Yatoon Appointment Booking for Salons & Spas – Free Version

Changelog

4.7.6 – 2026-04-29

  • Changed: Pro upgrade buttons now link directly to the Freemius checkout page instead of opening an in-plugin license activation form.
  • Changed: Free version Pro checks remain locked in the free package, keeping premium activation in the separate Pro package flow.

4.7.5 – 2026-04-28

  • Added: Customer-facing self-service storefront via the new [yatoon_growth_storefront] shortcode (pay-in-store request mode in the free version).
  • Added: Growth Reports section on the Growth Modules admin page (revenue KPIs, redemptions, top coupons, expiring packages).
  • Added: Pending Storefront Purchases inbox in Growth Modules with one-click activation.
  • Added: Service Menu shortcode [yatoon_service_menu] is now registered out of the box in the free version.
  • Improved: New show= and title= shortcode attributes for the storefront.
  • Improved: Bookings admin table scrolls horizontally on narrow screens.
  • Improved: Free stubs for Square / Vagaro / Twilio / Google Calendar now degrade gracefully via __call/__callStatic.

4.5.14 – 2026-04-28

  • Security: Customer package and membership lookups now require BOTH the email AND the phone number on file to match.
  • Fixed: Race condition — package visit balance and coupon usage are now decremented/claimed atomically.
  • Fixed: Booking insert failure after a package visit / coupon was reserved now releases the reservation.
  • Fixed: “Maximum future bookings per phone” check no longer relies on REGEXP_REPLACE and no longer falsely matches overlapping digit substrings.
  • Fixed: services_json is now decoded with wp_unslash() instead of stripslashes().
  • Improved: Growth Modules sub-forms no longer accidentally toggle master enable-switches.
  • Improved: Added an index on yatoon_growth_redemptions.created_at.

4.5.13 – 2026-04-28

  • Improved: Coupons now stack after membership discounts and fixed coupons apply only once in multi-service bookings.
  • Improved: Growth Modules admin now lists customer package and membership balances.

4.5.12 – 2026-04-28

  • Added: Customer package assignments with visit balances, expiration dates, and automatic visit redemption during booking.
  • Added: Customer membership assignments with active date ranges and automatic booking discounts.
  • Added: Growth redemption records for package visits and membership discounts.
  • Improved: Coupons now stack after membership discounts and fixed coupons apply only once in multi-service bookings.
  • Improved: Growth Modules admin now lists customer package and membership balances.

4.5.11 – 2026-04-28

  • Added: Growth Modules admin page with switches for coupons, packages, and memberships.
  • Added: Coupon code support in the booking form when coupons are enabled.
  • Added: Starter translation files for Simplified Chinese, Vietnamese, and Spanish.
  • Fixed: Free staff limit is now enforced when adding a new staff member from AJAX.
  • Fixed: Local booking total calculation now initializes the WordPress database object before deposit/coupon logic.
  • Cleaned: Removed mojibake/encoding artifacts from plugin-owned documentation and source files.

4.5.10 – 2026-04-28

  • Fixed: Save Platform and Save Settings now use AJAX — no more redirect issues on any server.
  • Fixed: Platform selection (Square/Local/Vagaro) now saves and reloads correctly.

4.5.9 – 2026-04-28

  • Fixed: Save Settings now correctly redirects back to plugin page with success notice in all environments.
  • Improved: Added Save button directly inside the Booking Platform card for convenience.

4.5.8 – 2026-04-28

  • Fixed: Save Settings now redirects back to plugin page with a success notice.
  • Fixed: Sync log corruption that caused repeated failures after first run.
  • Fixed: Square API request timeout increased from 5s to 30s for reliability.
  • Fixed: Rebuild Service Assignments button restored to Staff page; automatically assigns all active services when no Square profile data is available.
  • Improved: Sync Settings moved inside the Square API Configuration card for clearer layout.

3.5.5 – 2026-04-28

  • Version bump to 3.5.5.

3.5.3 – 2026-04-28

  • Fixed: Fatal error on activation when plugin is installed directly from the WordPress.org repository.

3.5.2 – 2026-04-27

  • Version bump to 3.5.2.

3.5.1 – 2026-04-27

  • Fixed: More reliable first-time activation, database updates, local booking setup, and waitlist background checks.
  • Fixed: Improved admin menu compatibility in local development environments.

3.5.0 – 2026-04-27

  • Added: PWA (Progressive Web App) support — customers can install the booking page to their phone home screen directly from the browser, no App Store required
  • Added: Merchant admin PWA — salon owners can install the Yatoon admin dashboard to their phone home screen for quick access
  • Added: Push notifications for new bookings — when a customer books, the salon owner receives an instant push notification on their phone (requires installing the admin PWA)
  • Added: Web App Manifest for both customer booking side and merchant admin side
  • Added: Service Worker with cache-first strategy for static assets, improving booking page load speed on repeat visits
  • Added: PWA icons (192×192 and 512×512) auto-generated from your business logo
  • Added: iOS and Android installability meta tags (apple-mobile-web-app-capable, theme-color, etc.)

3.0.2 – 2026-04-26

  • Added: Empty installs now seed starter data so the booking flow can be tested immediately
  • Added: Admin setup notice with quick links to Services, Staff, and Settings
  • Added: Staff profiles now support local manual blocked periods / time-off rules
  • Fixed: Booking and customer reschedule flows now exclude blocked staff periods
  • Fixed: Local-only booking overlap checks now use the correct site timezone
  • Fixed: Documentation now reflects the current [yatoon_booking] shortcode and local setup flow

3.0.1 – 2026-04-24

  • Fixed staff creation in local mode so the second staff member no longer fails with a generic network error.
  • Manual staff creation now writes a unique local external ID consistently across different staff table schemas.

3.0.0 – 2026-04-24

  • Staff management is now unified into a single Staff page.
  • Free version can now add, edit, delete, and assign services to staff directly from the Staff page.
  • Free version now supports up to 2 staff members; Pro supports unlimited staff.
  • Square-only staff actions are hidden unless the active platform is Square.
  • WordPress.org free package cleanup: bundled Pro implementation files were removed and free now ships with stub-only integrations for paid features.

2.9.0 – 2026-04-24

  • Security hardening: Stripe-style payment/deposit verification moved server-side where applicable, OAuth state validation added, and sensitive AJAX/admin flows tightened.
  • Booking flow fixes: “Any staff” local validation now uses the resolved staff member, booking manager accepts both token and yatoon_token, and customer-facing times display correctly.
  • Customer portal fixes: local mode no longer depends on Square customer search, OTP/session flow is more reliable, and cancel/reschedule actions behave correctly.
  • Admin reliability improvements: Bookings view modal added, staff service assignment secured with nonce checks, older staff table schemas are handled safely, and live previews/save feedback were improved.
  • Mobile admin usability improved across Clients, Staff, Services, Waitlist, Messages, Sync Log, and Service Menu tables.

2.8.1 – 2026-04-23

  • Fixed: Service Menu page showing old [sbs_service_menu] shortcode name
  • Fixed: Add Service modal stuck on Saving due to sbs_add_option AJAX hook mismatch
  • Fixed: sbs_debug_square_availability AJAX hook renamed to yatoon_
  • Fixed: Missing is_featured column in yatoon_services table
  • Improved: Save Settings button now appears next to Test Square Connection

2.8.0 – 2026-04-23

  • Added: [yatoon_service_menu] shortcode — categorized service/price list on any page
  • Added: Featured service toggle and category ordering in Service Menu admin page
  • Changed: [yatoon_booking] shortcode (was [square_booking])
  • Changed: All wp_options keys unified to yatoon_ prefix
  • Changed: All AJAX action hooks unified to yatoon_ prefix
  • Fixed: Frontend booking clicks not responding due to AJAX name mismatch

2.7.1 – 2026-04-23

  • Changed: Customer self-service cancel/reschedule link is now Local Only mode exclusive
  • Changed: create_token() skips DB write when platform is Square or Vagaro

2.7.0 – 2026-04-23

  • Added: Customer self-service cancel/reschedule via secure link in confirmation email
  • Added: [yatoon_manage_booking] shortcode for self-service cancel/reschedule page
  • Added: Manage Booking settings (expiry days, minimum notice, admin alert toggles)
  • Fixed: All sbs_ nonce and AJAX hook names unified to yatoon_ prefix

2.6.0

  • Added: Staff Calendar admin page with daily staff columns and booking cards
  • Added: Booking operational statuses — pending, confirmed, completed, no-show, cancelled
  • Added: Payment status tracking — unpaid, paid in Square POS, deposit paid, refunded, waived
  • Added: Optional cancellation / no-show policy acknowledgement with saved booking snapshot
  • Added: Optional consent / waiver signature capture with saved booking snapshot
  • Added: Service-level rules for policy acknowledgement, consent, staff selection, buffers, and minimum lead time
  • Added: Client CRM preferences field and improved client summary stats
  • Added: Waitlist automation — checks active requests and emails customers once when a matching opening appears
  • Added: Manual waitlist opening-check action on the Waitlist page
  • Added: Reports page with booking volume, completed/no-show counts, top services, staff performance, and daily revenue breakdown
  • Fixed: Settings page category-order query now correctly loads the global database object before use

2.97

  • Changed: Unified all naming to YATOON_ prefix across classes, functions, database tables, and options
  • Added: Automatic migration from older sbs_* table and option names on plugin load

2.96

  • Added: Notifications page with reminder, review request, cancellation, and reschedule email templates
  • Added: Test email actions for each notification template
  • Fixed: Auto-sync cron rescheduling issues when settings changed

1.2.5

  • New: 👤 Clients page — client profiles are automatically created on every new booking (name, phone, email)
  • New: Admin can add per-client notes, allergies/sensitivities, preferred staff, and tags from the Clients page
  • New: Client profile modal shows full booking history (date, service, staff, status, price)
  • New: Client list shows visit count, last visit date, and total spent — sortable and searchable
  • New: Email Notifications page (🔔 Notifications in admin menu) with 4 configurable email types
  • New: Appointment Reminder email — sent X hours before appointment (fully configurable), with editable subject, body, and template variables
  • New: Review Request email — sent X hours after appointment ends, includes a Google Review button (paste your Google Review link), with editable subject and body
  • New: Cancellation Notification email — sent when an appointment is cancelled, with editable subject and body
  • New: Reschedule Notification email — sent when an appointment is rescheduled, with editable subject and body
  • New: All 4 notification types include a “Send Test Email to Admin” button for easy preview
  • New: Admin Bookings page — Cancel button now shows a confirmation modal with “Notify customer by email” checkbox (checked by default)
  • New: Customer Portal — Cancel action now shows a confirmation modal with “Send me a confirmation email” checkbox
  • New: Customer Portal — Reschedule modal now includes a “Send me a confirmation email” checkbox
  • Fixed: Auto Sync cron was not rescheduling when sync interval was changed — hook was listening to wrong option name (sbs_sync_interval instead of yatoon_sync_interval)
  • Fixed: yatoon_sync_interval was being sanitized with absint(), converting string values like ‘daily’ to 0 and breaking the cron schedule — changed to sanitize_text_field()
  • Fixed: Toggling Auto Sync off now properly removes the cron event; toggling on re-schedules it
  • Fixed: Existing installs with a corrupted sync interval are automatically repaired on upgrade

1.1.7

  • i18n: Added full translations for Chinese Simplified (zh_CN), Vietnamese (vi), and Spanish (Spanish) (es_ES)
  • Removed all hardcoded salon-specific default values (business name, address, phone, website URLs)
  • Added Business Address and Business Website fields to Contact Information settings
  • Booking confirmation screen now dynamically renders address/phone/website from settings (hidden when blank)
  • Unified business phone option key to yatoon_business_phone

1.1.6

  • Added i18n infrastructure: all user-facing strings wrapped with translation functions
  • Added languages/ directory with .pot template file

1.1.5

  • Fixed: All color option values in class-yatoon-frontend.php now wrapped with sanitize_hex_color() before CSS injection
  • Fixed: admin/views/bookings.php ABSPATH check moved before global $wpdb

1.1.3

  • Fixed: Replaced all $table_xxx variables in SQL queries with {$wpdb->prefix}tablename directly (resolves InterpolatedNotPrepared + UnescapedDBParameter)
  • Fixed: All date() calls replaced with gmdate() (25 instances)
  • Fixed: strip_tags() replaced with wp_strip_all_tags()
  • Fixed: Added phpcs:disable/enable to all view files for NonPrefixedVariableFound (view files are included partials, not global scope)
  • Fixed: Added nonce verification to ajax_get_staff_services and ajax_update_staff_services
  • Fixed: ExceptionNotEscaped in cron.php – exceptions are logged, not echoed to users
  • Fixed: UnfinishedPrepare – $placeholders and $ph contain %d format strings
  • Fixed: NonPrefixedFunctionFound – sbs_resolve_font renamed to yatoon_resolve_font
  • Fixed: SBS_* backward-compat constants annotated with phpcs:ignore
  • Fixed: MissingTranslatorsComment – added /* translators: */ comments
  • Fixed: EscapeOutput remaining instances in admin views

1.1.2

  • Compliance: Renamed all plugin prefixes from ybs_/sbs_ to yatoon_ (≥4 chars) per WP.org guidelines
  • Compliance: Renamed all class names from SBS_* to YATOON_*
  • Compliance: Added == External Services == documentation to readme.txt
  • Security: Replaced all _e() with esc_html_e() for proper escaping (68 instances)
  • Security: Added nonce verification to Google OAuth callback (state parameter)
  • Security: Replaced remaining stripslashes() with wp_unslash()
  • Security: Added sanitize_text_field() to $_SESSION reads
  • Security: Added wp_unslash() to all JSON POST data reads
  • i18n: Added missing text domain to __() calls in activator.php
  • i18n: Fixed shortcode names to yatoon_booking and yatoon_customer_portal
  • Compatibility: Updated Tested up to WordPress 6.8

1.1.1

  • Security: Added direct file access protection (ABSPATH check) to all PHP files
  • Security: Added nonce verification to sync_bookings_from_square, debug_square_availability, debug_date_bookings handlers
  • Security: Replaced wp_redirect() with wp_safe_redirect() throughout
  • Security: Added wp_unslash() to all sanitize calls for POST/GET input
  • Security: Escaped all unescaped output in admin and public views
  • Security: Sanitized $_SERVER[‘REMOTE_ADDR’] via sanitize_text_field()
  • Compatibility: Removed unnecessary load_plugin_textdomain() call (not needed for WP 6.0+)
  • i18n: Fixed text domain — unified all strings to ‘yatoon-booking-system’
  • i18n: Fixed admin page slug URL references
  • Tested up to WordPress 6.8

1.1.0

  • Initial public release on WordPress.org

Plugin Website
Visit website

Author
yatoon
Version:
4.7.6
Last Updated
April 29, 2026
Requires
WordPress 5.8
Tested Up To
WordPress 6.9.4
Requires PHP
7.4

Share Post

Join our newsletter.

Get insights into what’s happening at ChangelogWP right in your inbox. We don’t believe in spam.