{"id":282479,"date":"2026-02-17T17:04:12","date_gmt":"2026-02-17T17:04:12","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/oxtilo-fast-cal\/"},"modified":"2026-02-17T17:19:30","modified_gmt":"2026-02-17T17:19:30","slug":"oxtilo-fast-cal","status":"publish","type":"plugin","link":"https:\/\/ca.wordpress.org\/plugins\/oxtilo-fast-cal\/","author":23450737,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"0.9.8","stable_tag":"0.9.8","tested":"6.9.4","requires":"5.8","requires_php":"7.4","requires_plugins":null,"header_name":"Oxtilo Fast Cal","header_author":"Slawomir Klimek","header_description":"A secure and flexible booking management system for WordPress. Features robust availability handling, ICS calendar synchronization, email notifications, and a full REST API. Includes built-in Polish translations.","assets_banners_color":"","last_updated":"2026-02-17 17:19:30","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/oxtilo.pl\/","header_plugin_uri":"","header_author_uri":"https:\/\/oxtilo.pl","rating":0,"author_block_rating":0,"active_installs":0,"downloads":171,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"0.9.7":{"tag":"0.9.7","author":"slawomirklimek","date":"2026-02-17 17:04:03"},"0.9.8":{"tag":"0.9.8","author":"slawomirklimek","date":"2026-02-17 17:19:30"}},"upgrade_notice":{"0.9.8":"<p>SVN repository fix. Recommended update.<\/p>","0.9.7":"<p>Plugin review fixes: renamed main file and removed unnecessary Domain Path header.<\/p>","0.9.6":"<p>Security and compatibility updates. Recommended update.<\/p>","0.9.5":"<p>Codebase refactoring and security improvements. Update recommended.<\/p>"},"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":{"oxtilofastcal\/booking-form":{"$schema":"https:\/\/schemas.wp.org\/trunk\/block.json","apiVersion":3,"name":"oxtilofastcal\/booking-form","version":"0.5.2","title":"Oxtilofastcal Form","category":"widgets","icon":"calendar-alt","description":"Display the booking form.","keywords":["booking","calendar","reservation"],"textdomain":"oxtilo-fast-cal","attributes":{},"supports":{"html":false,"align":["wide","full"]},"editorScript":"file:.\/oxtilofastcal-block-editor.js","editorStyle":"file:.\/oxtilofastcal-block-editor.css"}},"tagged_versions":["0.9.7","0.9.8"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"(No screenshots available yet)"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[276,269,416,722,4062],"plugin_category":[40],"plugin_contributors":[256038],"plugin_business_model":[],"class_list":["post-282479","plugin","type-plugin","status-publish","hentry","plugin_tags-appointment","plugin_tags-booking","plugin_tags-calendar","plugin_tags-reservation","plugin_tags-schedule","plugin_category-calendar-and-events","plugin_contributors-slawomirklimek","plugin_committers-slawomirklimek"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/oxtilo-fast-cal.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p>Oxtilo Fast Cal is a secure and flexible booking management system for WordPress. Features robust availability handling, ICS calendar synchronization, email notifications, and a full REST API. Includes built-in Polish translations.<\/p>\n\n<h4>Features<\/h4>\n\n<ul>\n<li><strong>Service Management<\/strong> - Define multiple services with duration and type (online\/in-person)<\/li>\n<li><strong>Booking Intervals<\/strong> - Configurable slot intervals (15, 30, or 60 minutes)<\/li>\n<li><strong>Manual Bookings<\/strong> - Administrator can create bookings for any time, including outside working hours<\/li>\n<li><strong>Frontend Management<\/strong> - Clients can reschedule or cancel bookings via secure links<\/li>\n<li><strong>Working Hours<\/strong> - Configure working hours for each day of the week<\/li>\n<li><strong>Availability Calculation<\/strong> - Automatic slot availability based on working hours and existing bookings<\/li>\n<li><strong>External Calendar Sync<\/strong> - Import busy times from iCloud, Proton Calendar, or holiday calendars via ICS<\/li>\n<li><strong>ICS Feed Export<\/strong> - Private calendar feed for syncing bookings to external apps<\/li>\n<li><strong>Email Notifications<\/strong> - Automatic notifications to admin and clients with ICS attachments and customizable templates<\/li>\n<li><strong>Mobile Friendly<\/strong> - Responsive booking form with quick date selection (Today\/Tomorrow)<\/li>\n<li><strong>REST API<\/strong> - Token-authenticated endpoints for external integrations (Apple Shortcuts, Zapier)<\/li>\n<li><strong>Built-in Polish Translations<\/strong> - No <code>.mo<\/code> file needed for Polish locale<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>oxtilo-fast-cal<\/code> folder to <code>\/wp-content\/plugins\/<\/code><\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress<\/li>\n<li>Go to <strong>Oxtilo Fast Cal<\/strong> in the admin menu to configure settings<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"how%20do%20i%20add%20the%20booking%20form%3F\"><h3>How do I add the booking form?<\/h3><\/dt>\n<dd><p>Add the booking form to any page using the shortcode: <code>[oxtilofastcal_form]<\/code><\/p><\/dd>\n<dt id=\"does%20it%20support%20translations%3F\"><h3>Does it support translations?<\/h3><\/dt>\n<dd><p>Yes, it has built-in Polish translations.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>0.9.8<\/h4>\n\n<ul>\n<li><strong>Fix<\/strong>: Introduced fix to WordPress SVN repository.<\/li>\n<\/ul>\n\n<h4>0.9.7<\/h4>\n\n<ul>\n<li><strong>Fix<\/strong>: Renamed main plugin file to <code>oxtilo-fast-cal.php<\/code> to follow WordPress naming conventions.<\/li>\n<li><strong>Fix<\/strong>: Removed unnecessary <code>Domain Path<\/code> header (translations handled by WordPress.org).<\/li>\n<\/ul>\n\n<h4>0.9.6<\/h4>\n\n<ul>\n<li><strong>Security<\/strong>: Improved nonce verification and permission checks.<\/li>\n<li><strong>Refactor<\/strong>: Replaced inline scripts and styles with <code>wp_enqueue_script<\/code> and <code>wp_enqueue_style<\/code>.<\/li>\n<li><strong>Fix<\/strong>: Corrected text domain to <code>oxtilo-fast-cal<\/code> matches plugin slug.<\/li>\n<li><strong>Compatibility<\/strong>: Updated Block API version to 3 for WordPress 7.0 readiness.<\/li>\n<li><strong>Compatibility<\/strong>: Tested up to WordPress 6.9.<\/li>\n<\/ul>\n\n<h4>0.9.5<\/h4>\n\n<ul>\n<li><strong>Refactor<\/strong>: Codebase improvements for WordPress.org plugin review standards.<\/li>\n<li><strong>Fix<\/strong>: Replaced discouraged functions (<code>unlink<\/code> -&gt; <code>wp_delete_file<\/code>) for better hosting compatibility.<\/li>\n<li><strong>Fix<\/strong>: Removed redundant <code>load_plugin_textdomain<\/code> as translations are handled by WordPress.org.<\/li>\n<li><strong>Security<\/strong>: Enhanced output escaping and sanitization in admin views.<\/li>\n<li><strong>I18n<\/strong>: Fixed text domain inconsistencies and missing translation strings.<\/li>\n<\/ul>\n\n<h4>0.9.4<\/h4>\n\n<ul>\n<li><strong>Feature<\/strong>: Added setting to include\/hide \"Manage Booking\" link in the private calendar feed events.<\/li>\n<li><strong>Security<\/strong>: Added warning when \"Manage Booking\" link is enabled in calendar feed to prevent unauthorized access.<\/li>\n<li><strong>I18n<\/strong>: Added Polish translations for new settings.<\/li>\n<\/ul>\n\n<h4>0.9.3<\/h4>\n\n<ul>\n<li><strong>Security<\/strong>: Added server-side validation for <code>max_days_future<\/code> in REST API <code>GET \/slots<\/code> endpoint.<\/li>\n<li><strong>Security<\/strong>: Hardened output escaping for <code>paginate_links<\/code> to prevent potential XSS vulnerabilities.<\/li>\n<li><strong>Security<\/strong>: Improved <code>$_GET<\/code> parameter handling and escaping in admin booking pages.<\/li>\n<li><strong>Compatibility<\/strong>: Replaced <code>file_put_contents<\/code> with WP Filesystem API for better hosting compatibility.<\/li>\n<\/ul>\n\n<h4>0.9.2<\/h4>\n\n<ul>\n<li><strong>Fix<\/strong>: Prevented double booking when rescheduling by excluding the current booking from availability checks.<\/li>\n<li><strong>Fix<\/strong>: Updated frontend availability display to correctly show slots occupied by the current booking as available for rescheduling.<\/li>\n<\/ul>\n\n<h4>0.9.1<\/h4>\n\n<ul>\n<li><strong>Security<\/strong>: Added Anti-Bot Protection (Honeypot + JS Time Trap + Nonce) to booking form.<\/li>\n<li><strong>Security<\/strong>: Added ability to enable\/disable anti-bot protection in Security settings.<\/li>\n<li><strong>I18n<\/strong>: Added Polish translations for new anti-bot settings.<\/li>\n<\/ul>\n\n<h4>0.9.0<\/h4>\n\n<ul>\n<li><strong>Security<\/strong>: Implemented comprehensive Rate Limiting system to prevent abuse (DoS, brute force, spam).<\/li>\n<li>Configurable request limits for public endpoints (requests\/minute).<\/li>\n<li>Smart IP detection with support for Cloudflare, Sucuri, AWS CloudFront, Fastly, and proxies.<\/li>\n<li>Rate limiting applied to booking form submissions, AJAX slot checks, and REST API.<\/li>\n<li><strong>Security<\/strong>: Fixed potential race condition (TOCTOU) in booking creation using atomic database transactions.<\/li>\n<li><strong>Security<\/strong>: Added strict date\/time validation to prevent invalid booking durations.<\/li>\n<li><strong>Security<\/strong>: Hardened singleton pattern for admin class to prevent multiple instances.<\/li>\n<li><strong>I18n<\/strong>: Completed Polish translations for all new security features and API documentation.<\/li>\n<li><strong>Fix<\/strong>: Fixed issue with WordPress data sanitization (unslashing) for Apostrophes.<\/li>\n<li><strong>Fix<\/strong>: Added validation to ensure end time is always after start time.<\/li>\n<\/ul>\n\n<h4>0.8.0<\/h4>\n\n<ul>\n<li><strong>Security<\/strong>: Separated API token from calendar feed token for better security<\/li>\n<li>Calendar feed token (32 chars): Read-only access for ICS feeds shared with calendar apps<\/li>\n<li>API token (48 chars): Write access for REST API, kept secret<\/li>\n<li><strong>Breaking<\/strong>: If using REST API, update your applications to use the new API token from Settings<\/li>\n<li>Added: Dedicated API token display and regeneration button in REST API settings section<\/li>\n<li>Added: Security warning explaining token separation in admin panel<\/li>\n<\/ul>\n\n<h4>0.7.0<\/h4>\n\n<ul>\n<li>Added: REST API for external integrations (e.g., Apple Shortcuts, Zapier)<\/li>\n<li>Added: GET <code>\/wp-json\/oxtilofastcal\/v1\/slots<\/code> endpoint for available time slots<\/li>\n<li>Added: POST <code>\/wp-json\/oxtilofastcal\/v1\/create<\/code> endpoint for booking creation<\/li>\n<li>Added: Token-based API authentication via <code>X-Oxtilofastcal-Token<\/code> header<\/li>\n<li>Added: Custom duration parameter for slot availability queries<\/li>\n<li>Added: API documentation in admin settings page with real URLs and tokens<\/li>\n<li>Improved: <code>get_available_slots()<\/code> now supports custom duration override<\/li>\n<\/ul>\n\n<h4>0.6.0<\/h4>\n\n<ul>\n<li>Added: Administrator ability to manually create bookings from the dashboard.<\/li>\n<li>Added: Configurable booking interval setting (15, 30, or 60 minutes).<\/li>\n<li>Added: \"Client Message\" field to booking form and notifications.<\/li>\n<li>Added: Quick date selectors (Today, Tomorrow) to frontend form.<\/li>\n<li>Added: Option to toggle 12h\/24h time format on frontend.<\/li>\n<li>Added: Email notifications for booking updates and cancellations.<\/li>\n<li>Fixed: Issue with external ICS calendar synchronization.<\/li>\n<li>Fixed: Gutenberg block rendering issues.<\/li>\n<li>Fixed: ICS attachment filename in emails.<\/li>\n<li>Improved: Frontend form styling and responsiveness.<\/li>\n<li>Improved: Admin interface organization.<\/li>\n<\/ul>\n\n<h4>0.5.1<\/h4>\n\n<ul>\n<li>Refactored codebase into separate files with proper class structure<\/li>\n<li>Added uninstall.php for clean plugin removal<\/li>\n<li>Added PHP 7.4 compatibility (polyfill for <code>str_ends_with<\/code>)<\/li>\n<li>Improved security with better input validation<\/li>\n<li>Changed date input to native HTML5 date picker<\/li>\n<li>Added keyboard accessibility for slot selection<\/li>\n<li>Improved XSS protection in JavaScript<\/li>\n<li>Added multisite support for uninstall<\/li>\n<\/ul>\n\n<h4>0.5.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<\/ul>","raw_excerpt":"A secure and flexible booking management system for WordPress with availability handling, ICS sync, and REST API.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/282479","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=282479"}],"author":[{"embeddable":true,"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/slawomirklimek"}],"wp:attachment":[{"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=282479"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=282479"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=282479"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=282479"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=282479"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=282479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}