Version Description
- Changes in all versions:
- Fix. Added nonce field to URLs during updating translations or show system info (CSRF checking), to prevent potential unwanted actions from other users. (9.2.2.1)
Download this release
Release Info
| Developer | wpdevelop |
| Plugin |  Booking Calendar |
| Version | 9.2.2 |
| Comparing to | |
| See all releases | |
Code changes from version 9.2.1 to 9.2.2
- core/admin/api-settings.php +3 -3
- core/admin/page-settings.php +2 -2
- core/admin/wpbc-settings-functions.php +7 -6
- core/wpbc-functions.php +3 -1
- core/wpbc-translation.php +5 -5
- css/admin.css +13 -0
- readme.txt +5 -1
- wpdev-booking.php +2 -2
core/admin/api-settings.php
CHANGED
|
@@ -1193,7 +1193,7 @@ class WPBC_Settings_API_General extends WPBC_Settings_API {
|
|
| 1193 |
|
| 1194 |
$my_system_buttons .= '<a class="button button" href="'
|
| 1195 |
. wpbc_get_settings_url()
|
| 1196 |
-
. '&system_info=show&booking_system_info=show#wpbc_general_settings_system_info_metabox">'
|
| 1197 |
. 'Booking System ' . __('Info' ,'booking')
|
| 1198 |
. '</a>';
|
| 1199 |
//FixIn: 8.4.7.19
|
|
@@ -1207,10 +1207,10 @@ class WPBC_Settings_API_General extends WPBC_Settings_API {
|
|
| 1207 |
|
| 1208 |
$my_system_buttons .= '<div style="width:100%;height:2em;border-bottom:1px dashed #777;margin-bottom:1em;"></div>';
|
| 1209 |
|
| 1210 |
-
// Link: http://server.com/wp-admin/admin.php?page=wpbc-settings&system_info=show&reset=custom_forms#wpbc_general_settings_system_info_metabox
|
| 1211 |
$my_system_buttons .= ' <a class="button button-secondary" style="background:#fff9e6;" href="'
|
| 1212 |
. wpbc_get_settings_url()
|
| 1213 |
-
. '&system_info=show&reset=custom_forms#wpbc_general_settings_system_info_metabox">'
|
| 1214 |
. 'Reset custom forms'
|
| 1215 |
. '</a>';
|
| 1216 |
}
|
| 1193 |
|
| 1194 |
$my_system_buttons .= '<a class="button button" href="'
|
| 1195 |
. wpbc_get_settings_url()
|
| 1196 |
+
. '&system_info=show&_wpnonce='. wp_create_nonce( 'wpbc_settings_url_nonce' ) .'&booking_system_info=show#wpbc_general_settings_system_info_metabox">'
|
| 1197 |
. 'Booking System ' . __('Info' ,'booking')
|
| 1198 |
. '</a>';
|
| 1199 |
//FixIn: 8.4.7.19
|
| 1207 |
|
| 1208 |
$my_system_buttons .= '<div style="width:100%;height:2em;border-bottom:1px dashed #777;margin-bottom:1em;"></div>';
|
| 1209 |
|
| 1210 |
+
// Link: http://server.com/wp-admin/admin.php?page=wpbc-settings&system_info=show&_wpnonce='. wp_create_nonce( 'wpbc_settings_url_nonce' ) .' &reset=custom_forms#wpbc_general_settings_system_info_metabox
|
| 1211 |
$my_system_buttons .= ' <a class="button button-secondary" style="background:#fff9e6;" href="'
|
| 1212 |
. wpbc_get_settings_url()
|
| 1213 |
+
. '&system_info=show&_wpnonce='. wp_create_nonce( 'wpbc_settings_url_nonce' ) .'&reset=custom_forms#wpbc_general_settings_system_info_metabox">'
|
| 1214 |
. 'Reset custom forms'
|
| 1215 |
. '</a>';
|
| 1216 |
}
|
core/admin/page-settings.php
CHANGED
|
@@ -329,7 +329,7 @@ class WPBC_Page_SettingsGeneral extends WPBC_Page_Structure {
|
|
| 329 |
echo
|
| 330 |
'<a class="button button" href="'
|
| 331 |
. wpbc_get_settings_url()
|
| 332 |
-
. '&system_info=show&update_translations=1#wpbc_general_settings_system_info_metabox">'
|
| 333 |
. __( 'Update Translations' )
|
| 334 |
. '</a>';
|
| 335 |
}
|
|
@@ -338,7 +338,7 @@ class WPBC_Page_SettingsGeneral extends WPBC_Page_Structure {
|
|
| 338 |
if ( ! wpbc_is_this_demo() ) {
|
| 339 |
|
| 340 |
echo '<a style="margin:0 2em;" class="button button" href="' . wpbc_get_settings_url()
|
| 341 |
-
. '&system_info=show&restore_dismissed=On#wpbc_general_settings_restore_dismissed_metabox">'
|
| 342 |
. __('Restore all dismissed windows' ,'booking')
|
| 343 |
. '</a>';
|
| 344 |
}
|
| 329 |
echo
|
| 330 |
'<a class="button button" href="'
|
| 331 |
. wpbc_get_settings_url()
|
| 332 |
+
. '&system_info=show&_wpnonce='. wp_create_nonce( 'wpbc_settings_url_nonce' ) .'&update_translations=1#wpbc_general_settings_system_info_metabox">'
|
| 333 |
. __( 'Update Translations' )
|
| 334 |
. '</a>';
|
| 335 |
}
|
| 338 |
if ( ! wpbc_is_this_demo() ) {
|
| 339 |
|
| 340 |
echo '<a style="margin:0 2em;" class="button button" href="' . wpbc_get_settings_url()
|
| 341 |
+
. '&system_info=show&_wpnonce='. wp_create_nonce( 'wpbc_settings_url_nonce' ) .'&restore_dismissed=On#wpbc_general_settings_restore_dismissed_metabox">'
|
| 342 |
. __('Restore all dismissed windows' ,'booking')
|
| 343 |
. '</a>';
|
| 344 |
}
|
core/admin/wpbc-settings-functions.php
CHANGED
|
@@ -21,6 +21,7 @@ if ( ! defined( 'ABSPATH' ) ) exit;
|
|
| 21 |
function wpbc_is_show_general_setting_options(){ //FixIn: 8.9.4.11
|
| 22 |
|
| 23 |
if ( ( isset( $_GET['system_info'] ) ) && ( $_GET['system_info'] == 'show' ) ) {
|
|
|
|
| 24 |
return false;
|
| 25 |
}
|
| 26 |
return true;
|
|
@@ -67,7 +68,7 @@ add_action( 'wpbc_hook_settings_page_footer', 'wpbc_settings__system_info' ,10,
|
|
| 67 |
/**
|
| 68 |
* System info section - Reset Custom Booking forms
|
| 69 |
*
|
| 70 |
-
* Link: http://server.com/wp-admin/admin.php?page=wpbc-settings&system_info=show&reset=custom_forms#wpbc_general_settings_system_info_metabox
|
| 71 |
*
|
| 72 |
*/
|
| 73 |
function wpbc_settings__system_info__reset_booking_forms() {
|
|
@@ -94,7 +95,7 @@ function wpbc_settings__system_info__reset_booking_forms() {
|
|
| 94 |
/**
|
| 95 |
* System info section - Generate new translation PHP files from POT file
|
| 96 |
*
|
| 97 |
-
* // Link: http://server.com/wp-admin/admin.php?page=wpbc-settings&system_info=show&pot=1#wpbc_general_settings_system_info_metabox
|
| 98 |
*
|
| 99 |
*/
|
| 100 |
function wpbc_settings__system_info__generate_php_from_pot() {
|
|
@@ -117,7 +118,7 @@ function wpbc_settings__system_info__generate_php_from_pot() {
|
|
| 117 |
/**
|
| 118 |
* System info section - Update translations
|
| 119 |
*
|
| 120 |
-
* // Link: http://server.com/wp-admin/admin.php?page=wpbc-settings&system_info=show&update_translations=1#wpbc_general_settings_system_info_metabox
|
| 121 |
*
|
| 122 |
*/
|
| 123 |
function wpbc_settings__system_info__update_translations() {
|
|
@@ -140,7 +141,7 @@ function wpbc_settings__system_info__update_translations() {
|
|
| 140 |
/**
|
| 141 |
* System info section - Show translation status
|
| 142 |
*
|
| 143 |
-
* // Link: http://server.com/wp-admin/admin.php?page=wpbc-settings&system_info=show&show_translation_status=1#wpbc_general_settings_system_info_metabox
|
| 144 |
*
|
| 145 |
*/
|
| 146 |
function wpbc_settings__system_info__show_translation_status() {
|
|
@@ -171,7 +172,7 @@ function wpbc_settings__system_info__show_translation_status() {
|
|
| 171 |
/**
|
| 172 |
* System info section - Showing information about system - php, server, active plugins, etc...
|
| 173 |
*
|
| 174 |
-
* Link: http://server.com/wp-admin/admin.php?page=wpbc-settings&system_info=show#wpbc_general_settings_system_info_metabox
|
| 175 |
*/
|
| 176 |
function wpbc_settings__system_info__show_system_info(){
|
| 177 |
|
|
@@ -189,7 +190,7 @@ function wpbc_settings__system_info__show_system_info(){
|
|
| 189 |
/**
|
| 190 |
* System info section - Restore Dismissed Windows
|
| 191 |
*
|
| 192 |
-
* // Link: http://server.com/wp-admin/admin.php?page=wpbc-settings&system_info=show&restore_dismissed=On#wpbc_general_settings_restore_dismissed_metabox
|
| 193 |
*
|
| 194 |
*/
|
| 195 |
function wpbc_settings__system_info__restore_dismissed_windows(){
|
| 21 |
function wpbc_is_show_general_setting_options(){ //FixIn: 8.9.4.11
|
| 22 |
|
| 23 |
if ( ( isset( $_GET['system_info'] ) ) && ( $_GET['system_info'] == 'show' ) ) {
|
| 24 |
+
$nonce_gen_time = check_admin_referer( 'wpbc_settings_url_nonce' ); //FixIn: 9.2.2.1
|
| 25 |
return false;
|
| 26 |
}
|
| 27 |
return true;
|
| 68 |
/**
|
| 69 |
* System info section - Reset Custom Booking forms
|
| 70 |
*
|
| 71 |
+
* Link: http://server.com/wp-admin/admin.php?page=wpbc-settings&system_info=show&_wpnonce='. wp_create_nonce( 'wpbc_settings_url_nonce' ) .' &reset=custom_forms#wpbc_general_settings_system_info_metabox
|
| 72 |
*
|
| 73 |
*/
|
| 74 |
function wpbc_settings__system_info__reset_booking_forms() {
|
| 95 |
/**
|
| 96 |
* System info section - Generate new translation PHP files from POT file
|
| 97 |
*
|
| 98 |
+
* // Link: http://server.com/wp-admin/admin.php?page=wpbc-settings&system_info=show&_wpnonce='. wp_create_nonce( 'wpbc_settings_url_nonce' ) .' &pot=1#wpbc_general_settings_system_info_metabox
|
| 99 |
*
|
| 100 |
*/
|
| 101 |
function wpbc_settings__system_info__generate_php_from_pot() {
|
| 118 |
/**
|
| 119 |
* System info section - Update translations
|
| 120 |
*
|
| 121 |
+
* // Link: http://server.com/wp-admin/admin.php?page=wpbc-settings&system_info=show&_wpnonce='. wp_create_nonce( 'wpbc_settings_url_nonce' ) .' &update_translations=1#wpbc_general_settings_system_info_metabox
|
| 122 |
*
|
| 123 |
*/
|
| 124 |
function wpbc_settings__system_info__update_translations() {
|
| 141 |
/**
|
| 142 |
* System info section - Show translation status
|
| 143 |
*
|
| 144 |
+
* // Link: http://server.com/wp-admin/admin.php?page=wpbc-settings&system_info=show&_wpnonce='. wp_create_nonce( 'wpbc_settings_url_nonce' ) .' &show_translation_status=1#wpbc_general_settings_system_info_metabox
|
| 145 |
*
|
| 146 |
*/
|
| 147 |
function wpbc_settings__system_info__show_translation_status() {
|
| 172 |
/**
|
| 173 |
* System info section - Showing information about system - php, server, active plugins, etc...
|
| 174 |
*
|
| 175 |
+
* Link: http://server.com/wp-admin/admin.php?page=wpbc-settings&system_info=show&_wpnonce='. wp_create_nonce( 'wpbc_settings_url_nonce' ) .' #wpbc_general_settings_system_info_metabox
|
| 176 |
*/
|
| 177 |
function wpbc_settings__system_info__show_system_info(){
|
| 178 |
|
| 190 |
/**
|
| 191 |
* System info section - Restore Dismissed Windows
|
| 192 |
*
|
| 193 |
+
* // Link: http://server.com/wp-admin/admin.php?page=wpbc-settings&system_info=show&_wpnonce='. wp_create_nonce( 'wpbc_settings_url_nonce' ) .' &restore_dismissed=On#wpbc_general_settings_restore_dismissed_metabox
|
| 194 |
*
|
| 195 |
*/
|
| 196 |
function wpbc_settings__system_info__restore_dismissed_windows(){
|
core/wpbc-functions.php
CHANGED
|
@@ -1863,7 +1863,9 @@ $is_old = false;
|
|
| 1863 |
|
| 1864 |
$is_user_activated = apply_bk_filter('multiuser_is_current_user_active', true ); //FixIn: 6.0.1.17
|
| 1865 |
if ( ( $update_count > 0) && ( $is_user_activated ) ) {
|
| 1866 |
-
$update_count_title = " <span
|
|
|
|
|
|
|
| 1867 |
$update_title .= $update_count_title;
|
| 1868 |
}
|
| 1869 |
|
| 1863 |
|
| 1864 |
$is_user_activated = apply_bk_filter('multiuser_is_current_user_active', true ); //FixIn: 6.0.1.17
|
| 1865 |
if ( ( $update_count > 0) && ( $is_user_activated ) ) {
|
| 1866 |
+
$update_count_title = " <span class='booking-count bk-update-count' style='background: #f0f0f1;color: #2c3338;display: inline;padding: 2px 5px;font-weight: 600;border-radius: 10px;'>"
|
| 1867 |
+
. number_format_i18n($update_count)
|
| 1868 |
+
. "</span>" ; //id='booking-count'
|
| 1869 |
$update_title .= $update_count_title;
|
| 1870 |
}
|
| 1871 |
|
core/wpbc-translation.php
CHANGED
|
@@ -564,14 +564,14 @@ function wpbc_translation_buttons_settings_section(){
|
|
| 564 |
echo
|
| 565 |
'<a class="button button" href="'
|
| 566 |
. wpbc_get_settings_url()
|
| 567 |
-
. '&system_info=show&update_translations=1#wpbc_general_settings_system_info_metabox">'
|
| 568 |
. __( 'Update Translations' )
|
| 569 |
. '</a>';
|
| 570 |
|
| 571 |
echo
|
| 572 |
'<a class="button button" href="'
|
| 573 |
. wpbc_get_settings_url()
|
| 574 |
-
. '&system_info=show&show_translation_status=1#wpbc_general_settings_system_info_metabox">'
|
| 575 |
. __( 'Show translations status', 'booking' )
|
| 576 |
. '</a>';
|
| 577 |
|
|
@@ -584,14 +584,14 @@ function wpbc_translation_buttons_settings_section(){
|
|
| 584 |
echo
|
| 585 |
'<a class="button button-secondary" style="background:#fff9e6;" href="'
|
| 586 |
. wpbc_get_settings_url()
|
| 587 |
-
. '&system_info=show&pot=1#wpbc_general_settings_system_info_metabox">'
|
| 588 |
. 'Generate POT file'
|
| 589 |
. '</a>';
|
| 590 |
|
| 591 |
echo
|
| 592 |
'<a class="button button-secondary" style="background:#fff9e6;" href="'
|
| 593 |
. wpbc_get_settings_url()
|
| 594 |
-
. '&system_info=show&show_translation_status=2#wpbc_general_settings_system_info_metabox">'
|
| 595 |
. 'Translation status WP.ORG'
|
| 596 |
. '</a>';
|
| 597 |
|
|
@@ -599,7 +599,7 @@ function wpbc_translation_buttons_settings_section(){
|
|
| 599 |
echo
|
| 600 |
'<a class="button button-secondary" style="background:#fff9e6;" href="'
|
| 601 |
. wpbc_get_settings_url()
|
| 602 |
-
. '&system_info=show&show_translation_status=3#wpbc_general_settings_system_info_metabox">'
|
| 603 |
. 'Translation status WPBC'
|
| 604 |
. '</a>';
|
| 605 |
}
|
| 564 |
echo
|
| 565 |
'<a class="button button" href="'
|
| 566 |
. wpbc_get_settings_url()
|
| 567 |
+
. '&system_info=show&_wpnonce='. wp_create_nonce( 'wpbc_settings_url_nonce' ) .'&update_translations=1#wpbc_general_settings_system_info_metabox">'
|
| 568 |
. __( 'Update Translations' )
|
| 569 |
. '</a>';
|
| 570 |
|
| 571 |
echo
|
| 572 |
'<a class="button button" href="'
|
| 573 |
. wpbc_get_settings_url()
|
| 574 |
+
. '&system_info=show&_wpnonce='. wp_create_nonce( 'wpbc_settings_url_nonce' ) .'&show_translation_status=1#wpbc_general_settings_system_info_metabox">'
|
| 575 |
. __( 'Show translations status', 'booking' )
|
| 576 |
. '</a>';
|
| 577 |
|
| 584 |
echo
|
| 585 |
'<a class="button button-secondary" style="background:#fff9e6;" href="'
|
| 586 |
. wpbc_get_settings_url()
|
| 587 |
+
. '&system_info=show&_wpnonce='. wp_create_nonce( 'wpbc_settings_url_nonce' ) .'&pot=1#wpbc_general_settings_system_info_metabox">'
|
| 588 |
. 'Generate POT file'
|
| 589 |
. '</a>';
|
| 590 |
|
| 591 |
echo
|
| 592 |
'<a class="button button-secondary" style="background:#fff9e6;" href="'
|
| 593 |
. wpbc_get_settings_url()
|
| 594 |
+
. '&system_info=show&_wpnonce='. wp_create_nonce( 'wpbc_settings_url_nonce' ) .'&show_translation_status=2#wpbc_general_settings_system_info_metabox">'
|
| 595 |
. 'Translation status WP.ORG'
|
| 596 |
. '</a>';
|
| 597 |
|
| 599 |
echo
|
| 600 |
'<a class="button button-secondary" style="background:#fff9e6;" href="'
|
| 601 |
. wpbc_get_settings_url()
|
| 602 |
+
. '&system_info=show&_wpnonce='. wp_create_nonce( 'wpbc_settings_url_nonce' ) .'&show_translation_status=3#wpbc_general_settings_system_info_metabox">'
|
| 603 |
. 'Translation status WPBC'
|
| 604 |
. '</a>';
|
| 605 |
}
|
css/admin.css
CHANGED
|
@@ -319,3 +319,16 @@ select option.wpbc_child_resource{
|
|
| 319 |
margin: 1em 1em 0;
|
| 320 |
}
|
| 321 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 319 |
margin: 1em 1em 0;
|
| 320 |
}
|
| 321 |
|
| 322 |
+
#wpadminbar a .bk-update-count {
|
| 323 |
+
background: #f0f0f1;
|
| 324 |
+
color: #2c3338;
|
| 325 |
+
display: inline;
|
| 326 |
+
padding: 2px 5px;
|
| 327 |
+
font-size: 10px;
|
| 328 |
+
font-weight: 600;
|
| 329 |
+
border-radius: 10px;
|
| 330 |
+
}
|
| 331 |
+
#wpadminbar a:hover .bk-update-count {
|
| 332 |
+
background: #fff;
|
| 333 |
+
color: #000;
|
| 334 |
+
}
|
readme.txt
CHANGED
|
@@ -5,7 +5,7 @@ Tags: booking calendar, booking system, availability calendar, events calendar,
|
|
| 5 |
Requires at least: 4.0
|
| 6 |
Requires PHP: 5.6
|
| 7 |
Tested up to: 6.0
|
| 8 |
-
Stable tag: 9.2.
|
| 9 |
License: GPLv2 or later
|
| 10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 11 |
|
|
@@ -232,6 +232,10 @@ Please see [Video Guides](https://wpbookingcalendar.com/help/).
|
|
| 232 |
|
| 233 |
|
| 234 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
| 235 |
= 9.2.1 =
|
| 236 |
- Changes in **all** versions:
|
| 237 |
* **Fix**. Removed minimized files.
|
| 5 |
Requires at least: 4.0
|
| 6 |
Requires PHP: 5.6
|
| 7 |
Tested up to: 6.0
|
| 8 |
+
Stable tag: 9.2.2
|
| 9 |
License: GPLv2 or later
|
| 10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 11 |
|
| 232 |
|
| 233 |
|
| 234 |
== Changelog ==
|
| 235 |
+
= 9.2.2 =
|
| 236 |
+
- Changes in **all** versions:
|
| 237 |
+
* **Fix**. Added nonce field to URLs during updating translations or show system info (CSRF checking), to prevent potential unwanted actions from other users. (9.2.2.1)
|
| 238 |
+
|
| 239 |
= 9.2.1 =
|
| 240 |
- Changes in **all** versions:
|
| 241 |
* **Fix**. Removed minimized files.
|
wpdev-booking.php
CHANGED
|
@@ -7,7 +7,7 @@ Author: wpdevelop, oplugins
|
|
| 7 |
Author URI: https://wpbookingcalendar.com/
|
| 8 |
Text Domain: booking
|
| 9 |
Domain Path: /languages/
|
| 10 |
-
Version: 9.2.
|
| 11 |
*/
|
| 12 |
|
| 13 |
/* Copyright 2009 - 2022 www.wpbookingcalendar.com (email: info@wpbookingcalendar.com),
|
|
@@ -29,7 +29,7 @@ Version: 9.2.1
|
|
| 29 |
if ( ! defined( 'ABSPATH' ) ) die( '<h3>Direct access to this file do not allow!</h3>' ); // Exit if accessed directly
|
| 30 |
|
| 31 |
|
| 32 |
-
if ( ! defined( 'WP_BK_VERSION_NUM' ) ) { define( 'WP_BK_VERSION_NUM', '9.2.
|
| 33 |
|
| 34 |
if ( ! defined( 'WPBC_EXIST_NEW_BOOKING_LISTING' ) ) { define( 'WPBC_EXIST_NEW_BOOKING_LISTING', true ); } //FixIn: 9.2.1
|
| 35 |
|
| 7 |
Author URI: https://wpbookingcalendar.com/
|
| 8 |
Text Domain: booking
|
| 9 |
Domain Path: /languages/
|
| 10 |
+
Version: 9.2.2
|
| 11 |
*/
|
| 12 |
|
| 13 |
/* Copyright 2009 - 2022 www.wpbookingcalendar.com (email: info@wpbookingcalendar.com),
|
| 29 |
if ( ! defined( 'ABSPATH' ) ) die( '<h3>Direct access to this file do not allow!</h3>' ); // Exit if accessed directly
|
| 30 |
|
| 31 |
|
| 32 |
+
if ( ! defined( 'WP_BK_VERSION_NUM' ) ) { define( 'WP_BK_VERSION_NUM', '9.2.2' ); }
|
| 33 |
|
| 34 |
if ( ! defined( 'WPBC_EXIST_NEW_BOOKING_LISTING' ) ) { define( 'WPBC_EXIST_NEW_BOOKING_LISTING', true ); } //FixIn: 9.2.1
|
| 35 |
|
