OneSignal – Free Web Push Notifications

Version Description

Use onesignal_is_amp to allow filtering
Add additional sanitization to post titles
Add post_id in notification data payload
Fix jQuery issue leading to not showing the notice after post publish when automatic notifs are turned off

Release Info

Developer	OneSignal
Plugin	OneSignal – Free Web Push Notifications
Version	2.3.0
Comparing to
See all releases

Code changes from version 2.2.7 to 2.3.0

Files changed (7) hide show

notice.js +4 -6
onesignal-admin.php +31 -28
onesignal-public.php +1 -1
onesignal-utils.php +1 -1
onesignal.php +1 -1
readme.txt +8 -2
views/config.php +1 -1

notice.js CHANGED Viewed

	@@ -8,7 +8,7 @@ var state = {
8	interval_count : 0, // how many times has the request been attempted
9	status : undefined // whether the post is scheduled or published
10	}
11	-
12	function notice() {
13	if (!isWpCoreEditorDefined()) {
14	return;
	@@ -33,10 +33,10 @@ function notice() {
33	return;
34	}
35
36	- // post is defined now
37	if (!state.first_modified) {
38	// captures last modified date of loaded post
39	- state.first_modified = post.modified;
40	}
41
42	// latest modified date, status of the post
	@@ -44,9 +44,7 @@ function notice() {
44	state.status = status;
45
46	// is checked
47	- const send_os_notif = jQuery("~~[name=~~send_onesignal_notification]").~~attr(~~
48	- "checked"
49	- );
50
51	// if last modified differs from first modified times, post_modified = true
52	const post_modified = modified !== state.first_modified;


8	interval_count : 0, // how many times has the request been attempted
9	status : undefined // whether the post is scheduled or published
10	}
11	+
12	function notice() {
13	if (!isWpCoreEditorDefined()) {
14	return;

33	return;
34	}
35
36	+ // post is defined now
37	if (!state.first_modified) {
38	// captures last modified date of loaded post
39	+ state.first_modified = post.modified;
40	}
41
42	// latest modified date, status of the post

44	state.status = status;
45
46	// is checked
47	+ const send_os_notif = jQuery("#send_onesignal_notification")[0].checked;


48
49	// if last modified differs from first modified times, post_modified = true
50	const post_modified = modified !== state.first_modified;

onesignal-admin.php CHANGED Viewed

	@@ -25,10 +25,10 @@ function load_javascript()
25	add_action('wp_ajax_has_metadata', 'has_metadata');
26	function has_metadata()
27	{
28	- $post_id = isset($_GET['post_id']) ?
29	(filter_var($_GET['post_id'], FILTER_SANITIZE_NUMBER_INT))
30	: '';
31	-
32	if (is_null($post_id)) {
33	$data = array('error' => 'could not get post id');
34	} else {
	@@ -53,6 +53,7 @@ function has_metadata()
53	delete_post_meta($post_id, 'response_body');
54
55	$data = array('recipients' => $recipients, 'status_code' => $status, 'response_body' => $response_body);

56	}
57
58	echo wp_json_encode($data);
	@@ -172,7 +173,7 @@ class OneSignal_Admin
172	}
173
174	// Verify that the nonce is valid.
175	- if (!wp_verify_nonce((isset($_POST[OneSignal_Admin::$SAVE_POST_NONCE_KEY]) ?
176	sanitize_text_field($_POST[OneSignal_Admin::$SAVE_POST_NONCE_KEY]) :
177	''
178	), OneSignal_Admin::$SAVE_POST_NONCE_ACTION)) {
	@@ -304,21 +305,21 @@ class OneSignal_Admin
304	$site_title = OneSignalUtils::decode_entities(get_bloginfo('name'));
305	}
306
307	- $onesignal_customize_content_checked = (get_post_meta($post->ID, 'onesignal_modify_title_and_content', true) === '1');
308	$onesignal_notification_custom_content = get_post_meta($post->ID, 'onesignal_notification_custom_content', true);
309	$onesignal_notification_custom_heading = get_post_meta($post->ID, 'onesignal_notification_custom_heading', true);
310	-
311	?>
312	-
313	<input type="hidden" name="onesignal_meta_box_present" value="true"></input>
314	<div id="onesignal_send_preference">
315	<label>
316	<input type="checkbox" id="send_onesignal_notification" name="send_onesignal_notification" value="true" <?php if ($meta_box_checkbox_send_notification) {
317	echo 'checked';
318	} ?>></input>
319	-
320	<?php if ($post->post_status === 'publish') {
321	- echo esc_attr('Send notification on '.$post_type.' update');
322	} else {
323	echo esc_attr('Send notification on '.$post_type.' publish');
324
	@@ -330,19 +331,19 @@ class OneSignal_Admin
330	<input type="checkbox" id="onesignal_modify_title_and_content" value="true" name="onesignal_modify_title_and_content" <?php if ($onesignal_customize_content_checked) {
331	echo 'checked';
332	} ?>></input> Customize notification content</label>
333	-
334	<div id="onesignal_custom_contents" style="display:none;padding-top:10px;">
335	<div>
336	<label>Notification Title<br/>
337	- <input type="text" size="16" style="width:220px;" name="onesignal_notification_custom_heading" value="<?php
338	- echo esc_attr(OneSignalUtils::decode_entities($onesignal_notification_custom_heading));
339	?>" id="onesignal_notification_custom_heading" placeholder="<?php echo esc_attr(OneSignalUtils::decode_entities($onesignal_wp_settings['notification_title'])); ?>"></input>
340	</label>
341	</div>
342	<div style="padding-top:10px">
343	<label>Notification Text<br/>
344	- <input type="text" size="16" style="width:220px;" name="onesignal_notification_custom_content" value="<?php
345	- echo esc_attr(OneSignalUtils::decode_entities($onesignal_notification_custom_content));
346	?>" id="onesignal_notification_custom_content" placeholder="The Post's Current Title"></input>
347	</label>
348	</div>
	@@ -351,17 +352,17 @@ class OneSignal_Admin
351
352	<script>
353	jQuery('#onesignal_modify_title_and_content').change( function() {
354	- if(jQuery(this).is(":checked")) {
355	jQuery('#onesignal_custom_contents').show();
356	if(!jQuery('#onesignal_notification_custom_content').val()) {
357	jQuery('#onesignal_notification_custom_content').val(jQuery("#title").val());
358	}
359	} else {
360	jQuery('#onesignal_custom_contents').hide();
361	- }
362	});
363	if(!jQuery("#send_onesignal_notification").is(":checked")) {
364	- jQuery('#onesignal_modify_title_and_content').prop("disabled",true);
365	jQuery('#onesignal_modify_title_and_content').prop("checked",false).change();
366	}
367
	@@ -370,9 +371,9 @@ class OneSignal_Admin
370	jQuery('#onesignal_modify_title_and_content').prop("disabled",false);
371	} else {
372	jQuery('#onesignal_modify_title_and_content').prop("disabled",true);
373	- jQuery('#onesignal_modify_title_and_content').prop("checked",false).change();
374	}
375	-
376	})
377	jQuery('#onesignal_modify_title_and_content').change();
378	</script>
	@@ -435,6 +436,7 @@ class OneSignal_Admin
435	'show_notification_send_status_message',
436	'use_http_permission_request',
437	'customize_http_permission_request',

438	);
439	OneSignal_Admin::saveBooleanSettings($onesignal_wp_settings, $config, $booleanSettings);
440
	@@ -651,15 +653,15 @@ class OneSignal_Admin
651	return substr($sha1, 0, 8).'-'.substr($sha1, 8, 4).'-'.substr($sha1, 12, 4).'-'.substr($sha1, 16, 4).'-'.substr($sha1, 20, 12);
652	}
653
654	- public static function exec_post_request($onesignal_post_url, $request, $retry_count) {
655	- if ($retry_count === 0) {
656	return NULL;
657	}
658
659	$response = wp_remote_post($onesignal_post_url, $request);
660
661	if (is_wp_error($response) \|\| !is_array($response) \|\| !isset($response['body'])) {
662	- return self::exec_post_request($onesignal_post_url, $request, $retry_count-1);
663	}
664
665	return $response;
	@@ -681,10 +683,10 @@ class OneSignal_Admin
681	/* Returns true if there is POST data */
682	$was_posted = !empty($_POST);
683
684	- // Verify that the nonce is valid.
685	if ($was_posted && !wp_verify_nonce((
686	- isset($_POST[OneSignal_Admin::$SAVE_POST_NONCE_KEY]) ?
687	- sanitize_text_field($_POST[OneSignal_Admin::$SAVE_POST_NONCE_KEY]) :
688	''
689	), OneSignal_Admin::$SAVE_POST_NONCE_ACTION)) {
690	return;
	@@ -813,7 +815,7 @@ class OneSignal_Admin
813	$site_title = OneSignalUtils::decode_entities($onesignal_wp_settings['notification_title']);
814	} else {
815	$site_title = OneSignalUtils::decode_entities(get_bloginfo('name'));
816	- }
817
818	if (function_exists('qtrans_getLanguage')) {
819	try {
	@@ -825,7 +827,7 @@ class OneSignal_Admin
825	}
826	}
827
828	- $notif_content = OneSignalUtils::decode_entities(get_the_title($post->ID));
829
830	//Override content and/or title if the user has chosen to do so
831	if($onesignal_customized_content) {
	@@ -840,6 +842,7 @@ class OneSignal_Admin
840	$fields = array(
841	'external_id' => self::uuid($notif_content),
842	'app_id' => $onesignal_wp_settings['app_id'],

843	'headings' => array('en' => stripslashes_deep(wp_specialchars_decode($site_title))),
844	'included_segments' => array('All'),
845	'isAnyWeb' => true,
	@@ -914,14 +917,14 @@ class OneSignal_Admin
914	);
915
916	$response = self::exec_post_request($onesignal_post_url, $request, 20); // try 20 times
917	-
918	if (is_null($response)) {
919	set_transient('onesignal_transient_error', '<div class="error notice onesignal-error-notice">
920	<p><strong>OneSignal Push:</strong><em> There was a problem sending your notification.</em></p>
921	</div>', 86400);
922	return;
923	}
924	-
925	if (isset($response['body'])) {
926	$response_body = json_decode($response['body'], true);
927	}


25	add_action('wp_ajax_has_metadata', 'has_metadata');
26	function has_metadata()
27	{
28	+ $post_id = isset($_GET['post_id']) ?
29	(filter_var($_GET['post_id'], FILTER_SANITIZE_NUMBER_INT))
30	: '';
31	+
32	if (is_null($post_id)) {
33	$data = array('error' => 'could not get post id');
34	} else {

53	delete_post_meta($post_id, 'response_body');
54
55	$data = array('recipients' => $recipients, 'status_code' => $status, 'response_body' => $response_body);
56	+
57	}
58
59	echo wp_json_encode($data);

173	}
174
175	// Verify that the nonce is valid.
176	+ if (!wp_verify_nonce((isset($_POST[OneSignal_Admin::$SAVE_POST_NONCE_KEY]) ?
177	sanitize_text_field($_POST[OneSignal_Admin::$SAVE_POST_NONCE_KEY]) :
178	''
179	), OneSignal_Admin::$SAVE_POST_NONCE_ACTION)) {

305	$site_title = OneSignalUtils::decode_entities(get_bloginfo('name'));
306	}
307
308	+ $onesignal_customize_content_checked = (get_post_meta($post->ID, 'onesignal_modify_title_and_content', true) === '1');
309	$onesignal_notification_custom_content = get_post_meta($post->ID, 'onesignal_notification_custom_content', true);
310	$onesignal_notification_custom_heading = get_post_meta($post->ID, 'onesignal_notification_custom_heading', true);
311	+
312	?>
313	+
314	<input type="hidden" name="onesignal_meta_box_present" value="true"></input>
315	<div id="onesignal_send_preference">
316	<label>
317	<input type="checkbox" id="send_onesignal_notification" name="send_onesignal_notification" value="true" <?php if ($meta_box_checkbox_send_notification) {
318	echo 'checked';
319	} ?>></input>
320	+
321	<?php if ($post->post_status === 'publish') {
322	+ echo esc_attr('Send notification on '.$post_type.' update');
323	} else {
324	echo esc_attr('Send notification on '.$post_type.' publish');
325

331	<input type="checkbox" id="onesignal_modify_title_and_content" value="true" name="onesignal_modify_title_and_content" <?php if ($onesignal_customize_content_checked) {
332	echo 'checked';
333	} ?>></input> Customize notification content</label>
334	+
335	<div id="onesignal_custom_contents" style="display:none;padding-top:10px;">
336	<div>
337	<label>Notification Title<br/>
338	+ <input type="text" size="16" style="width:220px;" name="onesignal_notification_custom_heading" value="<?php
339	+ echo esc_attr(OneSignalUtils::decode_entities($onesignal_notification_custom_heading));
340	?>" id="onesignal_notification_custom_heading" placeholder="<?php echo esc_attr(OneSignalUtils::decode_entities($onesignal_wp_settings['notification_title'])); ?>"></input>
341	</label>
342	</div>
343	<div style="padding-top:10px">
344	<label>Notification Text<br/>
345	+ <input type="text" size="16" style="width:220px;" name="onesignal_notification_custom_content" value="<?php
346	+ echo esc_attr(OneSignalUtils::decode_entities($onesignal_notification_custom_content));
347	?>" id="onesignal_notification_custom_content" placeholder="The Post's Current Title"></input>
348	</label>
349	</div>

352
353	<script>
354	jQuery('#onesignal_modify_title_and_content').change( function() {
355	+ if(jQuery(this).is(":checked")) {
356	jQuery('#onesignal_custom_contents').show();
357	if(!jQuery('#onesignal_notification_custom_content').val()) {
358	jQuery('#onesignal_notification_custom_content').val(jQuery("#title").val());
359	}
360	} else {
361	jQuery('#onesignal_custom_contents').hide();
362	+ }
363	});
364	if(!jQuery("#send_onesignal_notification").is(":checked")) {
365	+ jQuery('#onesignal_modify_title_and_content').prop("disabled",true);
366	jQuery('#onesignal_modify_title_and_content').prop("checked",false).change();
367	}
368

371	jQuery('#onesignal_modify_title_and_content').prop("disabled",false);
372	} else {
373	jQuery('#onesignal_modify_title_and_content').prop("disabled",true);
374	+ jQuery('#onesignal_modify_title_and_content').prop("checked",false).change();
375	}
376	+
377	})
378	jQuery('#onesignal_modify_title_and_content').change();
379	</script>

436	'show_notification_send_status_message',
437	'use_http_permission_request',
438	'customize_http_permission_request',
439	+
440	);
441	OneSignal_Admin::saveBooleanSettings($onesignal_wp_settings, $config, $booleanSettings);
442

653	return substr($sha1, 0, 8).'-'.substr($sha1, 8, 4).'-'.substr($sha1, 12, 4).'-'.substr($sha1, 16, 4).'-'.substr($sha1, 20, 12);
654	}
655
656	+ public static function exec_post_request($onesignal_post_url, $request, $retry_count) {
657	+ if ($retry_count === 0) {
658	return NULL;
659	}
660
661	$response = wp_remote_post($onesignal_post_url, $request);
662
663	if (is_wp_error($response) \|\| !is_array($response) \|\| !isset($response['body'])) {
664	+ return self::exec_post_request($onesignal_post_url, $request, $retry_count-1);
665	}
666
667	return $response;

683	/* Returns true if there is POST data */
684	$was_posted = !empty($_POST);
685
686	+ // Verify that the nonce is valid.
687	if ($was_posted && !wp_verify_nonce((
688	+ isset($_POST[OneSignal_Admin::$SAVE_POST_NONCE_KEY]) ?
689	+ sanitize_text_field($_POST[OneSignal_Admin::$SAVE_POST_NONCE_KEY]) :
690	''
691	), OneSignal_Admin::$SAVE_POST_NONCE_ACTION)) {
692	return;

815	$site_title = OneSignalUtils::decode_entities($onesignal_wp_settings['notification_title']);
816	} else {
817	$site_title = OneSignalUtils::decode_entities(get_bloginfo('name'));
818	+ }
819
820	if (function_exists('qtrans_getLanguage')) {
821	try {

827	}
828	}
829
830	+ $notif_content = wp_strip_all_tags(OneSignalUtils::decode_entities(get_the_title($post->ID)));
831
832	//Override content and/or title if the user has chosen to do so
833	if($onesignal_customized_content) {

842	$fields = array(
843	'external_id' => self::uuid($notif_content),
844	'app_id' => $onesignal_wp_settings['app_id'],
845	+ 'data' => array("post_id" => $post->ID),
846	'headings' => array('en' => stripslashes_deep(wp_specialchars_decode($site_title))),
847	'included_segments' => array('All'),
848	'isAnyWeb' => true,

917	);
918
919	$response = self::exec_post_request($onesignal_post_url, $request, 20); // try 20 times
920	+
921	if (is_null($response)) {
922	set_transient('onesignal_transient_error', '<div class="error notice onesignal-error-notice">
923	<p><strong>OneSignal Push:</strong><em> There was a problem sending your notification.</em></p>
924	</div>', 86400);
925	return;
926	}
927	+
928	if (isset($response['body'])) {
929	$response_body = json_decode($response['body'], true);
930	}

onesignal-public.php CHANGED Viewed

	@@ -53,7 +53,7 @@ class OneSignal_Public
53	public static function onesignal_header()
54	{
55
56	- if ( ~~function_exists~~( ~~'amp_is_request'~~ ) ~~&& amp_is_request(~~) ) {
57
58	if ( function_exists( 'amp_is_legacy' ) && amp_is_legacy() ) {
59	add_action( 'amp_post_template_body_open', array( __CLASS__, 'insert_amp_web_push' ) );


53	public static function onesignal_header()
54	{
55
56	+ if ( self::onesignal_is_amp() ) {
57
58	if ( function_exists( 'amp_is_legacy' ) && amp_is_legacy() ) {
59	add_action( 'amp_post_template_body_open', array( __CLASS__, 'insert_amp_web_push' ) );

onesignal-utils.php CHANGED Viewed

	@@ -11,7 +11,7 @@ class OneSignalUtils {
11	if (defined('ENT_HTML401')) {
12	$HTML_ENTITY_DECODE_FLAGS = ENT_HTML401 \| $HTML_ENTITY_DECODE_FLAGS;
13	}
14	- return html_entity_decode(str_replace("'", "'", $string), $HTML_ENTITY_DECODE_FLAGS, 'UTF-8');
15	}
16
17	public static function url_contains_parameter($text) {


11	if (defined('ENT_HTML401')) {
12	$HTML_ENTITY_DECODE_FLAGS = ENT_HTML401 \| $HTML_ENTITY_DECODE_FLAGS;
13	}
14	+ return html_entity_decode(str_replace([''', ''', ''', '"'], '\'', $string), $HTML_ENTITY_DECODE_FLAGS, 'UTF-8');
15	}
16
17	public static function url_contains_parameter($text) {

onesignal.php CHANGED Viewed

	@@ -6,7 +6,7 @@ defined('ABSPATH') or die('This page may not be accessed directly.');
6	* Plugin Name: OneSignal Push Notifications
7	* Plugin URI: https://onesignal.com/
8	* Description: Free web push notifications.
9	- * Version: 2.2.7
10	* Author: OneSignal
11	* Author URI: https://onesignal.com
12	* License: MIT


6	* Plugin Name: OneSignal Push Notifications
7	* Plugin URI: https://onesignal.com/
8	* Description: Free web push notifications.
9	+ * Version: 2.3.0
10	* Author: OneSignal
11	* Author URI: https://onesignal.com
12	* License: MIT

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://onesignal.com
4	Tags: push notification, push notifications, desktop notifications, mobile notifications, chrome push, android, android notification, android notifications, android push, desktop notification, firefox, firefox push, mobile, mobile notification, notification, notifications, notify, onesignal, push, push messages, safari, safari push, web push, chrome
5	Requires at least: 3.8
6	Tested up to: 6.0
7	- Stable tag: 2.2.7
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -23,7 +23,7 @@ You can configure notification delivery at preset intervals, create user segment
23	OneSignal’s free plan allows targeting up to 10,000 subscribers with push notifications. Contact support@onesignal.com if you have any questions. We’d love to hear from you!
24
25	= Company =
26	- OneSignal is trusted by over 1,~~500~~,000 developers and marketing strategists. We power push notifications for everyone from early stage startups to Fortune 500 Companies, sending over 6 billion notifications per day. It is the most popular push notification plugin on Wordpress with 100,000+ installations.
27
28	= Features =
29	* Supports Chrome (Desktop & Android), Safari (Mac OS X), Microsoft Edge (Desktop & Android), Opera (Desktop & Android) and Firefox (Desktop & Android) on both HTTP and HTTPS sites.
	@@ -67,6 +67,12 @@ HTTPS Setup Video: [youtube https://www.youtube.com/watch?v=BeTZ2KgytC0]
67
68	== Changelog ==
69






70	= 2.2.7 =
71
72	- Update tested up to tag (6.0)


4	Tags: push notification, push notifications, desktop notifications, mobile notifications, chrome push, android, android notification, android notifications, android push, desktop notification, firefox, firefox push, mobile, mobile notification, notification, notifications, notify, onesignal, push, push messages, safari, safari push, web push, chrome
5	Requires at least: 3.8
6	Tested up to: 6.0
7	+ Stable tag: 2.3.0
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

23	OneSignal’s free plan allows targeting up to 10,000 subscribers with push notifications. Contact support@onesignal.com if you have any questions. We’d love to hear from you!
24
25	= Company =
26	+ OneSignal is trusted by over 1,800,000 developers and marketing strategists. We power push notifications for everyone from early stage startups to Fortune 500 Companies, sending over 6 billion notifications per day. It is the most popular push notification plugin on Wordpress with 100,000+ installations.
27
28	= Features =
29	* Supports Chrome (Desktop & Android), Safari (Mac OS X), Microsoft Edge (Desktop & Android), Opera (Desktop & Android) and Firefox (Desktop & Android) on both HTTP and HTTPS sites.

67
68	== Changelog ==
69
70	+ = 2.3.0 =
71	+ - Use `onesignal_is_amp` to allow filtering
72	+ - Add additional sanitization to post titles
73	+ - Add `post_id` in notification data payload
74	+ - Fix jQuery issue leading to not showing the notice after post publish when automatic notifs are turned off
75	+
76	= 2.2.7 =
77
78	- Update tested up to tag (6.0)

views/config.php CHANGED Viewed

	@@ -24,7 +24,7 @@ $onesignal_wp_settings = OneSignal::get_onesignal_settings();
24	⭐ Appreciate OneSignal?
25	<a style="margin-left:15px;" href="https://wordpress.org/support/plugin/onesignal-free-web-push-notifications/reviews/#new-post" target="_blank">Leave us a review → </a>
26	</span>
27	- </div>
28	<div class="ui pointing stackable menu">
29	<a class="item" data-tab="setup">Setup</a>
30	<a class="active item" data-tab="configuration">Configuration</a>


24	⭐ Appreciate OneSignal?
25	<a style="margin-left:15px;" href="https://wordpress.org/support/plugin/onesignal-free-web-push-notifications/reviews/#new-post" target="_blank">Leave us a review → </a>
26	</span>
27	+ </div>
28	<div class="ui pointing stackable menu">
29	<a class="item" data-tab="setup">Setup</a>
30	<a class="active item" data-tab="configuration">Configuration</a>

OneSignal – Free Web Push Notifications - Version 2.3.0

Version Description

Release Info

Code changes from version 2.2.7 to 2.3.0