Version Description
(2020-04-08) = - Updating a few input fields to correct for possible minor XSS issues
Download this release
Release Info
| Developer | Rustaurius |
| Plugin |  Restaurant Reservations |
| Version | 2.1.1 |
| Comparing to | |
| See all releases | |
Code changes from version 2.1.0 to 2.1.1
- assets/js/admin.js +1 -1
- includes/Settings.class.php +2 -2
- includes/WP_List_Table.BookingsTable.class.php +5 -5
- includes/template-functions.php +9 -4
- readme.txt +3 -0
- restaurant-reservations.php +1 -1
assets/js/admin.js
CHANGED
|
@@ -1045,7 +1045,7 @@ jQuery(document).ready(function($){
|
|
| 1045 |
//OPTIONS PAGE YES/NO TOGGLE SWITCHES
|
| 1046 |
jQuery(document).ready(function($){
|
| 1047 |
$('.rtb-admin-option-toggle').on('change', function() {
|
| 1048 |
-
var Input_Name = $(this).data('inputname');
|
| 1049 |
if ($(this).is(':checked')) {
|
| 1050 |
$('input[name="' + Input_Name + '"][value="1"]').prop('checked', true).trigger('change');
|
| 1051 |
$('input[name="' + Input_Name + '"][value=""]').prop('checked', false);
|
| 1045 |
//OPTIONS PAGE YES/NO TOGGLE SWITCHES
|
| 1046 |
jQuery(document).ready(function($){
|
| 1047 |
$('.rtb-admin-option-toggle').on('change', function() {
|
| 1048 |
+
var Input_Name = $(this).data('inputname');
|
| 1049 |
if ($(this).is(':checked')) {
|
| 1050 |
$('input[name="' + Input_Name + '"][value="1"]').prop('checked', true).trigger('change');
|
| 1051 |
$('input[name="' + Input_Name + '"][value=""]').prop('checked', false);
|
includes/Settings.class.php
CHANGED
|
@@ -709,8 +709,8 @@ If you were not the one to cancel this booking, please contact us.
|
|
| 709 |
'id' => 'schedule-closed',
|
| 710 |
'title' => __( 'Exceptions', 'restaurant-reservations' ),
|
| 711 |
'description' => __( "Define special opening hours for holidays, events or other needs. Leave the time empty if you're closed all day.", 'restaurant-reservations' ),
|
| 712 |
-
'time_format' => $this->get_setting( 'time-format' ),
|
| 713 |
-
'date_format' => $this->get_setting( 'date-format' ),
|
| 714 |
'disable_weekdays' => true,
|
| 715 |
'disable_weeks' => true,
|
| 716 |
'strings' => $scheduler_strings,
|
| 709 |
'id' => 'schedule-closed',
|
| 710 |
'title' => __( 'Exceptions', 'restaurant-reservations' ),
|
| 711 |
'description' => __( "Define special opening hours for holidays, events or other needs. Leave the time empty if you're closed all day.", 'restaurant-reservations' ),
|
| 712 |
+
'time_format' => esc_attr( $this->get_setting( 'time-format' ) ),
|
| 713 |
+
'date_format' => esc_attr( $this->get_setting( 'date-format' ) ),
|
| 714 |
'disable_weekdays' => true,
|
| 715 |
'disable_weeks' => true,
|
| 716 |
'strings' => $scheduler_strings,
|
includes/WP_List_Table.BookingsTable.class.php
CHANGED
|
@@ -432,18 +432,18 @@ class rtbBookingsTable extends WP_List_Table {
|
|
| 432 |
break;
|
| 433 |
|
| 434 |
case 'name' :
|
| 435 |
-
$value = $booking->name;
|
| 436 |
break;
|
| 437 |
|
| 438 |
case 'email' :
|
| 439 |
-
$value = $booking->email;
|
| 440 |
$value .= '<div class="actions">';
|
| 441 |
-
$value .= '<a href="#" data-id="' . esc_attr( $booking->ID ) . '" data-action="email" data-email="' . esc_attr( $booking->email ) . '" data-name="' . $booking->name . '">' . __( 'Send Email', 'restaurant-reservations' ) . '</a>';
|
| 442 |
$value .= '</div>';
|
| 443 |
break;
|
| 444 |
|
| 445 |
case 'phone' :
|
| 446 |
-
$value = $booking->phone;
|
| 447 |
break;
|
| 448 |
|
| 449 |
case 'deposit' :
|
|
@@ -469,7 +469,7 @@ class rtbBookingsTable extends WP_List_Table {
|
|
| 469 |
if ( trim( $booking->message ) ) {
|
| 470 |
$details[] = array(
|
| 471 |
'label' => __( 'Message', 'restaurant-reservations' ),
|
| 472 |
-
'value' => $booking->message,
|
| 473 |
);
|
| 474 |
}
|
| 475 |
|
| 432 |
break;
|
| 433 |
|
| 434 |
case 'name' :
|
| 435 |
+
$value = esc_html( $booking->name );
|
| 436 |
break;
|
| 437 |
|
| 438 |
case 'email' :
|
| 439 |
+
$value = esc_html( $booking->email );
|
| 440 |
$value .= '<div class="actions">';
|
| 441 |
+
$value .= '<a href="#" data-id="' . esc_attr( $booking->ID ) . '" data-action="email" data-email="' . esc_attr( $booking->email ) . '" data-name="' . esc_attr( $booking->name ) . '">' . __( 'Send Email', 'restaurant-reservations' ) . '</a>';
|
| 442 |
$value .= '</div>';
|
| 443 |
break;
|
| 444 |
|
| 445 |
case 'phone' :
|
| 446 |
+
$value = esc_html( $booking->phone );
|
| 447 |
break;
|
| 448 |
|
| 449 |
case 'deposit' :
|
| 469 |
if ( trim( $booking->message ) ) {
|
| 470 |
$details[] = array(
|
| 471 |
'label' => __( 'Message', 'restaurant-reservations' ),
|
| 472 |
+
'value' => esc_html( $booking->message ),
|
| 473 |
);
|
| 474 |
}
|
| 475 |
|
includes/template-functions.php
CHANGED
|
@@ -690,8 +690,8 @@ function rtb_enqueue_assets() {
|
|
| 690 |
apply_filters(
|
| 691 |
'rtb_pickadate_args',
|
| 692 |
array(
|
| 693 |
-
'date_format' => $rtb_controller->settings->get_setting( 'date-format' ),
|
| 694 |
-
'time_format' => $rtb_controller->settings->get_setting( 'time-format' ),
|
| 695 |
'disable_dates' => rtb_get_datepicker_rules(),
|
| 696 |
'schedule_open' => $rtb_controller->settings->get_setting( 'schedule-open' ),
|
| 697 |
'schedule_closed' => $rtb_controller->settings->get_setting( 'schedule-closed' ),
|
|
@@ -798,7 +798,7 @@ function rtb_print_form_text_field( $slug, $title, $value, $args = array() ) {
|
|
| 798 |
<label for="rtb-<?php echo $slug; ?>">
|
| 799 |
<?php echo $title; ?>
|
| 800 |
</label>
|
| 801 |
-
<input type="<?php echo $type; ?>" name="rtb-<?php echo $slug; ?>" id="rtb-<?php echo $slug; ?>" value="<?php echo $value; ?>"<?php echo $required; ?>>
|
| 802 |
</div>
|
| 803 |
|
| 804 |
<?php
|
|
@@ -827,7 +827,7 @@ function rtb_print_form_textarea_field( $slug, $title, $value, $args = array() )
|
|
| 827 |
<label for="rtb-<?php echo $slug; ?>">
|
| 828 |
<?php echo $title; ?>
|
| 829 |
</label>
|
| 830 |
-
<textarea name="rtb-<?php echo $slug; ?>" id="rtb-<?php echo $slug; ?>"<?php echo $required; ?>><?php echo $value; ?></textarea>
|
| 831 |
</div>
|
| 832 |
|
| 833 |
<?php
|
|
@@ -1113,4 +1113,9 @@ if ( !function_exists( 'rtb_add_custom_styling' ) ) {
|
|
| 1113 |
}
|
| 1114 |
}
|
| 1115 |
|
|
|
|
|
|
|
| 1116 |
|
|
|
|
|
|
|
|
|
| 690 |
apply_filters(
|
| 691 |
'rtb_pickadate_args',
|
| 692 |
array(
|
| 693 |
+
'date_format' => rtb_esc_js( $rtb_controller->settings->get_setting( 'date-format' ) ),
|
| 694 |
+
'time_format' => rtb_esc_js( $rtb_controller->settings->get_setting( 'time-format' ) ),
|
| 695 |
'disable_dates' => rtb_get_datepicker_rules(),
|
| 696 |
'schedule_open' => $rtb_controller->settings->get_setting( 'schedule-open' ),
|
| 697 |
'schedule_closed' => $rtb_controller->settings->get_setting( 'schedule-closed' ),
|
| 798 |
<label for="rtb-<?php echo $slug; ?>">
|
| 799 |
<?php echo $title; ?>
|
| 800 |
</label>
|
| 801 |
+
<input type="<?php echo $type; ?>" name="rtb-<?php echo $slug; ?>" id="rtb-<?php echo $slug; ?>" value="<?php echo esc_attr( $value ); ?>"<?php echo $required; ?>>
|
| 802 |
</div>
|
| 803 |
|
| 804 |
<?php
|
| 827 |
<label for="rtb-<?php echo $slug; ?>">
|
| 828 |
<?php echo $title; ?>
|
| 829 |
</label>
|
| 830 |
+
<textarea name="rtb-<?php echo $slug; ?>" id="rtb-<?php echo $slug; ?>"<?php echo $required; ?>><?php echo esc_html( $value ); ?></textarea>
|
| 831 |
</div>
|
| 832 |
|
| 833 |
<?php
|
| 1113 |
}
|
| 1114 |
}
|
| 1115 |
|
| 1116 |
+
if ( !function_exists('rtb_esc_js') ) {
|
| 1117 |
+
function rtb_esc_js( $value ) {
|
| 1118 |
|
| 1119 |
+
return preg_replace( '/[^a-z,.-:\/]/', '', $value );
|
| 1120 |
+
}
|
| 1121 |
+
}
|
readme.txt
CHANGED
|
@@ -184,6 +184,9 @@ Find answers to even more questions in the [FAQ](http://doc.fivestarplugins.com/
|
|
| 184 |
|
| 185 |
== Changelog ==
|
| 186 |
|
|
|
|
|
|
|
|
|
|
| 187 |
= 2.1.0 (2020-03-17) =
|
| 188 |
- Added in options to set custom redirect pages for both pending and automatically-confirmed bookings
|
| 189 |
- Added in a new option to allow people to cancel their reservations on your site
|
| 184 |
|
| 185 |
== Changelog ==
|
| 186 |
|
| 187 |
+
= 2.1.1 (2020-04-08) =
|
| 188 |
+
- Updating a few input fields to correct for possible minor XSS issues
|
| 189 |
+
|
| 190 |
= 2.1.0 (2020-03-17) =
|
| 191 |
- Added in options to set custom redirect pages for both pending and automatically-confirmed bookings
|
| 192 |
- Added in a new option to allow people to cancel their reservations on your site
|
restaurant-reservations.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: Five Star Restaurant Reservations
|
| 4 |
* Plugin URI: http://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/
|
| 5 |
* Description: Restaurant reservations made easy. Accept bookings online. Quickly confirm or reject reservations, send email notifications, set booking times and more.
|
| 6 |
-
* Version: 2.1.
|
| 7 |
* Author: FiveStarPlugins
|
| 8 |
* Author URI: https://profiles.wordpress.org/fivestarplugins/
|
| 9 |
* Text Domain: restaurant-reservations
|
| 3 |
* Plugin Name: Five Star Restaurant Reservations
|
| 4 |
* Plugin URI: http://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/
|
| 5 |
* Description: Restaurant reservations made easy. Accept bookings online. Quickly confirm or reject reservations, send email notifications, set booking times and more.
|
| 6 |
+
* Version: 2.1.1
|
| 7 |
* Author: FiveStarPlugins
|
| 8 |
* Author URI: https://profiles.wordpress.org/fivestarplugins/
|
| 9 |
* Text Domain: restaurant-reservations
|
