Header Footer Code Manager - Version 1.1.26

Version Description

2022-07-01 * FIXED: Code snippet sanitization, removed due to incompatibility with functionality

Download this release

Release Info

Developer 99robots
Plugin Icon 128x128 Header Footer Code Manager
Version 1.1.26
Comparing to
See all releases

Code changes from version 1.1.25 to 1.1.26

Files changed (3) hide show
  1. 99robots-header-footer-code-manager.php +4 -61
  2. includes/class-hfcm-snippets-list.php +1 -1
  3. readme.txt +4 -1
99robots-header-footer-code-manager.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: Header Footer Code Manager
4
  * Plugin URI: https://draftpress.com/products
5
  * Description: Header Footer Code Manager by 99 Robots is a quick and simple way for you to add tracking code snippets, conversion pixels, or other scripts required by third party services for analytics, tracking, marketing, or chat functions. For detailed documentation, please visit the plugin's <a href="https://draftpress.com/"> official page</a>.
6
- * Version: 1.1.25
7
  * Requires at least: 4.9
8
  * Requires PHP: 5.6.20
9
  * Author: 99robots
@@ -384,8 +384,7 @@ if (!class_exists('NNR_HFCM') ) :
384
  */
385
  public static function hfcm_render_snippet( $scriptdata )
386
  {
387
- $nnr_hfcm_allowed_tags = self::hfcm_allowed_tags();
388
- $output = "<!-- HFCM by 99 Robots - Snippet # " . absint($scriptdata->script_id) . ": " . esc_html($scriptdata->name) . " -->\n" . wp_kses(html_entity_decode($scriptdata->snippet), $nnr_hfcm_allowed_tags) . "\n<!-- /end HFCM by 99 Robots -->\n";
389
 
390
  return $output;
391
  }
@@ -563,8 +562,7 @@ if (!class_exists('NNR_HFCM') ) :
563
  $aftercontent .= $out;
564
  break;
565
  default:
566
- $nnr_hfcm_allowed_tags = self::hfcm_allowed_tags();
567
- echo wp_kses($out, $nnr_hfcm_allowed_tags);
568
  }
569
  }
570
  }
@@ -572,60 +570,6 @@ if (!class_exists('NNR_HFCM') ) :
572
  return $beforecontent . $content . $aftercontent;
573
  }
574
 
575
- /*
576
- * function to return allowed html tags
577
- */
578
-
579
- public static function hfcm_allowed_tags()
580
- {
581
- $nnr_hfcm_allowed_tags = [];
582
-
583
- // allows all most inline elements
584
- $nnr_hfcm_allowed_tags = array_merge($nnr_hfcm_allowed_tags, wp_kses_allowed_html('data'));
585
-
586
- // very permissive: allows pretty much all HTML to pass - same as what's normally applied to the_content by default
587
- $nnr_hfcm_allowed_tags = array_merge($nnr_hfcm_allowed_tags, wp_kses_allowed_html('post'));
588
-
589
- if (empty($nnr_hfcm_allowed_tags['script']) ) {
590
- $nnr_hfcm_allowed_tags['script'] = [
591
- "src" => true,
592
- "async" => true,
593
- "height" => true,
594
- "width" => true,
595
- "type" => true,
596
- "crossorigin" => true,
597
- "defer" => true,
598
- "integrity" => true,
599
- "nomodule" => true,
600
- "referrerpolicy" => true
601
- ];
602
- }
603
- if (empty($nnr_hfcm_allowed_tags['style']) ) {
604
- $nnr_hfcm_allowed_tags['style'] = [ "type" => true, "media" => true ];
605
- }
606
- if (empty($nnr_hfcm_allowed_tags['iframe']) ) {
607
- $nnr_hfcm_allowed_tags['iframe'] = [
608
- "src" => true,
609
- "allow" => true,
610
- "height" => true,
611
- "width" => true,
612
- "type" => true,
613
- "style" => true,
614
- "allowfullscreen" => true,
615
- "loading" => true,
616
- "autoplay" => true,
617
- "loop" => true,
618
- "controls" => true
619
- ];
620
- }
621
- $nnr_hfcm_allowed_tags['span']['itemprop'] = true;
622
- $nnr_hfcm_allowed_tags['div']['itemprop'] = true;
623
- $nnr_hfcm_allowed_tags['div']['itemscope'] = true;
624
- $nnr_hfcm_allowed_tags['div']['itemtype'] = true;
625
-
626
- return $nnr_hfcm_allowed_tags;
627
- }
628
-
629
  /*
630
  * function to add snippets in the header
631
  */
@@ -676,8 +620,7 @@ if (!class_exists('NNR_HFCM') ) :
676
  if ($is_not_snippet ) {
677
  $post_data = sanitize_text_field($post_data);
678
  } else {
679
- $nnr_hfcm_allowed_tags = self::hfcm_allowed_tags();
680
- $post_data = wp_kses(htmlentities($post_data), $nnr_hfcm_allowed_tags);
681
  }
682
  return $post_data;
683
  }
3
  * Plugin Name: Header Footer Code Manager
4
  * Plugin URI: https://draftpress.com/products
5
  * Description: Header Footer Code Manager by 99 Robots is a quick and simple way for you to add tracking code snippets, conversion pixels, or other scripts required by third party services for analytics, tracking, marketing, or chat functions. For detailed documentation, please visit the plugin's <a href="https://draftpress.com/"> official page</a>.
6
+ * Version: 1.1.26
7
  * Requires at least: 4.9
8
  * Requires PHP: 5.6.20
9
  * Author: 99robots
384
  */
385
  public static function hfcm_render_snippet( $scriptdata )
386
  {
387
+ $output = "<!-- HFCM by 99 Robots - Snippet # " . absint($scriptdata->script_id) . ": " . esc_html($scriptdata->name) . " -->\n" . html_entity_decode($scriptdata->snippet) . "\n<!-- /end HFCM by 99 Robots -->\n";
 
388
 
389
  return $output;
390
  }
562
  $aftercontent .= $out;
563
  break;
564
  default:
565
+ echo $out;
 
566
  }
567
  }
568
  }
570
  return $beforecontent . $content . $aftercontent;
571
  }
572
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
573
  /*
574
  * function to add snippets in the header
575
  */
620
  if ($is_not_snippet ) {
621
  $post_data = sanitize_text_field($post_data);
622
  } else {
623
+ $post_data = htmlentities($post_data);
 
624
  }
625
  return $post_data;
626
  }
includes/class-hfcm-snippets-list.php CHANGED
@@ -299,7 +299,7 @@ class Hfcm_Snippets_List extends WP_List_Table
299
  return '[hfcm id="' . absint($item['script_id']) . '"]';
300
 
301
  default:
302
- return esc_html(print_r($item, true)); // Show the whole array for troubleshooting purposes
303
  }
304
  }
305
 
299
  return '[hfcm id="' . absint($item['script_id']) . '"]';
300
 
301
  default:
302
+ return print_r($item, true); // Show the whole array for troubleshooting purposes
303
  }
304
  }
305
 
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: header, footer, code manager, snippet, functions.php, tracking, google ana
4
  Requires at least: 4.9
5
  Requires PHP: 5.6.20
6
  Tested up to: 6.0
7
- Stable tag: 1.1.25
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
  Donate link: https://draftpress.com
@@ -114,6 +114,9 @@ A. Free plugins rely on user feedback. Therefore, the best thing you can do for
114
  A. If your script is not supported, just let us know and we'll look into it immediately. We will do our best to ensure all reputable services are supported. When requesting support for a particular script, it would be nice to get a sample of the script so that we can see its structure.
115
 
116
  == Changelog ==
 
 
 
117
  = 1.1.25 = 2022-06-29
118
  * UPDATED: Code improvements as per WordPress standards
119
 
4
  Requires at least: 4.9
5
  Requires PHP: 5.6.20
6
  Tested up to: 6.0
7
+ Stable tag: 1.1.26
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
  Donate link: https://draftpress.com
114
  A. If your script is not supported, just let us know and we'll look into it immediately. We will do our best to ensure all reputable services are supported. When requesting support for a particular script, it would be nice to get a sample of the script so that we can see its structure.
115
 
116
  == Changelog ==
117
+ = 1.1.26 = 2022-07-01
118
+ * FIXED: Code snippet sanitization, removed due to incompatibility with functionality
119
+
120
  = 1.1.25 = 2022-06-29
121
  * UPDATED: Code improvements as per WordPress standards
122