Yatoon Appointment Booking for Salons & Spas – Free Version

4.7.6 – 2026-04-29

• Changed: Pro upgrade buttons now link directly to the Freemius checkout page instead of opening an in-plugin license activation form.
• Changed: Free version Pro checks remain locked in the free package, keeping premium activation in the separate Pro package flow.

4.7.5 – 2026-04-28

• Added: Customer-facing self-service storefront via the new [yatoon_growth_storefront] shortcode (pay-in-store request mode in the free version).
• Added: Growth Reports section on the Growth Modules admin page (revenue KPIs, redemptions, top coupons, expiring packages).
• Added: Pending Storefront Purchases inbox in Growth Modules with one-click activation.
• Added: Service Menu shortcode [yatoon_service_menu] is now registered out of the box in the free version.
• Improved: New show= and title= shortcode attributes for the storefront.
• Improved: Bookings admin table scrolls horizontally on narrow screens.
• Improved: Free stubs for Square / Vagaro / Twilio / Google Calendar now degrade gracefully via __call/__callStatic.

4.5.14 – 2026-04-28

• Security: Customer package and membership lookups now require BOTH the email AND the phone number on file to match.
• Fixed: Race condition — package visit balance and coupon usage are now decremented/claimed atomically.
• Fixed: Booking insert failure after a package visit / coupon was reserved now releases the reservation.
• Fixed: “Maximum future bookings per phone” check no longer relies on REGEXP_REPLACE and no longer falsely matches overlapping digit substrings.
• Fixed: services_json is now decoded with wp_unslash() instead of stripslashes().
• Improved: Growth Modules sub-forms no longer accidentally toggle master enable-switches.
• Improved: Added an index on yatoon_growth_redemptions.created_at.

4.5.13 – 2026-04-28

• Improved: Coupons now stack after membership discounts and fixed coupons apply only once in multi-service bookings.
• Improved: Growth Modules admin now lists customer package and membership balances.

4.5.12 – 2026-04-28

• Added: Customer package assignments with visit balances, expiration dates, and automatic visit redemption during booking.
• Added: Customer membership assignments with active date ranges and automatic booking discounts.
• Added: Growth redemption records for package visits and membership discounts.
• Improved: Coupons now stack after membership discounts and fixed coupons apply only once in multi-service bookings.
• Improved: Growth Modules admin now lists customer package and membership balances.

4.5.11 – 2026-04-28

• Added: Growth Modules admin page with switches for coupons, packages, and memberships.
• Added: Coupon code support in the booking form when coupons are enabled.
• Added: Starter translation files for Simplified Chinese, Vietnamese, and Spanish.
• Fixed: Free staff limit is now enforced when adding a new staff member from AJAX.
• Fixed: Local booking total calculation now initializes the WordPress database object before deposit/coupon logic.
• Cleaned: Removed mojibake/encoding artifacts from plugin-owned documentation and source files.

4.5.10 – 2026-04-28

• Fixed: Save Platform and Save Settings now use AJAX — no more redirect issues on any server.
• Fixed: Platform selection (Square/Local/Vagaro) now saves and reloads correctly.

4.5.9 – 2026-04-28

• Fixed: Save Settings now correctly redirects back to plugin page with success notice in all environments.
• Improved: Added Save button directly inside the Booking Platform card for convenience.

4.5.8 – 2026-04-28

• Fixed: Save Settings now redirects back to plugin page with a success notice.
• Fixed: Sync log corruption that caused repeated failures after first run.
• Fixed: Square API request timeout increased from 5s to 30s for reliability.
• Fixed: Rebuild Service Assignments button restored to Staff page; automatically assigns all active services when no Square profile data is available.
• Improved: Sync Settings moved inside the Square API Configuration card for clearer layout.

3.5.5 – 2026-04-28

• Version bump to 3.5.5.

3.5.3 – 2026-04-28

• Fixed: Fatal error on activation when plugin is installed directly from the WordPress.org repository.

3.5.2 – 2026-04-27

• Version bump to 3.5.2.

3.5.1 – 2026-04-27

• Fixed: More reliable first-time activation, database updates, local booking setup, and waitlist background checks.
• Fixed: Improved admin menu compatibility in local development environments.

3.5.0 – 2026-04-27

• Added: PWA (Progressive Web App) support — customers can install the booking page to their phone home screen directly from the browser, no App Store required
• Added: Merchant admin PWA — salon owners can install the Yatoon admin dashboard to their phone home screen for quick access
• Added: Push notifications for new bookings — when a customer books, the salon owner receives an instant push notification on their phone (requires installing the admin PWA)
• Added: Web App Manifest for both customer booking side and merchant admin side
• Added: Service Worker with cache-first strategy for static assets, improving booking page load speed on repeat visits
• Added: PWA icons (192×192 and 512×512) auto-generated from your business logo
• Added: iOS and Android installability meta tags (apple-mobile-web-app-capable, theme-color, etc.)

3.0.2 – 2026-04-26

• Added: Empty installs now seed starter data so the booking flow can be tested immediately
• Added: Admin setup notice with quick links to Services, Staff, and Settings
• Added: Staff profiles now support local manual blocked periods / time-off rules
• Fixed: Booking and customer reschedule flows now exclude blocked staff periods
• Fixed: Local-only booking overlap checks now use the correct site timezone
• Fixed: Documentation now reflects the current [yatoon_booking] shortcode and local setup flow

3.0.1 – 2026-04-24

• Fixed staff creation in local mode so the second staff member no longer fails with a generic network error.
• Manual staff creation now writes a unique local external ID consistently across different staff table schemas.

3.0.0 – 2026-04-24

• Staff management is now unified into a single Staff page.
• Free version can now add, edit, delete, and assign services to staff directly from the Staff page.
• Free version now supports up to 2 staff members; Pro supports unlimited staff.
• Square-only staff actions are hidden unless the active platform is Square.
• WordPress.org free package cleanup: bundled Pro implementation files were removed and free now ships with stub-only integrations for paid features.

2.9.0 – 2026-04-24

• Security hardening: Stripe-style payment/deposit verification moved server-side where applicable, OAuth state validation added, and sensitive AJAX/admin flows tightened.
• Booking flow fixes: “Any staff” local validation now uses the resolved staff member, booking manager accepts both token and yatoon_token, and customer-facing times display correctly.
• Customer portal fixes: local mode no longer depends on Square customer search, OTP/session flow is more reliable, and cancel/reschedule actions behave correctly.
• Admin reliability improvements: Bookings view modal added, staff service assignment secured with nonce checks, older staff table schemas are handled safely, and live previews/save feedback were improved.
• Mobile admin usability improved across Clients, Staff, Services, Waitlist, Messages, Sync Log, and Service Menu tables.

2.8.1 – 2026-04-23

• Fixed: Service Menu page showing old [sbs_service_menu] shortcode name
• Fixed: Add Service modal stuck on Saving due to sbs_add_option AJAX hook mismatch
• Fixed: sbs_debug_square_availability AJAX hook renamed to yatoon_
• Fixed: Missing is_featured column in yatoon_services table
• Improved: Save Settings button now appears next to Test Square Connection

2.8.0 – 2026-04-23

• Added: [yatoon_service_menu] shortcode — categorized service/price list on any page
• Added: Featured service toggle and category ordering in Service Menu admin page
• Changed: [yatoon_booking] shortcode (was [square_booking])
• Changed: All wp_options keys unified to yatoon_ prefix
• Changed: All AJAX action hooks unified to yatoon_ prefix
• Fixed: Frontend booking clicks not responding due to AJAX name mismatch

2.7.1 – 2026-04-23

• Changed: Customer self-service cancel/reschedule link is now Local Only mode exclusive
• Changed: create_token() skips DB write when platform is Square or Vagaro

2.7.0 – 2026-04-23

• Added: Customer self-service cancel/reschedule via secure link in confirmation email
• Added: [yatoon_manage_booking] shortcode for self-service cancel/reschedule page
• Added: Manage Booking settings (expiry days, minimum notice, admin alert toggles)
• Fixed: All sbs_ nonce and AJAX hook names unified to yatoon_ prefix

2.6.0

• Added: Staff Calendar admin page with daily staff columns and booking cards
• Added: Booking operational statuses — pending, confirmed, completed, no-show, cancelled
• Added: Payment status tracking — unpaid, paid in Square POS, deposit paid, refunded, waived
• Added: Optional cancellation / no-show policy acknowledgement with saved booking snapshot
• Added: Optional consent / waiver signature capture with saved booking snapshot
• Added: Service-level rules for policy acknowledgement, consent, staff selection, buffers, and minimum lead time
• Added: Client CRM preferences field and improved client summary stats
• Added: Waitlist automation — checks active requests and emails customers once when a matching opening appears
• Added: Manual waitlist opening-check action on the Waitlist page
• Added: Reports page with booking volume, completed/no-show counts, top services, staff performance, and daily revenue breakdown
• Fixed: Settings page category-order query now correctly loads the global database object before use

2.97

• Changed: Unified all naming to YATOON_ prefix across classes, functions, database tables, and options
• Added: Automatic migration from older sbs_* table and option names on plugin load

2.96

• Added: Notifications page with reminder, review request, cancellation, and reschedule email templates
• Added: Test email actions for each notification template
• Fixed: Auto-sync cron rescheduling issues when settings changed

1.2.5

• New: 👤 Clients page — client profiles are automatically created on every new booking (name, phone, email)
• New: Admin can add per-client notes, allergies/sensitivities, preferred staff, and tags from the Clients page
• New: Client profile modal shows full booking history (date, service, staff, status, price)
• New: Client list shows visit count, last visit date, and total spent — sortable and searchable
• New: Email Notifications page (🔔 Notifications in admin menu) with 4 configurable email types
• New: Appointment Reminder email — sent X hours before appointment (fully configurable), with editable subject, body, and template variables
• New: Review Request email — sent X hours after appointment ends, includes a Google Review button (paste your Google Review link), with editable subject and body
• New: Cancellation Notification email — sent when an appointment is cancelled, with editable subject and body
• New: Reschedule Notification email — sent when an appointment is rescheduled, with editable subject and body
• New: All 4 notification types include a “Send Test Email to Admin” button for easy preview
• New: Admin Bookings page — Cancel button now shows a confirmation modal with “Notify customer by email” checkbox (checked by default)
• New: Customer Portal — Cancel action now shows a confirmation modal with “Send me a confirmation email” checkbox
• New: Customer Portal — Reschedule modal now includes a “Send me a confirmation email” checkbox
• Fixed: Auto Sync cron was not rescheduling when sync interval was changed — hook was listening to wrong option name (sbs_sync_interval instead of yatoon_sync_interval)
• Fixed: yatoon_sync_interval was being sanitized with absint(), converting string values like ‘daily’ to 0 and breaking the cron schedule — changed to sanitize_text_field()
• Fixed: Toggling Auto Sync off now properly removes the cron event; toggling on re-schedules it
• Fixed: Existing installs with a corrupted sync interval are automatically repaired on upgrade

1.1.7

• i18n: Added full translations for Chinese Simplified (zh_CN), Vietnamese (vi), and Spanish (Spanish) (es_ES)
• Removed all hardcoded salon-specific default values (business name, address, phone, website URLs)
• Added Business Address and Business Website fields to Contact Information settings
• Booking confirmation screen now dynamically renders address/phone/website from settings (hidden when blank)
• Unified business phone option key to yatoon_business_phone

1.1.6

• Added i18n infrastructure: all user-facing strings wrapped with translation functions
• Added languages/ directory with .pot template file

1.1.5

• Fixed: All color option values in class-yatoon-frontend.php now wrapped with sanitize_hex_color() before CSS injection
• Fixed: admin/views/bookings.php ABSPATH check moved before global $wpdb

1.1.3

• Fixed: Replaced all $table_xxx variables in SQL queries with {$wpdb->prefix}tablename directly (resolves InterpolatedNotPrepared + UnescapedDBParameter)
• Fixed: All date() calls replaced with gmdate() (25 instances)
• Fixed: strip_tags() replaced with wp_strip_all_tags()
• Fixed: Added phpcs:disable/enable to all view files for NonPrefixedVariableFound (view files are included partials, not global scope)
• Fixed: Added nonce verification to ajax_get_staff_services and ajax_update_staff_services
• Fixed: ExceptionNotEscaped in cron.php – exceptions are logged, not echoed to users
• Fixed: UnfinishedPrepare – $placeholders and $ph contain %d format strings
• Fixed: NonPrefixedFunctionFound – sbs_resolve_font renamed to yatoon_resolve_font
• Fixed: SBS_* backward-compat constants annotated with phpcs:ignore
• Fixed: MissingTranslatorsComment – added /* translators: */ comments
• Fixed: EscapeOutput remaining instances in admin views

1.1.2

• Compliance: Renamed all plugin prefixes from ybs_/sbs_ to yatoon_ (≥4 chars) per WP.org guidelines
• Compliance: Renamed all class names from SBS_* to YATOON_*
• Compliance: Added == External Services == documentation to readme.txt
• Security: Replaced all _e() with esc_html_e() for proper escaping (68 instances)
• Security: Added nonce verification to Google OAuth callback (state parameter)
• Security: Replaced remaining stripslashes() with wp_unslash()
• Security: Added sanitize_text_field() to $_SESSION reads
• Security: Added wp_unslash() to all JSON POST data reads
• i18n: Added missing text domain to __() calls in activator.php
• i18n: Fixed shortcode names to yatoon_booking and yatoon_customer_portal
• Compatibility: Updated Tested up to WordPress 6.8

1.1.1

• Security: Added direct file access protection (ABSPATH check) to all PHP files
• Security: Added nonce verification to sync_bookings_from_square, debug_square_availability, debug_date_bookings handlers
• Security: Replaced wp_redirect() with wp_safe_redirect() throughout
• Security: Added wp_unslash() to all sanitize calls for POST/GET input
• Security: Escaped all unescaped output in admin and public views
• Security: Sanitized $_SERVER[‘REMOTE_ADDR’] via sanitize_text_field()
• Compatibility: Removed unnecessary load_plugin_textdomain() call (not needed for WP 6.0+)
• i18n: Fixed text domain — unified all strings to ‘yatoon-booking-system’
• i18n: Fixed admin page slug URL references
• Tested up to WordPress 6.8

1.1.0

• Initial public release on WordPress.org