Invoice voucher quick-link & bank-transfer deduplication

Development build that introduced the Invoice → Voucher button and the admin-email idempotency guard. Promoted to the stable channel as v5.9.15 — see the current release card above for the full breakdown.

13-language key parity, per-transaction payment email, tax for venue bookings

A triple-fix release that finishes the translation work started in v5.9.5, aligns payment-confirmation emails with Stripe/PayPal/Square conventions, and applies service charge plus tax to at_restaurant bookings for the first time.

Voucher total reconciliation · email link replaces HTML attachment · QR frame centring

Three concurrent fixes: the printable Voucher Grand Total now matches the Invoice and Payment Summary; the confirmation email switches from a .html attachment (flagged as suspicious by Gmail/Outlook globally) to an inline View & Print Voucher button; and the QR scanner viewfinder is finally pixel-centred in Safari.

Locale-safe language switcher · dashboard period tabs · 1M-booking scalability

Critical fix for Traditional Chinese (zh_TW) and Brazilian Portuguese (pt_BR) customers whose locale code was silently lower-cased to the empty fallback. Dashboard gains Yesterday, Last Week and Last Month tabs. Top Services and Busiest Staff queries are now sargable on the idx_rest_status_date composite index — full table scans eliminated on the hot path.

• Locale fix: WordPress’s sanitize_key() lower-cases locale codes (zh_TW → zh_tw), failing the case-sensitive whitelist in RBP_I18n::languages(). New utility RBP_Helpers::sanitize_locale() strips unsafe characters without lower-casing — drop-in replacement at three call sites.
• Performance: Replaced MONTH(booking_date) = MONTH(CURDATE()) patterns (index-killers) with sargable BETWEEN over the stats date range. Confirmed all dashboard, list, count and stats queries use bounded ranges + composite indexes — no unbounded scans remain.

Voucher / Print Settings tab

New Settings tab governing the printable booking voucher: configurable accent colour (with fall-back to brand colour), terms & conditions rendered as a bullet list, and layout options. The “Reseed email templates” action now forces a fresh reseed on installs that already ran the seed once, clearing legacy icon-format rows.

Printable booking confirmation voucher

New Print Voucher button on the booking detail screen renders a clean, print-optimised confirmation page with booking details, QR check-in code and restaurant branding (handler at ?rbp_print_voucher=1&booking_id=…). Optionally attaches to confirmation emails — replaced by an inline link in v5.9.12 for spam-filter compatibility. New class RBP_Voucher generates the HTML with configurable layout, colours and terms.

Refund UX polish & QR scanner layout fix

Payment history in the booking detail now includes refund records (timeline view) with a refund-summary banner above the payment table. The refund button correctly hides when paid_amount - total_refunded ≤ 0. QR scanner CSS handles the intermediate wrapper <div> that html5-qrcode renders on some themes. Refund-notification email is restyled to match the v5.9.7 design system.

Modern card-based Settings UI · full & partial refund flow

The Settings area gets a card-based redesign with a refined tab order (General → Bookings → Design → Guest Groups → Tax & Pricing → Payments → Notifications → Email Templates → Form Labels → Form Messages → Integrations → Form Integrations → POS Sync → Loyalty → Tracking → Performance → Diagnostics). New CSS tokens (--rbp-accent, --rbp-surface, --rbp-shadow-*, --rbp-radius) underpin pill-style tab navigation and four banner variants (info/success/warning/danger).

BUG-QR-1 — QR Check-in Station fully responsive on phones

Camera card, search field and Start Camera button no longer slip off-screen in portrait mode. Landscape grid stacks correctly. Touch targets meet Apple HIG’s 44×44px minimum. iOS Safari search input no longer auto-zooms. Flash/confirm modals get proper padding on narrow screens. End-to-end usability fix for high-volume host stands.

Email hero icon · 133 missing translation keys for 5 locales · Vietnamese label fixes

First half of the 13-language parity work (completed in v5.9.13): Italian, Spanish, Indonesian, Brazilian and European Portuguese all stubbed with only ~49 keys since v5.6.7. Now ship the full 176-key set with native translations. Vietnamese tables_left and guests_left finally translated. admin_strings() and presets() extended to cover all 13 languages (German, Italian, Spanish, Indonesian, Brazilian and European Portuguese previously fell through to English).

Five critical fixes — PayPal undercharge, settings fatal, invoice line-items, Stripe webhook persistence

A consolidated audit pass on the payment subsystem closed five distinct bugs that could have caused financial inconsistency.

Audit pass: End-to-end review of Stripe (Payment Intents + webhook + zero-decimal mapping), PayPal (create + capture + IPN with pull-verify fallback), Square (capture + HMAC webhook + idempotency_key retry-safety), Razorpay (HMAC key_secret + INR paise mapping) and OnePay Vietnam (HMAC-SHA256 with hex-decoded hash_key, path-based vpc_CallbackURL, IPN idempotency). No further fixes required.

“Elegant / Luxury” payment card style

A complete redesign of the Elegant payment card aesthetic for premium hospitality brands. 3-column desktop grid (collapsing to 2 / 1 on tablet / mobile) with three distinct dark-fill selected states — deep forest green for pay-at-venue, charcoal for deposit, deep navy for full prepayment.

Template List grouped by language · Payment Card Style selector

Language filter tabs above the Email Templates list — All (N), English (N), Tiếng Việt (N), Français (N), etc. Active tab in burgundy; inactive grey. Edit URL preserves ?tpl_lang= so the active tab stays after saving. Settings → Design → Style Variants gets a Payment Card Style dropdown with Standard (default) and Elegant options + a live side-by-side preview.

Check-in Station — camera button visible on 1366×768 laptops

Square aspect-ratio:1/1 gave the camera 340px+ height, pushing Start Camera below the viewport on 1366×768 laptops and split-screen windows. Now scales proportionally with max-height: min(340px, 38vh). Camera also auto-restarts 4 seconds after a successful scan — essential at high-volume check-in desks where staff would otherwise tap Start Camera for every guest.

Mobile camera card · auto-complete arrival · marketing subject vars

Camera card stays visible on iOS Safari via explicit grid-row sizing. Enabling Auto-Complete After Arrival Date now runs immediately instead of waiting for the next page-visit (WP-Cron is pseudo-cron). Email template icon restored at the standardised 48px. {{variables}} in marketing campaign subject lines are now substituted per-recipient on both sync and async paths.

Model A & Model B price summary layouts

Codified the two price-summary modes for discount handling. Mode A (disc_pre_tax=TRUE): discount applies to subtotal, tax recalculates on the reduced base, Grand Total is the final pay amount — no separate “Pay in Full” split. Mode B (disc_pre_tax=FALSE): discount applies to Grand Total, with a dashed separator splitting if you choose Pay in Full below. Three new CSS classes (.rbp-pbd-subtotal, .rbp-pbd-green, .rbp-pbd-grand-row) drive the visual hierarchy.

Prepaid discount applied twice in disc_pre_tax mode

Customers received ~10.25% off instead of the intended 5%. taxAmt / scAmt were overwritten with discounted values before grandBeforeDisc was computed; the partially-discounted hint then went to PHP which applied the discount a second time. Fix: snapshot originals in _origTaxAmt / _origScAmt before the disc_pre_tax branch. Plus: prepaid_discount is now synced between Tax & Pricing tab and the booking engine’s restaurant JSON (previously only wp_options was written, causing stale-value reads).

🌐 Tax Region Preset — one-click tax configuration

Three independent toggles (tax_inclusive, sc_cascade_tax, disc_pre_tax) created 12 combinations that confused non-technical owners. New Region Preset dropdown collapses common configurations to one click.

Locale-safe decimals · mobile camera button · Pay-Full display consistency

Three concurrent fixes. _fmtAmt() in the post-redirect confirmed banner previously used Intl.NumberFormat() without an explicit locale — Vietnamese (vi-VN) browsers got 57,5 instead of 57.50. Now reads locale_separators from data-rbp-config. Camera preview compactly placeholders at aspect-ratio:4/3; max-height:200px on mobile pre-scan, expanding to aspect-ratio:3/4; max-height:55vh on activation. Pay-Full display now uses effectiveDiscAmt = grandBeforeDisc − grandTotal so the visible arithmetic adds up: $57.50 − $2.87 = $54.63 ✅.

Exact-percentage discount display · multi-CDN QR scanner

Discount display now shows $2.875 (3-decimal exact) instead of $2.88 or $2.87 rounded variants for standard prepaid percentages, with a smart fallback to the DB value for complex stacked discounts. Amount Received clearly labelled “paid — gateway charged” to distinguish from Amount Due when currency rounding causes ≤1¢ deltas. New helper RBP_Helpers::format_money_precise() handles arbitrary decimal precision.

QR scanner reliability: Multi-CDN fallback (jsDelivr primary, unpkg fallback) for html5-qrcode; up-to-4-second retry on library load; explicit getUserMedia() pre-warm to surface the OS camera-permission dialog; platform-specific permission-denied messages (iPhone Settings → Safari → Camera; Android tap-camera-icon-in-address-bar).

Six audit-pass fixes — payment summary math · i18n keys · diagnostics nonce

Closed six issues from a deep architecture review including: payment summary arithmetic inconsistency (Grand Total − Discount ≠ Amount Due) now derived from a single source of truth; Pay-in-Full card’s missing i18n keys (pay_now, discount_pct) replaced with the correct existing keys for all 8 languages; Diagnostics buttons that died on “The link you followed has expired” now use wp_verify_nonce() (silent false) instead of check_admin_referer() (wp_die()); 84px circular email icon replaced; auto-complete-arrival now fires for at_restaurant bookings.

1M-booking scalability · async job queue · Mailchimp-lite editor · 5 new segments

The largest single release in JavisTab’s history. Four revisions over two days delivered a 1M-row scalable data layer, an async job queue for reminders / SMS / WhatsApp / marketing, a TinyMCE-powered campaign composer with variable insertion and live preview, five new HubSpot-style customer segments, and search + filter + pagination on the Invoices admin page.

Migration safety: idempotent; gated by rbp_db_version + per-feature option flags; ALTER TABLE wrapped in hide_errors() to prevent abort on user-modified columns. Public API breaking changes: 0 — old methods retained as @deprecated for add-on compatibility.

PayPal IPN webhook · OnePay IPN restored — full 6-gateway parity

Closed the two remaining IPN gaps. PayPal: new handle_webhook() processing PAYMENT.CAPTURE.COMPLETED with pull-verify fallback if no Webhook ID is configured (fetches the capture directly from PayPal API to confirm COMPLETED) — secure without extra setup, upgradeable to cryptographic verify-webhook-signature when the admin provides a Webhook ID. OnePay: vpc_CallbackURL restored with a path-based URL (/payments/onepay/ipn/{booking_id}) so the booking ID lives in the URL path, not as a ?booking_id= query string that would collide with OnePay’s HMAC separator parsing.

Global commercialisation hardening — 7 audit issues · 10 new languages

Closed every blocking and medium-severity finding from the v5.6.21 pre-release security audit. Highlights: a transient-based rate limiter on the public /discounts/validate endpoint (default 30 attempts per IP per 10 minutes, configurable in Settings → Booking) to prevent brute-force enumeration; an extra token on bank_transfer_confirm to block sequential booking_id enumeration; ten new languages bringing the supported total to 13.

Industry-agnostic role labels · Cashier role · Days Off save · QR contrast

Five distinct bug-fixes ahead of the cross-vertical relaunch.

• Cashier role registered: admin/views/staff.php referenced an rbp_cashier role that class-rbp-roles.php never actually registered. Assigning a user to Cashier silently no-op’d. Now properly registered.
• Industry-agnostic labels: “Restaurant Manager” and “Restaurant Staff” renamed to neutral “Manager”, “Staff”, “Cashier”. New refresh_role_label() helper handles label migration on existing installs.
• Remove user / Change Role UI: Per-row inline buttons with WP nonces, self-row protection, RBP-role-only allow-list. Removing strips the RBP role only — the WordPress account survives so customer-side bookings/loyalty data persists.
• QR scanner auto-contrast: PHP computes WCAG relative luminance (0.2126R + 0.7152G + 0.0722B) of admin’s gradient stops. If the brighter stop is ≥0.55, text/surface/border tokens flip to dark equivalents — fixes invisible scanner UI on white-background themes.
• Days Off field saves: RBP_Staff::update() had off_days missing from its $allowed whitelist, silently dropping the field. create() had the same gap. Both now persist correctly.

OnePay hotfix — revert vpc_CallbackURL + vpc_SecureHashType

Single-file hotfix on top of v5.6.12. OnePay sandbox returned a blank page (HMAC failure) when redirecting from the booking form, despite valid credentials. Byte-level diff against the v4.4.11 production zip isolated the regression to two fields added in v5.6.11: vpc_CallbackURL contained a literal ? and & in its value, which OnePay’s hash parser treated as field separators — splitting one parameter into many and breaking the HMAC digest. Reverted to v4.4.11’s exact $params shape. IPN trade-off accepted until v5.6.23 restored it via path-based URL.

EU VAT compliance · locale-aware currency formatting · zero-decimal fix · 6 audit issues

The legal foundation for EU launch — plus six confirmed issues from the global-commerce readiness audit.

Multi-currency convention overhaul · ICS calendar attachment · invoice line items

Three structural changes in one release. The currency rate convention was unified to “1 base = N foreign” across PHP and JS, with a one-shot idempotent migration (migrate_currency_rates_inversion_v5611()) for existing installs. Confirmation emails now carry an RFC 5545 ICS attachment so guests can add the booking to Apple Calendar, Google Calendar or Outlook with one tap. Invoices switched from a single line to per-group line items (Adults / Children / Infants) with proper ratio handling.

License system hardening — three independent fixes

Closed three license-system holes. (1) Expired or banned licences could previously re-activate by falling through to local HMAC validation; now any success:false from the server hard-blocks, with stored-status check on offline fallback. (2) Activation/deactivation are now broadcast to all three sync servers (fire-and-forget, non-blocking), so HTTP 404s from sync gaps no longer masquerade as revoked. (3) License status card finally renders the customer’s Name and Website alongside Email and Key.

Guest Groups save isolation · email templates VI/FR/DE upgraded to EN-style

Saving the Guest Groups tab no longer reset Deposit Amount to its default (200,000 ₫). Saving the Booking tab no longer flipped Guest Group 2 to OFF. Both fixed by read-merge-write pattern + clean tab_bool separation. Every Vietnamese, French and German email template (confirmation, reminders, cancellation, payment_confirmation) was upgraded to the icon-hero card layout used by English. Seven new French and German templates added (waitlist, abandon, win-back, birthday, loyalty upgrade, admin notification, full slot). Auto-migration via migrate_email_templates_v5512() runs once per install.