Restaurant Reservations - Version 1.5.1

Version Description

This update increases security for the quick link feature to confirm/reject bookings from the admin notification email.

Download this release

Release Info

Developer NateWr
Plugin Icon 128x128 Restaurant Reservations
Version 1.5.1
Comparing to
See all releases

Code changes from version 1.5 to 1.5.1

includes/CustomPostTypes.class.php CHANGED
@@ -162,8 +162,15 @@ class rtbCustomPostTypes {
162
*/
163
public function delete_booking( $id ) {
164
165
- if ( !current_user_can( 'manage_bookings' ) ) {
166
- return;
167
}
168
169
// If we're already looking at trashed posts, delete it for good.
@@ -190,17 +197,18 @@ class rtbCustomPostTypes {
190
*/
191
function update_booking_status( $id, $status ) {
192
193
- if ( !current_user_can( 'manage_bookings' ) ) {
194
- return;
195
}
196
-
197
if ( !$this->is_valid_booking_status( $status ) ) {
198
return false;
199
}
200
201
$booking = get_post( $id );
202
203
- if ( is_wp_error( $booking ) || !is_object( $booking ) ) {
204
return false;
205
}
206
@@ -227,5 +235,13 @@ class rtbCustomPostTypes {
227
return isset( $this->booking_statuses[$status] ) ? true : false;
228
}
229
230
}
231
} // endif;
162
*/
163
public function delete_booking( $id ) {
164
165
+ $id = absint( $id );
166
+ if ( !current_user_can( 'manage_bookings' ) || !current_user_can( 'edit_posts', $id ) ) {
167
+ return false;
168
+ }
169
+
170
+ $booking = get_post( $id );
171
+
172
+ if ( !$this->is_valid_booking_post_object( $booking ) ) {
173
+ return false;
174
}
175
176
// If we're already looking at trashed posts, delete it for good.
197
*/
198
function update_booking_status( $id, $status ) {
199
200
+ $id = absint( $id );
201
+ if ( !current_user_can( 'manage_bookings' ) || !current_user_can( 'edit_posts', $id ) ) {
202
+ return false;
203
}
204
+
205
if ( !$this->is_valid_booking_status( $status ) ) {
206
return false;
207
}
208
209
$booking = get_post( $id );
210
211
+ if ( !$this->is_valid_booking_post_object( $booking ) ) {
212
return false;
213
}
214
235
return isset( $this->booking_statuses[$status] ) ? true : false;
236
}
237
238
+ /**
239
+ * Check if booking is a valid Post object with the correct post type
240
+ * @since 0.0.1
241
+ */
242
+ public function is_valid_booking_post_object( $booking ) {
243
+ return !is_wp_error( $booking ) && is_object( $booking ) && $booking->post_type == RTB_BOOKING_POST_TYPE;
244
+ }
245
+
246
}
247
} // endif;
readme.txt CHANGED
@@ -3,9 +3,9 @@ Contributors: NateWr
3
Author URI: https://github.com/NateWr
4
Plugin URL: http://themeofthecrop.com
5
Requires at Least: 3.8
6
- Tested Up To: 4.4
7
Tags: restaurant, reservations, bookings, table bookings, restaurant reservation, table reservation
8
- Stable tag: 1.5
9
License: GPLv2 or later
10
Donate link: http://themeofthecrop.com
11
@@ -106,6 +106,10 @@ The addon, [Custom Fields for Restaurant Reservations](http://themeofthecrop.com
106
107
== Changelog ==
108
109
= 1.5 (2015-12-17) =
110
* Fix: pickadate iOS bug
111
* Fix: Bookings table's Today view didn't respect WordPress timezone setting
@@ -256,6 +260,9 @@ The addon, [Custom Fields for Restaurant Reservations](http://themeofthecrop.com
256
257
== Upgrade Notice ==
258
259
= 1.5 =
260
This update adds the ability to configure which columns are visible in the bookings table. It works with the Custom Fields addon. If you have added fields using custom code, please read the release notification at themeofthecrop.com before updating.
261
3
Author URI: https://github.com/NateWr
4
Plugin URL: http://themeofthecrop.com
5
Requires at Least: 3.8
6
+ Tested Up To: 4.4.2
7
Tags: restaurant, reservations, bookings, table bookings, restaurant reservation, table reservation
8
+ Stable tag: 1.5.1
9
License: GPLv2 or later
10
Donate link: http://themeofthecrop.com
11
106
107
== Changelog ==
108
109
+ = 1.5.1 (2016-02-19) =
110
+ * Fix: increase security of the quicklink feature for confirming/rejecting bookings
111
+ * Fix: Improve wp-cli compatibility
112
+
113
= 1.5 (2015-12-17) =
114
* Fix: pickadate iOS bug
115
* Fix: Bookings table's Today view didn't respect WordPress timezone setting
260
261
== Upgrade Notice ==
262
263
+ = 1.5.1 =
264
+ This update increases security for the quick link feature to confirm/reject bookings from the admin notification email.
265
+
266
= 1.5 =
267
This update adds the ability to configure which columns are visible in the bookings table. It works with the Custom Fields addon. If you have added fields using custom code, please read the release notification at themeofthecrop.com before updating.
268
restaurant-reservations.php CHANGED
@@ -3,7 +3,7 @@
3
* Plugin Name: Restaurant Reservations
4
* Plugin URI: http://themeofthecrop.com
5
* Description: Accept restaurant reservations and bookings online.
6
- * Version: 1.5
7
* Author: Theme of the Crop
8
* Author URI: http://themeofthecrop.com
9
* License: GNU General Public License v2.0 or later
@@ -297,4 +297,5 @@ class rtbInit {
297
}
298
} // endif;
299
300
$rtb_controller = new rtbInit();
3
* Plugin Name: Restaurant Reservations
4
* Plugin URI: http://themeofthecrop.com
5
* Description: Accept restaurant reservations and bookings online.
6
+ * Version: 1.5.1
7
* Author: Theme of the Crop
8
* Author URI: http://themeofthecrop.com
9
* License: GNU General Public License v2.0 or later
297
}
298
} // endif;
299
300
+ global $rtb_controller;
301
$rtb_controller = new rtbInit();