Cookie Notice by dFactory - Version 2.1.5

Version Description

  • Tweak: Additional sanitization applied
Download this release

Release Info

Developer dfactory
Plugin Icon 128x128 Cookie Notice by dFactory
Version 2.1.5
Comparing to
See all releases

Code changes from version 2.1.4 to 2.1.5

Files changed (3) hide show
  1. cookie-notice.php +17 -5
  2. includes/welcome-api.php +8 -8
  3. readme.txt +6 -3
cookie-notice.php CHANGED
@@ -2,7 +2,7 @@
2
  /*
3
  Plugin Name: Cookie Notice & Compliance for GDPR / CCPA
4
  Description: Cookie Notice allows you to you elegantly inform users that your site uses cookies and helps you comply with GDPR, CCPA and other data privacy laws.
5
- Version: 2.1.4
6
  Author: Hu-manity.co
7
  Author URI: https://hu-manity.co/
8
  Plugin URI: https://hu-manity.co/
@@ -29,7 +29,7 @@ if ( ! defined( 'ABSPATH' ) )
29
  * Cookie Notice class.
30
  *
31
  * @class Cookie_Notice
32
- * @version 2.1.4
33
  */
34
  class Cookie_Notice {
35
 
@@ -85,7 +85,7 @@ class Cookie_Notice {
85
  'update_notice' => true,
86
  'update_delay_date' => 0
87
  ),
88
- 'version' => '2.1.4'
89
  );
90
 
91
  private static $_instance;
@@ -283,8 +283,8 @@ class Cookie_Notice {
283
  if ( ! current_user_can( 'install_plugins' ) )
284
  return;
285
 
286
- if ( wp_verify_nonce( esc_attr( $_REQUEST['nonce'] ), 'cn_dismiss_notice' ) ) {
287
- $notice_action = empty( $_REQUEST['notice_action'] ) || $_REQUEST['notice_action'] === 'dismiss' ? 'dismiss' : esc_attr( $_REQUEST['notice_action'] );
288
 
289
  switch ( $notice_action ) {
290
  // delay notice
@@ -413,6 +413,18 @@ class Cookie_Notice {
413
  public static function cookies_accepted() {
414
  if ( Cookie_Notice()->get_status() === 'active' ) {
415
  $cookies = isset( $_COOKIE['hu-consent'] ) ? json_decode( stripslashes( $_COOKIE['hu-consent'] ), true ) : array();
 
 
 
 
 
 
 
 
 
 
 
 
416
 
417
  $result = ( is_array( $cookies ) && json_last_error() === JSON_ERROR_NONE && ! empty( $cookies['consent'] ) ) ? true : false;
418
  } else
2
  /*
3
  Plugin Name: Cookie Notice & Compliance for GDPR / CCPA
4
  Description: Cookie Notice allows you to you elegantly inform users that your site uses cookies and helps you comply with GDPR, CCPA and other data privacy laws.
5
+ Version: 2.1.5
6
  Author: Hu-manity.co
7
  Author URI: https://hu-manity.co/
8
  Plugin URI: https://hu-manity.co/
29
  * Cookie Notice class.
30
  *
31
  * @class Cookie_Notice
32
+ * @version 2.1.5
33
  */
34
  class Cookie_Notice {
35
 
85
  'update_notice' => true,
86
  'update_delay_date' => 0
87
  ),
88
+ 'version' => '2.1.5'
89
  );
90
 
91
  private static $_instance;
283
  if ( ! current_user_can( 'install_plugins' ) )
284
  return;
285
 
286
+ if ( wp_verify_nonce( $_REQUEST['nonce'], 'cn_dismiss_notice' ) ) {
287
+ $notice_action = empty( $_REQUEST['notice_action'] ) || $_REQUEST['notice_action'] === 'dismiss' ? 'dismiss' : sanitize_text_string( $_REQUEST['notice_action'] );
288
 
289
  switch ( $notice_action ) {
290
  // delay notice
413
  public static function cookies_accepted() {
414
  if ( Cookie_Notice()->get_status() === 'active' ) {
415
  $cookies = isset( $_COOKIE['hu-consent'] ) ? json_decode( stripslashes( $_COOKIE['hu-consent'] ), true ) : array();
416
+
417
+ if ( ! empty( $cookies ) && is_array( $cookies ) ) {
418
+ foreach( $cookies as $cookie_name => $cookie_value ) {
419
+ switch ( $cookie_name ) {
420
+ case 'consent':
421
+ $cookies[$cookie_name] = (bool) $cookie_value;
422
+ break;
423
+ default:
424
+ $cookies[$cookie_name] = is_array( $cookie_value ) ? array_map( 'sanitize_text_field', $cookie_value ) : sanitize_text_field( $cookie_value );
425
+ }
426
+ }
427
+ }
428
 
429
  $result = ( is_array( $cookies ) && json_last_error() === JSON_ERROR_NONE && ! empty( $cookies['consent'] ) ) ? true : false;
430
  } else
includes/welcome-api.php CHANGED
@@ -100,7 +100,7 @@ class Cookie_Notice_Welcome_API {
100
  array(
101
  'AppID' => $app_id,
102
  'AdminID' => $admin_id, // remove later - AdminID from API response
103
- 'paymentMethodNonce' => esc_attr( $_POST['payment_nonce'] )
104
  )
105
  );
106
 
@@ -137,10 +137,10 @@ class Cookie_Notice_Welcome_API {
137
 
138
  case 'register':
139
  $email = is_email( $_POST['email'] );
140
- $pass = ! empty( $_POST['pass'] ) ? esc_attr( $_POST['pass'] ) : '';
141
- $pass2 = ! empty( $_POST['pass2'] ) ? esc_attr( $_POST['pass2'] ) : '';
142
  $terms = isset( $_POST['terms'] );
143
- $language = ! empty( $_POST['language'] ) ? esc_attr( $_POST['language'] ) : 'en';
144
 
145
  if ( ! $terms ) {
146
  $response = array( 'error' => __( "Please accept the Terms of Service to proceed.", 'cookie-notice' ) );
@@ -152,7 +152,7 @@ class Cookie_Notice_Welcome_API {
152
  break;
153
  }
154
 
155
- if ( ! $pass ) {
156
  $response = array( 'error' => __( 'Password is not allowed to be empty.', 'cookie-notice' ) );
157
  break;
158
  }
@@ -330,7 +330,7 @@ class Cookie_Notice_Welcome_API {
330
 
331
  case 'login':
332
  $email = is_email( $_POST['email'] );
333
- $pass = ! empty( $_POST['pass'] ) ? esc_attr( $_POST['pass'] ) : '';
334
 
335
  if ( ! $email ) {
336
  $response = array( 'error' => __( 'Email is not allowed to be empty.', 'cookie-notice' ) );
@@ -604,7 +604,7 @@ class Cookie_Notice_Welcome_API {
604
 
605
  // any data?
606
  if ( is_array( $_POST[$field] ) && ! empty( $_POST[$field] ) ) {
607
- $options['laws'] = array_map( 'esc_attr', $_POST[$field] );
608
 
609
  foreach ( $options['laws'] as $law ) {
610
  if ( in_array( $law, array( 'gdpr', 'ccpa' ), true ) )
@@ -803,7 +803,7 @@ class Cookie_Notice_Welcome_API {
803
  if ( is_object( $param ) )
804
  $api_params[$key] = $param;
805
  else
806
- $api_params[$key] = esc_attr( $param );
807
  }
808
 
809
  if ( $json )
100
  array(
101
  'AppID' => $app_id,
102
  'AdminID' => $admin_id, // remove later - AdminID from API response
103
+ 'paymentMethodNonce' => sanitize_text_field( $_POST['payment_nonce'] )
104
  )
105
  );
106
 
137
 
138
  case 'register':
139
  $email = is_email( $_POST['email'] );
140
+ $pass = ! empty( $_POST['pass'] ) ? $_POST['pass'] : '';
141
+ $pass2 = ! empty( $_POST['pass2'] ) ? $_POST['pass2'] : '';
142
  $terms = isset( $_POST['terms'] );
143
+ $language = ! empty( $_POST['language'] ) ? sanitize_text_field( $_POST['language'] ) : 'en';
144
 
145
  if ( ! $terms ) {
146
  $response = array( 'error' => __( "Please accept the Terms of Service to proceed.", 'cookie-notice' ) );
152
  break;
153
  }
154
 
155
+ if ( ! $pass || ! is_string( $pass ) ) {
156
  $response = array( 'error' => __( 'Password is not allowed to be empty.', 'cookie-notice' ) );
157
  break;
158
  }
330
 
331
  case 'login':
332
  $email = is_email( $_POST['email'] );
333
+ $pass = ! empty( $_POST['pass'] ) ? $_POST['pass'] : '';
334
 
335
  if ( ! $email ) {
336
  $response = array( 'error' => __( 'Email is not allowed to be empty.', 'cookie-notice' ) );
604
 
605
  // any data?
606
  if ( is_array( $_POST[$field] ) && ! empty( $_POST[$field] ) ) {
607
+ $options['laws'] = array_map( 'sanitize_text_field', $_POST[$field] );
608
 
609
  foreach ( $options['laws'] as $law ) {
610
  if ( in_array( $law, array( 'gdpr', 'ccpa' ), true ) )
803
  if ( is_object( $param ) )
804
  $api_params[$key] = $param;
805
  else
806
+ $api_params[$key] = sanitize_text_field( $param );
807
  }
808
 
809
  if ( $json )
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: gdpr, ccpa, cookies, consent, compliance
4
  Requires at least: 4.3
5
  Requires PHP: 5.3
6
  Tested up to: 5.8.1
7
- Stable tag: 2.1.4
8
  License: MIT License
9
  License URI: http://opensource.org/licenses/MIT
10
 
@@ -118,6 +118,9 @@ Yes! The plugin + web appliaction version includes technical compliance features
118
 
119
  == Changelog ==
120
 
 
 
 
121
  = 2.1.4 =
122
  * Fix: Wordpress 5.8 widgets compatibility
123
 
@@ -391,5 +394,5 @@ Initial release
391
 
392
  == Upgrade Notice ==
393
 
394
- = 2.1.4 =
395
- * Fix: Wordpress 5.8 widgets compatibility
4
  Requires at least: 4.3
5
  Requires PHP: 5.3
6
  Tested up to: 5.8.1
7
+ Stable tag: 2.1.5
8
  License: MIT License
9
  License URI: http://opensource.org/licenses/MIT
10
 
118
 
119
  == Changelog ==
120
 
121
+ = 2.1.5 =
122
+ * Tweak: Additional sanitization applied
123
+
124
  = 2.1.4 =
125
  * Fix: Wordpress 5.8 widgets compatibility
126
 
394
 
395
  == Upgrade Notice ==
396
 
397
+ = 2.1.5 =
398
+ * Tweak: Additional sanitization applied