Restaurant Reservations - Version 2.4.8

Version Description

(2021-12-13) = - Adding/updating nonce and capability checks for admin AJAX calls. - Updates to sanitization and escaping to make sure the correct sanitization/escaping functions are being used.

Download this release

Release Info

Developer Rustaurius
Plugin Icon 128x128 Restaurant Reservations
Version 2.4.8
Comparing to
See all releases

Code changes from version 2.4.7 to 2.4.8

Files changed (8) hide show
  1. includes/AdminBookings.class.php +4 -4
  2. includes/Editor.class.php +1 -1
  3. includes/ExportHandler.class.php +4 -2
  4. includes/Field.class.php +3 -1
  5. includes/Helper.class.php +18 -0
  6. includes/WP_List_Table.BookingsTable.class.php +8 -4
  7. readme.txt +6 -2
  8. restaurant-reservations.php +2 -2
includes/AdminBookings.class.php CHANGED
@@ -449,16 +449,16 @@ class rtbAdminBookings {
449
  <?php echo rtb_print_form_error( $slug ); ?>
450
  <label>
451
  <input type="checkbox" name="rtb-<?php echo esc_attr( $slug ); ?>" value="1"<?php checked( $value ); ?>>
452
- <?php echo $title; ?>
453
  <?php if ( !empty( $description ) ) : ?>
454
  <a href="#" class="rtb-description-prompt">
455
- <?php echo $description['prompt']; ?>
456
  </a>
457
  <?php endif; ?>
458
  </label>
459
  <?php if ( !empty( $description ) ) : ?>
460
  <div class="rtb-description">
461
- <?php echo $description['text']; ?>
462
  </div>
463
  <?php endif; ?>
464
  </div>
@@ -744,7 +744,7 @@ class rtbAdminBookings {
744
 
745
  // Ban an email address
746
  if ( isset( $_POST['email'] ) && !empty( $_POST['email'] ) ) {
747
- $email = trim( sanitize_text_field( $_POST['email'] ) );
748
  $banned_emails = preg_split( '/\r\n|\r|\n/', (string) $rtb_controller->settings->get_setting( 'ban-emails' ) );
749
 
750
  if ( !in_array( $email, $banned_emails ) ) {
449
  <?php echo rtb_print_form_error( $slug ); ?>
450
  <label>
451
  <input type="checkbox" name="rtb-<?php echo esc_attr( $slug ); ?>" value="1"<?php checked( $value ); ?>>
452
+ <?php echo esc_html( $title ); ?>
453
  <?php if ( !empty( $description ) ) : ?>
454
  <a href="#" class="rtb-description-prompt">
455
+ <?php echo esc_html( $description['prompt'] ); ?>
456
  </a>
457
  <?php endif; ?>
458
  </label>
459
  <?php if ( !empty( $description ) ) : ?>
460
  <div class="rtb-description">
461
+ <?php echo esc_html( $description['text'] ); ?>
462
  </div>
463
  <?php endif; ?>
464
  </div>
744
 
745
  // Ban an email address
746
  if ( isset( $_POST['email'] ) && !empty( $_POST['email'] ) ) {
747
+ $email = trim( sanitize_email( $_POST['email'] ) );
748
  $banned_emails = preg_split( '/\r\n|\r|\n/', (string) $rtb_controller->settings->get_setting( 'ban-emails' ) );
749
 
750
  if ( !in_array( $email, $banned_emails ) ) {
includes/Editor.class.php CHANGED
@@ -624,7 +624,7 @@ class cffrtbEditor {
624
  array(
625
  'error' => 'save_order_failed',
626
  'msg' => __( 'An error occurred while saving the new field order. Please try again.', 'restaurant-reservations' ),
627
- 'fields' => $_POST['order'],
628
  'custom_fields_error' => $custom_fields_error,
629
  )
630
  );
624
  array(
625
  'error' => 'save_order_failed',
626
  'msg' => __( 'An error occurred while saving the new field order. Please try again.', 'restaurant-reservations' ),
627
+ 'fields' => sanitize_text_field( $_POST['order'] ),
628
  'custom_fields_error' => $custom_fields_error,
629
  )
630
  );
includes/ExportHandler.class.php CHANGED
@@ -202,7 +202,9 @@ class rtbExportHandler {
202
  </label>
203
  <select name="type">
204
  <?php foreach( $this->export_types as $type => $export ) : ?>
205
- <option value="<?php echo esc_attr( $type ); ?>"><?php echo $export['label']; ?></option>
 
 
206
  <?php endforeach; ?>
207
  </select>
208
  </div>
@@ -276,7 +278,7 @@ class rtbExportHandler {
276
  <?php foreach( $rtb_controller->cpts->booking_statuses as $key => $status ) : ?>
277
  <label>
278
  <input type="checkbox" name="status" value="<?php echo esc_attr( $key ); ?>" <?php checked( $key, 'confirmed' ); ?>>
279
- <?php echo $status['label']; ?>
280
  </label>
281
  <?php endforeach; ?>
282
  </div>
202
  </label>
203
  <select name="type">
204
  <?php foreach( $this->export_types as $type => $export ) : ?>
205
+ <option value="<?php echo esc_attr( $type ); ?>">
206
+ <?php echo esc_html( $export['label'] ); ?>
207
+ </option>
208
  <?php endforeach; ?>
209
  </select>
210
  </div>
278
  <?php foreach( $rtb_controller->cpts->booking_statuses as $key => $status ) : ?>
279
  <label>
280
  <input type="checkbox" name="status" value="<?php echo esc_attr( $key ); ?>" <?php checked( $key, 'confirmed' ); ?>>
281
+ <?php echo esc_html( $status['label'] ); ?>
282
  </label>
283
  <?php endforeach; ?>
284
  </div>
includes/Field.class.php CHANGED
@@ -539,7 +539,9 @@ class cffrtbField {
539
  $booking->custom_fields = array();
540
  }
541
 
542
- $input = isset( $_POST['rtb-' . $this->slug ] ) ? $_POST['rtb-' . $this->slug] : '';
 
 
543
 
544
  // Skip empty fields but do not skip checkboxes.
545
  // required checks are performed by base plugin validation
539
  $booking->custom_fields = array();
540
  }
541
 
542
+ $input = isset( $_POST['rtb-' . $this->slug ] )
543
+ ? sanitize_text_field( $_POST['rtb-' . $this->slug] )
544
+ : '';
545
 
546
  // Skip empty fields but do not skip checkboxes.
547
  // required checks are performed by base plugin validation
includes/Helper.class.php CHANGED
@@ -73,6 +73,24 @@ class rtbHelper {
73
 
74
  return sanitize_text_field( $input );
75
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
76
  }
77
 
78
  }
73
 
74
  return sanitize_text_field( $input );
75
  }
76
+
77
+ /**
78
+ * sanitize_recursive for array's each value by applying given sanitization
79
+ * method, recusivly
80
+ * @since 2.6
81
+ */
82
+ public static function sanitize_recursive( $input, $method )
83
+ {
84
+ if ( is_array( $input ) || is_object( $input ) ) {
85
+ foreach ( $input as $key => $value ) {
86
+ $input[ sanitize_key( $key ) ] = self::sanitize_recursive( $value, $method);
87
+ }
88
+
89
+ return $input;
90
+ }
91
+
92
+ return $method( $input );
93
+ }
94
  }
95
 
96
  }
includes/WP_List_Table.BookingsTable.class.php CHANGED
@@ -425,7 +425,7 @@ class rtbBookingsTable extends WP_List_Table {
425
  */
426
  public function get_views() {
427
 
428
- $current = isset( $_GET['status'] ) ? $_GET['status'] : '';
429
 
430
  $this->booking_statuses[ 'all' ] = array(
431
  'label' => __( 'All', 'restaurant-reservations' ),
@@ -780,11 +780,15 @@ class rtbBookingsTable extends WP_List_Table {
780
  * @since 0.0.1
781
  */
782
  public function process_bulk_action() {
783
- $ids = isset( $_POST['bookings'] ) ? $_POST['bookings'] : false;
784
- $action = isset( $_POST['action'] ) ? $_POST['action'] : false;
 
 
785
 
786
  // Check bulk actions selector below the table
787
- $action = $action == '-1' && isset( $_POST['action2'] ) ? $_POST['action2'] : $action;
 
 
788
 
789
  if( empty( $action ) || $action == '-1' ) {
790
  return;
425
  */
426
  public function get_views() {
427
 
428
+ $current = isset( $_GET['status'] ) ? sanitize_text_field( $_GET['status'] ) : '';
429
 
430
  $this->booking_statuses[ 'all' ] = array(
431
  'label' => __( 'All', 'restaurant-reservations' ),
780
  * @since 0.0.1
781
  */
782
  public function process_bulk_action() {
783
+ $ids = isset( $_POST['bookings'] )
784
+ ? rtbHelper::sanitize_recursive( $_POST['bookings'], 'absint' )
785
+ : false;
786
+ $action = isset( $_POST['action'] ) ? sanitize_text_field( $_POST['action'] ) : false;
787
 
788
  // Check bulk actions selector below the table
789
+ $action = $action == '-1' && isset( $_POST['action2'] )
790
+ ? sanitize_text_field( $_POST['action2'] )
791
+ : $action;
792
 
793
  if( empty( $action ) || $action == '-1' ) {
794
  return;
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: FiveStarPlugins
3
  Requires at Least: 4.4
4
  Tested Up To: 5.8
5
  Tags: reservation, reservations, restaurant reservations, reservation form, restaurant booking, restaurant reservation form, restaurant booking form, restaurant booking system, reservation system, online reservations, online restaurant booking, dinner reservations, restaurant form, gutenberg reservations, gutenberg restaurant reservations, gutenberg restaurant booking, mobile reservations, responsive reservations, table reservations, open table, book table, reserve table, easy reservations, simple reservations, quick restaurant reservations, custom reservation form, custom restaurant reservations
6
- Stable tag: 2.4.7
7
  License: GPLv3
8
  License URI:http://www.gnu.org/licenses/gpl-3.0.html
9
  Donate Link: https://www.etoilewebdesign.com/plugin-donations/
@@ -197,7 +197,11 @@ Find answers to even more questions in the [FAQ](http://doc.fivestarplugins.com/
197
 
198
  == Changelog ==
199
 
200
- ==2.4.7 (2021-12-10) =
 
 
 
 
201
  - Added nonce check for AJAX calls.
202
  - Added capability check for admin AJAX calls.
203
  - Updates for sanitization and escaping.
3
  Requires at Least: 4.4
4
  Tested Up To: 5.8
5
  Tags: reservation, reservations, restaurant reservations, reservation form, restaurant booking, restaurant reservation form, restaurant booking form, restaurant booking system, reservation system, online reservations, online restaurant booking, dinner reservations, restaurant form, gutenberg reservations, gutenberg restaurant reservations, gutenberg restaurant booking, mobile reservations, responsive reservations, table reservations, open table, book table, reserve table, easy reservations, simple reservations, quick restaurant reservations, custom reservation form, custom restaurant reservations
6
+ Stable tag: 2.4.8
7
  License: GPLv3
8
  License URI:http://www.gnu.org/licenses/gpl-3.0.html
9
  Donate Link: https://www.etoilewebdesign.com/plugin-donations/
197
 
198
  == Changelog ==
199
 
200
+ = 2.4.8 (2021-12-13) =
201
+ - Adding/updating nonce and capability checks for admin AJAX calls.
202
+ - Updates to sanitization and escaping to make sure the correct sanitization/escaping functions are being used.
203
+
204
+ = 2.4.7 (2021-12-10) =
205
  - Added nonce check for AJAX calls.
206
  - Added capability check for admin AJAX calls.
207
  - Updates for sanitization and escaping.
restaurant-reservations.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: Five Star Restaurant Reservations - WordPress Booking Plugin
4
  * Plugin URI: http://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/
5
  * Description: Restaurant reservations made easy. Accept bookings online. Quickly confirm or reject reservations, send email notifications, set booking times and more.
6
- * Version: 2.4.7
7
  * Author: FiveStarPlugins
8
  * Author URI: https://profiles.wordpress.org/fivestarplugins/
9
  * Text Domain: restaurant-reservations
@@ -39,7 +39,7 @@ class rtbInit {
39
  public function __construct() {
40
 
41
  // Common strings
42
- define( 'RTB_VERSION', '2.4.4' );
43
  define( 'RTB_PLUGIN_DIR', untrailingslashit( plugin_dir_path( __FILE__ ) ) );
44
  define( 'RTB_PLUGIN_URL', untrailingslashit( plugins_url( basename( plugin_dir_path( __FILE__ ) ), basename( __FILE__ ) ) ) );
45
  define( 'RTB_PLUGIN_FNAME', plugin_basename( __FILE__ ) );
3
  * Plugin Name: Five Star Restaurant Reservations - WordPress Booking Plugin
4
  * Plugin URI: http://www.fivestarplugins.com/plugins/five-star-restaurant-reservations/
5
  * Description: Restaurant reservations made easy. Accept bookings online. Quickly confirm or reject reservations, send email notifications, set booking times and more.
6
+ * Version: 2.4.8
7
  * Author: FiveStarPlugins
8
  * Author URI: https://profiles.wordpress.org/fivestarplugins/
9
  * Text Domain: restaurant-reservations
39
  public function __construct() {
40
 
41
  // Common strings
42
+ define( 'RTB_VERSION', '2.4.8' );
43
  define( 'RTB_PLUGIN_DIR', untrailingslashit( plugin_dir_path( __FILE__ ) ) );
44
  define( 'RTB_PLUGIN_URL', untrailingslashit( plugins_url( basename( plugin_dir_path( __FILE__ ) ), basename( __FILE__ ) ) ) );
45
  define( 'RTB_PLUGIN_FNAME', plugin_basename( __FILE__ ) );