Version Description
- Obfuscation of REST API key in OneSignal configuration page to only show last 4 characters
Download this release
Release Info
| Developer | OneSignal |
| Plugin |  OneSignal – Free Web Push Notifications |
| Version | 2.1.2 |
| Comparing to | |
| See all releases | |
Code changes from version 2.1.1 to 2.1.2
- onesignal-admin.php +9 -7
- onesignal-settings.php +4 -3
- onesignal.php +1 -1
- readme.txt +14 -8
- views/config.php +2 -1
onesignal-admin.php
CHANGED
|
@@ -406,9 +406,6 @@ class OneSignal_Admin
|
|
| 406 |
'allowed_custom_post_types',
|
| 407 |
'notification_title',
|
| 408 |
'custom_manifest_url',
|
| 409 |
-
'http_permission_request_modal_title',
|
| 410 |
-
'http_permission_request_modal_message',
|
| 411 |
-
'http_permission_request_modal_button_text',
|
| 412 |
'persist_notifications',
|
| 413 |
);
|
| 414 |
OneSignal_Admin::saveStringSettings($onesignal_wp_settings, $config, $stringSettings);
|
|
@@ -432,11 +429,16 @@ class OneSignal_Admin
|
|
| 432 |
public static function saveStringSettings(&$onesignal_wp_settings, &$config, $settings)
|
| 433 |
{
|
| 434 |
foreach ($settings as $setting) {
|
| 435 |
-
|
| 436 |
-
|
| 437 |
-
|
| 438 |
-
|
|
|
|
|
|
|
|
|
|
| 439 |
}
|
|
|
|
|
|
|
| 440 |
}
|
| 441 |
}
|
| 442 |
|
| 406 |
'allowed_custom_post_types',
|
| 407 |
'notification_title',
|
| 408 |
'custom_manifest_url',
|
|
|
|
|
|
|
|
|
|
| 409 |
'persist_notifications',
|
| 410 |
);
|
| 411 |
OneSignal_Admin::saveStringSettings($onesignal_wp_settings, $config, $stringSettings);
|
| 429 |
public static function saveStringSettings(&$onesignal_wp_settings, &$config, $settings)
|
| 430 |
{
|
| 431 |
foreach ($settings as $setting) {
|
| 432 |
+
$value = sanitize_text_field($config[$setting]);
|
| 433 |
+
|
| 434 |
+
if ($setting === 'app_rest_api_key') {
|
| 435 |
+
// Only save key if the value has been changed.
|
| 436 |
+
// This prevents its masked value from becoming the value saved to the DB
|
| 437 |
+
if (OneSignal::maskedRestApiKey($onesignal_wp_settings[$setting]) === $value)
|
| 438 |
+
continue;
|
| 439 |
}
|
| 440 |
+
|
| 441 |
+
$onesignal_wp_settings[$setting] = $value;
|
| 442 |
}
|
| 443 |
}
|
| 444 |
|
onesignal-settings.php
CHANGED
|
@@ -87,9 +87,6 @@ class OneSignal {
|
|
| 87 |
'use_custom_sdk_init' => false,
|
| 88 |
'show_notification_send_status_message' => true,
|
| 89 |
'use_http_permission_request' => 'CALCULATE_SPECIAL_VALUE',
|
| 90 |
-
'http_permission_request_modal_title' => '',
|
| 91 |
-
'http_permission_request_modal_message' => '',
|
| 92 |
-
'http_permission_request_modal_button_text' => '',
|
| 93 |
'persist_notifications' => 'CALCULATE_SPECIAL_VALUE'
|
| 94 |
);
|
| 95 |
|
|
@@ -264,4 +261,8 @@ class OneSignal {
|
|
| 264 |
$onesignal_wp_settings = $settings;
|
| 265 |
update_option("OneSignalWPSetting", $onesignal_wp_settings);
|
| 266 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
| 267 |
}
|
| 87 |
'use_custom_sdk_init' => false,
|
| 88 |
'show_notification_send_status_message' => true,
|
| 89 |
'use_http_permission_request' => 'CALCULATE_SPECIAL_VALUE',
|
|
|
|
|
|
|
|
|
|
| 90 |
'persist_notifications' => 'CALCULATE_SPECIAL_VALUE'
|
| 91 |
);
|
| 92 |
|
| 261 |
$onesignal_wp_settings = $settings;
|
| 262 |
update_option("OneSignalWPSetting", $onesignal_wp_settings);
|
| 263 |
}
|
| 264 |
+
|
| 265 |
+
public static function maskedRestApiKey($rest_api_key) {
|
| 266 |
+
return str_repeat('*', 44) . substr($rest_api_key, -4);
|
| 267 |
+
}
|
| 268 |
}
|
onesignal.php
CHANGED
|
@@ -6,7 +6,7 @@ defined('ABSPATH') or die('This page may not be accessed directly.');
|
|
| 6 |
* Plugin Name: OneSignal Push Notifications
|
| 7 |
* Plugin URI: https://onesignal.com/
|
| 8 |
* Description: Free web push notifications.
|
| 9 |
-
* Version: 2.1.
|
| 10 |
* Author: OneSignal
|
| 11 |
* Author URI: https://onesignal.com
|
| 12 |
* License: MIT
|
| 6 |
* Plugin Name: OneSignal Push Notifications
|
| 7 |
* Plugin URI: https://onesignal.com/
|
| 8 |
* Description: Free web push notifications.
|
| 9 |
+
* Version: 2.1.2
|
| 10 |
* Author: OneSignal
|
| 11 |
* Author URI: https://onesignal.com
|
| 12 |
* License: MIT
|
readme.txt
CHANGED
|
@@ -3,25 +3,27 @@ Contributors: OneSignal
|
|
| 3 |
Donate link: https://onesignal.com
|
| 4 |
Tags: chrome, firefox, safari, push, push notifications, push notification, chrome push, safari push, firefox push, notification, notifications, web push, notify, mavericks, android, android push, android notifications, android notification, mobile notification, mobile notifications, mobile, desktop notification, roost, goroost, desktop notifications, gcm, push messages, onesignal
|
| 5 |
Requires at least: 3.8
|
| 6 |
-
Tested up to: 5.
|
| 7 |
-
Stable tag: 2.1.
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
| 11 |
-
Increase engagement and drive more repeat traffic to your WordPress site with
|
| 12 |
|
| 13 |
== Description ==
|
| 14 |
|
| 15 |
[OneSignal](https://onesignal.com) is an easy way to increase user engagement. Use OneSignal to send visitors targeted push notifications so they keep coming back. It takes just a few minutes to install.
|
| 16 |
|
| 17 |
-
|
|
|
|
|
|
|
| 18 |
|
| 19 |
You can configure notification delivery at preset intervals, create user segments, and customize the opt-in process for visitors.
|
| 20 |
|
| 21 |
OneSignal’s free plan allows targeting up to 30,000 subscribers with push notifications. Contact support@onesignal.com if you have any questions. We’d love to hear from you!
|
| 22 |
|
| 23 |
= Company =
|
| 24 |
-
OneSignal is trusted by over
|
| 25 |
|
| 26 |
= Features =
|
| 27 |
* **Supports Chrome** (Desktop & Android), **Safari** (Mac OS X), **Microsoft Edge** (Desktop & Android), **Opera** (Desktop & Android) and **Firefox** (Desktop & Android) on both HTTP and HTTPS sites.
|
|
@@ -41,12 +43,12 @@ OneSignal is trusted by over 860,000 developers and marketing strategists. We po
|
|
| 41 |
== Installation ==
|
| 42 |
|
| 43 |
1. Install OneSignal from the WordPress.org plugin directory or by uploading the OneSignal plugin folder to your wp-content/plugins directory.
|
| 44 |
-
2.
|
| 45 |
3. Follow the instructions on the Setup page.
|
| 46 |
|
| 47 |
== Screenshots ==
|
| 48 |
|
| 49 |
-
1. Notifications on Chrome, Safari, and
|
| 50 |
2. Our detailed setup instructions to get you started.
|
| 51 |
3. Our configuration main configuration setup page.
|
| 52 |
4. Our OneSignal dashboard users page, where you can see your subscribed users.
|
|
@@ -65,11 +67,15 @@ HTTPS Setup Video: [youtube https://www.youtube.com/watch?v=BeTZ2KgytC0]
|
|
| 65 |
|
| 66 |
== Changelog ==
|
| 67 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 68 |
= 2.1.1 =
|
| 69 |
|
| 70 |
- Minor bug fixes: check native_prompt setting key exists, reworked checkbox logic to support custom post statuses
|
| 71 |
|
| 72 |
-
= 2.1.0 =
|
| 73 |
|
| 74 |
- OneSignal config page interface changes to prompting options to discourage native prompt use, bug fixes
|
| 75 |
|
| 3 |
Donate link: https://onesignal.com
|
| 4 |
Tags: chrome, firefox, safari, push, push notifications, push notification, chrome push, safari push, firefox push, notification, notifications, web push, notify, mavericks, android, android push, android notifications, android notification, mobile notification, mobile notifications, mobile, desktop notification, roost, goroost, desktop notifications, gcm, push messages, onesignal
|
| 5 |
Requires at least: 3.8
|
| 6 |
+
Tested up to: 5.4
|
| 7 |
+
Stable tag: 2.1.2
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
| 11 |
+
Increase engagement and drive more repeat traffic to your WordPress site with push notifications. Now a Wordpress VIP Gold Partner.
|
| 12 |
|
| 13 |
== Description ==
|
| 14 |
|
| 15 |
[OneSignal](https://onesignal.com) is an easy way to increase user engagement. Use OneSignal to send visitors targeted push notifications so they keep coming back. It takes just a few minutes to install.
|
| 16 |
|
| 17 |
+
As a Wordpress VIP Gold Partner, OneSignal has been rigorously tested to handle even the highest volume use cases with reliability and ease of use.
|
| 18 |
+
|
| 19 |
+
After setup, your visitors opt-in to receive push notifications when you publish a new post. Visitors receive these notifications even after they’ve left your website, thus driving re-engagement.
|
| 20 |
|
| 21 |
You can configure notification delivery at preset intervals, create user segments, and customize the opt-in process for visitors.
|
| 22 |
|
| 23 |
OneSignal’s free plan allows targeting up to 30,000 subscribers with push notifications. Contact support@onesignal.com if you have any questions. We’d love to hear from you!
|
| 24 |
|
| 25 |
= Company =
|
| 26 |
+
OneSignal is trusted by over 920,000 developers and marketing strategists. We power push notifications for everyone from early stage startups to Fortune 500 Companies, sending over 6 billion notifications per day. It is the most popular push notification plugin on Wordpress with 100,000+ installations.
|
| 27 |
|
| 28 |
= Features =
|
| 29 |
* **Supports Chrome** (Desktop & Android), **Safari** (Mac OS X), **Microsoft Edge** (Desktop & Android), **Opera** (Desktop & Android) and **Firefox** (Desktop & Android) on both HTTP and HTTPS sites.
|
| 43 |
== Installation ==
|
| 44 |
|
| 45 |
1. Install OneSignal from the WordPress.org plugin directory or by uploading the OneSignal plugin folder to your wp-content/plugins directory.
|
| 46 |
+
2. Activate the OneSignal plugin from your WordPress settings dashboard.
|
| 47 |
3. Follow the instructions on the Setup page.
|
| 48 |
|
| 49 |
== Screenshots ==
|
| 50 |
|
| 51 |
+
1. Notifications on Chrome, Safari, Firefox, Opera, and more.
|
| 52 |
2. Our detailed setup instructions to get you started.
|
| 53 |
3. Our configuration main configuration setup page.
|
| 54 |
4. Our OneSignal dashboard users page, where you can see your subscribed users.
|
| 67 |
|
| 68 |
== Changelog ==
|
| 69 |
|
| 70 |
+
= 2.1.2 =
|
| 71 |
+
|
| 72 |
+
- Obfuscation of REST API key in OneSignal configuration page to only show last 4 characters
|
| 73 |
+
|
| 74 |
= 2.1.1 =
|
| 75 |
|
| 76 |
- Minor bug fixes: check native_prompt setting key exists, reworked checkbox logic to support custom post statuses
|
| 77 |
|
| 78 |
+
= 2.1.0 =
|
| 79 |
|
| 80 |
- OneSignal config page interface changes to prompting options to discourage native prompt use, bug fixes
|
| 81 |
|
views/config.php
CHANGED
|
@@ -9,6 +9,7 @@ if (!OneSignalUtils::can_modify_plugin_settings()) {
|
|
| 9 |
|
| 10 |
// The user is just viewing the config page; this page cannot be accessed directly
|
| 11 |
$onesignal_wp_settings = OneSignal::get_onesignal_settings();
|
|
|
|
| 12 |
?>
|
| 13 |
|
| 14 |
<header class="onesignal">
|
|
@@ -289,7 +290,7 @@ $onesignal_wp_settings = OneSignal::get_onesignal_settings();
|
|
| 289 |
</div>
|
| 290 |
<div class="field">
|
| 291 |
<label>REST API Key<i class="tiny circular help icon link" role="popup" data-title="Rest API Key" data-content="Your 48 character alphanumeric REST API Key. You can find this in App Settings > Keys & IDs." data-variation="wide"></i></label>
|
| 292 |
-
<input type="text" name="app_rest_api_key" placeholder="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" value="<?php echo esc_attr($onesignal_wp_settings['app_rest_api_key']); ?>">
|
| 293 |
</div>
|
| 294 |
<div class="field subdomain-feature">
|
| 295 |
<label>OneSignal Label<i class="tiny circular help icon link" role="popup" data-title="Subdomain" data-content="The label you chose for your site. You can find this in Step 2. Wordpress Site Setup" data-variation="wide"></i></label>
|
| 9 |
|
| 10 |
// The user is just viewing the config page; this page cannot be accessed directly
|
| 11 |
$onesignal_wp_settings = OneSignal::get_onesignal_settings();
|
| 12 |
+
|
| 13 |
?>
|
| 14 |
|
| 15 |
<header class="onesignal">
|
| 290 |
</div>
|
| 291 |
<div class="field">
|
| 292 |
<label>REST API Key<i class="tiny circular help icon link" role="popup" data-title="Rest API Key" data-content="Your 48 character alphanumeric REST API Key. You can find this in App Settings > Keys & IDs." data-variation="wide"></i></label>
|
| 293 |
+
<input type="text" name="app_rest_api_key" placeholder="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" value="<?php echo esc_attr(OneSignal::maskedRestApiKey($onesignal_wp_settings['app_rest_api_key'])); ?>">
|
| 294 |
</div>
|
| 295 |
<div class="field subdomain-feature">
|
| 296 |
<label>OneSignal Label<i class="tiny circular help icon link" role="popup" data-title="Subdomain" data-content="The label you chose for your site. You can find this in Step 2. Wordpress Site Setup" data-variation="wide"></i></label>
|
