I was just looking at the contents of a .ical calendar file which are used to sync calendars and noticed that it contained the name of the booking (SUMMARY:) This information is obtained via a query string, so it is very simple to get .ICAL data from a site running the Hotel Booking plugin, just by brute force guessing the accommodation_id. In my opinion it would be nice to use a large random character string instead (±25). Any thoughts about this?
Thank you for your question. actually there is no private information delivered in the iCal file generated by our plugin – just dates and status to block the dates and avoid overbookings. Anyway we’ll keep your request in mind and we’ll review link security. Thanks you for your time and feedback.