Restaurant Reservations - Version 2.4.6

Version Description

(2021-12-09) = - Added capability check for AJAX calls. - Added recursive sanitization for JSON input.

Release Info

Developer	Rustaurius
Plugin	Restaurant Reservations
Version	2.4.6
Comparing to
See all releases

Code changes from version 2.4.5 to 2.4.6

Files changed (4) hide show

includes/InstallationWalkthrough.class.php +34 -4
includes/WP_List_Table.BookingsTable.class.php +1 -1
readme.txt +5 -1
restaurant-reservations.php +1 -1

includes/InstallationWalkthrough.class.php CHANGED Viewed

	@@ -55,6 +55,11 @@ class rtbInstallationWalkthrough {
55	}
56
57	public function add_reservations_page() {





58	$reservations_page = wp_insert_post(array(
59	'post_title' => (isset($_POST['reservations_page_title']) ? sanitize_text_field( $_POST['reservations_page_title'] ) : ''),
60	'post_content' => '',
	@@ -72,14 +77,39 @@ class rtbInstallationWalkthrough {
72	}
73
74	public function set_schedule() {





75	$rtb_options = get_option( 'rtb-settings' );
76	$rtb_options['schedule-open'] = json_decode( stripslashes( $_POST['schedule_open'] ), true );















77	update_option( 'rtb-settings', $rtb_options );
78	-
79	- exit();
80	}
81
82	public function set_options() {





83	$rtb_options = get_option( 'rtb-settings' );
84	$rtb_options['party-size-min'] = sanitize_text_field( $_POST['party_size_min'] );
85	$rtb_options['party-size'] = sanitize_text_field( $_POST['party_size'] );
	@@ -87,8 +117,8 @@ class rtbInstallationWalkthrough {
87	$rtb_options['late-bookings'] = sanitize_text_field( $_POST['late_bookings'] );
88	$rtb_options['time-interval'] = sanitize_text_field( $_POST['time_interval'] );
89	update_option( 'rtb-settings', $rtb_options );
90	-
91	- exit();
92	}
93
94	function admin_enqueue() {


55	}
56
57	public function add_reservations_page() {
58	+
59	+ if( ! current_user_can( 'manage_options' ) ) {
60	+ exit();
61	+ }
62	+
63	$reservations_page = wp_insert_post(array(
64	'post_title' => (isset($_POST['reservations_page_title']) ? sanitize_text_field( $_POST['reservations_page_title'] ) : ''),
65	'post_content' => '',

77	}
78
79	public function set_schedule() {
80	+
81	+ if( ! current_user_can( 'manage_options' ) ) {
82	+ exit();
83	+ }
84	+
85	$rtb_options = get_option( 'rtb-settings' );
86	$rtb_options['schedule-open'] = json_decode( stripslashes( $_POST['schedule_open'] ), true );
87	+
88	+ $sanitize_recursive = function( $val ) use ( &$sanitize_recursive ) {
89	+ if ( is_array( $val ) \|\| is_object( $val ) ) {
90	+ foreach ( $val as $key => $value ) {
91	+ $val[ sanitize_key( $key ) ] = $sanitize_recursive( $value );
92	+ }
93	+
94	+ return $val;
95	+ }
96	+
97	+ return sanitize_text_field( $val );
98	+ };
99	+
100	+ $rtb_options['schedule-open'] = $sanitize_recursive( $rtb_options['schedule-open'] );
101	+
102	update_option( 'rtb-settings', $rtb_options );
103	+
104	+ exit();
105	}
106
107	public function set_options() {
108	+
109	+ if( ! current_user_can( 'manage_options' ) ) {
110	+ exit();
111	+ }
112	+
113	$rtb_options = get_option( 'rtb-settings' );
114	$rtb_options['party-size-min'] = sanitize_text_field( $_POST['party_size_min'] );
115	$rtb_options['party-size'] = sanitize_text_field( $_POST['party_size'] );

117	$rtb_options['late-bookings'] = sanitize_text_field( $_POST['late_bookings'] );
118	$rtb_options['time-interval'] = sanitize_text_field( $_POST['time_interval'] );
119	update_option( 'rtb-settings', $rtb_options );
120	+
121	+ exit();
122	}
123
124	function admin_enqueue() {

includes/WP_List_Table.BookingsTable.class.php CHANGED Viewed

	@@ -231,7 +231,7 @@ class rtbBookingsTable extends WP_List_Table {
231	public function set_other_filter()
232	{
233	if( isset( $_GET['filter_name'] ) && ! empty( $_GET['filter_name'] ) ) {
234	- $this->filter_name = $_GET['filter_name'];
235	}
236	}
237


231	public function set_other_filter()
232	{
233	if( isset( $_GET['filter_name'] ) && ! empty( $_GET['filter_name'] ) ) {
234	+ $this->filter_name = sanitize_text_field( $_GET['filter_name'] );
235	}
236	}
237

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: FiveStarPlugins
3	Requires at Least: 4.4
4	Tested Up To: 5.8
5	Tags: reservation, reservations, restaurant reservations, reservation form, restaurant booking, restaurant reservation form, restaurant booking form, restaurant booking system, reservation system, online reservations, online restaurant booking, dinner reservations, restaurant form, gutenberg reservations, gutenberg restaurant reservations, gutenberg restaurant booking, mobile reservations, responsive reservations, table reservations, open table, book table, reserve table, easy reservations, simple reservations, quick restaurant reservations, custom reservation form, custom restaurant reservations
6	- Stable tag: 2.4.5
7	License: GPLv3
8	License URI:http://www.gnu.org/licenses/gpl-3.0.html
9	Donate Link: https://www.etoilewebdesign.com/plugin-donations/
	@@ -197,6 +197,10 @@ Find answers to even more questions in the [FAQ](http://doc.fivestarplugins.com/
197
198	== Changelog ==
199




200	= 2.4.5 (2021-11-29) =
201	- Added a search field to the Bookings admin page.
202	- Added an option to have the Bookings admin page refresh automatically at a chosen interval.


3	Requires at Least: 4.4
4	Tested Up To: 5.8
5	Tags: reservation, reservations, restaurant reservations, reservation form, restaurant booking, restaurant reservation form, restaurant booking form, restaurant booking system, reservation system, online reservations, online restaurant booking, dinner reservations, restaurant form, gutenberg reservations, gutenberg restaurant reservations, gutenberg restaurant booking, mobile reservations, responsive reservations, table reservations, open table, book table, reserve table, easy reservations, simple reservations, quick restaurant reservations, custom reservation form, custom restaurant reservations
6	+ Stable tag: 2.4.6
7	License: GPLv3
8	License URI:http://www.gnu.org/licenses/gpl-3.0.html
9	Donate Link: https://www.etoilewebdesign.com/plugin-donations/

197
198	== Changelog ==
199
200	+ = 2.4.6 (2021-12-09) =
201	+ - Added capability check for AJAX calls.
202	+ - Added recursive sanitization for JSON input.
203	+
204	= 2.4.5 (2021-11-29) =
205	- Added a search field to the Bookings admin page.
206	- Added an option to have the Bookings admin page refresh automatically at a chosen interval.

restaurant-reservations.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Five Star Restaurant Reservations - WordPress Booking Plugin
4	* Plugin URI: http://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/
5	* Description: Restaurant reservations made easy. Accept bookings online. Quickly confirm or reject reservations, send email notifications, set booking times and more.
6	- * Version: 2.4.5
7	* Author: FiveStarPlugins
8	* Author URI: https://profiles.wordpress.org/fivestarplugins/
9	* Text Domain: restaurant-reservations


3	* Plugin Name: Five Star Restaurant Reservations - WordPress Booking Plugin
4	* Plugin URI: http://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/
5	* Description: Restaurant reservations made easy. Accept bookings online. Quickly confirm or reject reservations, send email notifications, set booking times and more.
6	+ * Version: 2.4.6
7	* Author: FiveStarPlugins
8	* Author URI: https://profiles.wordpress.org/fivestarplugins/
9	* Text Domain: restaurant-reservations