{"id":302809,"date":"2026-05-24T04:43:18","date_gmt":"2026-05-24T04:43:18","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/bookshark\/"},"modified":"2026-05-24T04:43:04","modified_gmt":"2026-05-24T04:43:04","slug":"shark-booking-by-carson","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/shark-booking-by-carson\/","author":23484795,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.0","stable_tag":"1.0.0","tested":"7.0","requires":"6.2","requires_php":"7.4","requires_plugins":null,"header_name":"Shark Booking by Carson","header_author":"carsonleung","header_description":"A reusable booking plugin with services, staff resources, payments, and confirmation emails.","assets_banners_color":"ffffff","last_updated":"2026-05-24 04:43:04","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"","rating":0,"author_block_rating":0,"active_installs":0,"downloads":25,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"carsonleung","date":"2026-05-24 04:43:04"}},"upgrade_notice":[],"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3545796,"resolution":"128x128","location":"assets","locale":"","width":1000,"height":1000},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3545796,"resolution":"256x256","location":"assets","locale":"","width":2000,"height":2000}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3545796,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3545796,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[8132,269,416,268,5349],"plugin_category":[40,45],"plugin_contributors":[264161],"plugin_business_model":[],"class_list":["post-302809","plugin","type-plugin","status-publish","hentry","plugin_tags-appointments","plugin_tags-booking","plugin_tags-calendar","plugin_tags-scheduling","plugin_tags-stripe","plugin_category-calendar-and-events","plugin_category-ecommerce","plugin_contributors-carsonleung","plugin_committers-carsonleung"],"banners":{"banner":"https:\/\/ps.w.org\/shark-booking-by-carson\/assets\/banner-772x250.png?rev=3545796","banner_2x":"https:\/\/ps.w.org\/shark-booking-by-carson\/assets\/banner-1544x500.png?rev=3545796","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/shark-booking-by-carson\/assets\/icon-128x128.png?rev=3545796","icon_2x":"https:\/\/ps.w.org\/shark-booking-by-carson\/assets\/icon-256x256.png?rev=3545796","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>Shark Booking by Carson is an installable plugin for businesses that need a streamlined appointment booking flow on any WordPress site.<\/p>\n\n<p>Features:<\/p>\n\n<ul>\n<li>Admin booking list and calendar views (day, week, month) with filters.<\/li>\n<li>Service management with duration, buffers, pricing, currency, and active status.<\/li>\n<li>Resource management with service assignments and weekly schedule editing.<\/li>\n<li>Availability management with weekly rules and date-specific overrides.<\/li>\n<li>Frontend booking flow via shortcode; step labels and messages are built in (Flow Configuration provides the shortcode only).<\/li>\n<li>Email sender details (Email Configuration) for booking notifications; subjects and bodies use built-in templates.<\/li>\n<li>Stripe Checkout flow for bookings.<\/li>\n<li>Stripe webhook processing with idempotency safeguards.<\/li>\n<li>Quote and pricing engine.<\/li>\n<li>Manual admin actions for bookings (edit, delete, resend customer notification).<\/li>\n<li>Built-in FAQ screen and Contact entry point in the admin menu.<\/li>\n<li>Security hardening for public booking APIs (same-origin checks, rate limits, and nonce-aware permission callbacks for logged-in sessions).<\/li>\n<\/ul>\n\n<p>Use <code>[booking_appointment_flow]<\/code> for the appointment booking flow.<\/p>\n\n<h3>External services<\/h3>\n\n<h4>Stripe<\/h4>\n\n<p>This plugin uses Stripe Checkout and webhook APIs to process booking payments.<\/p>\n\n<p>Data sent: checkout\/payment fields such as transaction amount, selected items, customer email, and callback metadata needed to reconcile booking records.<\/p>\n\n<p>When sent: when a customer starts checkout and when Stripe calls the webhook endpoint after payment events.<\/p>\n\n<p>Terms of Service: https:\/\/stripe.com\/legal\/ssa\nPrivacy Policy: https:\/\/stripe.com\/privacy<\/p>\n\n<h4>Freemius<\/h4>\n\n<p>This plugin uses Freemius for voluntary site registration, subscriptions, billing, and telemetry when admins interact with SDK-driven account pages.<\/p>\n\n<p>Data sent: standard Freemius installation and account telemetry as described by Freemius when opted in.<\/p>\n\n<p>When sent: when admins open Subscription \/ account pricing pages or enroll in telemetry through the SDK.<\/p>\n\n<p>Terms of Service: https:\/\/freemius.com\/terms\/\nPrivacy Policy: https:\/\/freemius.com\/privacy\/<\/p>\n\n<h4>What if email delivery fails?<\/h4>\n\n<p>The plugin uses WordPress <code>wp_mail()<\/code>. Delivery depends on your hosting mail setup or SMTP\/mail plugin.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>shark-booking-by-carson<\/code> folder to <code>\/wp-content\/plugins\/<\/code> (main file: <code>shark-booking-by-carson.php<\/code>).<\/li>\n<li>Activate the plugin in the WordPress admin.<\/li>\n<li>Go to <code>Bookings &gt; Settings<\/code> and configure timezone, currency, and Stripe keys.<\/li>\n<li>Create services under <code>Bookings &gt; Services<\/code>.<\/li>\n<li>Create resources under <code>Bookings &gt; Resources<\/code>.<\/li>\n<li>Add availability rules under <code>Bookings &gt; Availability<\/code>.<\/li>\n<li>Add <code>[booking_appointment_flow]<\/code> to a page and publish it.<\/li>\n<li>Configure the Stripe webhook endpoint to:\n   \/wp-json\/sharkbooking\/v1\/stripe\/webhook<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"how%20do%20i%20set%20up%20the%20plugin%20for%20the%20first%20time%3F\"><h3>How do I set up the plugin for the first time?<\/h3><\/dt>\n<dd><p>Configure timezone and currency in Settings, then create Services, Resources, and Availability rules.<\/p><\/dd>\n<dt id=\"how%20do%20i%20create%20a%20booking%20page%3F\"><h3>How do I create a booking page?<\/h3><\/dt>\n<dd><p>Create or edit a WordPress page and add the shortcode <code>[booking_appointment_flow]<\/code>, then publish the page.<\/p><\/dd>\n<dt id=\"what%20can%20i%20manage%20in%20the%20admin%20area%3F\"><h3>What can I manage in the admin area?<\/h3><\/dt>\n<dd><p>You can manage bookings, services, resources, availability, email sender details (Email Configuration), Stripe keys, and other site preferences. Bookings \u2192 Flow Configuration is for copying the appointment shortcode only.<\/p><\/dd>\n<dt id=\"can%20i%20customize%20labels%20and%20messages%20on%20the%20booking%20steps%3F\"><h3>Can I customize labels and messages on the booking steps?<\/h3><\/dt>\n<dd><p>No. Customer-facing wording uses built-in defaults. Flow Configuration only provides the shortcode.<\/p><\/dd>\n<dt id=\"does%20it%20support%20customer%20packages%20or%20add-on%20bundles%3F\"><h3>Does it support customer packages or add-on bundles?<\/h3><\/dt>\n<dd><p>No. There is no package balance or bundled add-on catalog; use Services and Resources for what customers book.<\/p><\/dd>\n<dt id=\"how%20do%20i%20configure%20booking%20notification%20emails%3F\"><h3>How do I configure booking notification emails?<\/h3><\/dt>\n<dd><p>Use Email Configuration to set the From name and From address. Message subjects and bodies are fixed built-in templates.<\/p><\/dd>\n<dt id=\"can%20i%20edit%20email%20subjects%20or%20bodies%20in%20the%20admin%3F\"><h3>Can I edit email subjects or bodies in the admin?<\/h3><\/dt>\n<dd><p>No. Only the sender name and address are configurable; template wording is defined by the plugin.<\/p><\/dd>\n<dt id=\"does%20it%20support%20multiple%20staff%20members%20or%20rooms%3F\"><h3>Does it support multiple staff members or rooms?<\/h3><\/dt>\n<dd><p>Yes. Each resource can be assigned to specific services and can have its own weekly and date-specific availability.<\/p><\/dd>\n<dt id=\"how%20does%20stripe%20confirmation%20work%3F\"><h3>How does Stripe confirmation work?<\/h3><\/dt>\n<dd><p>Bookings are finalized after Stripe webhook confirmation at <code>\/wp-json\/sharkbooking\/v1\/stripe\/webhook<\/code>.<\/p><\/dd>\n<dt id=\"can%20admins%20manually%20create%20or%20edit%20bookings%3F\"><h3>Can admins manually create or edit bookings?<\/h3><\/dt>\n<dd><p>Yes. Admins can create, edit, update status, send notifications, and delete bookings from Booking List and Calendar.<\/p><\/dd>\n<dt id=\"does%20this%20plugin%20connect%20to%20external%20services%3F\"><h3>Does this plugin connect to external services?<\/h3><\/dt>\n<dd><p>Yes, in three feature-specific cases:<\/p>\n\n<ul>\n<li>Stripe payment and webhook APIs are used for checkout\/payment processing when Stripe keys are configured.<\/li>\n<li>Freemius is bundled for voluntary opt-in telemetry, billing, updates, and account pages initiated from wp-admin (<code>Bookings \u2192 Subscription<\/code>).<\/li>\n<li>If an admin submits the in-plugin Contact form (<code>Bookings &gt; FAQ<\/code>), the entered name, email, and message are sent to Shark Booking by Carson support via email.<\/li>\n<\/ul><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Admin: Flow Configuration no longer edits step labels or messages; the screen only explains built-in copy and provides the <code>[booking_appointment_flow]<\/code> shortcode. Removed the <code>save_flow_wording<\/code> admin action.<\/li>\n<li>Admin: FAQ and Subscription copy updated.<\/li>\n<\/ul>\n\n<h4>0.2.30<\/h4>\n\n<ul>\n<li>Admin: Email Configuration no longer exposes template subject\/body or enable controls; saving only updates From name and address. Stored defaults from the plugin still drive notification content.<\/li>\n<li>Admin: FAQ and Subscription copy updated to match built-in email templates.<\/li>\n<li>Email: Diagnostic message when a template is disabled no longer references the Email Configuration screen.<\/li>\n<\/ul>\n\n<h4>0.2.29<\/h4>\n\n<ul>\n<li>Admin: Flow Configuration and Email Configuration now save editable frontend copy and email templates using existing sanitization helpers; template fields (enable, recipient, subject, body) appear on Email Configuration.<\/li>\n<li>Admin: FAQ copy aligned with flow\/email customization and clarified that package balances and add-on catalogs are not included.<\/li>\n<li>Removed unused legacy <code>public\/views\/booking-form.php<\/code> view (booking uses <code>appointment-flow.php<\/code>).<\/li>\n<\/ul>\n\n<h4>0.2.28<\/h4>\n\n<ul>\n<li>Security: Admin GET readers verify the screen nonce in the same code path as <code>wp_verify_nonce()<\/code> (per-key gate) so Plugin Directory tooling and reviewers can validate intent alongside sanitization.<\/li>\n<li>Security: Admin POST actions sanitize fields directly from <code>$_POST<\/code> (no bulk <code>wp_unslash( $_POST )<\/code>); service price uses numeric validation; resource weekly hours read from POST only after the admin action nonce passes.<\/li>\n<li>Security: Admin notices and contact modal require a valid screen nonce before reading <code>booksh_notice<\/code> \/ <code>booksh_contact<\/code>.<\/li>\n<li>Security: REST booking POST permission callback uses an explicit nonce result variable for logged-in sessions (same-origin and <code>wp_rest<\/code> behavior unchanged).<\/li>\n<li>Add <code>uninstall.php<\/code> and <code>includes\/class-uninstaller.php<\/code> for standard directory uninstall handling when \u201cdelete data on uninstall\u201d is enabled (shared with Freemius <code>after_uninstall<\/code> cleanup).<\/li>\n<li>Admin: PHPCS <code>NonceVerification<\/code> \/ <code>ValidatedSanitizedInput<\/code> fixes (scoped <code>phpcs:disable<\/code> where verification is delegated; <code>price_major<\/code> unslashed before sanitization).<\/li>\n<\/ul>\n\n<h4>0.2.27<\/h4>\n\n<ul>\n<li>Admin: Plugin Check\/WPCS compatibility for Shark Booking GET handling (<code>admin\/class-admin-pages.php<\/code>): explicit nonce\/sanitized-input sniff directives, <code>sanitize_text_field<\/code> notice parsing, refined <code>admin_screen_compute_query_trust()<\/code> helper.<\/li>\n<\/ul>\n\n<h4>0.2.26<\/h4>\n\n<ul>\n<li>Admin: Shark Booking screens now pair plugin GET state with a reusable screen nonce; filter forms include the hidden field automatically and redirects\/significant links refresh the token.<\/li>\n<li>Harden POST admin actions around explicit sanitized field maps before handing data to repositories and services.<\/li>\n<li>Public shortcode\/views: removed <code>FILTER_UNSAFE_RAW<\/code>-based GET reads for booking-return flags (shortcode sanitizes booking reference lookup first).<\/li>\n<li>Documented REST <code>permission_callback<\/code> rules for authenticated vs anonymous booking POST helpers.<\/li>\n<\/ul>\n\n<h4>0.2.25<\/h4>\n\n<ul>\n<li>Admin: removed the Available Email Codes reference block from Email Configuration (templates still accept <code>{{placeholder}}<\/code> values in subjects and bodies).<\/li>\n<\/ul>\n\n<h4>0.2.24<\/h4>\n\n<ul>\n<li>Admin: Subscription page shows a Free vs Pro comparison (cards and feature table) instead of the Freemius info blurb.<\/li>\n<\/ul>\n\n<h4>0.2.23<\/h4>\n\n<ul>\n<li>Free-tier build: appointment booking, Stripe, and emails only \u2014 removed packages, add-on upsells, related REST routes, legacy DB tables\/columns (with migration on upgrade), and updated admin\/marketing copy accordingly.<\/li>\n<\/ul>\n\n<h4>0.2.22<\/h4>\n\n<ul>\n<li>Added booking calendar day\/week\/month views with richer filtering.<\/li>\n<li>Added admin booking quick actions, including manual customer notification sending.<\/li>\n<li>Improved Stripe webhook handling with deduplication.<\/li>\n<li>Hardened public REST booking endpoints with same-origin checks, throttling, and nonce-aware permission callbacks for logged-in sessions.<\/li>\n<li>Improved booking and payment summaries across frontend flow steps.<\/li>\n<\/ul>\n\n<h4>0.1.0<\/h4>\n\n<ul>\n<li>Initial release with services, resources, availability rules, bookings, Stripe checkout, webhook confirmation, and email notifications.<\/li>\n<\/ul>","raw_excerpt":"Appointments, Stripe payments, and booking operations for WordPress.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/302809","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=302809"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/carsonleung"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=302809"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=302809"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=302809"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=302809"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=302809"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=302809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}