New Shortcode: [clisyc_dimension_grid]. Replaced [clisyc_services_grid] with a dimension-agnostic grid shortcode. Use the dimension attribute to display any enabled dimension (services, rooms, practitioners, etc.). Per-item colors from the backend color picker are applied to hover borders, title links, and placeholder backgrounds. [clisyc_services_grid] remains as a backward-compatible alias.
Enhancement: Text Size Integration. The dimension grid now respects the Appearance tab’s Text Size setting, using the same CSS variable system as other frontend components.
Fix: Booking Page 404 on Pre-Selection Links. Fixed a bug where clicking a “Book Service” link from the dimension grid caused a 404 error. The URL parameter (e.g., ?clisyc_service=376) conflicted with the registered Custom Post Type query variable. Links now use a select_ prefix to avoid the conflict.
Fix: Pre-Selection in Booking Form. The booking form now correctly pre-selects the chosen item when arriving from a dimension grid link, automatically showing the calendar for the selected service.
3.7.1
Fix: Membership Plans Shortcode Load Order. Fixed a bug where the [clisyc_membership_plans] shortcode failed to register when the Pro plugin registered the clisyc_member_plan CPT after the free plugin’s shortcode initialization. The shortcode now registers unconditionally.
Compatibility update for Client Sync Pro 1.6.1.
3.7.0
New Feature: Venue Photo Display. Venue featured images (photos) now display on the appointment detail page above the address and map, giving clients a visual preview of the venue.
Enhancement: Venue Location Section. The appointment detail page venue section now shows venue photo, name, formatted address, and embedded map in a polished layout.
Compatibility update for Client Sync Pro 1.6.0.
3.6.2
New Feature: Appointment Check-In System. Added a custom Checked In post status and a one-click “Check In” row action on the admin appointment list for quick status updates at events.
New Feature: QR Code Tickets. Appointments with seat bookings now display a unique QR code on the frontend detail page. Staff can scan QR codes to instantly check in guests.
New Feature: Seat Details on Appointment Page. The [clisyc_appointment_detail] shortcode now shows booked seat information (section, row, seat, category) in styled cards.
New Feature: Venue Map on Appointment Page. The appointment detail page now displays the venue SVG map with the user’s booked seats highlighted in blue and other seats dimmed, with a colour legend.
Compatibility update for Client Sync Pro 1.5.2.
3.6.1
Enhancement: Seat Selection Expanded View. Added a fullscreen/expanded mode toggle to the seat selection component. Users can click “Expand” to view the seat map at full viewport size, improving usability for large venues with many seats.
Enhancement: Seat Selection Details. Selected seats now display detailed tags showing section, row, and seat number for each selection.
Enhancement: Wider Booking Modals. Booking and hybrid booking modals automatically widen from 480px/400px to 640px when seat selection is present, giving more room for the seat map.
Fix: Seat Map Padding. Fixed asymmetric left/right padding in the seat map caused by duplicate CSS class inheritance on the inner SVG container.
Compatibility update for Client Sync Pro 1.5.1.
3.6.0
New Feature: Guide Page. Extracted the Setup Checklist and Directions tab from the Settings page into a dedicated Guide submenu item. Combines onboarding progress tracking with educational documentation, including a new Seat Selection & Venues section. Settings page reduced from 11 to 9 tabs.
New Feature: Event Venue / Theater Setup Template. Added the “Event Venue / Theater (Seat Selection)” template to the Setup Wizard, providing a complete starting configuration for reserved-seat booking with venue maps.
Enhancement: Contextual Help Tabs. Added help tooltips for the new Guide page and Venues admin page. Updated the Settings help tab to reflect the reduced tab set.
Fix: HTML Entity Display in Booking Modal. Fixed ' (apostrophe) rendering as raw text in frontend notice messages by using __() instead of esc_html__() for strings passed to JavaScript via wp_localize_script.
Fix: Booking Modal Padding. Added missing left/right padding to the slot summary and recurring series sections of the booking confirmation modal.
Compatibility update for Client Sync Pro 1.5.0.
3.4.0
Security: Encryption Upgraded to AES-256-GCM. Replaced AES-256-CBC with AES-256-GCM for authenticated encryption with HKDF key derivation. Legacy CBC-encrypted data is auto-decrypted transparently.
Security: Booking Race Condition Eliminated. Slot reservation now uses database-level row locking (SELECT … FOR UPDATE) within a transaction to prevent double-bookings under concurrent requests.
Security: IDOR Fix on Booked-Dates Endpoint. The public REST endpoint now validates that the requested dimension ID belongs to a registered dimension CPT, preventing unauthorized data access.
Security: Rate Limiting on Public Endpoints. Form submissions and REST API slot queries are now rate-limited per IP with a fixed-window algorithm.
Security: XSS Prevention in Form Validation. Validation error messages are now escaped before rendering to prevent reflected XSS via crafted field labels.
Security: Template Import Path Traversal Guard. Added realpath() validation to prevent directory traversal when loading setup templates.
Security: Stripe Webhook Idempotency. Duplicate Stripe webhook deliveries are now detected and ignored via event ID tracking.
Fix: Appointment Duration Meta Key Inconsistency. Unified 12 references across 11 files that used two different meta keys (clisyc_appointment_duration vs _clisyc_appointment_duration) for the same data. All now use the constant META_APPOINTMENT_DURATION.
Fix: Notification Channel Resilience. A failing SMS or webhook channel no longer halts the entire notification loop. Failed channels are retried via Action Scheduler with exponential backoff.
Fix: Waitlist Promotion Trigger. Cancellation status list for waitlist promotion is now dynamically built to match the configured self-service cancellation status.
Fix: Cache Invalidation After Bookings. Slot cache is now cleared immediately after every booking creation and cancellation.
Fix: Cancellation Manager Transaction Safety. Booking entry deletion and slot count decrement are now wrapped in a database transaction.
Fix: Slots Query Performance. Booked appointment queries now use a BETWEEN date-range meta query at the database level instead of loading all appointments into memory and filtering in PHP.
Fix: Importer Memory Usage. The data wipe step now processes posts in batches of 100 instead of loading all posts at once.
Fix: Rate Limiter Fixed-Window Algorithm. Replaced fragile direct _transient_ option writes with a proper fixed-window approach that stores count and expiry together.
Enhancement: HIPAA Audit Logging for Decryption. Viewing encrypted appointment fields now generates an audit log entry for compliance tracking.
Enhancement: Booking Modal Accessibility. Added focus trap, keyboard navigation (Tab/Shift+Tab cycling, Escape to close), and programmatic focus management on modal open.
Enhancement: WooCommerce Refund Handling. Refunded orders now automatically cancel the associated appointment and restore the booking slot.
Enhancement: Google Calendar Sync. Added retry with exponential backoff, pagination for large event sets, and stale slot unblocking.
Enhancement: PostType_Manager Decomposition. Extracted meta box rendering, meta saving, and admin column management into dedicated classes, reducing the god class from ~1900 lines.
Enhancement: React Frontend Architecture. Introduced BookingContext with useReducer, extracted inline components (AnalogClock, EventTooltip, MiniCalendar), added ErrorBoundary, and replaced CSS polling with ResizeObserver.
Enhancement: Cron Query Batching. Appointment reminder queries now process 100 appointments per batch instead of unbounded queries.
3.3.2
Enhancement: Output Templates Tabbed Interface. Combined the “Output Templates” list and “Template Preview” pages into a unified tabbed interface with “All Templates” and “Preview” tabs, reducing menu clutter while keeping both views fully functional.
Enhancement: Template Preview Cards. Improved preview card layout with human-readable trigger labels, “(Untitled)” fallback for unnamed templates, Draft template support with visual badge, and responsive grid layout.
Fix: Admin Assets on Plugin Pages. Broadened the admin page detection to correctly enqueue plugin CSS/JS on all clisyc-* prefixed pages and clisyc_* custom post type screens.
Fix: Hidden Submenu Page Pattern. Added a reusable pattern in the Menu Manager that preserves plugin pages not in the main menu order (for tabbed sub-pages) while keeping them accessible and maintaining correct parent menu state.
3.3.1
Bug Fix: Payment Status Database Error. Fixed the custom post status clisyc_pending_payment (22 characters) which exceeded MySQL’s varchar(20) limit on the post_status column, causing silent database failures when setting appointments to “Pending Payment.” Renamed to clisyc_pending_pay (18 characters). Includes an automatic one-time migration for any existing rows.
Security: Rate-Limited Stripe Webhook. The /clisyc/v1/stripe-webhook endpoint is now rate-limited to 120 requests per 60 seconds per IP, preventing abuse.
Security: XSS Fix in HTML Entity Decoder. Replaced the innerHTML-based decodeHTMLEntities() utility with a safe regex and static entity map approach, eliminating a potential cross-site scripting vector in the booking form.
Enhancement: Webpack Code Splitting. Extracted FullCalendar and ReactFlow into shared vendor chunks, reducing total JS bundle size by eliminating duplication across entry points.
Enhancement: Centralised Status Constants. All custom post statuses (clisyc_pending_pay, clisyc_paid_on_day, clisyc_failed_on_day) are now defined as constants in the Constants class, replacing 27 hardcoded string references.
Enhancement: Standardised React Imports. Replaced direct react-dom/client imports with @wordpress/element across all entry points to share WordPress’s bundled React.
Code Quality: Removed Debug Logging. Stripped all console.log and console.error debug statements from production JavaScript.
Code Quality: New Test Coverage. Added 20 new PHPUnit tests (9 for the Booking AJAX Handler, 11 for Stripe Integration), bringing the total to 84 tests with 189 assertions.
3.3.0
New Feature: Styled Email Notifications. All outgoing emails are now wrapped in a professional, responsive HTML template with a branded header, clean body, and footer. Uses inline CSS for maximum compatibility across Gmail, Outlook, and Apple Mail. Fully filterable via the clisyc_email_template hook.
New Feature: Admin Dashboard Widget. A new “Client Sync β Today” widget appears on the WordPress Dashboard (wp-admin/index.php), showing today’s appointment count, this week’s total, upcoming appointments, active clients, and a quick-glance list of the next 5 appointments.
New Feature: Appointment Export (CSV & ICS). Export appointments as spreadsheet (CSV) or calendar (ICS) files from the Import/Export settings tab. Supports date range filtering and is HIPAA-aware (anonymises client data when HIPAA mode is active).
New Feature: Stripe Direct Integration. Accept payments directly through Stripe Checkout without requiring WooCommerce. Configure API keys in the Payments settings tab; the plugin handles Checkout Session creation, webhook signature verification, and automatic appointment confirmation on successful payment.
New Feature: REST API Appointments Endpoint. Full CRUD REST API at /clisyc/v1/appointments for listing (with pagination, date range, status, and search filters), viewing, updating, and cancelling appointments. Enables headless and third-party integrations.
Security: Hardened AJAX Input Validation. Comprehensive audit of all 26 AJAX handlers. Added missing nonce verification to the WooCommerce cart data endpoint, replaced inconsistent wp_die() responses with proper JSON in the HIPAA notice handler, and fixed boolean sanitisation in the HIPAA migration tool.
Enhancement: Cache-Busted Admin Assets. Admin JavaScript and CSS files now use filemtime() for cache-busting version strings, ensuring browsers always load the latest assets after plugin updates.
3.2.1
Version bump.
3.1.0
New Feature: Appointment Duration & Padding. Admins can now set a specific duration (in minutes) for a service. The system will automatically subdivide large availability blocks (e.g., 9am-5pm) into precise, bookable slots of that duration.
New Feature: Padding / Cleanup Time. A “Padding” time (in minutes) can be set for each service. This automatically creates an unbookable gap after each appointment, perfect for cleanup, travel, or note-taking, without affecting the client-facing appointment duration.
Enhancement: The “Export Database” tool on the Testing page now exports all plugin options for a more complete debugging snapshot.
3.0.0
Major Refactor: Monorepo Architecture. Plugin restructured to support a Free and Pro version from a single codebase.
Major Feature: Group Bookings (Multi-Capacity). Admins can now set a “Capacity” for any service, allowing multiple clients to book the same time slot (e.g., for classes, workshops, or tours). The frontend calendar automatically displays the number of spots remaining.
Major Feature: Multi-Day Bookings. A new “Date Range” booking mode can be enabled for services, ideal for multi-day rentals of rooms, equipment, or vehicles. The frontend displays a date-range picker instead of a time-slot calendar for these services.
Pro Feature: Resource Scheduling (Intersecting Availability). Dimensions (like “Rooms” or “Equipment”) can be designated as “Resources,” each with its own independent weekly schedule. A time slot is only considered available if it exists in the schedule of the Primary Dimension AND any linked Resource Dimensions, allowing for complex constraint-based booking.
Enhancement: WooCommerce Direct Product Linking. The old global WooCommerce product ID has been replaced. Admins can now link each individual service directly to its own unique WooCommerce product. This provides accurate, per-service pricing, better reporting, and native support for quantity-based pricing for group bookings.
Enhancement: Setup Wizard Templates. Added new templates to the Setup Wizard to demonstrate the new Group Booking and Resource Rental features, providing users with powerful starting points.
Enhancement (Admin UI): The “Base Weekly Schedule” editor now includes visual dot indicators on the day-of-the-week tabs to show which days have availability configured, improving administrative workflow.
Fix: Resolved numerous JavaScript timing issues in the admin area, particularly on the Gutenberg post edit screen, to ensure UI elements like the schedule editor and its toggles load reliably.
Dev: Full audit and hardening of all code to resolve PHP 8.1+ deprecation notices.
2.2.0
Security & Stability: Major refactor to meet WordPress.org plugin repository standards.
Prefixing: All functions, classes, constants, options, hooks, CPTs, and asset handles have been prefixed with clisyc_ or DependentMediaClientSync for uniqueness and to prevent conflicts with other plugins.
Security: Added and verified nonce checks for all state-changing actions. Refactored form handlers to separate processing logic from rendering logic.
Security: Improved data sanitization on input and escaping on output across the entire plugin.
Performance: Refactored asset (CSS/JS) loading to only enqueue files on pages where they are needed, improving site-wide performance.
2.1.0
Feature: Added Conditional Logic for Appointment Custom Fields.
Feature: New dedicated “Service & Availability Dimensions” admin page.
Enhancement: Streamlined admin menu structure.
Enhancement: Added AJAX functionality to the new Dimensions admin page.
2.0.0
Major refactor: Migrated availability slots to custom database tables.
Added Setup Wizard for streamlined onboarding.
1.5.0
Added iCal export functionality.
Implemented appointment reminder system.
1.4.0
Added “Pay on Day” WooCommerce functionality.
1.3.0
Introduced “Availability Dimensions” for multi-faceted scheduling.
