From aeadbfbe9810744754d054410023a15177567120 Mon Sep 17 00:00:00 2001
From: Alex Tselegidis <alextselegidis@gmail.com>
Date: Fri, 22 Dec 2023 12:48:06 +0100
Subject: [PATCH] Block the public booking operations if the booking page is
 disabled

---
 application/controllers/Booking.php            | 18 ++++++++++++++++++
 .../controllers/Booking_cancellation.php       |  6 ++++++
 2 files changed, 24 insertions(+)

diff --git a/application/controllers/Booking.php b/application/controllers/Booking.php
index 426ee021..10cba132 100755
--- a/application/controllers/Booking.php
+++ b/application/controllers/Booking.php
@@ -290,6 +290,12 @@ class Booking extends EA_Controller
     public function register()
     {
         try {
+            $disable_booking = setting('disable_booking');
+
+            if ($disable_booking) {
+                abort(403);
+            }
+
             $post_data = request('post_data');
             $captcha = request('captcha');
             $appointment = $post_data['appointment'];
@@ -574,6 +580,12 @@ class Booking extends EA_Controller
     public function get_available_hours()
     {
         try {
+            $disable_booking = setting('disable_booking');
+
+            if ($disable_booking) {
+                abort(403);
+            }
+
             $provider_id = request('provider_id');
             $service_id = request('service_id');
             $selected_date = request('selected_date');
@@ -650,6 +662,12 @@ class Booking extends EA_Controller
     public function get_unavailable_dates()
     {
         try {
+            $disable_booking = setting('disable_booking');
+
+            if ($disable_booking) {
+                abort(403);
+            }
+
             $provider_id = request('provider_id');
             $service_id = request('service_id');
             $appointment_id = request('appointment_id');
diff --git a/application/controllers/Booking_cancellation.php b/application/controllers/Booking_cancellation.php
index e92d0c85..950ac461 100755
--- a/application/controllers/Booking_cancellation.php
+++ b/application/controllers/Booking_cancellation.php
@@ -49,6 +49,12 @@ class Booking_cancellation extends EA_Controller
     public function of(string $appointment_hash)
     {
         try {
+            $disable_booking = setting('disable_booking');
+
+            if ($disable_booking) {
+                abort(403);
+            }
+
             $cancellation_reason = request('cancellation_reason');
 
             if ($this->input->method() !== 'post' || empty($cancellation_reason)) {