Restaurant Reservations - Version 2.4.7

Version Description

Release Info

Developer	Rustaurius
Plugin	Restaurant Reservations
Version	2.4.7
Comparing to
See all releases

Code changes from version 2.4.6 to 2.4.7

Files changed (20) hide show

assets/img/5star2_square320.png +0 -0
assets/js/admin-rtb-welcome-screen.js +25 -3
assets/js/admin.js +14 -2
assets/js/booking-form.js +57 -12
assets/js/dashboard-review-ask.js +38 -20
includes/AdminBookings.class.php +7 -1
includes/AdminPageSettingLicenseKey.class.php +9 -2
includes/Ajax.class.php +24 -4
includes/Booking.class.php +18 -14
includes/Dashboard.class.php +11 -3
includes/Helper.class.php +78 -0
includes/InstallationWalkthrough.class.php +25 -24
includes/Licenses.class.php +1 -1
includes/MailChimp.class.php +8 -43
includes/PaymentGatewayPayPal.class.php +4 -4
includes/Query.class.php +9 -5
includes/ReviewAsk.class.php +35 -12
includes/Settings.class.php +9 -9
readme.txt +7 -1
restaurant-reservations.php +20 -8

assets/img/5star2_square320.png ADDED Viewed

Binary file

assets/js/admin-rtb-welcome-screen.js CHANGED Viewed

	@@ -17,7 +17,13 @@ jQuery(document).ready(function() {
17	jQuery('.rtb-welcome-screen-add-reservations-page-button').on('click', function() {
18	var reservations_page_title = jQuery('.rtb-welcome-screen-add-reservations-page-name input').val();
19
20	- var ~~data~~ = ~~'reservations_page_title=' + reservations_page_title + '&action=rtb_welcome_add_menu_page'~~;






21	jQuery.post(ajaxurl, data, function(response) {});
22
23	var section = jQuery(this).data('nextaction');
	@@ -41,7 +47,13 @@ jQuery(document).ready(function() {
41	schedule_open.push({'weekdays': weekdays, 'time': {'start': start, 'end': end }});
42	});
43
44	- var ~~data~~ = ~~'schedule_open=' + JSON.stringify(schedule_open) + '&action=rtb_welcome_set_schedule'~~;






45	jQuery.post(ajaxurl, data, function(response) {
46
47	jQuery( '.rtb-welcome-screen-save-schedule-open-button' ).after( '<div class="rtb-save-message"><div class="rtb-save-message-inside">Schedule has been saved.</div></div>' );
	@@ -56,7 +68,17 @@ jQuery(document).ready(function() {
56	var late_bookings = jQuery('select[name="late-bookings"]').val();
57	var time_interval = jQuery('select[name="time-interval"]').val();
58
59	- var ~~data~~ = 'party_size_min=' + party_size_min + '&party_size=' + party_size + '&early_bookings=' + early_bookings + '&late_bookings=' + late_bookings + '&time_interval=' + time_interval + '&action=rtb_welcome_set_options';










60	jQuery.post(ajaxurl, data, function(response) {
61
62	jQuery( '.rtb-welcome-screen-save-options-button' ).after( '<div class="rtb-save-message"><div class="rtb-save-message-inside">Options have been saved.</div></div>' );


17	jQuery('.rtb-welcome-screen-add-reservations-page-button').on('click', function() {
18	var reservations_page_title = jQuery('.rtb-welcome-screen-add-reservations-page-name input').val();
19
20	+ var params = {};
21	+
22	+ params.action = 'rtb-welcome-add-menu-page';
23	+ params.nonce = rtb_getting_started.nonce;
24	+ params.reservations_page_title = reservations_page_title;
25	+
26	+ var data = jQuery.param( params );
27	jQuery.post(ajaxurl, data, function(response) {});
28
29	var section = jQuery(this).data('nextaction');

47	schedule_open.push({'weekdays': weekdays, 'time': {'start': start, 'end': end }});
48	});
49
50	+ var params = {};
51	+
52	+ params.action = 'rtb-welcome-set-schedule';
53	+ params.nonce = rtb_getting_started.nonce;
54	+ params.schedule_open = schedule_open;
55	+
56	+ var data = jQuery.param( params );
57	jQuery.post(ajaxurl, data, function(response) {
58
59	jQuery( '.rtb-welcome-screen-save-schedule-open-button' ).after( '<div class="rtb-save-message"><div class="rtb-save-message-inside">Schedule has been saved.</div></div>' );

68	var late_bookings = jQuery('select[name="late-bookings"]').val();
69	var time_interval = jQuery('select[name="time-interval"]').val();
70
71	+ var params = {};
72	+
73	+ params.action = 'rtb-welcome-set-options';
74	+ params.nonce = rtb_getting_started.nonce;
75	+ params.party_size_min = party_size_min;
76	+ params.party_size = party_size;
77	+ params.early_bookings = early_bookings;
78	+ params.late_bookings = late_bookings;
79	+ params.time_interval = time_interval;
80	+
81	+ var data = jQuery.param( params );
82	jQuery.post(ajaxurl, data, function(response) {
83
84	jQuery( '.rtb-welcome-screen-save-options-button' ).after( '<div class="rtb-save-message"><div class="rtb-save-message-inside">Options have been saved.</div></div>' );

assets/js/admin.js CHANGED Viewed

	@@ -1120,14 +1120,26 @@ jQuery(document).ready(function($){
1120	$('#rtb-dashboard-upgrade-box').addClass('rtb-hidden');
1121	$('#rtb-dashboard-show-upgrade-box-link').removeClass('rtb-hidden');
1122
1123	- ~~$.post(~~ ~~ajaxurl,~~ ~~'action~~=~~rtb_hide_upgrade_box'~~ );






1124	});
1125
1126	$('#rtb-dashboard-show-upgrade-box-link').on('click', function() {
1127	$('#rtb-dashboard-show-upgrade-box-link').addClass('rtb-hidden');
1128	$('#rtb-dashboard-upgrade-box').removeClass('rtb-hidden');
1129
1130	- ~~$.post(~~ ~~ajaxurl,~~ ~~'action~~=~~rtb_display_upgrade_box'~~ );






1131	});
1132	});
1133


1120	$('#rtb-dashboard-upgrade-box').addClass('rtb-hidden');
1121	$('#rtb-dashboard-show-upgrade-box-link').removeClass('rtb-hidden');
1122
1123	+ var params = {
1124	+ action: 'rtb_hide_upgrade_box',
1125	+ nonce: rtb_admin.nonce
1126	+ };
1127	+
1128	+ var data = $.param( params );
1129	+ $.post( ajaxurl, data );
1130	});
1131
1132	$('#rtb-dashboard-show-upgrade-box-link').on('click', function() {
1133	$('#rtb-dashboard-show-upgrade-box-link').addClass('rtb-hidden');
1134	$('#rtb-dashboard-upgrade-box').removeClass('rtb-hidden');
1135
1136	+ var params = {
1137	+ action: 'rtb_display_upgrade_box',
1138	+ nonce: rtb_admin.nonce
1139	+ };
1140	+
1141	+ var data = $.param( params );
1142	+ $.post( ajaxurl, data );
1143	});
1144	});
1145

assets/js/booking-form.js CHANGED Viewed

	@@ -241,8 +241,17 @@ jQuery(document).ready(function ($) {
241
242	selected_date_month = ('0' + (selected_date_month + 1)).slice(-2);
243	selected_date_date = ('0' + selected_date_date).slice(-2);
244	-
245	- var ~~data~~ = ~~'year=' + selected_date_year + '&month=' + selected_date_month + '&day=' + selected_date_date + '&location=' + selected_location + '&action=rtb_get_available_time_slots'~~;









246	jQuery.post( ajaxurl, data, function( response ) {
247	if ( ! response ) {
248	rtb_booking_form.timepicker.set( 'disable', true );
	@@ -521,8 +530,18 @@ jQuery(document).ready(function ($) {
521
522	//reset party size
523	partySelect.prop("selectedIndex", 0).change();
524	-
525	- var ~~data~~ = ~~'year=' + selected_date_year + '&month=' + selected_date_month + '&day=' + selected_date_date + '&time=' + selected_time + '&location=' + selected_location + '&action=rtb_get_available_party_size'~~;










526	jQuery.post( ajaxurl, data, function( response ) {
527	if ( ! response ) {
528	return;
	@@ -573,7 +592,18 @@ jQuery(document).ready(function ($) {
573
574	var booking_id = $( '.rtb-booking-form form input[name="ID"]').length ? $( '.rtb-booking-form form input[name="ID"]').val() : 0;
575
576	- var ~~data~~ = 'booking_id=' + booking_id + '&year=' + selected_date_year + '&month=' + selected_date_month + '&day=' + selected_date_date + '&time=' + selected_time + '&party=' + party + '&action=rtb_get_available_tables';











577	jQuery.post( ajaxurl, data, function( response ) {
578	if ( ! response ) {
579	return;
	@@ -628,7 +658,13 @@ jQuery(document).ready(function() {
628	var modify_booking = function(ev) {
629	var booking_email = jQuery('input[name="rtb_modification_email"]').val();
630
631	- var ~~data~~ = ~~'booking_email=' + booking_email + '&action=rtb_find_reservations'~~;






632	jQuery.post(ajaxurl, data, function(response) {
633
634	if (response.success) {
	@@ -692,12 +728,12 @@ function cancellationHandler() {
692	var booking_id = btn.data('bookingid');
693	var booking_email = btn.data('bookingemail');
694
695	- ~~var~~ ~~data~~ = {
696	- ~~'booking_id':~~ ~~booking_id,~~
697	- ~~'booking_email':~~ ~~booking_email,~~
698	- ~~'action':~~ ~~'rtb_cancel_reservations'~~
699	- };
700

701	jQuery.post(ajaxurl, data, function(response) {
702	if (response.success) {
703	if (response.data.hasOwnProperty('cancelled_redirect')) {
	@@ -764,7 +800,16 @@ jQuery(document).ready(function ($) {
764	jQuery('.rtb-view-bookings-form-confirmation-accept').on('click', function() {
765	var booking_id = jQuery('.rtb-view-bookings-form-confirmation-div').data('bookingid');
766
767	- var ~~data~~ = ~~'booking_id=' + booking_id + '&action=rtb_set_reservation_arrived'~~;









768	jQuery.post(ajaxurl, data, function(response) {
769
770	if (response.success) {window.location.href = window.location.href}


241
242	selected_date_month = ('0' + (selected_date_month + 1)).slice(-2);
243	selected_date_date = ('0' + selected_date_date).slice(-2);
244	+
245	+ var params = {};
246	+
247	+ params.action = 'rtb_get_available_time_slots';
248	+ params.nonce = rtb_booking_form_js_localize.nonce;
249	+ params.year = selected_date_year;
250	+ params.month = selected_date_month;
251	+ params.day = selected_date_date;
252	+ params.location = selected_location;
253	+
254	+ var data = jQuery.param( params );
255	jQuery.post( ajaxurl, data, function( response ) {
256	if ( ! response ) {
257	rtb_booking_form.timepicker.set( 'disable', true );

530
531	//reset party size
532	partySelect.prop("selectedIndex", 0).change();
533	+
534	+ var params = {};
535	+
536	+ params.action = 'rtb_get_available_party_size';
537	+ params.nonce = rtb_booking_form_js_localize.nonce;
538	+ params.year = selected_date_year;
539	+ params.month = selected_date_month;
540	+ params.day = selected_date_date;
541	+ params.time = selected_time;
542	+ params.location = selected_location;
543	+
544	+ var data = jQuery.param( params );
545	jQuery.post( ajaxurl, data, function( response ) {
546	if ( ! response ) {
547	return;

592
593	var booking_id = $( '.rtb-booking-form form input[name="ID"]').length ? $( '.rtb-booking-form form input[name="ID"]').val() : 0;
594
595	+ var params = {};
596	+
597	+ params.action = 'rtb_get_available_tables';
598	+ params.nonce = rtb_booking_form_js_localize.nonce;
599	+ params.year = selected_date_year;
600	+ params.month = selected_date_month;
601	+ params.day = selected_date_date;
602	+ params.time = selected_time;
603	+ params.party = party;
604	+ params.booking_id = booking_id
605	+
606	+ var data = jQuery.param( params );
607	jQuery.post( ajaxurl, data, function( response ) {
608	if ( ! response ) {
609	return;

658	var modify_booking = function(ev) {
659	var booking_email = jQuery('input[name="rtb_modification_email"]').val();
660
661	+ var params = {};
662	+
663	+ params.action = 'rtb_find_reservations';
664	+ params.nonce = rtb_booking_form_js_localize.nonce;
665	+ params.booking_email = booking_email;
666	+
667	+ var data = jQuery.param( params );
668	jQuery.post(ajaxurl, data, function(response) {
669
670	if (response.success) {

728	var booking_id = btn.data('bookingid');
729	var booking_email = btn.data('bookingemail');
730
731	+ params.action = 'rtb_cancel_reservations';
732	+ params.nonce = rtb_booking_form_js_localize.nonce;
733	+ params.booking_id = booking_id;
734	+ params.booking_email = booking_email;

735
736	+ var data = jQuery.param( params );
737	jQuery.post(ajaxurl, data, function(response) {
738	if (response.success) {
739	if (response.data.hasOwnProperty('cancelled_redirect')) {

800	jQuery('.rtb-view-bookings-form-confirmation-accept').on('click', function() {
801	var booking_id = jQuery('.rtb-view-bookings-form-confirmation-div').data('bookingid');
802
803	+ var params = {};
804	+
805	+ params.action = 'rtb_set_reservation_arrived';
806	+ params.nonce = rtb_admin.nonce;
807	+ params.booking = {
808	+ 'ID': booking_id
809	+ };
810	+
811	+ var data = $.param( params );
812	+
813	jQuery.post(ajaxurl, data, function(response) {
814
815	if (response.success) {window.location.href = window.location.href}

assets/js/dashboard-review-ask.js CHANGED Viewed

	@@ -1,10 +1,10 @@
1	jQuery(document).ready(function($) {
2	jQuery('.rtb-main-dashboard-review-ask').css('display', 'block');
3
4	- jQuery(document).on('click', '.rtb-main-dashboard-review-ask .notice-dismiss', function(event) {
5	- var data = ~~'ask_review_time=~~7~~&action=rtb_hide_review_ask'~~;
6	- jQuery.post(ajaxurl, data, function() {});
7	- });
8
9	jQuery('.rtb-review-ask-yes').on('click', function() {
10	jQuery('.rtb-review-ask-feedback-text').removeClass('rtb-hidden');
	@@ -16,8 +16,8 @@ jQuery(document).ready(function($) {
16	jQuery('.rtb-review-ask-not-really').addClass('rtb-hidden');
17	jQuery('.rtb-review-ask-yes').addClass('rtb-hidden');
18
19	- var data = ~~'ask_review_time=~~7~~&action=rtb_hide_review_ask'~~;
20	- jQuery.post(ajaxurl, data, function() {});
21	});
22
23	jQuery('.rtb-review-ask-not-really').on('click', function() {
	@@ -27,36 +27,54 @@ jQuery(document).ready(function($) {
27	jQuery('.rtb-review-ask-feedback-form').removeClass('rtb-hidden');
28	jQuery('.rtb-review-ask-actions').addClass('rtb-hidden');
29
30	- var data = ~~'ask_review_time=~~1000~~&action=rtb_hide_review_ask'~~;
31	- jQuery.post(ajaxurl, data, function() {});
32	});
33
34	jQuery('.rtb-review-ask-no-thanks').on('click', function() {
35	- var data = ~~'ask_review_time=~~1000~~&action=rtb_hide_review_ask'~~;
36	- jQuery.post(ajaxurl, data, function() {});
37
38	- jQuery('.rtb-main-dashboard-review-ask').css('display', 'none');
39	});
40
41	jQuery('.rtb-review-ask-review').on('click', function() {
42	jQuery('.rtb-review-ask-feedback-text').addClass('rtb-hidden');
43	jQuery('.rtb-review-ask-thank-you-text').removeClass('rtb-hidden');
44
45	- var data = ~~'ask_review_time=~~1000~~&action=rtb_hide_review_ask'~~;
46	- jQuery.post(ajaxurl, data, function() {});
47	});
48
49	jQuery('.rtb-review-ask-send-feedback').on('click', function() {
50	var feedback = jQuery('.rtb-review-ask-feedback-explanation textarea').val();
51	var email_address = jQuery('.rtb-review-ask-feedback-explanation input[name="feedback_email_address"]').val();
52	- var data = 'feedback=' + feedback + '&email_address=' + email_address + '&action=rtb_send_feedback';
53	- jQuery.post(ajaxurl, data, function() {});
54
55	- var ~~data~~ = ~~'ask_review_time=1000&action=rtb_hide_review_ask'~~;
56	- ~~jQuery.post(ajaxurl, data, function() {});~~










57
58	- jQuery('.rtb-review-ask-feedback-form').addClass('rtb-hidden');
59	- jQuery('.rtb-review-ask-review-text').addClass('rtb-hidden');
60	- jQuery('.rtb-review-ask-thank-you-text').removeClass('rtb-hidden');
61	});










62	});


1	jQuery(document).ready(function($) {
2	jQuery('.rtb-main-dashboard-review-ask').css('display', 'block');
3
4	+ jQuery(document).on('click', '.rtb-main-dashboard-review-ask .notice-dismiss', function(event) {
5	+ var data = rtb_hide_review_ask_params( 7 );
6	+ jQuery.post(ajaxurl, data, function() {});
7	+ });
8
9	jQuery('.rtb-review-ask-yes').on('click', function() {
10	jQuery('.rtb-review-ask-feedback-text').removeClass('rtb-hidden');

16	jQuery('.rtb-review-ask-not-really').addClass('rtb-hidden');
17	jQuery('.rtb-review-ask-yes').addClass('rtb-hidden');
18
19	+ var data = rtb_hide_review_ask_params( 7 );
20	+ jQuery.post(ajaxurl, data, function() {});
21	});
22
23	jQuery('.rtb-review-ask-not-really').on('click', function() {

27	jQuery('.rtb-review-ask-feedback-form').removeClass('rtb-hidden');
28	jQuery('.rtb-review-ask-actions').addClass('rtb-hidden');
29
30	+ var data = rtb_hide_review_ask_params( 1000 );
31	+ jQuery.post(ajaxurl, data, function() {});
32	});
33
34	jQuery('.rtb-review-ask-no-thanks').on('click', function() {
35	+ var data = rtb_hide_review_ask_params( 1000 );
36	+ jQuery.post(ajaxurl, data, function() {});
37
38	+ jQuery('.rtb-main-dashboard-review-ask').css('display', 'none');
39	});
40
41	jQuery('.rtb-review-ask-review').on('click', function() {
42	jQuery('.rtb-review-ask-feedback-text').addClass('rtb-hidden');
43	jQuery('.rtb-review-ask-thank-you-text').removeClass('rtb-hidden');
44
45	+ var data = rtb_hide_review_ask_params( 1000 );
46	+ jQuery.post(ajaxurl, data, function() {});
47	});
48
49	jQuery('.rtb-review-ask-send-feedback').on('click', function() {
50	var feedback = jQuery('.rtb-review-ask-feedback-explanation textarea').val();
51	var email_address = jQuery('.rtb-review-ask-feedback-explanation input[name="feedback_email_address"]').val();


52
53	+ var params = {};
54	+
55	+ params.action = 'rtb-send-feedback';
56	+ params.nonce = rtb_review_ask.nonce;
57	+ params.feedback = feedback;
58	+ params.email_address = email_address;
59	+
60	+ var data = jQuery.param( params );
61	+ jQuery.post(ajaxurl, data, function() {});
62	+
63	+ var data = rtb_hide_review_ask_params( 1000 );
64	+ jQuery.post(ajaxurl, data, function() {});
65
66	+ jQuery('.rtb-review-ask-feedback-form').addClass('rtb-hidden');
67	+ jQuery('.rtb-review-ask-review-text').addClass('rtb-hidden');
68	+ jQuery('.rtb-review-ask-thank-you-text').removeClass('rtb-hidden');
69	});
70	+
71	+ function rtb_hide_review_ask_params(ask_review_time = 7) {
72	+ var params = {};
73	+
74	+ params.action = 'rtb-hide-review-ask';
75	+ params.nonce = rtb_review_ask.nonce;
76	+ params.ask_review_time = ask_review_time;
77	+
78	+ return jQuery.param( params );
79	+ }
80	});

includes/AdminBookings.class.php CHANGED Viewed

	@@ -843,7 +843,13 @@ class rtbAdminBookings {
843	* @since 2.0.0
844	*/
845	public function set_booking_arrived() {
846	- ~~$booking_id = isset($_POST['booking_id']) ? intval( $_POST['booking_id'] ) : 0;~~






847
848	$booking_id = wp_update_post(array(
849	'ID' => $booking_id,


843	* @since 2.0.0
844	*/
845	public function set_booking_arrived() {
846	+
847	+ // Authenticate request
848	+ if ( !check_ajax_referer( 'rtb-admin', 'nonce' ) \|\| !current_user_can( 'manage_bookings' ) ) {
849	+ $this->nopriv_ajax();
850	+ }
851	+
852	+ $booking_id = isset($_POST['booking']) ? intval( $_POST['booking']['ID'] ) : 0;
853
854	$booking_id = wp_update_post(array(
855	'ID' => $booking_id,

includes/AdminPageSettingLicenseKey.class.php CHANGED Viewed

	@@ -208,11 +208,18 @@ class rtbAdminPageSettingLicenseKey {
208	?>
209
210	<div class="rtb-license-setting" data-id="<?php echo esc_attr( $this->id ); ?>">
211	- <input name="<?php echo $this->get_input_name(); ?>[api_key]" type="text" id="<?php echo $this->get_input_name(); ?>[api_key]" value="<?php echo $this->value['api_key']; ?>"<?php echo !empty( $this->placeholder ) ? ' placeholder="' . esc_attr( $this->placeholder ) . '"' : ''; ?> class="regular-text">







212
213	<?php if ( !empty( $this->value['api_key'] ) ) : ?>
214	<span class="status <?php echo $is_active ? 'valid' : 'inactive'; ?>">
215	- <?php echo $status_string; ?>
216	</span>
217
218	<a href="<?php echo esc_url( $url ); ?>" class="button">


208	?>
209
210	<div class="rtb-license-setting" data-id="<?php echo esc_attr( $this->id ); ?>">
211	+
212	+ <input
213	+ name="<?php echo esc_attr( $this->get_input_name().'[api_key]' ); ?>"
214	+ type="text"
215	+ id="<?php echo esc_attr( $this->get_input_name().'[api_key]' ); ?>"
216	+ value="<?php echo esc_attr( $this->value['api_key'] ); ?>"
217	+ <?php echo !empty( $this->placeholder ) ? ' placeholder="' . esc_attr( $this->placeholder ) . '"' : ''; ?>
218	+ class="regular-text">
219
220	<?php if ( !empty( $this->value['api_key'] ) ) : ?>
221	<span class="status <?php echo $is_active ? 'valid' : 'inactive'; ?>">
222	+ <?php echo esc_html( $status_string ); ?>
223	</span>
224
225	<a href="<?php echo esc_url( $url ); ?>" class="button">

includes/Ajax.class.php CHANGED Viewed

	@@ -70,6 +70,10 @@ if ( !class_exists( 'rtbAJAX' ) ) {
70	public function get_reservations() {
71	global $wpdb, $rtb_controller;
72




73	$email = isset($_POST['booking_email']) ? sanitize_email( $_POST['booking_email'] ) : '';
74
75	if ( ! $email ) {
	@@ -89,7 +93,7 @@ if ( !class_exists( 'rtbAJAX' ) ) {
89	$booking_ids = $wpdb->get_results(
90	$wpdb->prepare("
91	SELECT `post_id` FROM `{$wpdb->postmeta}` WHERE `meta_key` = 'rtb' AND `meta_value` LIKE %s",
92	- '%' . ~~sanitize_email(~~ $email ) . '%'
93	)
94	);
95
	@@ -110,7 +114,7 @@ if ( !class_exists( 'rtbAJAX' ) ) {
110	}
111	}
112
113	- if ( ! empty($bookings) ) {
114	wp_send_json_success(
115	array(
116	'bookings' => $bookings
	@@ -134,7 +138,11 @@ if ( !class_exists( 'rtbAJAX' ) ) {
134	* @since 2.1.0
135	*/
136	public function cancel_reservation( $ajax = true ) {
137	- global $rtb_controller;




138
139	$cancelled_redirect = $rtb_controller->settings->get_setting( 'cancelled-redirect-page' );
140
	@@ -219,6 +227,10 @@ if ( !class_exists( 'rtbAJAX' ) ) {
219	public function get_time_slots() {
220	global $rtb_controller;
221




222	$max_reservations_enabled = $rtb_controller->settings->get_setting( 'rtb-enable-max-tables' );
223
224	// proessing request for this date
	@@ -519,7 +531,7 @@ if ( !class_exists( 'rtbAJAX' ) ) {
519	if ( $weekday == $day_of_week ) {
520
521	// Closed all day
522	- if ( $opening['time'] == 'undefined' ) {
523
524	return false;
525	}
	@@ -605,6 +617,10 @@ if ( !class_exists( 'rtbAJAX' ) ) {
605	public function get_available_party_size() {
606	global $rtb_controller;
607




608	$this->location = ! empty( $_POST['location'] ) ? get_term( intval( $_POST['location'] ) ) : false;
609	$this->year = sanitize_text_field( $_POST['year'] );
610	$this->month = sanitize_text_field( $_POST['month'] );
	@@ -706,6 +722,10 @@ if ( !class_exists( 'rtbAJAX' ) ) {
706	public function get_available_tables() {
707	global $rtb_controller;
708




709	$tables = $rtb_controller->settings->get_sorted_tables();
710
711	$this->booking_id = isset( $_POST['booking_id'] ) ? intval( $_POST['booking_id'] ) : 0;


70	public function get_reservations() {
71	global $wpdb, $rtb_controller;
72
73	+ if ( !check_ajax_referer( 'rtb-booking-form', 'nonce' ) ) {
74	+ rtbHelper::bad_nonce_ajax();
75	+ }
76	+
77	$email = isset($_POST['booking_email']) ? sanitize_email( $_POST['booking_email'] ) : '';
78
79	if ( ! $email ) {

93	$booking_ids = $wpdb->get_results(
94	$wpdb->prepare("
95	SELECT `post_id` FROM `{$wpdb->postmeta}` WHERE `meta_key` = 'rtb' AND `meta_value` LIKE %s",
96	+ '%' . $email . '%'
97	)
98	);
99

114	}
115	}
116
117	+ if ( ! empty( $bookings ) ) {
118	wp_send_json_success(
119	array(
120	'bookings' => $bookings

138	* @since 2.1.0
139	*/
140	public function cancel_reservation( $ajax = true ) {
141	+ global $rtb_controller;
142	+
143	+ if ( !check_ajax_referer( 'rtb-booking-form', 'nonce' ) ) {
144	+ rtbHelper::bad_nonce_ajax();
145	+ }
146
147	$cancelled_redirect = $rtb_controller->settings->get_setting( 'cancelled-redirect-page' );
148

227	public function get_time_slots() {
228	global $rtb_controller;
229
230	+ if ( !check_ajax_referer( 'rtb-booking-form', 'nonce' ) ) {
231	+ rtbHelper::bad_nonce_ajax();
232	+ }
233	+
234	$max_reservations_enabled = $rtb_controller->settings->get_setting( 'rtb-enable-max-tables' );
235
236	// proessing request for this date

531	if ( $weekday == $day_of_week ) {
532
533	// Closed all day
534	+ if ( ! isset($opening['time']) \|\| $opening['time'] == 'undefined' ) {
535
536	return false;
537	}

617	public function get_available_party_size() {
618	global $rtb_controller;
619
620	+ if ( !check_ajax_referer( 'rtb-booking-form', 'nonce' ) ) {
621	+ rtbHelper::bad_nonce_ajax();
622	+ }
623	+
624	$this->location = ! empty( $_POST['location'] ) ? get_term( intval( $_POST['location'] ) ) : false;
625	$this->year = sanitize_text_field( $_POST['year'] );
626	$this->month = sanitize_text_field( $_POST['month'] );

722	public function get_available_tables() {
723	global $rtb_controller;
724
725	+ if ( !check_ajax_referer( 'rtb-booking-form', 'nonce' ) ) {
726	+ rtbHelper::bad_nonce_ajax();
727	+ }
728	+
729	$tables = $rtb_controller->settings->get_sorted_tables();
730
731	$this->booking_id = isset( $_POST['booking_id'] ) ? intval( $_POST['booking_id'] ) : 0;

includes/Booking.class.php CHANGED Viewed

	@@ -264,14 +264,18 @@ class rtbBooking {
264	$this->validation_errors = array();
265	/**
266	* Raw, unprocessed value so that it can be used to preselect the form
267	- * field values, eg. table




268	*/
269	- $this->raw_input = $_POST;
270
271	do_action( 'rtb_pre_validate_booking_submission', $this );
272
273	// Date
274	- $date = empty( $_POST['rtb-date'] ) ? false : ~~stripslashes_deep~~( $_POST['rtb-date'] );
275	if ( $date === false ) {
276	$this->validation_errors[] = array(
277	'field' => 'date',
	@@ -281,7 +285,7 @@ class rtbBooking {
281
282	} else {
283	try {
284	- $date = new DateTime( ~~stripslashes_deep~~( $_POST['rtb-date'] ) );
285	} catch ( Exception $e ) {
286	$this->validation_errors[] = array(
287	'field' => 'date',
	@@ -292,7 +296,7 @@ class rtbBooking {
292	}
293
294	// Time
295	- $time = empty( $_POST['rtb-time'] ) ? false : ~~stripslashes_deep~~( $_POST['rtb-time'] );
296	if ( $time === false ) {
297	$this->validation_errors[] = array(
298	'field' => 'time',
	@@ -302,7 +306,7 @@ class rtbBooking {
302
303	} else {
304	try {
305	- $time = new DateTime( ~~stripslashes_deep~~( $_POST['rtb-time'] ) );
306	} catch ( Exception $e ) {
307	$this->validation_errors[] = array(
308	'field' => 'time',
	@@ -472,11 +476,11 @@ class rtbBooking {
472
473	// Save requested date/time values in case they need to be
474	// printed in the form again
475	- $this->request_date = empty( $_POST['rtb-date'] ) ? '' : ~~stripslashes_deep~~( $_POST['rtb-date'] );
476	- $this->request_time = empty( $_POST['rtb-time'] ) ? '' : ~~stripslashes_deep~~( $_POST['rtb-time'] );
477
478	// Name
479	- $this->name = empty( $_POST['rtb-name'] ) ? '' : wp_strip_all_tags( sanitize_text_field( ~~stripslashes_deep(~~ $_POST['rtb-name'] ) ), true ); // @todo should I limit length?
480	if ( empty( $this->name ) ) {
481	$this->validation_errors[] = array(
482	'field' => 'name',
	@@ -515,7 +519,7 @@ class rtbBooking {
515	}
516
517	// Email
518	- $this->email = empty( $_POST['rtb-email'] ) ? '' : ~~sanitize_text_field~~( ~~stripslashes_deep(~~ $_POST['rtb-email'] ) ); // @todo email validation? send notification back to form on bad email address.
519	if ( empty( $this->email ) ) {
520	$this->validation_errors[] = array(
521	'field' => 'email',
	@@ -531,7 +535,7 @@ class rtbBooking {
531	}
532
533	// Phone
534	- $this->phone = empty( $_POST['rtb-phone'] ) ? '' : sanitize_text_field( ~~stripslashes_deep(~~ $_POST['rtb-phone'] ) );
535	$phone_required = $rtb_controller->settings->get_setting( 'require-phone' );
536	if ( $phone_required && empty( $this->phone ) ) {
537	$this->validation_errors[] = array(
	@@ -542,7 +546,7 @@ class rtbBooking {
542	}
543
544	// Table
545	- $table = empty( $_POST['rtb-table'] ) ? array() : explode( ',', sanitize_text_field( ~~stripslashes_deep(~~ $_POST['rtb-table'] ) ) );
546	$this->table = is_array( $table ) ? array_map( 'sanitize_text_field', $table ) : array();
547
548	$table_required = $rtb_controller->settings->get_setting( 'require-table' );
	@@ -606,7 +610,7 @@ class rtbBooking {
606	}
607
608	// Message
609	- $this->message = empty( $_POST['rtb-message'] ) ? '' : ~~nl2br~~( ~~wp_kses_post~~( ~~stripslashes_deep(~~ $_POST['rtb-message'] ) ) );
610
611	// Post Status (define a default post status if none passed)
612	$this->determine_status();
	@@ -1208,7 +1212,7 @@ class rtbBooking {
1208	global $rtb_controller;
1209
1210	if ( !empty( $_POST['rtb-post-status'] ) && array_key_exists( $_POST['rtb-post-status'], $rtb_controller->cpts->booking_statuses ) ) {
1211	- $post_status = sanitize_text_field( ~~stripslashes_deep(~~ $_POST['rtb-post-status'] ) );
1212	} elseif ( $rtb_controller->settings->get_setting( 'require-deposit' ) and ! $payment_made ) {
1213	$post_status = 'payment_pending';
1214	} elseif ( $this->party < $rtb_controller->settings->get_setting( 'auto-confirm-max-party-size' ) ) {


264	$this->validation_errors = array();
265	/**
266	* Raw, unprocessed value so that it can be used to preselect the form
267	+ * field values, eg. table and pass the value with the request. This way,
268	+ * hooked code doesn't have to check $_POST or $_GET for the data and can
269	+ * access everything posted from aw_input.
270	+ *
271	+ * Its name implies the requirement of sanitization explicitly
272	*/
273	+ $this->raw_input =& $_POST;
274
275	do_action( 'rtb_pre_validate_booking_submission', $this );
276
277	// Date
278	+ $date = empty( $_POST['rtb-date'] ) ? false : sanitize_text_field( $_POST['rtb-date'] );
279	if ( $date === false ) {
280	$this->validation_errors[] = array(
281	'field' => 'date',

285
286	} else {
287	try {
288	+ $date = new DateTime( sanitize_text_field( $_POST['rtb-date'] ) );
289	} catch ( Exception $e ) {
290	$this->validation_errors[] = array(
291	'field' => 'date',

296	}
297
298	// Time
299	+ $time = empty( $_POST['rtb-time'] ) ? false : sanitize_text_field( $_POST['rtb-time'] );
300	if ( $time === false ) {
301	$this->validation_errors[] = array(
302	'field' => 'time',

306
307	} else {
308	try {
309	+ $time = new DateTime( sanitize_text_field( $_POST['rtb-time'] ) );
310	} catch ( Exception $e ) {
311	$this->validation_errors[] = array(
312	'field' => 'time',

476
477	// Save requested date/time values in case they need to be
478	// printed in the form again
479	+ $this->request_date = empty( $_POST['rtb-date'] ) ? '' : sanitize_text_field( $_POST['rtb-date'] );
480	+ $this->request_time = empty( $_POST['rtb-time'] ) ? '' : sanitize_text_field( $_POST['rtb-time'] );
481
482	// Name
483	+ $this->name = empty( $_POST['rtb-name'] ) ? '' : wp_strip_all_tags( sanitize_text_field( $_POST['rtb-name'] ), true ); // @todo should I limit length?
484	if ( empty( $this->name ) ) {
485	$this->validation_errors[] = array(
486	'field' => 'name',

519	}
520
521	// Email
522	+ $this->email = empty( $_POST['rtb-email'] ) ? '' : sanitize_email( $_POST['rtb-email'] ); // @todo email validation? send notification back to form on bad email address.
523	if ( empty( $this->email ) ) {
524	$this->validation_errors[] = array(
525	'field' => 'email',

535	}
536
537	// Phone
538	+ $this->phone = empty( $_POST['rtb-phone'] ) ? '' : sanitize_text_field( $_POST['rtb-phone'] );
539	$phone_required = $rtb_controller->settings->get_setting( 'require-phone' );
540	if ( $phone_required && empty( $this->phone ) ) {
541	$this->validation_errors[] = array(

546	}
547
548	// Table
549	+ $table = empty( $_POST['rtb-table'] ) ? array() : explode( ',', sanitize_text_field( $_POST['rtb-table'] ) );
550	$this->table = is_array( $table ) ? array_map( 'sanitize_text_field', $table ) : array();
551
552	$table_required = $rtb_controller->settings->get_setting( 'require-table' );

610	}
611
612	// Message
613	+ $this->message = empty( $_POST['rtb-message'] ) ? '' : sanitize_text_field( nl2br( $_POST['rtb-message'] ) );
614
615	// Post Status (define a default post status if none passed)
616	$this->determine_status();

1212	global $rtb_controller;
1213
1214	if ( !empty( $_POST['rtb-post-status'] ) && array_key_exists( $_POST['rtb-post-status'], $rtb_controller->cpts->booking_statuses ) ) {
1215	+ $post_status = sanitize_text_field( $_POST['rtb-post-status'] );
1216	} elseif ( $rtb_controller->settings->get_setting( 'require-deposit' ) and ! $payment_made ) {
1217	$post_status = 'payment_pending';
1218	} elseif ( $this->party < $rtb_controller->settings->get_setting( 'auto-confirm-max-party-size' ) ) {

includes/Dashboard.class.php CHANGED Viewed

	@@ -15,7 +15,7 @@ class rtbDashboard {
15	public function __construct() {
16	add_action( 'admin_menu', array( $this, 'add_dashboard_to_menu' ), 99 );
17
18	- add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_scripts' ) );
19
20	add_action( 'wp_ajax_rtb_hide_upgrade_box', array($this, 'hide_upgrade_box') );
21	add_action( 'wp_ajax_rtb_display_upgrade_box', array($this, 'display_upgrade_box') );
	@@ -360,18 +360,26 @@ class rtbDashboard {
360
361	public function display_notice() {
362	if ( $this->status ) {
363	- echo "<div class='updated'><p>" . $this->message . "</p></div>";
364	}
365	else {
366	- echo "<div class='error'><p>" . $this->message . "</p></div>";
367	}
368	}
369
370	public function hide_upgrade_box() {




371	update_option( 'rtb-hide-upgrade-box', true );
372	}
373
374	public function display_upgrade_box() {




375	update_option( 'rtb-hide-upgrade-box', false );
376	}
377	}


15	public function __construct() {
16	add_action( 'admin_menu', array( $this, 'add_dashboard_to_menu' ), 99 );
17
18	+ // add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_scripts' ) );
19
20	add_action( 'wp_ajax_rtb_hide_upgrade_box', array($this, 'hide_upgrade_box') );
21	add_action( 'wp_ajax_rtb_display_upgrade_box', array($this, 'display_upgrade_box') );

360
361	public function display_notice() {
362	if ( $this->status ) {
363	+ echo "<div class='updated'><p>" . esc_textarea( $this->message ) . "</p></div>";
364	}
365	else {
366	+ echo "<div class='error'><p>" . esc_textarea( $this->message ) . "</p></div>";
367	}
368	}
369
370	public function hide_upgrade_box() {
371	+ if ( !check_ajax_referer( 'rtb-admin', 'nonce' ) ) {
372	+ rtbHelper::admin_nopriv_ajax();
373	+ }
374	+
375	update_option( 'rtb-hide-upgrade-box', true );
376	}
377
378	public function display_upgrade_box() {
379	+ if ( !check_ajax_referer( 'rtb-admin', 'nonce' ) ) {
380	+ rtbHelper::admin_nopriv_ajax();
381	+ }
382	+
383	update_option( 'rtb-hide-upgrade-box', false );
384	}
385	}

includes/Helper.class.php ADDED Viewed

	@@ -0,0 +1,78 @@


1	+ <?php
2	+ if ( !defined( 'ABSPATH' ) ) exit;
3	+
4	+ if ( !class_exists( 'rtbHelper' ) ) {
5	+ /**
6	+ * Class to to provide helpe functions
7	+ *
8	+ * @since 1.3
9	+ */
10	+ class rtbHelper {
11	+
12	+ // Hold the class instance.
13	+ private static $instance = null;
14	+
15	+ /**
16	+ * The constructor is private
17	+ * to prevent initiation with outer code.
18	+ *
19	+ **/
20	+ private function __construct() {}
21	+
22	+ /**
23	+ * The object is created from within the class itself
24	+ * only if the class has no instance.
25	+ */
26	+ public static function getInstance()
27	+ {
28	+ if (self::$instance == null)
29	+ {
30	+ self::$instance = new rtbHelper();
31	+ }
32	+
33	+ return self::$instance;
34	+ }
35	+
36	+ /**
37	+ * Handle ajax requests from the admin bookings area from logged out users
38	+ * @since 2.5
39	+ */
40	+ public static function admin_nopriv_ajax() {
41	+
42	+ wp_send_json_error(
43	+ array(
44	+ 'error' => 'loggedout',
45	+ 'msg' => sprintf( __( 'You have been logged out. Please %slogin again%s.', 'restaurant-reservations' ), '<a href="' . wp_login_url( admin_url( 'admin.php?page=rtb-dashboard' ) ) . '">', '</a>' ),
46	+ )
47	+ );
48	+ }
49	+
50	+ public static function bad_nonce_ajax()
51	+ {
52	+ wp_send_json_error(
53	+ array(
54	+ 'error' => 'badnonce',
55	+ 'msg' => __( 'The request has been rejected because it does not appear to have come from this site.', 'restaurant-reservations' ),
56	+ )
57	+ );
58	+ }
59	+
60	+ /**
61	+ * sanitize_text_field for array's each value, recusivly
62	+ * @since 2.5
63	+ */
64	+ public static function sanitize_text_field_recursive( $input )
65	+ {
66	+ if ( is_array( $input ) \|\| is_object( $input ) ) {
67	+ foreach ( $input as $key => $value ) {
68	+ $input[ sanitize_key( $key ) ] = self::sanitize_text_field_recursive( $value );
69	+ }
70	+
71	+ return $input;
72	+ }
73	+
74	+ return sanitize_text_field( $input );
75	+ }
76	+ }
77	+
78	+ }

includes/InstallationWalkthrough.class.php CHANGED Viewed

	@@ -16,9 +16,12 @@ class rtbInstallationWalkthrough {
16
17	add_action( 'admin_head', array( $this, 'admin_enqueue') );
18
19	- add_action( '~~wp_ajax_rtb_welcome_add_menu_page~~', array( ~~$this~~, '~~add_reservations_page~~' ) );
20	- add_action( '~~wp_ajax_rtb_welcome_set_schedule~~', array( $this, '~~set_schedule~~' ) );
21	- add_action( '~~wp_ajax_rtb_welcome_set_options~~', array( ~~$this~~, '~~set_options~~' ) );



22	}
23
24	public function redirect() {
	@@ -56,8 +59,9 @@ class rtbInstallationWalkthrough {
56
57	public function add_reservations_page() {
58
59	- ~~if(~~ ! ~~current_user_can( 'manage_options' ) ) {~~
60	- ~~exit~~();

61	}
62
63	$reservations_page = wp_insert_post(array(
	@@ -78,26 +82,14 @@ class rtbInstallationWalkthrough {
78
79	public function set_schedule() {
80
81	- ~~if(~~ ! ~~current_user_can( 'manage_options' ) ) {~~
82	- ~~exit~~();

83	}
84
85	$rtb_options = get_option( 'rtb-settings' );
86	- $rtb_options['schedule-open'] = json_decode( stripslashes( $_POST['schedule_open'] ), true );
87
88	- $~~sanitize_recursive~~ = ~~function~~( $~~val~~ ) ~~use ( &$sanitize_recursive ) {~~
89	- if ( is_array( $val ) \|\| is_object( $val ) ) {
90	- foreach ( $val as $key => $value ) {
91	- $val[ sanitize_key( $key ) ] = $sanitize_recursive( $value );
92	- }
93	-
94	- return $val;
95	- }
96	-
97	- return sanitize_text_field( $val );
98	- };
99	-
100	- $rtb_options['schedule-open'] = $sanitize_recursive( $rtb_options['schedule-open'] );
101
102	update_option( 'rtb-settings', $rtb_options );
103
	@@ -106,8 +98,9 @@ class rtbInstallationWalkthrough {
106
107	public function set_options() {
108
109	- ~~if(~~ ! ~~current_user_can( 'manage_options' ) ) {~~
110	- ~~exit~~();

111	}
112
113	$rtb_options = get_option( 'rtb-settings' );
	@@ -132,6 +125,14 @@ class rtbInstallationWalkthrough {
132	wp_enqueue_style( 'pickadate-time', RTB_PLUGIN_URL . '/lib/simple-admin-pages/lib/pickadate/themes/default.time.css', array(), RTB_VERSION );
133
134	wp_enqueue_script( 'rtb-getting-started', RTB_PLUGIN_URL . '/assets/js/admin-rtb-welcome-screen.js', array('jquery'), RTB_VERSION );








135	wp_enqueue_script( 'pickadate', RTB_PLUGIN_URL . '/lib/simple-admin-pages/lib/pickadate/picker.js', array('jquery'), RTB_VERSION, true );
136	wp_enqueue_script( 'pickadate-date', RTB_PLUGIN_URL . '/lib/simple-admin-pages/lib/pickadate/picker.date.js', array('jquery'), RTB_VERSION, true );
137	wp_enqueue_script( 'pickadate-time', RTB_PLUGIN_URL . '/lib/simple-admin-pages/lib/pickadate/picker.time.js', array('jquery'), RTB_VERSION, true );
	@@ -277,7 +278,7 @@ class rtbInstallationWalkthrough {
277	<div class='rtb-welcome-screen-option'>
278	<label><?php _e('Time Interval:', 'restaurant-reservations'); ?></label>
279	<select name='time-interval'>
280	- <option><?php _e('Every 30 minutes', 'restaurant-reservations' ); ?></option>
281	<option value='15'><?php _e('Every 15 minutes', 'restaurant-reservations' ); ?></option>
282	<option value='10'><?php _e('Every 10 minutes', 'restaurant-reservations' ); ?></option>
283	<option value='5'><?php _e('Every 5 minutes', 'restaurant-reservations' ); ?></option>


16
17	add_action( 'admin_head', array( $this, 'admin_enqueue') );
18
19	+ add_action( 'wp_ajax_nopriv_rtb-welcome-add-menu-page' , array( 'rtbHelper' , 'admin_nopriv_ajax' ) );
20	+ add_action( 'wp_ajax_rtb-welcome-add-menu-page', array( $this, 'add_reservations_page' ) );
21	+ add_action( 'wp_ajax_nopriv_rtb-welcome-set-schedule' , array( 'rtbHelper' , 'admin_nopriv_ajax' ) );
22	+ add_action( 'wp_ajax_rtb-welcome-set-schedule', array( $this, 'set_schedule' ) );
23	+ add_action( 'wp_ajax_nopriv_rtb-welcome-set-options' , array( 'rtbHelper' , 'admin_nopriv_ajax' ) );
24	+ add_action( 'wp_ajax_rtb-welcome-set-options', array( $this, 'set_options' ) );
25	}
26
27	public function redirect() {

59
60	public function add_reservations_page() {
61
62	+ // Authenticate request
63	+ if ( !check_ajax_referer( 'rtb-getting-started', 'nonce' ) \|\| !current_user_can( 'manage_bookings' ) ) {
64	+ rtbHelper::admin_nopriv_ajax();
65	}
66
67	$reservations_page = wp_insert_post(array(

82
83	public function set_schedule() {
84
85	+ // Authenticate request
86	+ if ( !check_ajax_referer( 'rtb-getting-started', 'nonce' ) \|\| !current_user_can( 'manage_bookings' ) ) {
87	+ rtbHelper::admin_nopriv_ajax();
88	}
89
90	$rtb_options = get_option( 'rtb-settings' );

91
92	+ $rtb_options['schedule-open'] = rtbHelper::sanitize_text_field_recursive( $_POST['schedule_open'] );












93
94	update_option( 'rtb-settings', $rtb_options );
95

98
99	public function set_options() {
100
101	+ // Authenticate request
102	+ if ( !check_ajax_referer( 'rtb-getting-started', 'nonce' ) \|\| !current_user_can( 'manage_bookings' ) ) {
103	+ rtbHelper::admin_nopriv_ajax();
104	}
105
106	$rtb_options = get_option( 'rtb-settings' );

125	wp_enqueue_style( 'pickadate-time', RTB_PLUGIN_URL . '/lib/simple-admin-pages/lib/pickadate/themes/default.time.css', array(), RTB_VERSION );
126
127	wp_enqueue_script( 'rtb-getting-started', RTB_PLUGIN_URL . '/assets/js/admin-rtb-welcome-screen.js', array('jquery'), RTB_VERSION );
128	+ wp_localize_script(
129	+ 'rtb-getting-started',
130	+ 'rtb_getting_started',
131	+ array(
132	+ 'nonce' => wp_create_nonce( 'rtb-getting-started' )
133	+ )
134	+ );
135	+
136	wp_enqueue_script( 'pickadate', RTB_PLUGIN_URL . '/lib/simple-admin-pages/lib/pickadate/picker.js', array('jquery'), RTB_VERSION, true );
137	wp_enqueue_script( 'pickadate-date', RTB_PLUGIN_URL . '/lib/simple-admin-pages/lib/pickadate/picker.date.js', array('jquery'), RTB_VERSION, true );
138	wp_enqueue_script( 'pickadate-time', RTB_PLUGIN_URL . '/lib/simple-admin-pages/lib/pickadate/picker.time.js', array('jquery'), RTB_VERSION, true );

278	<div class='rtb-welcome-screen-option'>
279	<label><?php _e('Time Interval:', 'restaurant-reservations'); ?></label>
280	<select name='time-interval'>
281	+ <option value='30'><?php _e('Every 30 minutes', 'restaurant-reservations' ); ?></option>
282	<option value='15'><?php _e('Every 15 minutes', 'restaurant-reservations' ); ?></option>
283	<option value='10'><?php _e('Every 10 minutes', 'restaurant-reservations' ); ?></option>
284	<option value='5'><?php _e('Every 5 minutes', 'restaurant-reservations' ); ?></option>

includes/Licenses.class.php CHANGED Viewed

	@@ -215,7 +215,7 @@ class rtbLicenses {
215	?>
216
217	<div class="error">
218	- <p><?php echo $msg; ?></p>
219	</div>
220
221	<?php


215	?>
216
217	<div class="error">
218	+ <p><?php echo esc_html( $msg ); ?></p>
219	</div>
220
221	<?php

includes/MailChimp.class.php CHANGED Viewed

	@@ -35,11 +35,11 @@ class mcfrtbInit {
35	add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_admin_assets' ) );
36
37	// Receive ajax calls for mailchimp lists
38	- add_action( 'wp_ajax_nopriv_mcfrtb-get-lists' , array( ~~$this~~ , '~~ajax_nopriv_get_lists~~' ) );
39	add_action( 'wp_ajax_mcfrtb-get-lists', array( $this, 'ajax_get_lists' ) );
40
41	// Receive ajax calls for merge fields
42	- add_action( 'wp_ajax_nopriv_mcfrtb-load-merge-fields' , array( ~~$this~~ , '~~ajax_nopriv_load_merge_fields~~' ) );
43	add_action( 'wp_ajax_mcfrtb-load-merge-fields', array( $this, 'ajax_load_merge_fields' ) );
44
45
	@@ -168,32 +168,14 @@ class mcfrtbInit {
168	}
169	}
170
171	-
172	- /**
173	- * Handle ajax request for lists from logged out user
174	- */
175	- public function ajax_nopriv_get_lists() {
176	-
177	- wp_send_json_error(
178	- array(
179	- 'error' => 'loggedout',
180	- 'msg' => __( 'You have been logged out. Please login again to retrieve the mailing lists.', 'restaurant-reservations' ),
181	- )
182	- );
183	- }
184	-
185	/**
186	* Handle ajax request for lists
187	*/
188	public function ajax_get_lists() {
189
190	- if ( ~~!check_ajax_referer( 'rtb-admin-mc', 'nonce' ) \|\| !current_user_can( 'manage_options' )) {~~
191	- ~~wp_send_json_error~~(
192	- ~~array~~(
193	- 'error' => 'nopriv',
194	- 'msg' => __( 'You do not have permission to retrieve the mailing lists. Please login to an administrator account if you have one.', 'restaurant-reservations' ),
195	- )
196	- );
197	}
198
199	$this->load_api( $this->api_key );
	@@ -201,31 +183,14 @@ class mcfrtbInit {
201	$this->api_call( '/lists' )->send_json_response();
202	}
203
204	- /**
205	- * Handle ajax request for list merge fields from logged out user
206	- */
207	- public function ajax_nopriv_load_merge_fields() {
208	-
209	- wp_send_json_error(
210	- array(
211	- 'error' => 'loggedout',
212	- 'msg' => __( 'You have been logged out. Please login again to retrieve the merge fields for this list.', 'restaurant-reservations' ),
213	- )
214	- );
215	- }
216	-
217	/**
218	* Handle ajax request for list merge fields
219	*/
220	public function ajax_load_merge_fields() {
221
222	- if ( ~~!check_ajax_referer( 'rtb-admin-mc', 'nonce' ) \|\| !current_user_can( 'manage_options' ) \|\| empty( $_POST['list'] ) ) {~~
223	- ~~wp_send_json_error~~(
224	- ~~array~~(
225	- 'error' => 'nopriv',
226	- 'msg' => __( 'You do not have permission to modify the merge field settings. Please login to an administrator account if you have one.', 'restaurant-reservations' ),
227	- )
228	- );
229	}
230
231	$this->load_api( $this->api_key );


35	add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_admin_assets' ) );
36
37	// Receive ajax calls for mailchimp lists
38	+ add_action( 'wp_ajax_nopriv_mcfrtb-get-lists' , array( 'rtbHelper' , 'admin_nopriv_ajax' ) );
39	add_action( 'wp_ajax_mcfrtb-get-lists', array( $this, 'ajax_get_lists' ) );
40
41	// Receive ajax calls for merge fields
42	+ add_action( 'wp_ajax_nopriv_mcfrtb-load-merge-fields' , array( 'rtbHelper' , 'admin_nopriv_ajax' ) );
43	add_action( 'wp_ajax_mcfrtb-load-merge-fields', array( $this, 'ajax_load_merge_fields' ) );
44
45

168	}
169	}
170














171	/**
172	* Handle ajax request for lists
173	*/
174	public function ajax_get_lists() {
175
176	+ // Authenticate request
177	+ if ( !check_ajax_referer( 'rtb-admin-mc', 'nonce' ) \|\| !current_user_can( 'manage_bookings' ) ) {
178	+ rtbHelper::admin_nopriv_ajax();




179	}
180
181	$this->load_api( $this->api_key );

183	$this->api_call( '/lists' )->send_json_response();
184	}
185













186	/**
187	* Handle ajax request for list merge fields
188	*/
189	public function ajax_load_merge_fields() {
190
191	+ // Authenticate request
192	+ if ( !check_ajax_referer( 'rtb-admin-mc', 'nonce' ) \|\| !current_user_can( 'manage_bookings' ) \|\| empty( $_POST['list'] ) ) {
193	+ rtbHelper::admin_nopriv_ajax();




194	}
195
196	$this->load_api( $this->api_key );

includes/PaymentGatewayPayPal.class.php CHANGED Viewed

	@@ -162,8 +162,8 @@ class rtbPaymentGatewayPayPal implements rtbPaymentGateway {
162
163	if (strcmp ($res, "VERIFIED") == 0) {
164
165	- $paypal_receipt_number = $_POST['txn_id'];
166	- $payment_amount = $_POST['mc_gross'];
167
168	parse_str($_POST['custom'], $custom_vars);
169	$booking_id = intval( $custom_vars['booking_id'] );
	@@ -175,8 +175,8 @@ class rtbPaymentGatewayPayPal implements rtbPaymentGateway {
175
176	if ( ! $booking ) { return; }
177
178	- $booking->deposit = ~~sanitize_text_field(~~ $payment_amount );
179	- $booking->receipt_id = ~~sanitize_text_field(~~ $paypal_receipt_number );
180
181	$booking->payment_paid();
182	}


162
163	if (strcmp ($res, "VERIFIED") == 0) {
164
165	+ $paypal_receipt_number = sanitize_text_field( $_POST['txn_id'] );
166	+ $payment_amount = sanitize_text_field( $_POST['mc_gross'] );
167
168	parse_str($_POST['custom'], $custom_vars);
169	$booking_id = intval( $custom_vars['booking_id'] );

175
176	if ( ! $booking ) { return; }
177
178	+ $booking->deposit = $payment_amount;
179	+ $booking->receipt_id = $paypal_receipt_number;
180
181	$booking->payment_paid();
182	}

includes/Query.class.php CHANGED Viewed

	@@ -169,11 +169,11 @@ class rtbQuery {
169	$args = array();
170
171	if ( !empty( $_REQUEST['paged'] ) ) {
172	- $args['paged'] = (~~int)~~ $_REQUEST['paged'];
173	}
174
175	if ( !empty( $_REQUEST['posts_per_page'] ) ) {
176	- $args['posts_per_page'] = (~~int)~~ $_REQUEST['posts_per_page'];
177	}
178
179	if ( !empty( $_REQUEST['status'] ) ) {
	@@ -189,12 +189,16 @@ class rtbQuery {
189
190	if ( !empty( $_REQUEST['orderby'] ) ) {
191	$args['orderby'] = sanitize_key( $_REQUEST['orderby'] );
192	- if ( $args['orderby'] === 'id' ) { ~~$args['orderby'] = 'ID'; }~~
193	- ~~if (~~ $args['orderby'] ~~===~~ '~~status~~' ~~) { add_filter( 'posts_orderby', array( $this, 'orderby_status' ) )~~; }




194	}
195
196	if ( !empty( $_REQUEST['order'] ) && $_REQUEST['order'] === 'desc' ) {
197	- $args['order'] = $_REQUEST['order'];
198	}
199
200	if ( !empty( $_REQUEST['date_range'] ) ) {


169	$args = array();
170
171	if ( !empty( $_REQUEST['paged'] ) ) {
172	+ $args['paged'] = absint( $_REQUEST['paged'] );
173	}
174
175	if ( !empty( $_REQUEST['posts_per_page'] ) ) {
176	+ $args['posts_per_page'] = absint( $_REQUEST['posts_per_page'] );
177	}
178
179	if ( !empty( $_REQUEST['status'] ) ) {

189
190	if ( !empty( $_REQUEST['orderby'] ) ) {
191	$args['orderby'] = sanitize_key( $_REQUEST['orderby'] );
192	+ if ( $args['orderby'] === 'id' ) {
193	+ $args['orderby'] = 'ID';
194	+ }
195	+ if ( $args['orderby'] === 'status' ) {
196	+ add_filter( 'posts_orderby', array( $this, 'orderby_status' ) );
197	+ }
198	}
199
200	if ( !empty( $_REQUEST['order'] ) && $_REQUEST['order'] === 'desc' ) {
201	+ $args['order'] = sanitize_text_field( $_REQUEST['order'] );
202	}
203
204	if ( !empty( $_REQUEST['date_range'] ) ) {

includes/ReviewAsk.class.php CHANGED Viewed

	@@ -12,8 +12,12 @@ class rtbReviewAsk {
12	public function __construct() {
13	add_action( 'admin_notices', array( $this, 'maybe_add_review_ask' ) );
14
15	- ~~add_action( 'wp_ajax_rtb_hide_review_ask', array( $this, 'hide_review_ask' ) );~~
16	- add_action( '~~wp_ajax_rtb_send_feedback~~', array( ~~$this~~, '~~send_feedback~~' ) );




17
18	add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_review_ask_scripts') );
19	}
	@@ -70,28 +74,47 @@ class rtbReviewAsk {
70	public function enqueue_review_ask_scripts() {
71	wp_enqueue_style( 'rtb-review-ask-css', RTB_PLUGIN_URL . '/assets/css/dashboard-review-ask.css' );
72	wp_enqueue_script( 'rtb-review-ask-js', RTB_PLUGIN_URL . '/assets/js/dashboard-review-ask.js', array( 'jquery' ), RTB_VERSION, true );







73	}
74
75	public function hide_review_ask() {
76
77	- ~~$ask_review_time~~ = ~~sanitize_text_field($_POST['ask_review_time']);~~





78
79	- if ( get_option( 'rtb-review-ask-time' ) < time() + 360024 $ask_review_time ) {
80	- update_option( 'rtb-review-ask-time', time() + 360024 $ask_review_time );
81	- }
82
83	- die();
84	}
85
86	public function send_feedback() {






87	$headers = 'Content-type: text/html;charset=utf-8' . "\r\n";
88	- ~~$feedback = sanitize_text_field($_POST['feedback']);~~
89	- $feedback .= '~~<br~~ ~~/><br />Email Address: '~~;
90	- $feedback .= ~~sanitize_text_field($_POST[~~'~~email_address~~']);

91
92	- wp_mail('contact@fivestarplugins.com', 'RTB Feedback - Dashboard Form', $feedback, $headers);
93
94	- die();
95	}
96	}
97


12	public function __construct() {
13	add_action( 'admin_notices', array( $this, 'maybe_add_review_ask' ) );
14
15	+
16	+ add_action( 'wp_ajax_nopriv_rtb-hide-review-ask' , array( 'rtbHelper' , 'admin_nopriv_ajax' ) );
17	+ add_action( 'wp_ajax_rtb-hide-review-ask', array( $this, 'hide_review_ask' ) );
18	+
19	+ add_action( 'wp_ajax_nopriv_rtb-send-feedback' , array( 'rtbHelper' , 'admin_nopriv_ajax' ) );
20	+ add_action( 'wp_ajax_rtb-send-feedback', array( $this, 'send_feedback' ) );
21
22	add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_review_ask_scripts') );
23	}

74	public function enqueue_review_ask_scripts() {
75	wp_enqueue_style( 'rtb-review-ask-css', RTB_PLUGIN_URL . '/assets/css/dashboard-review-ask.css' );
76	wp_enqueue_script( 'rtb-review-ask-js', RTB_PLUGIN_URL . '/assets/js/dashboard-review-ask.js', array( 'jquery' ), RTB_VERSION, true );
77	+ wp_localize_script(
78	+ 'rtb-review-ask-js',
79	+ 'rtb_review_ask',
80	+ array(
81	+ 'nonce' => wp_create_nonce( 'rtb-review-ask' )
82	+ )
83	+ );
84	}
85
86	public function hide_review_ask() {
87
88	+ // Authenticate request
89	+ if ( !check_ajax_referer( 'rtb-review-ask', 'nonce' ) \|\| !current_user_can( 'manage_bookings' ) ) {
90	+ rtbHelper::admin_nopriv_ajax();
91	+ }
92	+
93	+ $ask_review_time = sanitize_text_field( $_POST['ask_review_time'] );
94
95	+ if ( get_option( 'rtb-review-ask-time' ) < time() + 360024 $ask_review_time ) {
96	+ update_option( 'rtb-review-ask-time', time() + 360024 $ask_review_time );
97	+ }
98
99	+ die();
100	}
101
102	public function send_feedback() {
103	+
104	+ // Authenticate request
105	+ if ( !check_ajax_referer( 'rtb-review-ask', 'nonce' ) \|\| !current_user_can( 'manage_bookings' ) ) {
106	+ rtbHelper::admin_nopriv_ajax();
107	+ }
108	+
109	$headers = 'Content-type: text/html;charset=utf-8' . "\r\n";
110	+
111	+ $feedback = sanitize_text_field( $_POST['feedback'] );
112	+ $feedback .= '<br /><br />Email Address: ';
113	+ $feedback .= sanitize_text_field( $_POST['email_address'] );
114
115	+ wp_mail( 'contact@fivestarplugins.com', 'RTB Feedback - Dashboard Form', $feedback, $headers );
116
117	+ die();
118	}
119	}
120

includes/Settings.class.php CHANGED Viewed

	@@ -372,7 +372,7 @@ class rtbSettings {
372	if ( ! $rtb_controller->permissions->check_permission('premium_view_bookings') ) {
373	$this->premium_permissions['view_bookings'] = array(
374	'disabled' => true,
375	- 'disabled_image' => '~~https://www.etoilewebdesign.com/wp-content/uploads/2018/06/Logo-White-Filled40-px.png~~',
376	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/'
377	);
378	}
	@@ -381,7 +381,7 @@ class rtbSettings {
381	if ( ! $rtb_controller->permissions->check_permission('mailchimp') ) {
382	$this->premium_permissions['mailchimp'] = array(
383	'disabled' => true,
384	- 'disabled_image' => '~~https://www.etoilewebdesign.com/wp-content/uploads/2018/06/Logo-White-Filled40-px.png~~',
385	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/'
386	);
387	}
	@@ -390,7 +390,7 @@ class rtbSettings {
390	if ( ! $rtb_controller->permissions->check_permission('premium_seat_restrictions') ) {
391	$this->premium_permissions['seat_restrictions'] = array(
392	'disabled' => true,
393	- 'disabled_image' => '~~https://www.etoilewebdesign.com/wp-content/uploads/2018/06/Logo-White-Filled40-px.png~~',
394	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/'
395	);
396	}
	@@ -399,7 +399,7 @@ class rtbSettings {
399	if ( ! $rtb_controller->permissions->check_permission('premium_table_restrictions') ) {
400	$this->premium_permissions['table_restrictions'] = array(
401	'disabled' => true,
402	- 'disabled_image' => '~~https://www.etoilewebdesign.com/wp-content/uploads/2018/06/Logo-White-Filled40-px.png~~',
403	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/',
404	'ultimate_needed' => 'Yes'
405	);
	@@ -409,7 +409,7 @@ class rtbSettings {
409	if ( ! $rtb_controller->permissions->check_permission('designer') ) {
410	$this->premium_permissions['designer'] = array(
411	'disabled' => true,
412	- 'disabled_image' => '~~https://www.etoilewebdesign.com/wp-content/uploads/2018/06/Logo-White-Filled40-px.png~~',
413	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/'
414	);
415	}
	@@ -418,7 +418,7 @@ class rtbSettings {
418	if ( ! $rtb_controller->permissions->check_permission('reminders') ) {
419	$this->premium_permissions['reminders'] = array(
420	'disabled' => true,
421	- 'disabled_image' => '~~https://www.etoilewebdesign.com/wp-content/uploads/2018/06/Logo-White-Filled40-px.png~~',
422	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/',
423	'ultimate_needed' => 'Yes'
424	);
	@@ -428,7 +428,7 @@ class rtbSettings {
428	if ( ! $rtb_controller->permissions->check_permission('payments') ) {
429	$this->premium_permissions['payments'] = array(
430	'disabled' => true,
431	- 'disabled_image'=> '~~https://www.etoilewebdesign.com/wp-content/uploads/2018/06/Logo-White-Filled40-px.png~~',
432	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/'
433	);
434	}
	@@ -437,7 +437,7 @@ class rtbSettings {
437	if ( ! $rtb_controller->permissions->check_permission('export') ) {
438	$this->premium_permissions['export'] = array(
439	'disabled' => true,
440	- 'disabled_image'=> '~~https://www.etoilewebdesign.com/wp-content/uploads/2018/06/Logo-White-Filled40-px.png~~',
441	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/'
442	);
443	}
	@@ -446,7 +446,7 @@ class rtbSettings {
446	if ( ! $rtb_controller->permissions->check_permission('styling') ) {
447	$this->premium_permissions['styling'] = array(
448	'disabled' => true,
449	- 'disabled_image'=> '~~https://www.etoilewebdesign.com/wp-content/uploads/2018/06/Logo-White-Filled40-px.png~~',
450	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/'
451	);
452	}


372	if ( ! $rtb_controller->permissions->check_permission('premium_view_bookings') ) {
373	$this->premium_permissions['view_bookings'] = array(
374	'disabled' => true,
375	+ 'disabled_image' => '#',
376	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/'
377	);
378	}

381	if ( ! $rtb_controller->permissions->check_permission('mailchimp') ) {
382	$this->premium_permissions['mailchimp'] = array(
383	'disabled' => true,
384	+ 'disabled_image' => '#',
385	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/'
386	);
387	}

390	if ( ! $rtb_controller->permissions->check_permission('premium_seat_restrictions') ) {
391	$this->premium_permissions['seat_restrictions'] = array(
392	'disabled' => true,
393	+ 'disabled_image' => '#',
394	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/'
395	);
396	}

399	if ( ! $rtb_controller->permissions->check_permission('premium_table_restrictions') ) {
400	$this->premium_permissions['table_restrictions'] = array(
401	'disabled' => true,
402	+ 'disabled_image' => '#',
403	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/',
404	'ultimate_needed' => 'Yes'
405	);

409	if ( ! $rtb_controller->permissions->check_permission('designer') ) {
410	$this->premium_permissions['designer'] = array(
411	'disabled' => true,
412	+ 'disabled_image' => '#',
413	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/'
414	);
415	}

418	if ( ! $rtb_controller->permissions->check_permission('reminders') ) {
419	$this->premium_permissions['reminders'] = array(
420	'disabled' => true,
421	+ 'disabled_image' => '#',
422	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/',
423	'ultimate_needed' => 'Yes'
424	);

428	if ( ! $rtb_controller->permissions->check_permission('payments') ) {
429	$this->premium_permissions['payments'] = array(
430	'disabled' => true,
431	+ 'disabled_image'=> '#',
432	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/'
433	);
434	}

437	if ( ! $rtb_controller->permissions->check_permission('export') ) {
438	$this->premium_permissions['export'] = array(
439	'disabled' => true,
440	+ 'disabled_image'=> '#',
441	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/'
442	);
443	}

446	if ( ! $rtb_controller->permissions->check_permission('styling') ) {
447	$this->premium_permissions['styling'] = array(
448	'disabled' => true,
449	+ 'disabled_image'=> '#',
450	'purchase_link' => 'https://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/'
451	);
452	}

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: FiveStarPlugins
3	Requires at Least: 4.4
4	Tested Up To: 5.8
5	Tags: reservation, reservations, restaurant reservations, reservation form, restaurant booking, restaurant reservation form, restaurant booking form, restaurant booking system, reservation system, online reservations, online restaurant booking, dinner reservations, restaurant form, gutenberg reservations, gutenberg restaurant reservations, gutenberg restaurant booking, mobile reservations, responsive reservations, table reservations, open table, book table, reserve table, easy reservations, simple reservations, quick restaurant reservations, custom reservation form, custom restaurant reservations
6	- Stable tag: 2.4.6
7	License: GPLv3
8	License URI:http://www.gnu.org/licenses/gpl-3.0.html
9	Donate Link: https://www.etoilewebdesign.com/plugin-donations/
	@@ -197,6 +197,12 @@ Find answers to even more questions in the [FAQ](http://doc.fivestarplugins.com/
197
198	== Changelog ==
199






200	= 2.4.6 (2021-12-09) =
201	- Added capability check for AJAX calls.
202	- Added recursive sanitization for JSON input.


3	Requires at Least: 4.4
4	Tested Up To: 5.8
5	Tags: reservation, reservations, restaurant reservations, reservation form, restaurant booking, restaurant reservation form, restaurant booking form, restaurant booking system, reservation system, online reservations, online restaurant booking, dinner reservations, restaurant form, gutenberg reservations, gutenberg restaurant reservations, gutenberg restaurant booking, mobile reservations, responsive reservations, table reservations, open table, book table, reserve table, easy reservations, simple reservations, quick restaurant reservations, custom reservation form, custom restaurant reservations
6	+ Stable tag: 2.4.7
7	License: GPLv3
8	License URI:http://www.gnu.org/licenses/gpl-3.0.html
9	Donate Link: https://www.etoilewebdesign.com/plugin-donations/

197
198	== Changelog ==
199
200	+ ==2.4.7 (2021-12-10) =
201	+ - Added nonce check for AJAX calls.
202	+ - Added capability check for admin AJAX calls.
203	+ - Updates for sanitization and escaping.
204	+ - Removed references to external image assets.
205	+
206	= 2.4.6 (2021-12-09) =
207	- Added capability check for AJAX calls.
208	- Added recursive sanitization for JSON input.

restaurant-reservations.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Five Star Restaurant Reservations - WordPress Booking Plugin
4	* Plugin URI: http://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/
5	* Description: Restaurant reservations made easy. Accept bookings online. Quickly confirm or reject reservations, send email notifications, set booking times and more.
6	- * Version: 2.4.6
7	* Author: FiveStarPlugins
8	* Author URI: https://profiles.wordpress.org/fivestarplugins/
9	* Text Domain: restaurant-reservations
	@@ -61,6 +61,9 @@ class rtbInit {
61
62	public function boot() {
63



64	// Load query class
65	require_once( RTB_PLUGIN_DIR . '/includes/Query.class.php' );
66
	@@ -288,7 +291,9 @@ class rtbInit {
288	if ( $this->settings->get_setting( 'view-bookings-private' ) and ! is_user_logged_in() ) { return $content; }
289
290	$args = array();
291	- if ( isset($_GET['date']) ) { ~~$args['date'] = $_GET['date']; }~~


292
293	return $content . rtb_print_view_bookings_form( $args );
294	}
	@@ -366,7 +371,13 @@ class rtbInit {
366	return;
367	}
368
369	- if ( $screen->base == 'toplevel_page_rtb-bookings' \|\| $screen->base == $admin_page_hooks['rtb-bookings'] . '_page_rtb-settings' \|\| $screen->base == $admin_page_hooks['rtb-bookings'] . '_page_rtb-addons' \|\| $screen->base == $admin_page_hooks['rtb-bookings'] . '_page_cffrtb-editor' ) {






370	wp_enqueue_style( 'rtb-admin-css', RTB_PLUGIN_URL . '/assets/css/admin.css', array(), RTB_VERSION );
371	wp_enqueue_script( 'rtb-admin-js', RTB_PLUGIN_URL . '/assets/js/admin.js', array( 'jquery' ), '', true );
372	wp_enqueue_style( 'rtb-spectrum-css', RTB_PLUGIN_URL . '/assets/css/spectrum.css' );
	@@ -440,13 +451,14 @@ class rtbInit {
440	'rtb-booking-form',
441	'rtb_booking_form_js_localize',
442	array(

443	'want_to_modify' => __( 'Want to modify your reservation?', 'restaurant-reservations' ),
444	- 'make' => __( 'Make a reservation', 'restaurant-reservations' ),
445	- 'guest' => __( 'guest', 'restaurant-reservations' ),
446	- 'guests' => __( 'guests', 'restaurant-reservations' ),
447	- 'cancel' => __( 'Cancel', 'restaurant-reservations' ),
448	'cancelled' => __( 'Cancelled', 'restaurant-reservations' ),
449	- 'deposit' => __( 'Deposit', 'restaurant-reservations' )
450	)
451	);
452	}


3	* Plugin Name: Five Star Restaurant Reservations - WordPress Booking Plugin
4	* Plugin URI: http://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/
5	* Description: Restaurant reservations made easy. Accept bookings online. Quickly confirm or reject reservations, send email notifications, set booking times and more.
6	+ * Version: 2.4.7
7	* Author: FiveStarPlugins
8	* Author URI: https://profiles.wordpress.org/fivestarplugins/
9	* Text Domain: restaurant-reservations

61
62	public function boot() {
63
64	+ // Load query class
65	+ require_once( RTB_PLUGIN_DIR . '/includes/Helper.class.php' );
66	+
67	// Load query class
68	require_once( RTB_PLUGIN_DIR . '/includes/Query.class.php' );
69

291	if ( $this->settings->get_setting( 'view-bookings-private' ) and ! is_user_logged_in() ) { return $content; }
292
293	$args = array();
294	+ if ( isset($_GET['date']) ) {
295	+ $args['date'] = sanitize_text_field( $_GET['date'] );
296	+ }
297
298	return $content . rtb_print_view_bookings_form( $args );
299	}

371	return;
372	}
373
374	+ if (
375	+ $screen->base == 'toplevel_page_rtb-bookings'
376	+ \|\| $screen->base == $admin_page_hooks['rtb-bookings'] . '_page_rtb-settings'
377	+ \|\| $screen->base == $admin_page_hooks['rtb-bookings'] . '_page_rtb-addons'
378	+ \|\| $screen->base == $admin_page_hooks['rtb-bookings'] . '_page_cffrtb-editor'
379	+ \|\| $screen->base == $admin_page_hooks['rtb-bookings'] . '_page_rtb-dashboard'
380	+ ) {
381	wp_enqueue_style( 'rtb-admin-css', RTB_PLUGIN_URL . '/assets/css/admin.css', array(), RTB_VERSION );
382	wp_enqueue_script( 'rtb-admin-js', RTB_PLUGIN_URL . '/assets/js/admin.js', array( 'jquery' ), '', true );
383	wp_enqueue_style( 'rtb-spectrum-css', RTB_PLUGIN_URL . '/assets/css/spectrum.css' );

451	'rtb-booking-form',
452	'rtb_booking_form_js_localize',
453	array(
454	+ 'nonce' => wp_create_nonce( 'rtb-booking-form' ),
455	'want_to_modify' => __( 'Want to modify your reservation?', 'restaurant-reservations' ),
456	+ 'make' => __( 'Make a reservation', 'restaurant-reservations' ),
457	+ 'guest' => __( 'guest', 'restaurant-reservations' ),
458	+ 'guests' => __( 'guests', 'restaurant-reservations' ),
459	+ 'cancel' => __( 'Cancel', 'restaurant-reservations' ),
460	'cancelled' => __( 'Cancelled', 'restaurant-reservations' ),
461	+ 'deposit' => __( 'Deposit', 'restaurant-reservations' )
462	)
463	);
464	}