Version Description
2022-02-17 * FIXED: XSS vulnerability with request parameter page in the HFCM snippet listing screen * UPDATED: Compatibility with WordPress 5.9 * UPDATED: Text & Plugin assets * UPDATED: Snippet column length
Download this release
Release Info
| Developer | 99robots |
| Plugin |  Header Footer Code Manager |
| Version | 1.1.17 |
| Comparing to | |
| See all releases | |
Code changes from version 1.1.16 to 1.1.17
- 99robots-header-footer-code-manager.php +26 -16
- includes/class-hfcm-snippets-list.php +15 -9
- readme.txt +11 -4
99robots-header-footer-code-manager.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: Header Footer Code Manager
|
| 4 |
* Plugin URI: https://draftpress.com/products
|
| 5 |
* Description: Header Footer Code Manager by 99 Robots is a quick and simple way for you to add tracking code snippets, conversion pixels, or other scripts required by third party services for analytics, tracking, marketing, or chat functions. For detailed documentation, please visit the plugin's <a href="https://draftpress.com/"> official page</a>.
|
| 6 |
-
* Version: 1.1.
|
| 7 |
* Requires at least: 4.9
|
| 8 |
* Requires PHP: 5.6.20
|
| 9 |
* Author: 99robots
|
|
@@ -41,7 +41,7 @@ if ( !class_exists( 'NNR_HFCM' ) ) :
|
|
| 41 |
|
| 42 |
class NNR_HFCM
|
| 43 |
{
|
| 44 |
-
public static $nnr_hfcm_db_version = "1.
|
| 45 |
public static $nnr_hfcm_table = "hfcm_scripts";
|
| 46 |
|
| 47 |
|
|
@@ -73,7 +73,7 @@ if ( !class_exists( 'NNR_HFCM' ) ) :
|
|
| 73 |
"CREATE TABLE $table_name (
|
| 74 |
`script_id` int(10) NOT NULL AUTO_INCREMENT,
|
| 75 |
`name` varchar(100) DEFAULT NULL,
|
| 76 |
-
`snippet`
|
| 77 |
`snippet_type` enum('html', 'js', 'css') DEFAULT 'html',
|
| 78 |
`device_type` enum('mobile','desktop', 'both') DEFAULT 'both',
|
| 79 |
`location` varchar(100) NOT NULL,
|
|
@@ -150,6 +150,9 @@ if ( !class_exists( 'NNR_HFCM' ) ) :
|
|
| 150 |
$nnr_alter_sql = "ALTER TABLE `$table_name` ADD `snippet_type` enum('html', 'js', 'css') DEFAULT 'html' AFTER `snippet`";
|
| 151 |
$wpdb->query( $nnr_alter_sql );
|
| 152 |
}
|
|
|
|
|
|
|
|
|
|
| 153 |
}
|
| 154 |
self::hfcm_options_install();
|
| 155 |
}
|
|
@@ -340,7 +343,7 @@ if ( !class_exists( 'NNR_HFCM' ) ) :
|
|
| 340 |
<div id="hfcm-message" class="notice notice-success">
|
| 341 |
<p>
|
| 342 |
🔥 LIFETIME DEAL ALERT: The PRO version of this plugin is released and and available for a limited time as a one-time, exclusive lifetime deal.
|
| 343 |
-
Want it? <b><i><a href="http://www.rockethub.com/deal/header-footer-code-manager-pro-wordpress-plugin" target="_blank">Click here</a> to get HFCM Pro for the lowest price ever</i></b>
|
| 344 |
</p>
|
| 345 |
</div>
|
| 346 |
<?php
|
|
@@ -686,7 +689,7 @@ if ( !class_exists( 'NNR_HFCM' ) ) :
|
|
| 686 |
$table_name, //table
|
| 687 |
array( 'status' => $status ), //data
|
| 688 |
array( 'script_id' => $id ), //where
|
| 689 |
-
array( '%s'
|
| 690 |
array( '%s' ) //where format
|
| 691 |
);
|
| 692 |
|
|
@@ -1157,24 +1160,31 @@ if ( !class_exists( 'NNR_HFCM' ) ) :
|
|
| 1157 |
$nnr_non_script_snippets = 1;
|
| 1158 |
foreach ( $nnr_hfcm_snippets->snippets as $nnr_hfcm_key => $nnr_hfcm_snippet ) {
|
| 1159 |
$nnr_hfcm_snippet = (array) $nnr_hfcm_snippet;
|
| 1160 |
-
if ( !empty( $nnr_hfcm_snippet['snippet_type'] ) && !in_array( $nnr_hfcm_snippet['snippet_type'], array( "html",
|
| 1161 |
-
|
| 1162 |
-
|
|
|
|
|
|
|
| 1163 |
$nnr_non_script_snippets = 2;
|
| 1164 |
continue;
|
| 1165 |
}
|
| 1166 |
$nnr_hfcm_sanitizes_snippet = [];
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1167 |
foreach ( $nnr_hfcm_snippet as $nnr_key => $nnr_item ) {
|
| 1168 |
$nnr_key = sanitize_text_field( $nnr_key );
|
| 1169 |
-
if ( $nnr_key
|
| 1170 |
-
|
| 1171 |
-
|
| 1172 |
-
|
|
|
|
|
|
|
|
|
|
| 1173 |
}
|
| 1174 |
-
$nnr_hfcm_sanitizes_snippet[ $nnr_key ] = $nnr_item;
|
| 1175 |
-
}
|
| 1176 |
-
if ( !empty( $nnr_hfcm_sanitizes_snippet['display_to'] ) ) {
|
| 1177 |
-
unset( $nnr_hfcm_sanitizes_snippet['display_to'] );
|
| 1178 |
}
|
| 1179 |
$nnr_hfcm_sanitizes_snippet['status'] = 'inactive';
|
| 1180 |
|
| 3 |
* Plugin Name: Header Footer Code Manager
|
| 4 |
* Plugin URI: https://draftpress.com/products
|
| 5 |
* Description: Header Footer Code Manager by 99 Robots is a quick and simple way for you to add tracking code snippets, conversion pixels, or other scripts required by third party services for analytics, tracking, marketing, or chat functions. For detailed documentation, please visit the plugin's <a href="https://draftpress.com/"> official page</a>.
|
| 6 |
+
* Version: 1.1.17
|
| 7 |
* Requires at least: 4.9
|
| 8 |
* Requires PHP: 5.6.20
|
| 9 |
* Author: 99robots
|
| 41 |
|
| 42 |
class NNR_HFCM
|
| 43 |
{
|
| 44 |
+
public static $nnr_hfcm_db_version = "1.3";
|
| 45 |
public static $nnr_hfcm_table = "hfcm_scripts";
|
| 46 |
|
| 47 |
|
| 73 |
"CREATE TABLE $table_name (
|
| 74 |
`script_id` int(10) NOT NULL AUTO_INCREMENT,
|
| 75 |
`name` varchar(100) DEFAULT NULL,
|
| 76 |
+
`snippet` LONGTEXT,
|
| 77 |
`snippet_type` enum('html', 'js', 'css') DEFAULT 'html',
|
| 78 |
`device_type` enum('mobile','desktop', 'both') DEFAULT 'both',
|
| 79 |
`location` varchar(100) NOT NULL,
|
| 150 |
$nnr_alter_sql = "ALTER TABLE `$table_name` ADD `snippet_type` enum('html', 'js', 'css') DEFAULT 'html' AFTER `snippet`";
|
| 151 |
$wpdb->query( $nnr_alter_sql );
|
| 152 |
}
|
| 153 |
+
|
| 154 |
+
$nnr_alter_sql = "ALTER TABLE `$table_name` CHANGE `snippet` `snippet` LONGTEXT NULL";
|
| 155 |
+
$wpdb->query( $nnr_alter_sql );
|
| 156 |
}
|
| 157 |
self::hfcm_options_install();
|
| 158 |
}
|
| 343 |
<div id="hfcm-message" class="notice notice-success">
|
| 344 |
<p>
|
| 345 |
🔥 LIFETIME DEAL ALERT: The PRO version of this plugin is released and and available for a limited time as a one-time, exclusive lifetime deal.
|
| 346 |
+
Want it? <b><i><a href="http://www.rockethub.com/deal/header-footer-code-manager-pro-wordpress-plugin?utm_source=freehfcm&utm_medium=banner&utm_campaign=rhltd" target="_blank">Click here</a> to get HFCM Pro for the lowest price ever</i></b>
|
| 347 |
</p>
|
| 348 |
</div>
|
| 349 |
<?php
|
| 689 |
$table_name, //table
|
| 690 |
array( 'status' => $status ), //data
|
| 691 |
array( 'script_id' => $id ), //where
|
| 692 |
+
array( '%s' ), //data format
|
| 693 |
array( '%s' ) //where format
|
| 694 |
);
|
| 695 |
|
| 1160 |
$nnr_non_script_snippets = 1;
|
| 1161 |
foreach ( $nnr_hfcm_snippets->snippets as $nnr_hfcm_key => $nnr_hfcm_snippet ) {
|
| 1162 |
$nnr_hfcm_snippet = (array) $nnr_hfcm_snippet;
|
| 1163 |
+
if ( !empty( $nnr_hfcm_snippet['snippet_type'] ) && !in_array( $nnr_hfcm_snippet['snippet_type'], array( "html", "css", "js" ) ) ) {
|
| 1164 |
+
$nnr_non_script_snippets = 2;
|
| 1165 |
+
continue;
|
| 1166 |
+
}
|
| 1167 |
+
if ( !empty( $nnr_hfcm_snippet['location'] ) && !in_array( $nnr_hfcm_snippet['location'], array( 'header', 'before_content', 'after_content', 'footer' ) ) ) {
|
| 1168 |
$nnr_non_script_snippets = 2;
|
| 1169 |
continue;
|
| 1170 |
}
|
| 1171 |
$nnr_hfcm_sanitizes_snippet = [];
|
| 1172 |
+
$nnr_hfcm_keys = array(
|
| 1173 |
+
"name", "snippet", "snippet_type", "device_type", "location",
|
| 1174 |
+
"display_on", "lp_count", "s_pages", "ex_pages", "s_posts",
|
| 1175 |
+
"ex_posts", "s_custom_posts", "s_categories", "s_tags", "status",
|
| 1176 |
+
"created_by", "last_modified_by", "created", "last_revision_date"
|
| 1177 |
+
);
|
| 1178 |
foreach ( $nnr_hfcm_snippet as $nnr_key => $nnr_item ) {
|
| 1179 |
$nnr_key = sanitize_text_field( $nnr_key );
|
| 1180 |
+
if( in_array( $nnr_key, $nnr_hfcm_keys ) ) {
|
| 1181 |
+
if ( $nnr_key == "lp_count" ) {
|
| 1182 |
+
$nnr_item = absint( $nnr_item );
|
| 1183 |
+
} elseif ( $nnr_key != "snippet" ) {
|
| 1184 |
+
$nnr_item = sanitize_text_field( $nnr_item );
|
| 1185 |
+
}
|
| 1186 |
+
$nnr_hfcm_sanitizes_snippet[ $nnr_key ] = $nnr_item;
|
| 1187 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1188 |
}
|
| 1189 |
$nnr_hfcm_sanitizes_snippet['status'] = 'inactive';
|
| 1190 |
|
includes/class-hfcm-snippets-list.php
CHANGED
|
@@ -38,14 +38,14 @@ class Hfcm_Snippets_List extends WP_List_Table
|
|
| 38 |
$orderby = 'script_id';
|
| 39 |
$order = 'ASC';
|
| 40 |
|
| 41 |
-
if ( !empty( $
|
| 42 |
-
$orderby = sanitize_sql_orderby( $
|
| 43 |
if ( empty( $orderby ) || !in_array( $orderby, array( 'script_id', 'name' ) ) ) {
|
| 44 |
$orderby = 'script_id';
|
| 45 |
}
|
| 46 |
}
|
| 47 |
-
if ( !empty( $
|
| 48 |
-
$order = strtolower( sanitize_sql_orderby( $
|
| 49 |
if ( empty( $order ) || !in_array( $order, array( 'desc', 'asc' ) ) ) {
|
| 50 |
$order = 'ASC';
|
| 51 |
}
|
|
@@ -287,7 +287,13 @@ class Hfcm_Snippets_List extends WP_List_Table
|
|
| 287 |
|
| 288 |
$title = '<strong>' . $item['name'] . '</strong>';
|
| 289 |
|
| 290 |
-
$
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 291 |
$actions = array(
|
| 292 |
'edit' => sprintf( '<a href="?page=%s&action=%s&id=%s&_wpnonce=%s">' . esc_html__( 'Edit', '99robots-header-footer-code-manager' ) . '</a>', esc_attr( 'hfcm-update' ), 'edit', absint( $item['script_id'] ), $edit_nonce ),
|
| 293 |
'delete' => sprintf( '<a href="?page=%s&action=%s&snippet=%s&_wpnonce=%s">' . esc_html__( 'Delete', '99robots-header-footer-code-manager' ) . '</a>', $page, 'delete', absint( $item['script_id'] ), $delete_nonce ),
|
|
@@ -358,8 +364,8 @@ class Hfcm_Snippets_List extends WP_List_Table
|
|
| 358 |
|
| 359 |
// Retrieve $customvar for use in query to get items.
|
| 360 |
$customvar = 'all';
|
| 361 |
-
if ( !empty( $
|
| 362 |
-
$customvar = sanitize_text_field( $
|
| 363 |
if ( empty( $customvar ) || !in_array( $customvar, [ 'inactive', 'active', 'all' ] ) ) {
|
| 364 |
$customvar = 'all';
|
| 365 |
}
|
|
@@ -385,8 +391,8 @@ class Hfcm_Snippets_List extends WP_List_Table
|
|
| 385 |
{
|
| 386 |
$views = array();
|
| 387 |
$current = 'all';
|
| 388 |
-
if ( !empty( $
|
| 389 |
-
$current = sanitize_text_field( $
|
| 390 |
}
|
| 391 |
|
| 392 |
//All link
|
| 38 |
$orderby = 'script_id';
|
| 39 |
$order = 'ASC';
|
| 40 |
|
| 41 |
+
if ( !empty( $_GET['orderby'] ) ) {
|
| 42 |
+
$orderby = sanitize_sql_orderby( $_GET['orderby'] );
|
| 43 |
if ( empty( $orderby ) || !in_array( $orderby, array( 'script_id', 'name' ) ) ) {
|
| 44 |
$orderby = 'script_id';
|
| 45 |
}
|
| 46 |
}
|
| 47 |
+
if ( !empty( $_GET['order'] ) ) {
|
| 48 |
+
$order = strtolower( sanitize_sql_orderby( $_GET['order'] ) );
|
| 49 |
if ( empty( $order ) || !in_array( $order, array( 'desc', 'asc' ) ) ) {
|
| 50 |
$order = 'ASC';
|
| 51 |
}
|
| 287 |
|
| 288 |
$title = '<strong>' . $item['name'] . '</strong>';
|
| 289 |
|
| 290 |
+
$nnr_current_screen = get_current_screen();
|
| 291 |
+
|
| 292 |
+
if(!empty($nnr_current_screen->parent_base)) {
|
| 293 |
+
$page = $nnr_current_screen->parent_base;
|
| 294 |
+
} else {
|
| 295 |
+
$page = sanitize_text_field( $_GET['page'] );
|
| 296 |
+
}
|
| 297 |
$actions = array(
|
| 298 |
'edit' => sprintf( '<a href="?page=%s&action=%s&id=%s&_wpnonce=%s">' . esc_html__( 'Edit', '99robots-header-footer-code-manager' ) . '</a>', esc_attr( 'hfcm-update' ), 'edit', absint( $item['script_id'] ), $edit_nonce ),
|
| 299 |
'delete' => sprintf( '<a href="?page=%s&action=%s&snippet=%s&_wpnonce=%s">' . esc_html__( 'Delete', '99robots-header-footer-code-manager' ) . '</a>', $page, 'delete', absint( $item['script_id'] ), $delete_nonce ),
|
| 364 |
|
| 365 |
// Retrieve $customvar for use in query to get items.
|
| 366 |
$customvar = 'all';
|
| 367 |
+
if ( !empty( $_GET['customvar'] ) ) {
|
| 368 |
+
$customvar = sanitize_text_field( $_GET['customvar'] );
|
| 369 |
if ( empty( $customvar ) || !in_array( $customvar, [ 'inactive', 'active', 'all' ] ) ) {
|
| 370 |
$customvar = 'all';
|
| 371 |
}
|
| 391 |
{
|
| 392 |
$views = array();
|
| 393 |
$current = 'all';
|
| 394 |
+
if ( !empty( $_GET['customvar'] ) ) {
|
| 395 |
+
$current = sanitize_text_field( $_GET['customvar'] );
|
| 396 |
}
|
| 397 |
|
| 398 |
//All link
|
readme.txt
CHANGED
|
@@ -1,10 +1,10 @@
|
|
| 1 |
=== Header Footer Code Manager ===
|
| 2 |
-
Contributors: 99robots, charliepatel
|
| 3 |
Tags: header, footer, code manager, snippet, functions.php, tracking, google analytics, adsense, verification, pixel
|
| 4 |
Requires at least: 4.9
|
| 5 |
Requires PHP: 5.6.20
|
| 6 |
-
Tested up to: 5.
|
| 7 |
-
Stable tag: 1.1.
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
Donate link: https://draftpress.com
|
|
@@ -71,7 +71,7 @@ Header Footer Code Manager by 99 Robots is a easy interface to add snippets to t
|
|
| 71 |
If using this plugin on a multisite network, please make sure that the plugin is activated on a subsite level only.
|
| 72 |
|
| 73 |
> #### Plugin Information
|
| 74 |
-
> * [Plugin Site](https://
|
| 75 |
> * [Plugin Documentation](https://www.draftpress.com/docs/header-footer-code-manager)
|
| 76 |
> * [Free Plugins on WordPress.org](https://profiles.wordpress.org/99robots#content-plugins)
|
| 77 |
> * [Premium Plugins](https://www.draftpress.com/products)
|
|
@@ -91,6 +91,7 @@ NOTE: If using this plugin on a multisite network, please make sure that the plu
|
|
| 91 |
3. Add New Snippet - Read the documentation at:
|
| 92 |
http://www.draftpress.com/docs/header-footer-code-manager
|
| 93 |
4. Choose where you want your snippet to be displayed
|
|
|
|
| 94 |
|
| 95 |
== Frequently Asked Questions ==
|
| 96 |
|
|
@@ -113,6 +114,12 @@ A. Free plugins rely on user feedback. Therefore, the best thing you can do for
|
|
| 113 |
A. If your script is not supported, just let us know and we'll look into it immediately. We will do our best to ensure all reputable services are supported. When requesting support for a particular script, it would be nice to get a sample of the script so that we can see its structure.
|
| 114 |
|
| 115 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 116 |
= 1.1.16 = 2021-12-13
|
| 117 |
* FIXED: Author not showing on Add/Edit snippet screen
|
| 118 |
* ADDED: PRO banner
|
| 1 |
=== Header Footer Code Manager ===
|
| 2 |
+
Contributors: DraftPress, 99robots, charliepatel
|
| 3 |
Tags: header, footer, code manager, snippet, functions.php, tracking, google analytics, adsense, verification, pixel
|
| 4 |
Requires at least: 4.9
|
| 5 |
Requires PHP: 5.6.20
|
| 6 |
+
Tested up to: 5.9
|
| 7 |
+
Stable tag: 1.1.17
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
Donate link: https://draftpress.com
|
| 71 |
If using this plugin on a multisite network, please make sure that the plugin is activated on a subsite level only.
|
| 72 |
|
| 73 |
> #### Plugin Information
|
| 74 |
+
> * [Plugin Site](https://draftpress.com/products/header-footer-code-manager/)
|
| 75 |
> * [Plugin Documentation](https://www.draftpress.com/docs/header-footer-code-manager)
|
| 76 |
> * [Free Plugins on WordPress.org](https://profiles.wordpress.org/99robots#content-plugins)
|
| 77 |
> * [Premium Plugins](https://www.draftpress.com/products)
|
| 91 |
3. Add New Snippet - Read the documentation at:
|
| 92 |
http://www.draftpress.com/docs/header-footer-code-manager
|
| 93 |
4. Choose where you want your snippet to be displayed
|
| 94 |
+
5. HFCM PRO vs. FREE
|
| 95 |
|
| 96 |
== Frequently Asked Questions ==
|
| 97 |
|
| 114 |
A. If your script is not supported, just let us know and we'll look into it immediately. We will do our best to ensure all reputable services are supported. When requesting support for a particular script, it would be nice to get a sample of the script so that we can see its structure.
|
| 115 |
|
| 116 |
== Changelog ==
|
| 117 |
+
= 1.1.17 = 2022-02-17
|
| 118 |
+
* FIXED: XSS vulnerability with request parameter page in the HFCM snippet listing screen
|
| 119 |
+
* UPDATED: Compatibility with WordPress 5.9
|
| 120 |
+
* UPDATED: Text & Plugin assets
|
| 121 |
+
* UPDATED: Snippet column length
|
| 122 |
+
|
| 123 |
= 1.1.16 = 2021-12-13
|
| 124 |
* FIXED: Author not showing on Add/Edit snippet screen
|
| 125 |
* ADDED: PRO banner
|
