Changeset 3425670
- Timestamp:
- 12/22/2025 09:57:26 PM (3 months ago)
- Location:
- bookingor/trunk
- Files:
-
- 17 edited
-
README.txt (modified) (2 diffs)
-
admin/class-bookingor-admin.php (modified) (1 diff)
-
admin/include/booking/booking-control.php (modified) (1 diff)
-
admin/include/category/category-control.php (modified) (6 diffs)
-
admin/include/customer/customer-control.php (modified) (1 diff)
-
admin/include/location/location-control.php (modified) (2 diffs)
-
admin/include/notification/notification-control.php (modified) (1 diff)
-
admin/include/services/service-control.php (modified) (3 diffs)
-
admin/include/staff/staff-control.php (modified) (2 diffs)
-
admin/include/templates/templates-control.php (modified) (2 diffs)
-
admin/js/business-profile/business-profile.js (modified) (1 diff)
-
admin/js/category/category.js (modified) (3 diffs)
-
admin/js/customer/customer.js (modified) (1 diff)
-
admin/js/dashboard/dashboard.js (modified) (1 diff)
-
admin/js/location/backend-location.js (modified) (3 diffs)
-
admin/js/service/service.js (modified) (3 diffs)
-
admin/js/staff/staff.js (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
bookingor/trunk/README.txt
r3413175 r3425670 5 5 Tested up to: 6.9 6 6 Donate link: https://bookingor.com 7 Stable tag: 1.0.1 27 Stable tag: 1.0.13 8 8 Requires PHP: 7.2 9 9 License: GPLv2 or later … … 324 324 * updated plugin files 325 325 326 = 1.0.13 = 327 * Updated Files 328 326 329 327 330 == Upgrade Notice == -
bookingor/trunk/admin/class-bookingor-admin.php
r3323784 r3425670 243 243 wp_enqueue_script($this->plugin_name . '-full-calendar-time-grid', plugins_url('js/full-calender/packages/timegrid/index.global.js', __FILE__), array('jquery'), '6.10.0', true); 244 244 wp_enqueue_script($this->plugin_name . '-full-calendar-interaction', plugins_url('js/full-calender/packages/interaction/index.global.js', __FILE__), array('jquery'), '6.10.0', true); 245 wp_localize_script('jquery', 'TCN_BIND', array('GET_URL' => admin_url('admin-ajax.php'))); 245 $ajax_nonce = wp_create_nonce('bookingor_ajax_nonce'); 246 wp_localize_script('jquery', 'TCN_BIND', array('GET_URL' => admin_url('admin-ajax.php'), 'nonce' => $ajax_nonce)); 246 247 // tostr 247 248 wp_enqueue_script($this->plugin_name . '-toastr', plugin_dir_url(dirname(__FILE__)) . 'includes/toastr/js/jquery.toast.js', array(), '2.1.4', true); -
bookingor/trunk/admin/include/booking/booking-control.php
r3365351 r3425670 111 111 // phpcs:disable WordPress.Security.NonceVerification.Missing -- Verified elsewhere. 112 112 if (isset($_REQUEST['action'])) { 113 if (isset($_POST['nonce'])) { 114 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 115 $response = [ 116 'status' => htmlspecialchars('error'), 117 'message' => htmlspecialchars('Nonce verification failed.') 118 ]; 119 } 120 } 113 121 $get_book_id = sanitize_text_field(wp_unslash($_REQUEST['booking_stats_id'] ?? "")); 114 122 $get_book_status = sanitize_text_field(wp_unslash($_POST['book_status'] ?? "")); -
bookingor/trunk/admin/include/category/category-control.php
r3204898 r3425670 39 39 // phpcs:disable WordPress.Security.NonceVerification.Missing -- Verified elsewhere. 40 40 if (isset($_REQUEST["id"])) { 41 $id = stripslashes(filter_var($_REQUEST["id"], FILTER_SANITIZE_NUMBER_INT)); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash 41 if (isset($_POST['nonce'])) { 42 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 43 $response = [ 44 'status' => htmlspecialchars('error'), 45 'message' => htmlspecialchars('Nonce verification failed.') 46 ]; 47 } 48 } 49 $id = stripslashes(filter_var($_REQUEST["id"], FILTER_SANITIZE_NUMBER_INT)); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput. 42 50 43 51 $get_category_in_booking = $wpdb->get_results( … … 62 70 'message' => htmlspecialchars('Category is already in use.') 63 71 ]; 64 echo wp_json_encode($response); ;65 exit;72 echo wp_json_encode($response); 73 die(); 66 74 } 67 75 } … … 97 105 'message' => htmlspecialchars("Category Updated successfully") 98 106 ]; 99 echo wp_json_encode($response); ;100 exit;107 echo wp_json_encode($response); 108 die(); 101 109 } 102 110 } … … 116 124 $category = $wpdb->prefix . self::$dp_prefix . 'categories'; 117 125 if (isset($_REQUEST['action'])) { 126 if (isset($_POST['nonce'])) { 127 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 128 $response = [ 129 'status' => htmlspecialchars('error'), 130 'message' => htmlspecialchars('Nonce verification failed.') 131 ]; 132 } 133 } 118 134 $category_name = sanitize_text_field(wp_unslash($_POST['tcn_category_name'] ?? "")); 119 135 $category_icon = absint(wp_unslash($_POST['tcn_category_icon_id'] ?? "")); … … 140 156 'message' => htmlspecialchars('Category Added successfully.') 141 157 ]; 142 echo wp_json_encode($response); ;143 exit;158 echo wp_json_encode($response); 159 die(); 144 160 } 145 161 } … … 194 210 ); 195 211 196 echo wp_json_encode($response); ;212 echo wp_json_encode($response); 197 213 die; 198 214 } -
bookingor/trunk/admin/include/customer/customer-control.php
r3204898 r3425670 57 57 $id = stripslashes(filter_var($_REQUEST["id"] ?? "", FILTER_SANITIZE_NUMBER_INT)); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash 58 58 59 if (isset($_POST['nonce'])) { 60 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 61 $response = [ 62 'status' => htmlspecialchars('error'), 63 'message' => htmlspecialchars('Nonce verification failed.') 64 ]; 65 } 66 } 59 67 $get_customer_in_booking = $wpdb->get_results( 60 68 $wpdb->prepare( -
bookingor/trunk/admin/include/location/location-control.php
r3234242 r3425670 61 61 // phpcs:disable WordPress.Security.NonceVerification.Missing -- Verified elsewhere. 62 62 if (isset($_REQUEST['action'])) { 63 if (isset($_POST['nonce'])) { 64 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 65 $response = [ 66 'status' => htmlspecialchars('error'), 67 'message' => htmlspecialchars('Nonce verification failed.') 68 ]; 69 } 70 } 63 71 $location_title = sanitize_text_field(wp_unslash($_POST['bookingor_location_title'] ?? '')); 64 72 $location_icon = sanitize_text_field(wp_unslash($_POST['location_icon_id'] ?? '')); … … 138 146 $update_location = $wpdb->prefix . self::$dp_prefix . 'location'; 139 147 if (isset($_REQUEST['action'])) { 148 if (isset($_POST['nonce'])) { 149 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 150 $response = [ 151 'status' => htmlspecialchars('error'), 152 'message' => htmlspecialchars('Nonce verification failed.') 153 ]; 154 } 155 } 140 156 $location_title = sanitize_text_field(wp_unslash($_POST['bookingor_location_title'] ?? "")); 141 157 $location_id = sanitize_text_field(wp_unslash($_POST['location_id'] ?? "")); -
bookingor/trunk/admin/include/notification/notification-control.php
r3236597 r3425670 48 48 // phpcs:disable WordPress.Security.NonceVerification.Missing -- Verified elsewhere. 49 49 if (isset($_REQUEST['action'])) { 50 51 if (isset($_POST['nonce'])) { 52 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 53 $response = [ 54 'status' => htmlspecialchars('error'), 55 'message' => htmlspecialchars('Nonce verification failed.') 56 ]; 57 } 58 } 50 59 $email_get_id = sanitize_text_field(wp_unslash($_POST['email_id'] ?? "")); 51 60 $email_subject = sanitize_text_field(wp_unslash($_POST['subject'] ?? "")); -
bookingor/trunk/admin/include/services/service-control.php
r3204898 r3425670 139 139 $service_get_id = isset($_REQUEST['get_service_id']) ? intval($_REQUEST['get_service_id']) : 0; 140 140 if (isset($_REQUEST['action'])) { 141 if (isset($_POST['nonce'])) { 142 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 143 $response = [ 144 'status' => htmlspecialchars('error'), 145 'message' => htmlspecialchars('Nonce verification failed.') 146 ]; 147 } 148 } 141 149 // phpcs:disable WordPress.Security.NonceVerification.Missing -- Verified elsewhere. 142 150 $service_name = sanitize_text_field(wp_unslash($_POST['service_name'] ?? "")); … … 295 303 296 304 if (isset($_REQUEST['action'])) { 305 306 if (isset($_POST['nonce'])) { 307 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 308 $response = [ 309 'status' => htmlspecialchars('error'), 310 'message' => htmlspecialchars('Nonce verification failed.') 311 ]; 312 } 313 } 297 314 //tab basic 298 315 $service_name = sanitize_text_field(wp_unslash($_POST['service_name'] ?? "")); … … 433 450 $delete_staff_assign_service = $wpdb->prefix . self::$dp_prefix . 'staff_assign_service'; 434 451 $id = sanitize_text_field(wp_unslash(isset($_REQUEST["id"]) ? $_REQUEST["id"] : "")); 452 453 if (isset($_POST['nonce'])) { 454 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 455 $response = [ 456 'status' => htmlspecialchars('error'), 457 'message' => htmlspecialchars('Nonce verification failed.') 458 ]; 459 } 460 } 461 435 462 $wpdb->delete($delete_service, array( 436 463 'service_id' => $id -
bookingor/trunk/admin/include/staff/staff-control.php
r3260393 r3425670 119 119 $staff_get_id = isset($_REQUEST['get_staff_id']) ? intval($_REQUEST['get_staff_id']) : 0; 120 120 if (isset($_REQUEST['action'])) { 121 122 if (isset($_POST['nonce'])) { 123 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 124 $response = [ 125 'status' => htmlspecialchars('error'), 126 'message' => htmlspecialchars('Nonce verification failed.') 127 ]; 128 } 129 } 121 130 $staff_first_name = sanitize_text_field(isset($_POST['staff_first_name']) ? $_POST['staff_first_name'] : ''); 122 131 $staff_last_name = sanitize_text_field(isset($_POST['staff_last_name']) ? $_POST['staff_last_name'] : ''); … … 251 260 $staff_location_assign = $wpdb->prefix . self::$dp_prefix . 'location_assign_staff'; 252 261 if (isset($_REQUEST['action'])) { 262 if (isset($_POST['nonce'])) { 263 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 264 $response = [ 265 'status' => htmlspecialchars('error'), 266 'message' => htmlspecialchars('Nonce verification failed.') 267 ]; 268 } 269 } 253 270 $staff_first_name = sanitize_text_field($_POST['staff_first_name'] ?? ""); 254 271 $staff_last_name = sanitize_text_field($_POST['staff_last_name'] ?? ""); -
bookingor/trunk/admin/include/templates/templates-control.php
r3323784 r3425670 14 14 { 15 15 if (isset($_REQUEST['action'])) { 16 17 if (isset($_POST['nonce'])) { 18 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 19 $response = [ 20 'status' => htmlspecialchars('error'), 21 'message' => htmlspecialchars('Nonce verification failed.') 22 ]; 23 } 24 } 16 25 if (isset($_REQUEST['editingId']) && sanitize_text_field($_REQUEST['editingId']) === '1') { 17 26 update_option(self::$name_prefix . '_settings_background_border_active_design_1', sanitize_text_field($_POST['settings_background_border_active_design_1'] . 'px' ?? '')); … … 175 184 { 176 185 if (isset($_REQUEST['action'])) { 186 if (isset($_POST['nonce'])) { 187 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 188 $response = [ 189 'status' => htmlspecialchars('error'), 190 'message' => htmlspecialchars('Nonce verification failed.') 191 ]; 192 } 193 } 177 194 //stripe 178 195 $dcimal_point = get_option(self::$name_prefix . '_currency_decimal_point'); -
bookingor/trunk/admin/js/business-profile/business-profile.js
r3235740 r3425670 158 158 console.log(business_work_hours); 159 159 post_data.action = "profile_update_Options"; 160 post_data.nonce = TCN_BIND.nonce; 160 161 $.post({ 161 162 url: TCN_BIND.GET_URL, -
bookingor/trunk/admin/js/category/category.js
r3204898 r3425670 61 61 var postData = $(this).serialize(); 62 62 postData += '&action=bp_add_category'; 63 postData += '&nonce=' +TCN_BIND.nonce; 64 63 65 64 66 $.post({ … … 142 144 var dataId = $(this).attr('data-id'); 143 145 var deleteData = 'action=bp_delete_category&id=' + dataId ; 146 deleteData += '&nonce=' + TCN_BIND.nonce; 144 147 145 148 $.post({ … … 173 176 var postData = $(this).serialize(); 174 177 postData += '&action=bp_update_category'; 178 postData += '&nonce=' +TCN_BIND.nonce; 179 175 180 176 181 $.post({ -
bookingor/trunk/admin/js/customer/customer.js
r3204898 r3425670 22 22 var data_id = $(this).attr('data-id'); 23 23 var delete_data = 'action=customer_delete&id=' + data_id; 24 delete_data += '&nonce=' +TCN_BIND.nonce; 24 25 $.post({ 25 26 url: TCN_BIND.GET_URL, -
bookingor/trunk/admin/js/dashboard/dashboard.js
r3204898 r3425670 8 8 function bookingor_weekly_chart() { 9 9 var post_data = 'action=bookingor_weekly_chart'; 10 post_data += '&nonce=' +TCN_BIND.nonce; 10 11 $.ajax({ 11 12 url: TCN_BIND.GET_URL, -
bookingor/trunk/admin/js/location/backend-location.js
r3235350 r3425670 271 271 post_data.action = 'bp_add_location'; 272 272 post_data.location_work_day = JSON.stringify(location_work_days); 273 post_data.nonce = TCN_BIND.nonce; 273 274 $.post({ 274 275 url: TCN_BIND.GET_URL, … … 341 342 var data_id = $(this).attr('data-id'); 342 343 var delete_data = 'action=bp_delete_location&id=' + data_id; 344 delete_data += '&nonce=' +TCN_BIND.nonce; 343 345 $.post(TCN_BIND.GET_URL, delete_data, function (res) { 344 346 location.reload(); … … 389 391 post_data.action = 'bp_update_location'; 390 392 post_data.location_timesheet_update = JSON.stringify(location_work_days_update); 393 post_data.nonce = TCN_BIND.nonce; 391 394 $.post({ 392 395 url: TCN_BIND.GET_URL, -
bookingor/trunk/admin/js/service/service.js
r3365351 r3425670 572 572 var data_id = $(this).attr('data-id'); 573 573 var delete_data = 'action=bp_delete_service&id=' + data_id; 574 delete_data += '&nonce=' +TCN_BIND.nonce; 574 575 $.post({ 575 576 url: TCN_BIND.GET_URL, … … 761 762 extra_duration = 0; 762 763 } 764 post_data.nonce = TCN_BIND.nonce; 763 765 cache: false 764 766 $.post({ … … 945 947 } 946 948 cache: false 949 post_data.nonce = TCN_BIND.nonce; 950 947 951 $.post({ 948 952 url: TCN_BIND.GET_URL, -
bookingor/trunk/admin/js/staff/staff.js
r3235350 r3425670 77 77 var data_id = $(this).attr("data-id"); 78 78 var delete_data = "action=bp_delete_staff&id=" + data_id; 79 delete_data += '&nonce=' +TCN_BIND.nonce; 79 80 80 81 $.post(TCN_BIND.GET_URL, delete_data, function (res) { … … 120 121 staff_assign_location_update(); 121 122 post_data.staff_work_day = JSON.stringify(staff_work_days); 123 post_data.nonce = TCN_BIND.nonce; 124 122 125 $.post({ 123 126 url: TCN_BIND.GET_URL, … … 174 177 post_data.staff_work_day = JSON.stringify(staff_work_days); 175 178 post_data.action = "bp_add_staff"; 179 post_data.nonce = TCN_BIND.nonce; 176 180 $.post({ 177 181 url: TCN_BIND.GET_URL,
Note: See TracChangeset
for help on using the changeset viewer.