuration.');
+                pushErrorNotification(error.message || Translator.translate('msgUnknownError'));
             }
         });
     }
diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php
index 14041a04cc..67a2129251 100644
--- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php
+++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php
@@ -8,7 +8,7 @@
  * obtain one at https://mozilla.org/MPL/2.0/.
  *
  * @package   phpMyFAQ
- * @author    Thorsten Rinne <thorsten@phpmyfaq.de>
+ * @author    Thorsten Rinne
  * @copyright 2025-2026 phpMyFAQ Team
  * @license   https://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
  * @link      https://www.phpmyfaq.de
diff --git a/phpmyfaq/src/phpMyFAQ/Database/DatabaseDriver.php b/phpmyfaq/src/phpMyFAQ/Database/DatabaseDriver.php
index 88c89bdcd3..25dd802920 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/DatabaseDriver.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/DatabaseDriver.php
@@ -137,4 +137,22 @@ public function close();
      * @return string String that you can pass to SQL as in: SELECT <result of phpMyFAQ\DatabaseDriver->now()>
      */
     public function now(): string;
+
+    /**
+     * Prepares a statement for execution and returns a statement object.
+     *
+     * @param string $query   The SQL query
+     * @param array  $options The driver options
+     * @return mixed
+     */
+    public function prepare(string $query, array $options = []): mixed;
+
+    /**
+     * Executes a prepared statement.
+     *
+     * @param mixed $statement The prepared statement
+     * @param array $params    The parameters
+     * @return bool
+     */
+    public function execute(mixed $statement, array $params = []): bool;
 }
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php b/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php
index a72ab70d23..23026389e4 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php
@@ -27,6 +27,32 @@
 use phpMyFAQ\Database;
 use SensitiveParameter;
 
+/**
+ * Class MysqliStatement
+ */
+class MysqliStatement
+{
+    public function __construct(
+        public \mysqli_stmt $stmt,
+        public mixed $result = null,
+    ) {
+    }
+
+    /**
+     * @deprecated Use DatabaseDriver::fetchAll() instead.
+     */
+    public function fetchAll(): array
+    {
+        $ret = [];
+        if ($this->result) {
+            while ($row = $this->result->fetch_object()) {
+                $ret[] = $row;
+            }
+        }
+        return $ret;
+    }
+}
+
 /**
  * Class Mysqli
  *
@@ -140,6 +166,10 @@ public function fetchRow(mixed $result): mixed
      */
     public function fetchAll(mixed $result): ?array
     {
+        if ($result instanceof MysqliStatement) {
+            $result = $result->result;
+        }
+
         $ret = [];
         if (false === $result) {
             throw new Exception('Error while fetching result: ' . $this->error());
@@ -252,7 +282,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
-            $prefix . 'faqdata_plugins',
+            $prefix . 'faqplugins',
         ];
     }
 
@@ -316,6 +346,62 @@ public function query(string $query, int $offset = 0, int $rowcount = 0): mixed
         return $result;
     }
 
+    /**
+     * Prepares a statement for execution and returns a statement object.
+     *
+     * @param string $query   The SQL query
+     * @param array  $options The driver options
+     * @return MysqliStatement|false
+     */
+    public function prepare(string $query, array $options = []): MysqliStatement|false
+    {
+        $stmt = $this->conn->prepare($query);
+        if ($stmt) {
+            return new MysqliStatement($stmt);
+        }
+        return false;
+    }
+
+    /**
+     * Executes a prepared statement.
+     *
+     * @param mixed $statement The prepared statement
+     * @param array $params    The parameters
+     * @return bool
+     */
+    public function execute(mixed $statement, array $params = []): bool
+    {
+        if (!$statement instanceof MysqliStatement) {
+            return false;
+        }
+
+        if (!empty($params)) {
+            $types = '';
+            foreach ($params as $param) {
+                if (is_int($param)) {
+                    $types .= 'i';
+                } elseif (is_float($param)) {
+                    $types .= 'd';
+                } elseif (is_string($param)) {
+                    $types .= 's';
+                } else {
+                    $types .= 'b';
+                }
+            }
+            $statement->stmt->bind_param($types, ...$params);
+        }
+
+        $success = $statement->stmt->execute();
+        if ($success) {
+            $result = $statement->stmt->get_result();
++            if ($result !== false) {
++                $statement->result = $result;
++            }
+        }
+
+        return $success;
+    }
+
     /**
      * Returns the client version string.
      */
diff --git a/phpmyfaq/src/phpMyFAQ/Database/PdoMysql.php b/phpmyfaq/src/phpMyFAQ/Database/PdoMysql.php
index 4bf268d533..47079e3922 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/PdoMysql.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/PdoMysql.php
@@ -219,7 +219,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
-            $prefix . 'faqdata_plugins',
+            $prefix . 'faqplugins',
         ];
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Database/PdoPgsql.php b/phpmyfaq/src/phpMyFAQ/Database/PdoPgsql.php
index d5abe3dc97..c16ad887af 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/PdoPgsql.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/PdoPgsql.php
@@ -218,7 +218,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
-            $prefix . 'faqdata_plugins',
+            $prefix . 'faqplugins',
         ];
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Database/PdoSqlite.php b/phpmyfaq/src/phpMyFAQ/Database/PdoSqlite.php
index 96d34f27c5..2d9b97c5cf 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/PdoSqlite.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/PdoSqlite.php
@@ -243,7 +243,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
-            $prefix . 'faqdata_plugins',
+            $prefix . 'faqplugins',
         ];
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Database/PdoSqlsrv.php b/phpmyfaq/src/phpMyFAQ/Database/PdoSqlsrv.php
index 0c7ec09102..811bbc21fb 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/PdoSqlsrv.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/PdoSqlsrv.php
@@ -219,7 +219,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
-            $prefix . 'faqdata_plugins',
+            $prefix . 'faqplugins',
         ];
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php b/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
index 73ed5f7d43..5fadc8dbc4 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
@@ -27,6 +27,37 @@
 use phpMyFAQ\Database;
 use SensitiveParameter;
 
+/**
+ * Class PgsqlStatement
+ */
+class PgsqlStatement
+{
+    public function __construct(
+        private string $name,
+        public mixed $result = null
+    ) {
+    }
+
+    public function __toString(): string
+    {
+        return $this->name;
+    }
+
+    /**
+     * @deprecated Use DatabaseDriver::fetchAll() instead.
+     */
+    public function fetchAll(): array
+    {
+        $ret = [];
+        if ($this->result) {
+            while ($row = pg_fetch_object($this->result)) {
+                $ret[] = $row;
+            }
+        }
+        return $ret;
+    }
+}
+
 /**
  * Class Pgsql
  *
@@ -52,6 +83,11 @@ class Pgsql implements DatabaseDriver
      */
     private Connection|bool $conn = false;
 
+    /**
+     * Prepared statements.
+     */
+    private array $preparedStatements = [];
+
     /**
      * Connects to the database.
      *
@@ -145,6 +181,10 @@ public function escape(string $string): string
      */
     public function fetchAll(mixed $result): ?array
     {
+        if ($result instanceof PgsqlStatement) {
+            $result = $result->result;
+        }
+
         $ret = [];
         if (false === $result) {
             throw new Exception('Error while fetching result: ' . $this->error());
@@ -314,10 +354,46 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
-            $prefix . 'faqdata_plugins',
+            $prefix . 'faqplugins',
         ];
     }
 
+    /**
+     * Prepares a statement for execution and returns a statement object.
+     *
+     * @param string $query   The SQL query
+     * @param array  $options The driver options
+     * @return PgsqlStatement|false
+     */
+    public function prepare(string $query, array $options = []): PgsqlStatement|false
+    {
+        $stmtName = 'pmf_stmt_' . (count($this->preparedStatements) + 1);
+        if (pg_prepare($this->conn, $stmtName, $query)) {
+            $this->preparedStatements[$stmtName] = $query;
+            return new PgsqlStatement($stmtName);
+        }
+        return false;
+    }
+
+    /**
+     * Executes a prepared statement.
+     *
+     * @param mixed $statement The prepared statement (name)
+     * @param array $params    The parameters
+     * @return bool
+     */
+    public function execute(mixed $statement, array $params = []): bool
+    {
+        $name = (string) $statement;
+        $result = pg_execute($this->conn, $name, $params);
+
+        if ($statement instanceof PgsqlStatement) {
+            $statement->result = $result;
+        }
+
+        return (bool) $result;
+    }
+
     /**
      * Closes the connection to the database.
      */
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php b/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php
index f8b5dc634d..ad890e72bc 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php
@@ -22,6 +22,32 @@
 use phpMyFAQ\Core\Exception;
 use SensitiveParameter;
 
+/**
+ * Class Sqlite3Statement
+ */
+class Sqlite3Statement
+{
+    public function __construct(
+        public \SQLite3Stmt $stmt,
+        public mixed $result = null,
+    ) {
+    }
+
+    /**
+     * @deprecated Use DatabaseDriver::fetchAll() instead.
+     */
+    public function fetchAll(): array
+    {
+        $ret = [];
+        if ($this->result) {
+            while ($row = $this->result->fetchArray(SQLITE3_ASSOC)) {
+                $ret[] = (object) $row;
+            }
+        }
+        return $ret;
+    }
+}
+
 /**
  * Class Sqlite3
  *
@@ -113,6 +139,10 @@ public function fetchRow(mixed $result): mixed
      */
     public function fetchAll(mixed $result): ?array
     {
+        if ($result instanceof Sqlite3Statement) {
+            $result = $result->result;
+        }
+
         $ret = [];
         if (false === $result) {
             throw new Exception('Error while fetching result: ' . $this->error());
@@ -270,7 +300,7 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
-            $prefix . 'faqdata_plugins',
+            $prefix . 'faqplugins',
         ];
     }
 
@@ -304,6 +334,58 @@ public function clientVersion(): string
         return $version['versionString'];
     }
 
+    /**
+     * Prepares a statement for execution and returns a statement object.
+     *
+     * @param string $query   The SQL query
+     * @param array  $options The driver options
+     * @return Sqlite3Statement|false
+     */
+    public function prepare(string $query, array $options = []): Sqlite3Statement|false
+    {
+        $stmt = $this->conn->prepare($query);
+        if ($stmt) {
+            return new Sqlite3Statement($stmt);
+        }
+        return false;
+    }
+
+    /**
+     * Executes a prepared statement.
+     *
+     * @param mixed $statement The prepared statement
+     * @param array $params    The parameters
+     * @return bool
+     */
+    public function execute(mixed $statement, array $params = []): bool
+    {
+        if (!$statement instanceof Sqlite3Statement) {
+            return false;
+        }
+
+        foreach ($params as $index => $param) {
+            $type = SQLITE3_TEXT;
+            if (is_int($param)) {
+                $type = SQLITE3_INTEGER;
+            } elseif (is_float($param)) {
+                $type = SQLITE3_FLOAT;
+            } elseif (is_null($param)) {
+                $type = SQLITE3_NULL;
+            } elseif (is_bool($param)) {
++                $type = SQLITE3_INTEGER;
++                $param = $param ? 1 : 0;
+            }
+            $statement->stmt->bindValue($index + 1, $param, $type);
+        }
+
+        $result = $statement->stmt->execute();
+        if ($result) {
+            $statement->result = $result;
+        }
+
+        return (bool) $result;
+    }
+
     /**
      * Closes the connection to the database.
      */
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php b/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
index fdb3878f2e..08b2721ca1 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
@@ -24,6 +24,37 @@
 use phpMyFAQ\Database;
 use SensitiveParameter;
 
+/**
+ * Class SqlsrvStatement
+ */
+class SqlsrvStatement
+{
+    public function __construct(
+        public mixed $statement,
+        public mixed $result = null,
+    ) {
+    }
+
+    public function __toString(): string
+    {
+        return is_string($this->statement) ? $this->statement : '';
+    }
+
+    /**
+     * @deprecated Use DatabaseDriver::fetchAll() instead.
+     */
+    public function fetchAll(): array
+    {
+        $ret = [];
+        if ($this->result) {
+            while ($row = sqlsrv_fetch_object($this->result)) {
+                $ret[] = $row;
+            }
+        }
+        return $ret;
+    }
+}
+
 /**
  * Class Sqlsrv
  *
@@ -113,6 +144,10 @@ public function fetchRow(mixed $result): mixed
      */
     public function fetchAll(mixed $result): ?array
     {
+        if ($result instanceof SqlsrvStatement) {
+            $result = $result->result;
+        }
+
         $ret = [];
         if (false === $result) {
             throw new Exception('Error while fetching result: ' . $this->error());
@@ -309,10 +344,62 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faquser_right',
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
-            $prefix . 'faqdata_plugins',
+            $prefix . 'faqplugins',
         ];
     }
 
+    /**
+     * Prepares a statement for execution and returns a statement object.
+     *
+     * @param string $query   The SQL query
+     * @param array  $options The driver options
+     * @return SqlsrvStatement|false
+     */
+    public function prepare(string $query, array $options = []): SqlsrvStatement|false
+    {
+        if (str_contains($query, '?')) {
+            return new SqlsrvStatement($query);
+        }
+
+        $stmt = sqlsrv_prepare($this->conn, $query, [], $options);
+        if ($stmt) {
+            return new SqlsrvStatement($stmt);
+        }
+        return false;
+    }
+
+    /**
+     * Executes a prepared statement.
+     *
+     * @param mixed $statement The prepared statement (SqlsrvStatement resource or SQL string)
+     * @param array $params    The parameters
+     * @return bool
+     */
+    public function execute(mixed $statement, array $params = []): bool
+    {
+        if (!$statement instanceof SqlsrvStatement) {
+            return false;
+        }
+
+        if (is_resource($statement->statement) && empty($params)) {
+            $success = sqlsrv_execute($statement->statement);
+            if ($success) {
+                $statement->result = $statement->statement;
+            }
+            return $success;
+        }
+
+        if (is_string($statement->statement)) {
+            $result = sqlsrv_query($this->conn, $statement->statement, $params);
+            if ($result) {
+                $statement->result = $result;
+            }
+            return (bool) $result;
+        }
+
+        return false;
+    }
+
     /**
      * Closes the connection to the database.
      */
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/Mysqli.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/Mysqli.php
index 886a8b846e..d1bc4c81f8 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/Mysqli.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/Mysqli.php
@@ -180,7 +180,7 @@ class Mysqli extends Database implements DriverInterface
             record_id INT(11) NOT NULL,
             group_id INT(11) NOT NULL,
             PRIMARY KEY (record_id, group_id))',
-        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+        'faqplugins' => 'CREATE TABLE %sfaqplugins (
             name VARCHAR(255) NOT NULL,
             active INT(1) NOT NULL DEFAULT 0,
             config LONGTEXT DEFAULT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoMysql.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoMysql.php
index 81c1dc3a56..dd2611f0d4 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoMysql.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoMysql.php
@@ -179,7 +179,7 @@ class PdoMysql extends Database implements DriverInterface
             record_id INT(11) NOT NULL,
             group_id INT(11) NOT NULL,
             PRIMARY KEY (record_id, group_id))',
-        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+        'faqplugins' => 'CREATE TABLE %sfaqplugins (
             name VARCHAR(255) NOT NULL,
             active INT(1) NOT NULL DEFAULT 0,
             config LONGTEXT DEFAULT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoPgsql.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoPgsql.php
index 9961bbfb56..811a78ac8e 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoPgsql.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoPgsql.php
@@ -176,7 +176,7 @@ class PdoPgsql extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
-        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+        'faqplugins' => 'CREATE TABLE %sfaqplugins (
             name VARCHAR(255) NOT NULL,
             active INTEGER NOT NULL DEFAULT 0,
             config TEXT DEFAULT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlite.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlite.php
index 58fda2c48a..c22dc4c3b6 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlite.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlite.php
@@ -173,7 +173,7 @@ class PdoSqlite extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
-        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+        'faqplugins' => 'CREATE TABLE %sfaqplugins (
             name VARCHAR(255) NOT NULL,
             active INTEGER NOT NULL DEFAULT 0,
             config TEXT DEFAULT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlsrv.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlsrv.php
index 474ce413cf..eb271edba7 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlsrv.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/PdoSqlsrv.php
@@ -173,7 +173,7 @@ class PdoSqlsrv extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
-        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+        'faqplugins' => 'CREATE TABLE %sfaqplugins (
             name NVARCHAR(255) NOT NULL,
             active INTEGER NOT NULL DEFAULT 0,
             config VARCHAR(MAX) DEFAULT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/Pgsql.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/Pgsql.php
index 194f9c97d8..92a5289be1 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/Pgsql.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/Pgsql.php
@@ -177,7 +177,7 @@ class Pgsql extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
-        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+        'faqplugins' => 'CREATE TABLE %sfaqplugins (
             name VARCHAR(255) NOT NULL,
             active INTEGER NOT NULL DEFAULT 0,
             config TEXT DEFAULT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlite3.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlite3.php
index f8e6931417..6d63d3657b 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlite3.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlite3.php
@@ -174,7 +174,7 @@ class Sqlite3 extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
-        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+        'faqplugins' => 'CREATE TABLE %sfaqplugins (
             name VARCHAR(255) NOT NULL,
             active INTEGER NOT NULL DEFAULT 0,
             config TEXT DEFAULT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlsrv.php b/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlsrv.php
index 05280e3a04..2245ed2697 100644
--- a/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlsrv.php
+++ b/phpmyfaq/src/phpMyFAQ/Instance/Database/Sqlsrv.php
@@ -174,7 +174,7 @@ class Sqlsrv extends Database implements DriverInterface
             record_id INTEGER NOT NULL,
             group_id INTEGER NOT NULL,
             PRIMARY KEY (record_id, group_id))',
-        'faqdata_plugins' => 'CREATE TABLE %sfaqdata_plugins (
+        'faqplugins' => 'CREATE TABLE %sfaqplugins (
             name NVARCHAR(255) NOT NULL,
             active INTEGER NOT NULL DEFAULT 0,
             config NVARCHAR(MAX) DEFAULT NULL,
diff --git a/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php b/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
index d0f359aee8..082be9b4e9 100644
--- a/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
+++ b/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
@@ -113,6 +113,10 @@ public function loadPlugins(): void
                 $isActive = (bool) $dbPlugins[$pluginName]['active'];
                 if (!empty($dbPlugins[$pluginName]['config']) && $plugin->getConfig()) {
                     $configArray = json_decode($dbPlugins[$pluginName]['config'], true);
+                    if (json_last_error() !== JSON_ERROR_NONE) {
+                        error_log("Failed to decode config for plugin {$pluginName}: " . json_last_error_msg());
+                        continue;
+                    }
                     if (is_array($configArray)) {
                         $configObject = $plugin->getConfig();
                         foreach ($configArray as $key => $value) {
@@ -144,6 +148,7 @@ public function loadPlugins(): void
             } else {
 
                 // I will default to inactive (false) for new plugins found on disk but not in DB.
+
                 $isActive = false;
             }
 
@@ -157,6 +162,7 @@ public function loadPlugins(): void
 
                 if (!empty($plugin->getConfig())) {
                     $this->loadPluginConfig($plugin->getName(), $plugin->getConfig());
+
                     // Apply DB config overrides here if possible
                 }
 
@@ -188,6 +194,7 @@ public function loadPlugins(): void
                     $this->registerPluginScripts($plugin->getName(), $plugin->getScripts());
                 }
             } elseif (!$this->areDependenciesMet($plugin)) {
+
                 $missingDeps = $this->getMissingDependencies($plugin);
                 $this->incompatiblePlugins[$plugin->getName()] = [
                     'plugin' => $plugin,
@@ -231,28 +238,22 @@ public function savePluginConfig(string $pluginName, array $configData): void
     {
         $jsonConfig = json_encode($configData);
         $db = $this->configuration->getDb();
-        $table = \phpMyFAQ\Database::getTablePrefix() . 'faqdata_plugins';
+        $table = \phpMyFAQ\Database::getTablePrefix() . 'faqplugins';
 
         // Check if exists
-        $select = sprintf("SELECT name FROM %s WHERE name = '%s'", $table, $db->escape($pluginName));
-        $result = $db->query($select);
-
-        if ($db->numRows($result) > 0) {
-            $update = sprintf(
-                "UPDATE %s SET config = '%s' WHERE name = '%s'",
-                $table,
-                $db->escape($jsonConfig),
-                $db->escape($pluginName)
-            );
-            $db->query($update);
+        $select = sprintf('SELECT name FROM %s WHERE name = ?', $table);
+        $stmt = $db->prepare($select);
+        $db->execute($stmt, [$pluginName]);
+        $result = $db->fetchAll($stmt);
+
+        if (count($result) > 0) {
+            $update = sprintf('UPDATE %s SET config = ? WHERE name = ?', $table);
+            $stmt = $db->prepare($update);
+            $db->execute($stmt, [$jsonConfig, $pluginName]);
         } else {
-             $insert = sprintf(
-                "INSERT INTO %s (name, active, config) VALUES ('%s', 0, '%s')",
-                $table,
-                $db->escape($pluginName),
-                $db->escape($jsonConfig)
-            );
-            $db->query($insert);
+            $insert = sprintf('INSERT INTO %s (name, active, config) VALUES (?, 0, ?)', $table);
+            $stmt = $db->prepare($insert);
+            $db->execute($stmt, [$pluginName, $jsonConfig]);
         }
     }
 
@@ -262,29 +263,24 @@ public function savePluginConfig(string $pluginName, array $configData): void
     private function updatePluginStatus(string $pluginName, bool $active): void
     {
         $db = $this->configuration->getDb();
-        $table = \phpMyFAQ\Database::getTablePrefix() . 'faqdata_plugins';
+        $table = \phpMyFAQ\Database::getTablePrefix() . 'faqplugins';
         $activeInt = $active ? 1 : 0;
 
         // Check if exists
-        $select = sprintf("SELECT name FROM %s WHERE name = '%s'", $table, $db->escape($pluginName));
-        $result = $db->query($select);
-
-        if ($db->numRows($result) > 0) {
-            $query = sprintf(
-                "UPDATE %s SET active = %d WHERE name = '%s'",
-                $table,
-                $activeInt,
-                $db->escape($pluginName)
-            );
+        $select = sprintf('SELECT name FROM %s WHERE name = ?', $table);
+        $stmt = $db->prepare($select);
+        $db->execute($stmt, [$pluginName]);
+        $result = $db->fetchAll($stmt);
+
+        if (count($result) > 0) {
+            $query = sprintf('UPDATE %s SET active = ? WHERE name = ?', $table);
+            $params = [$activeInt, $pluginName];
         } else {
-            $query = sprintf(
-                "INSERT INTO %s (name, active) VALUES ('%s', %d)",
-                $table,
-                $db->escape($pluginName),
-                $activeInt
-            );
+            $query = sprintf('INSERT INTO %s (name, active) VALUES (?, ?)', $table);
+            $params = [$pluginName, $activeInt];
         }
-        $db->query($query);
+        $stmt = $db->prepare($query);
+        $db->execute($stmt, $params);
     }
 
     /**
@@ -293,7 +289,7 @@ private function updatePluginStatus(string $pluginName, bool $active): void
     private function getPluginsFromDatabase(): array
     {
         $db = $this->configuration->getDb();
-        $table = \phpMyFAQ\Database::getTablePrefix() . 'faqdata_plugins';
+        $table = \phpMyFAQ\Database::getTablePrefix() . 'faqplugins';
 
         // Ensure table exists to avoid crashes during update/install if not yet run
         try {
@@ -396,6 +392,11 @@ private function getPluginDirectory(string $pluginName): string
         return PMF_ROOT_DIR . '/content/plugins/' . $pluginName;
     }
 
+    /**
+     * Registers stylesheets for a plugin
+     *
+     * @param string[] $stylesheets Relative paths to CSS files
+     */
     private function registerPluginStylesheets(string $pluginName, array $stylesheets): void
     {
         $pluginDir = $this->getPluginDirectory($pluginName);
diff --git a/phpmyfaq/src/phpMyFAQ/Setup/Update.php b/phpmyfaq/src/phpMyFAQ/Setup/Update.php
index 004ba8025b..6178583b1d 100644
--- a/phpmyfaq/src/phpMyFAQ/Setup/Update.php
+++ b/phpmyfaq/src/phpMyFAQ/Setup/Update.php
@@ -1132,7 +1132,7 @@ private function applyUpdates420Alpha(): void
                 case 'mysqli':
                 case 'pdo_mysql':
                     $this->queries[] = sprintf(
-                        'CREATE TABLE %sfaqdata_plugins (
+                        'CREATE TABLE %sfaqplugins (
                             name VARCHAR(255) NOT NULL,
                             active INT(1) NOT NULL DEFAULT 0,
                             config LONGTEXT DEFAULT NULL,
@@ -1144,7 +1144,7 @@ private function applyUpdates420Alpha(): void
                 case 'pgsql':
                 case 'pdo_pgsql':
                     $this->queries[] = sprintf(
-                        'CREATE TABLE %sfaqdata_plugins (
+                        'CREATE TABLE %sfaqplugins (
                             name VARCHAR(255) NOT NULL,
                             active INTEGER NOT NULL DEFAULT 0,
                             config TEXT DEFAULT NULL,
@@ -1155,7 +1155,7 @@ private function applyUpdates420Alpha(): void
                 case 'sqlite3':
                 case 'pdo_sqlite':
                     $this->queries[] = sprintf(
-                        'CREATE TABLE %sfaqdata_plugins (
+                        'CREATE TABLE %sfaqplugins (
                             name VARCHAR(255) NOT NULL,
                             active INTEGER NOT NULL DEFAULT 0,
                             config TEXT DEFAULT NULL,
@@ -1166,7 +1166,7 @@ private function applyUpdates420Alpha(): void
                 case 'sqlsrv':
                 case 'pdo_sqlsrv':
                     $this->queries[] = sprintf(
-                        'CREATE TABLE %sfaqdata_plugins (
+                        'CREATE TABLE %sfaqplugins (
                             name NVARCHAR(255) NOT NULL,
                             active INTEGER NOT NULL DEFAULT 0,
                             config VARCHAR(MAX) DEFAULT NULL,
diff --git a/phpmyfaq/translations/language_de.php b/phpmyfaq/translations/language_de.php
index b0fc9b3500..9350b71a08 100755
--- a/phpmyfaq/translations/language_de.php
+++ b/phpmyfaq/translations/language_de.php
@@ -1543,6 +1543,11 @@
 $PMF_LANG['msgErrorDetails'] = 'Fehlerdetails';
 $PMF_LANG['msgTryAgain'] = 'Erneut versuchen';
 $PMF_LANG['msgAdminLogExportCsv'] = "Admin-Logs als CSV exportieren";
+$PMF_LANG['msgPluginStatusSuccess'] = 'Plugin-Status erfolgreich aktualisiert.';
+$PMF_LANG['msgPluginStatusError'] = 'Plugin-Status konnte nicht aktualisiert werden:';
+$PMF_LANG['msgPluginConfigSuccess'] = 'Plugin-Konfiguration erfolgreich gespeichert.';
+$PMF_LANG['msgPluginConfigError'] = 'Konfiguration konnte nicht gespeichert werden:';
+$PMF_LANG['msgUnknownError'] = 'Unbekannter Fehler';
 
 
 return $PMF_LANG;
diff --git a/phpmyfaq/translations/language_en.php b/phpmyfaq/translations/language_en.php
index 9bacb72847..0c2f0b1f18 100644
--- a/phpmyfaq/translations/language_en.php
+++ b/phpmyfaq/translations/language_en.php
@@ -1542,6 +1542,11 @@
 $PMF_LANG['msgErrorDetails'] = 'Error Details';
 $PMF_LANG['msgTryAgain'] = 'Try Again';
 $PMF_LANG['msgAdminLogExportCsv'] = 'Export admin logs as CSV';
+$PMF_LANG['msgPluginStatusSuccess'] = 'Plugin status updated successfully.';
+$PMF_LANG['msgPluginStatusError'] = 'Failed to update plugin status:';
+$PMF_LANG['msgPluginConfigSuccess'] = 'Plugin configuration saved.';
+$PMF_LANG['msgPluginConfigError'] = 'Failed to save configuration:';
+$PMF_LANG['msgUnknownError'] = 'Unknown error';
 
 
 return $PMF_LANG;

From d495931a81cc11f77e2f48bf7a4c632864bf8f71 Mon Sep 17 00:00:00 2001
From: d0ubIeU <github@wadewitz.it>
Date: Thu, 8 Jan 2026 21:05:08 +0100
Subject: [PATCH 9/9] fix

---
 docs/plugins.md                                       |  4 +++-
 .../Administration/Api/PluginController.php           |  5 ++---
 phpmyfaq/src/phpMyFAQ/Database/Mysqli.php             | 11 +++--------
 phpmyfaq/src/phpMyFAQ/Database/Pgsql.php              |  2 +-
 phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php            |  9 ++-------
 phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php             |  2 +-
 phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php        |  6 ++----
 7 files changed, 14 insertions(+), 25 deletions(-)

diff --git a/docs/plugins.md b/docs/plugins.md
index 26f5ea5779..8d31817656 100644
--- a/docs/plugins.md
+++ b/docs/plugins.md
@@ -30,7 +30,7 @@ class MyPluginConfiguration implements PluginConfigurationInterface
     }
 }
 ```
-These predefined values ​​in the file form the basis for the configuration options in the backend plugin overview. All future changes to these values ​​in the backend plugin settings will be saved in the database.
+These predefined values in the file form the basis for the configuration options in the backend plugin overview. All future changes to these values in the backend plugin settings will be saved in the database.
 
 ## 9.3 Plugin development
 
@@ -91,11 +91,13 @@ class MyPlugin implements PluginInterface
         return 'phpMyFAQ Team';
     }
 
+    // Extended description of the plugin that will be displayed in the plugin settings
     public function getAdvDescription(): string
     {
         return 'A simple Hello World plugin that demonstrates event handling in phpMyFAQ and with Configuration options.';
     }
 
+    // Implementation of the plugin that will be displayed in the plugin settings
     public function getImplementation(): string
     {
         return '{{ phpMyFAQPlugin(\'hello.world\', \'Hello, World!\') | raw }} oder {{ phpMyFAQPlugin(\'user.login\', \'John Doe\') | raw }}';
diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php
index 67a2129251..cb7c1200c3 100644
--- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php
+++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/PluginController.php
@@ -32,7 +32,7 @@ final class PluginController extends AbstractAdministrationController
     public function toggleStatus(Request $request): JsonResponse
     {
         $csrfToken = $request->headers->get('X-CSRF-Token');
-        if (!Token::getInstance($this->session)->verifyToken($csrfToken, 'admin-plugins')) {
+        if (!Token::getInstance($this->session)->verifyToken('admin-plugins', $csrfToken)) {
             return new JsonResponse(['success' => false, 'message' => 'Invalid CSRF token'], 403);
         }
 
@@ -79,8 +79,7 @@ public function saveConfig(Request $request): JsonResponse
         }
 
         $csrfToken = $data['csrf'] ?? $request->headers->get('X-CSRF-Token');
-        if (!Token::getInstance($this->session)->verifyToken($csrfToken, 'admin-plugins')) {
-            return new JsonResponse(['success' => false, 'message' => 'Invalid CSRF token'], 403);
+        if (!Token::getInstance($this->session)->verifyToken('admin-plugins', $csrfToken)) {            return new JsonResponse(['success' => false, 'message' => 'Invalid CSRF token'], 403);
         }
 
         $pluginManager = $this->container->get(id: 'phpmyfaq.plugin.plugin-manager');
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php b/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php
index 26a224a992..59643bcd29 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Mysqli.php
@@ -170,10 +170,6 @@ public function fetchAll(mixed $result): ?array
             $result = $result->result;
         }
 
-        if ($result instanceof MysqliStatement) {
-            $result = $result->result;
-        }
-
         $ret = [];
         if (false === $result) {
             throw new Exception('Error while fetching result: ' . $this->error());
@@ -287,7 +283,6 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
             $prefix . 'faqplugins',
-            $prefix . 'faqplugins',
         ];
     }
 
@@ -399,9 +394,9 @@ public function execute(mixed $statement, array $params = []): bool
         $success = $statement->stmt->execute();
         if ($success) {
             $result = $statement->stmt->get_result();
-+            if ($result !== false) {
-+                $statement->result = $result;
-+            }
+            if ($result !== false) {
+                $statement->result = $result;
+            }
         }
 
         return $success;
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php b/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
index 5fadc8dbc4..df54ab6d1d 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Pgsql.php
@@ -34,7 +34,7 @@ class PgsqlStatement
 {
     public function __construct(
         private string $name,
-        public mixed $result = null
+        public mixed $result = null,
     ) {
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php b/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php
index a67d2eccbc..7f07dadf04 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Sqlite3.php
@@ -143,10 +143,6 @@ public function fetchAll(mixed $result): ?array
             $result = $result->result;
         }
 
-        if ($result instanceof Sqlite3Statement) {
-            $result = $result->result;
-        }
-
         $ret = [];
         if (false === $result) {
             throw new Exception('Error while fetching result: ' . $this->error());
@@ -305,7 +301,6 @@ public function getTableNames(string $prefix = ''): array
             $prefix . 'faqvisits',
             $prefix . 'faqvoting',
             $prefix . 'faqplugins',
-            $prefix . 'faqplugins',
         ];
     }
 
@@ -377,8 +372,8 @@ public function execute(mixed $statement, array $params = []): bool
             } elseif (is_null($param)) {
                 $type = SQLITE3_NULL;
             } elseif (is_bool($param)) {
-+                $type = SQLITE3_INTEGER;
-+                $param = $param ? 1 : 0;
+                $type = SQLITE3_INTEGER;
+                $param = $param ? 1 : 0;
             }
             $statement->stmt->bindValue($index + 1, $param, $type);
         }
diff --git a/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php b/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
index 0e9c3665bf..8bec064e99 100644
--- a/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
+++ b/phpmyfaq/src/phpMyFAQ/Database/Sqlsrv.php
@@ -31,7 +31,7 @@ class SqlsrvStatement
 {
     public function __construct(
         public mixed $statement,
-        public mixed $result = null
+        public mixed $result = null,
     ) {
     }
 
diff --git a/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php b/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
index 5b2a592a70..2effbe2a92 100644
--- a/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
+++ b/phpmyfaq/src/phpMyFAQ/Plugin/PluginManager.php
@@ -130,7 +130,7 @@ public function loadPlugins(): void
                                                 $value = (int) $value;
                                                 break;
                                             case 'bool':
-                                                $value = filter_var($value, FILTER_VALIDATE_BOOLEAN);
+                                                $value = (bool) $value;
                                                 break;
                                             case 'float':
                                                 $value = (float) $value;
@@ -146,7 +146,6 @@ public function loadPlugins(): void
                     }
                 }
             } else {
-
                 // I will default to inactive (false) for new plugins found on disk but not in DB.
 
                 $isActive = false;
@@ -194,7 +193,6 @@ public function loadPlugins(): void
                     $this->registerPluginScripts($plugin->getName(), $plugin->getScripts());
                 }
             } elseif (!$this->areDependenciesMet($plugin)) {
-
                 $missingDeps = $this->getMissingDependencies($plugin);
                 $this->incompatiblePlugins[$plugin->getName()] = [
                     'plugin' => $plugin,
@@ -290,7 +288,7 @@ private function getPluginsFromDatabase(): array
     {
         $db = $this->configuration->getDb();
         $table = \phpMyFAQ\Database::getTablePrefix() . 'faqplugins';
-        
+
         // Ensure table exists to avoid crashes during update/install if not yet run
         try {
             $result = $db->query("SELECT name, active, config FROM $table");