Insert Headers and Footers - Version 1.6.0

Version Description

  • Fix: Only show settings CTA to users able to visit the settings page.
  • Enhancement: Improve settings page user experience on heavily customized WordPress installs.
Download this release

Release Info

Developer peterwilsoncc
Plugin Icon 128x128 Insert Headers and Footers
Version 1.6.0
Comparing to
See all releases

Code changes from version 1.5.0 to 1.6.0

Files changed (4) hide show
  1. ihaf.php +34 -19
  2. languages/insert-headers-and-footers.pot +0 -166
  3. readme.txt +9 -5
  4. views/settings.php +9 -7
ihaf.php CHANGED
@@ -2,13 +2,14 @@
2
  /**
3
  * Plugin Name: Insert Headers and Footers
4
  * Plugin URI: http://www.wpbeginner.com/
5
- * Version: 1.5.0
 
 
 
6
  * Author: WPBeginner
7
  * Author URI: http://www.wpbeginner.com/
8
  * Description: Allows you to insert code or text in the header or footer of your WordPress blog
9
- * License: GPL2
10
- * Text Domain: insert-headers-and-footers
11
- * Domain Path: languages
12
  */
13
 
14
  /* Copyright 2019 WPBeginner
@@ -68,7 +69,10 @@ class InsertHeadersAndFooters {
68
  function dashboardNotices() {
69
  global $pagenow;
70
 
71
- if ( ! get_option( $this->plugin->db_welcome_dismissed_key ) ) {
 
 
 
72
  if ( ! ( 'options-general.php' === $pagenow && isset( $_GET['page'] ) && 'insert-headers-and-footers' === $_GET['page'] ) ) {
73
  $setting_page = admin_url( 'options-general.php?page=' . $this->plugin->name );
74
  // load the notices view
@@ -108,16 +112,28 @@ class InsertHeadersAndFooters {
108
  * Save POSTed data from the Administration Panel into a WordPress option
109
  */
110
  function adminPanel() {
111
- // only admin user can access this page
112
- if ( ! current_user_can( 'administrator' ) ) {
113
- echo '<p>' . __( 'Sorry, you are not allowed to access this page.', 'insert-headers-and-footers' ) . '</p>';
114
- return;
 
 
 
 
 
 
 
 
 
115
  }
116
 
117
  // Save Settings
118
  if ( isset( $_REQUEST['submit'] ) ) {
119
- // Check nonce
120
- if ( ! isset( $_REQUEST[ $this->plugin->name . '_nonce' ] ) ) {
 
 
 
121
  // Missing nonce
122
  $this->errorMessage = __( 'nonce field is missing. Settings NOT saved.', 'insert-headers-and-footers' );
123
  } elseif ( ! wp_verify_nonce( $_REQUEST[ $this->plugin->name . '_nonce' ], $this->plugin->name ) ) {
@@ -161,8 +177,14 @@ class InsertHeadersAndFooters {
161
  return;
162
  }
163
 
 
 
 
 
 
 
164
  // Enqueue code editor and settings for manipulating HTML.
165
- $settings = wp_enqueue_code_editor( array( 'type' => 'text/html' ) );
166
 
167
  // Bail if user disabled CodeMirror.
168
  if ( false === $settings ) {
@@ -179,13 +201,6 @@ class InsertHeadersAndFooters {
179
  wp_add_inline_script( 'code-editor', sprintf( 'jQuery( function() { wp.codeEditor.initialize( "ihaf_insert_footer", %s ); } );', wp_json_encode( $settings ) ) );
180
  }
181
 
182
- /**
183
- * Loads plugin textdomain
184
- */
185
- function loadLanguageFiles() {
186
- load_plugin_textdomain( 'insert-headers-and-footers', false, dirname( plugin_basename( __FILE__ ) ) . '/languages/' );
187
- }
188
-
189
  /**
190
  * Outputs script / CSS to the frontend header
191
  */
2
  /**
3
  * Plugin Name: Insert Headers and Footers
4
  * Plugin URI: http://www.wpbeginner.com/
5
+ * Version: 1.6.0
6
+ * Requires at least: 4.6
7
+ * Requires PHP: 5.2
8
+ * Tested up to: 5.7
9
  * Author: WPBeginner
10
  * Author URI: http://www.wpbeginner.com/
11
  * Description: Allows you to insert code or text in the header or footer of your WordPress blog
12
+ * License: GPLv2 or later
 
 
13
  */
14
 
15
  /* Copyright 2019 WPBeginner
69
  function dashboardNotices() {
70
  global $pagenow;
71
 
72
+ if (
73
+ ! get_option( $this->plugin->db_welcome_dismissed_key )
74
+ && current_user_can( 'manage_options' )
75
+ ) {
76
  if ( ! ( 'options-general.php' === $pagenow && isset( $_GET['page'] ) && 'insert-headers-and-footers' === $_GET['page'] ) ) {
77
  $setting_page = admin_url( 'options-general.php?page=' . $this->plugin->name );
78
  // load the notices view
112
  * Save POSTed data from the Administration Panel into a WordPress option
113
  */
114
  function adminPanel() {
115
+ /*
116
+ * Only users with manage_options can access this page.
117
+ *
118
+ * The capability included in add_settings_page() means WP should deal
119
+ * with this automatically but it never hurts to double check.
120
+ */
121
+ if ( ! current_user_can( 'manage_options' ) ) {
122
+ wp_die( __( 'Sorry, you are not allowed to access this page.', 'insert-headers-and-footers' ) );
123
+ }
124
+
125
+ // only users with `unfiltered_html` can edit scripts.
126
+ if ( ! current_user_can( 'unfiltered_html' ) ) {
127
+ $this->errorMessage = '<p>' . __( 'Sorry, only have read-only access to this page. Ask your administrator for assistance editing.', 'insert-headers-and-footers' ) . '</p>';
128
  }
129
 
130
  // Save Settings
131
  if ( isset( $_REQUEST['submit'] ) ) {
132
+ // Check permissions and nonce.
133
+ if ( ! current_user_can( 'unfiltered_html' ) ) {
134
+ // Can not edit scripts.
135
+ wp_die( __( 'Sorry, you are not allowed to edit this page.', 'insert-headers-and-footers' ) );
136
+ } elseif ( ! isset( $_REQUEST[ $this->plugin->name . '_nonce' ] ) ) {
137
  // Missing nonce
138
  $this->errorMessage = __( 'nonce field is missing. Settings NOT saved.', 'insert-headers-and-footers' );
139
  } elseif ( ! wp_verify_nonce( $_REQUEST[ $this->plugin->name . '_nonce' ], $this->plugin->name ) ) {
177
  return;
178
  }
179
 
180
+ $editor_args = array( 'type' => 'text/html' );
181
+
182
+ if ( ! current_user_can( 'unfiltered_html' ) || ! current_user_can( 'manage_options' ) ) {
183
+ $editor_args['codemirror']['readOnly'] = true;
184
+ }
185
+
186
  // Enqueue code editor and settings for manipulating HTML.
187
+ $settings = wp_enqueue_code_editor( $editor_args );
188
 
189
  // Bail if user disabled CodeMirror.
190
  if ( false === $settings ) {
201
  wp_add_inline_script( 'code-editor', sprintf( 'jQuery( function() { wp.codeEditor.initialize( "ihaf_insert_footer", %s ); } );', wp_json_encode( $settings ) ) );
202
  }
203
 
 
 
 
 
 
 
 
204
  /**
205
  * Outputs script / CSS to the frontend header
206
  */
languages/insert-headers-and-footers.pot DELETED
@@ -1,166 +0,0 @@
1
- # Copyright (C) 2020 WPBeginner
2
- # This file is distributed under the same license as the Insert Headers and Footers plugin.
3
- msgid ""
4
- msgstr ""
5
- "Project-Id-Version: Insert Headers and Footers 1.4.5\n"
6
- "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/insert-headers-and-footers\n"
7
- "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
8
- "Language-Team: LANGUAGE <LL@li.org>\n"
9
- "MIME-Version: 1.0\n"
10
- "Content-Type: text/plain; charset=UTF-8\n"
11
- "Content-Transfer-Encoding: 8bit\n"
12
- "POT-Creation-Date: 2020-02-25T05:53:20+00:00\n"
13
- "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
14
- "X-Generator: WP-CLI 2.4.0\n"
15
- "X-Domain: insert-headers-and-footers\n"
16
-
17
- #. Plugin Name of the plugin
18
- msgid "Insert Headers and Footers"
19
- msgstr ""
20
-
21
- #. Plugin URI of the plugin
22
- #. Author URI of the plugin
23
- msgid "http://www.wpbeginner.com/"
24
- msgstr ""
25
-
26
- #. Description of the plugin
27
- msgid "Allows you to insert code or text in the header or footer of your WordPress blog"
28
- msgstr ""
29
-
30
- #. Author of the plugin
31
- msgid "WPBeginner"
32
- msgstr ""
33
-
34
- #: ihaf.php:111
35
- msgid "Sorry, you are not allowed to access this page."
36
- msgstr ""
37
-
38
- #: ihaf.php:120
39
- msgid "nonce field is missing. Settings NOT saved."
40
- msgstr ""
41
-
42
- #: ihaf.php:123
43
- msgid "Invalid nonce specified. Settings NOT saved."
44
- msgstr ""
45
-
46
- #: ihaf.php:132
47
- msgid "Settings Saved."
48
- msgstr ""
49
-
50
- #. translators: %s: Name of this plugin
51
- #: views/dashboard-notices.php:11
52
- msgid "Thank you for installing %1$s!"
53
- msgstr ""
54
-
55
- #: views/dashboard-notices.php:14
56
- msgid "Click here"
57
- msgstr ""
58
-
59
- #: views/dashboard-notices.php:14
60
- msgid "to configure the plugin."
61
- msgstr ""
62
-
63
- #: views/settings.php:2
64
- #: views/settings.php:23
65
- msgid "Settings"
66
- msgstr ""
67
-
68
- #: views/settings.php:28
69
- msgid "Scripts in Header"
70
- msgstr ""
71
-
72
- #. translators: %s: The `<head>` tag
73
- #: views/settings.php:33
74
- msgid "These scripts will be printed in the %s section."
75
- msgstr ""
76
-
77
- #: views/settings.php:40
78
- msgid "Scripts in Body"
79
- msgstr ""
80
-
81
- #. translators: %s: The `<head>` tag
82
- #: views/settings.php:45
83
- msgid "These scripts will be printed just below the opening %s tag."
84
- msgstr ""
85
-
86
- #: views/settings.php:52
87
- msgid "Scripts in Footer"
88
- msgstr ""
89
-
90
- #. translators: %s: The `</body>` tag
91
- #: views/settings.php:57
92
- msgid "These scripts will be printed above the closing %s tag."
93
- msgstr ""
94
-
95
- #: views/settings.php:64
96
- msgid "Save"
97
- msgstr ""
98
-
99
- #: views/sidebar.php:9
100
- msgid "Improve Your Site"
101
- msgstr ""
102
-
103
- #. translators: %s: Link to WPBeginner blog
104
- #: views/sidebar.php:17
105
- msgid "Want to take your site to the next level? Check out our daily free WordPress tutorials on %s."
106
- msgstr ""
107
-
108
- #: views/sidebar.php:20
109
- msgid "WPBeginner blog"
110
- msgstr ""
111
-
112
- #: views/sidebar.php:27
113
- msgid "Some of our popular guides:"
114
- msgstr ""
115
-
116
- #: views/sidebar.php:33
117
- msgid "Speed Up WordPress"
118
- msgstr ""
119
-
120
- #: views/sidebar.php:38
121
- msgid "Improve WordPress Security"
122
- msgstr ""
123
-
124
- #: views/sidebar.php:43
125
- msgid "Boost Your WordPress SEO"
126
- msgstr ""
127
-
128
- #: views/sidebar.php:54
129
- msgid "Our WordPress Plugins"
130
- msgstr ""
131
-
132
- #: views/sidebar.php:58
133
- msgid "Like this plugin? Check out our other WordPress plugins:"
134
- msgstr ""
135
-
136
- #: views/sidebar.php:65
137
- msgid "WPForms"
138
- msgstr ""
139
-
140
- #: views/sidebar.php:66
141
- msgid "Drag & Drop WordPress Form Builder"
142
- msgstr ""
143
-
144
- #: views/sidebar.php:75
145
- msgid "MonsterInsights"
146
- msgstr ""
147
-
148
- #: views/sidebar.php:76
149
- msgid "Google Analytics Made Easy for WordPress"
150
- msgstr ""
151
-
152
- #: views/sidebar.php:85
153
- msgid "OptinMonster"
154
- msgstr ""
155
-
156
- #: views/sidebar.php:86
157
- msgid "Best WordPress Lead Generation Plugin"
158
- msgstr ""
159
-
160
- #: views/sidebar.php:95
161
- msgid "SeedProd"
162
- msgstr ""
163
-
164
- #: views/sidebar.php:96
165
- msgid "Get the best WordPress Coming Soon Page plugin"
166
- msgstr ""
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
readme.txt CHANGED
@@ -1,10 +1,10 @@
1
- === Insert Headers and Footers ===
2
  Contributors: WPbeginner, smub, deb255
3
  Tags: code, content, css, facebook pixel, footer, footer code, footer scripts, footers, google analytics, head, header, header code, header scripts, headers, insert, insert code, insert scripts, js, meta, meta tags, scripts, wpmu
4
- Requires at least: 3.6
5
- Tested up to: 5.6
6
  Requires PHP: 5.2
7
- Stable tag: 1.5.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -54,7 +54,7 @@ To learn more about WordPress, you can also visit <a href="http://www.wpbeginner
54
  2. Activate Insert Headers and Footers through the `Plugins` menu in WordPress.
55
  3. Insert code in your header or footer by going to the `Settings > Insert Headers and Footers` menu.
56
 
57
- [youtube https://www.youtube.com/watch?v=AXM1QgMODW0]
58
 
59
  == Screenshots ==
60
 
@@ -86,6 +86,10 @@ Syed Balkhi
86
 
87
  == Changelog ==
88
 
 
 
 
 
89
  = 1.5.0 =
90
  * New: Code editors now use CodeMirror for syntax highlighting.
91
 
1
+ === Insert Headers and Footers by WPBeginner ===
2
  Contributors: WPbeginner, smub, deb255
3
  Tags: code, content, css, facebook pixel, footer, footer code, footer scripts, footers, google analytics, head, header, header code, header scripts, headers, insert, insert code, insert scripts, js, meta, meta tags, scripts, wpmu
4
+ Requires at least: 4.6
5
+ Tested up to: 5.8
6
  Requires PHP: 5.2
7
+ Stable tag: 1.6.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
54
  2. Activate Insert Headers and Footers through the `Plugins` menu in WordPress.
55
  3. Insert code in your header or footer by going to the `Settings > Insert Headers and Footers` menu.
56
 
57
+ [youtube https://www.youtube.com/watch?v=QXbrdVjWaME]
58
 
59
  == Screenshots ==
60
 
86
 
87
  == Changelog ==
88
 
89
+ = 1.6.0 =
90
+ * Fix: Only show settings CTA to users able to visit the settings page.
91
+ * Enhancement: Improve settings page user experience on heavily customized WordPress installs.
92
+
93
  = 1.5.0 =
94
  * New: Code editors now use CodeMirror for syntax highlighting.
95
 
views/settings.php CHANGED
@@ -26,7 +26,7 @@
26
  <form action="options-general.php?page=<?php echo $this->plugin->name; ?>" method="post">
27
  <p>
28
  <label for="ihaf_insert_header"><strong><?php esc_html_e( 'Scripts in Header', 'insert-headers-and-footers' ); ?></strong></label>
29
- <textarea name="ihaf_insert_header" id="ihaf_insert_header" class="widefat" rows="8" style="font-family:Courier New;"><?php echo $this->settings['ihaf_insert_header']; ?></textarea>
30
  <?php
31
  printf(
32
  /* translators: %s: The `<head>` tag */
@@ -38,7 +38,7 @@
38
  <?php if ( $this->body_open_supported ) : ?>
39
  <p>
40
  <label for="ihaf_insert_body"><strong><?php esc_html_e( 'Scripts in Body', 'insert-headers-and-footers' ); ?></strong></label>
41
- <textarea name="ihaf_insert_body" id="ihaf_insert_body" class="widefat" rows="8" style="font-family:Courier New;"><?php echo $this->settings['ihaf_insert_body']; ?></textarea>
42
  <?php
43
  printf(
44
  /* translators: %s: The `<head>` tag */
@@ -50,7 +50,7 @@
50
  <?php endif; ?>
51
  <p>
52
  <label for="ihaf_insert_footer"><strong><?php esc_html_e( 'Scripts in Footer', 'insert-headers-and-footers' ); ?></strong></label>
53
- <textarea name="ihaf_insert_footer" id="ihaf_insert_footer" class="widefat" rows="8" style="font-family:Courier New;"><?php echo $this->settings['ihaf_insert_footer']; ?></textarea>
54
  <?php
55
  printf(
56
  /* translators: %s: The `</body>` tag */
@@ -59,10 +59,12 @@
59
  );
60
  ?>
61
  </p>
62
- <?php wp_nonce_field( $this->plugin->name, $this->plugin->name . '_nonce' ); ?>
63
- <p>
64
- <input name="submit" type="submit" name="Submit" class="button button-primary" value="<?php esc_attr_e( 'Save', 'insert-headers-and-footers' ); ?>" />
65
- </p>
 
 
66
  </form>
67
  </div>
68
  </div>
26
  <form action="options-general.php?page=<?php echo $this->plugin->name; ?>" method="post">
27
  <p>
28
  <label for="ihaf_insert_header"><strong><?php esc_html_e( 'Scripts in Header', 'insert-headers-and-footers' ); ?></strong></label>
29
+ <textarea name="ihaf_insert_header" id="ihaf_insert_header" class="widefat" rows="8" style="font-family:Courier New;" <?php echo ( ! current_user_can( 'unfiltered_html' ) ) ? ' disabled="disabled" ' : ''; ?>><?php echo $this->settings['ihaf_insert_header']; ?></textarea>
30
  <?php
31
  printf(
32
  /* translators: %s: The `<head>` tag */
38
  <?php if ( $this->body_open_supported ) : ?>
39
  <p>
40
  <label for="ihaf_insert_body"><strong><?php esc_html_e( 'Scripts in Body', 'insert-headers-and-footers' ); ?></strong></label>
41
+ <textarea name="ihaf_insert_body" id="ihaf_insert_body" class="widefat" rows="8" style="font-family:Courier New;" <?php echo ( ! current_user_can( 'unfiltered_html' ) ) ? ' disabled="disabled" ' : ''; ?>><?php echo $this->settings['ihaf_insert_body']; ?></textarea>
42
  <?php
43
  printf(
44
  /* translators: %s: The `<head>` tag */
50
  <?php endif; ?>
51
  <p>
52
  <label for="ihaf_insert_footer"><strong><?php esc_html_e( 'Scripts in Footer', 'insert-headers-and-footers' ); ?></strong></label>
53
+ <textarea name="ihaf_insert_footer" id="ihaf_insert_footer" class="widefat" rows="8" style="font-family:Courier New;" <?php echo ( ! current_user_can( 'unfiltered_html' ) ) ? ' disabled="disabled" ' : ''; ?>><?php echo $this->settings['ihaf_insert_footer']; ?></textarea>
54
  <?php
55
  printf(
56
  /* translators: %s: The `</body>` tag */
59
  );
60
  ?>
61
  </p>
62
+ <?php if ( current_user_can( 'unfiltered_html' ) ) : ?>
63
+ <?php wp_nonce_field( $this->plugin->name, $this->plugin->name . '_nonce' ); ?>
64
+ <p>
65
+ <input name="submit" type="submit" name="Submit" class="button button-primary" value="<?php esc_attr_e( 'Save', 'insert-headers-and-footers' ); ?>" />
66
+ </p>
67
+ <?php endif; ?>
68
  </form>
69
  </div>
70
  </div>