Version Description
- security update
Download this release
Release Info
Developer | shapepress |
Plugin | WP DSGVO Tools |
Version | 2.2.19 |
Comparing to | |
See all releases |
Code changes from version 2.2.18 to 2.2.19
- README.txt +4 -1
- admin/js/sp-dsgvo-admin.js +3 -1
- admin/tabs/common-settings/class-sp-dsgvo-common-settings-action.php +2 -1
- admin/tabs/common-settings/page.php +3 -2
- admin/tabs/cookie-notice/class-sp-dsgvo-cookie-notice-action.php +1 -0
- admin/tabs/cookie-notice/page.php +1 -0
- admin/tabs/gravity-forms/class-sp-dsgvo-gravity-forms-action.php +1 -0
- admin/tabs/gravity-forms/page.php +1 -0
- admin/tabs/imprint/class-sp-dsgvo-imprint-action.php +1 -0
- admin/tabs/imprint/page.php +1 -0
- admin/tabs/integrations/class-sp-dsgvo-integrations-action.php +1 -0
- admin/tabs/integrations/page.php +1 -0
- admin/tabs/privacy-policy/class-sp-dsgvo-privacy-policy-action.php +1 -0
- admin/tabs/privacy-policy/page.php +1 -0
- admin/tabs/services/class-sp-dsgvo-add-service-action.php +1 -0
- admin/tabs/services/class-sp-dsgvo-delete-service-action.php +1 -0
- admin/tabs/services/class-sp-dsgvo-services-action.php +1 -0
- admin/tabs/services/page.php +7 -1
- admin/tabs/subject-access-request/class-sp-dsgvo-subject-access-request-action.php +1 -0
- admin/tabs/subject-access-request/page.php +1 -0
- admin/tabs/super-unsubscribe/class-sp-dsgvo-dismiss-unsubscribe-action.php +4 -0
- admin/tabs/super-unsubscribe/class-sp-dsgvo-super-unsubscribe-action.php +1 -0
- admin/tabs/super-unsubscribe/page.php +5 -2
- admin/tabs/terms-conditions/page.php +1 -0
- includes/class-sp-dsgvo-ajax-action.php +14 -0
- public/shortcodes/subject-access-request/subject-access-request-action.php +3 -0
- public/shortcodes/subject-access-request/subject-access-request.php +1 -0
- public/shortcodes/super-unsubscribe/unsubscribe-form-action.php +3 -0
- public/shortcodes/super-unsubscribe/unsubscribe-form.php +1 -0
- sp-dsgvo.php +2 -2
README.txt
CHANGED
@@ -4,7 +4,7 @@ Donate link: https://wp-dsgvo.eu
|
|
4 |
Tags: gdpr, dsgvo, datenschutz, wordpress, compliance, data, privacy, woocommerce,
|
5 |
Requires at least: 3.0.1
|
6 |
Tested up to: 5.2.2
|
7 |
-
Stable tag: 2.2.
|
8 |
Requires PHP: 5.6.0
|
9 |
License: GPLv2 or later
|
10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
@@ -80,6 +80,9 @@ Important: Disable other cookie notice plugins and Google Analytics or FB Pixel
|
|
80 |
|
81 |
== Changelog ==
|
82 |
|
|
|
|
|
|
|
83 |
= 2.2.18 =
|
84 |
* style compatibility
|
85 |
|
4 |
Tags: gdpr, dsgvo, datenschutz, wordpress, compliance, data, privacy, woocommerce,
|
5 |
Requires at least: 3.0.1
|
6 |
Tested up to: 5.2.2
|
7 |
+
Stable tag: 2.2.19
|
8 |
Requires PHP: 5.6.0
|
9 |
License: GPLv2 or later
|
10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
80 |
|
81 |
== Changelog ==
|
82 |
|
83 |
+
= 2.2.19 =
|
84 |
+
* security update
|
85 |
+
|
86 |
= 2.2.18 =
|
87 |
* style compatibility
|
88 |
|
admin/js/sp-dsgvo-admin.js
CHANGED
@@ -73,12 +73,14 @@
|
|
73 |
$('.unsubscribe-dismiss').on('click tap', function() {
|
74 |
var $this = $(this),
|
75 |
id = $this.attr('data-id');
|
|
|
76 |
|
77 |
if(confirm(args.dismiss_confirm)) {
|
78 |
$this.parent().parent().fadeOut(500);
|
79 |
$.post( args.ajaxurl, {
|
80 |
action: 'admin-dismiss-unsubscribe',
|
81 |
-
id: id
|
|
|
82 |
},
|
83 |
function( data ) {
|
84 |
} );
|
73 |
$('.unsubscribe-dismiss').on('click tap', function() {
|
74 |
var $this = $(this),
|
75 |
id = $this.attr('data-id');
|
76 |
+
var nonce = $this.attr('data-nonce');
|
77 |
|
78 |
if(confirm(args.dismiss_confirm)) {
|
79 |
$this.parent().parent().fadeOut(500);
|
80 |
$.post( args.ajaxurl, {
|
81 |
action: 'admin-dismiss-unsubscribe',
|
82 |
+
id: id,
|
83 |
+
_wpnonce:nonce
|
84 |
},
|
85 |
function( data ) {
|
86 |
} );
|
admin/tabs/common-settings/class-sp-dsgvo-common-settings-action.php
CHANGED
@@ -7,9 +7,10 @@ class SPDSGVOCommonSettingsAction extends SPDSGVOAjaxAction
|
|
7 |
|
8 |
protected function run()
|
9 |
{
|
|
|
10 |
$this->requireAdmin();
|
11 |
|
12 |
-
SPDSGVOSettings::set('admin_email', $this->get('admin_email', ''));
|
13 |
SPDSGVOSettings::set('use_wpml_strings', $this->get('use_wpml_strings', '0'));
|
14 |
|
15 |
SPDSGVOSettings::set('sp_dsgvo_comments_checkbox', $this->get('sp_dsgvo_comments_checkbox', '0'));
|
7 |
|
8 |
protected function run()
|
9 |
{
|
10 |
+
$this->checkCSRF();
|
11 |
$this->requireAdmin();
|
12 |
|
13 |
+
SPDSGVOSettings::set('admin_email', sanitize_email($this->get('admin_email', '')));
|
14 |
SPDSGVOSettings::set('use_wpml_strings', $this->get('use_wpml_strings', '0'));
|
15 |
|
16 |
SPDSGVOSettings::set('sp_dsgvo_comments_checkbox', $this->get('sp_dsgvo_comments_checkbox', '0'));
|
admin/tabs/common-settings/page.php
CHANGED
@@ -7,6 +7,7 @@
|
|
7 |
<td>
|
8 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>" style="display: inline">
|
9 |
<input type="hidden" name="action" value="admin-common-settings-activate">
|
|
|
10 |
<label for="dsgvo_licence"> <input name="dsgvo_licence"
|
11 |
type="text" id="dsgvo_licence" style="width: 200px"
|
12 |
value="<?= SPDSGVOSettings::get('dsgvo_licence'); ?>">
|
@@ -65,7 +66,7 @@
|
|
65 |
|
66 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
67 |
<input type="hidden" name="action" value="admin-common-settings">
|
68 |
-
|
69 |
<input type="hidden" value="<?= SPDSGVOSettings::get('dsgvo_licence'); ?>" id="dsgvo_licence_hidden" name="dsgvo_licence_hidden" />
|
70 |
|
71 |
<h1><?php _e('Common Settings','shapepress-dsgvo')?></h1>
|
@@ -75,7 +76,7 @@
|
|
75 |
<th scope="row"><?php _e('Admin Email','shapepress-dsgvo')?></th>
|
76 |
<td><label for="admin_email"> <input name="admin_email"
|
77 |
type="text" id="admin_email" style="width: 300px"
|
78 |
-
value="<?= SPDSGVOSettings::get('admin_email'); ?>">
|
79 |
</label><span class="info-text"><?php _e('Used by sending emails.','shapepress-dsgvo')?></span></td>
|
80 |
</tr>
|
81 |
<!--
|
7 |
<td>
|
8 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>" style="display: inline">
|
9 |
<input type="hidden" name="action" value="admin-common-settings-activate">
|
10 |
+
<?php wp_nonce_field( SPDSGVOCommonSettingsActivateAction::getActionName(). '-nonce' ); ?>
|
11 |
<label for="dsgvo_licence"> <input name="dsgvo_licence"
|
12 |
type="text" id="dsgvo_licence" style="width: 200px"
|
13 |
value="<?= SPDSGVOSettings::get('dsgvo_licence'); ?>">
|
66 |
|
67 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
68 |
<input type="hidden" name="action" value="admin-common-settings">
|
69 |
+
<?php wp_nonce_field( SPDSGVOCommonSettingsAction::getActionName(). '-nonce' ); ?>
|
70 |
<input type="hidden" value="<?= SPDSGVOSettings::get('dsgvo_licence'); ?>" id="dsgvo_licence_hidden" name="dsgvo_licence_hidden" />
|
71 |
|
72 |
<h1><?php _e('Common Settings','shapepress-dsgvo')?></h1>
|
76 |
<th scope="row"><?php _e('Admin Email','shapepress-dsgvo')?></th>
|
77 |
<td><label for="admin_email"> <input name="admin_email"
|
78 |
type="text" id="admin_email" style="width: 300px"
|
79 |
+
value="<?= esc_html( SPDSGVOSettings::get('admin_email')); ?>">
|
80 |
</label><span class="info-text"><?php _e('Used by sending emails.','shapepress-dsgvo')?></span></td>
|
81 |
</tr>
|
82 |
<!--
|
admin/tabs/cookie-notice/class-sp-dsgvo-cookie-notice-action.php
CHANGED
@@ -5,6 +5,7 @@ Class SPDSGVOCookieNoticeAction extends SPDSGVOAjaxAction{
|
|
5 |
protected $action = 'admin-cookie-notice';
|
6 |
|
7 |
protected function run(){
|
|
|
8 |
$this->requireAdmin();
|
9 |
|
10 |
SPDSGVOSettings::set('cn_tracker_init', $this->get('cn_tracker_init', 'on_load'));
|
5 |
protected $action = 'admin-cookie-notice';
|
6 |
|
7 |
protected function run(){
|
8 |
+
$this->checkCSRF();
|
9 |
$this->requireAdmin();
|
10 |
|
11 |
SPDSGVOSettings::set('cn_tracker_init', $this->get('cn_tracker_init', 'on_load'));
|
admin/tabs/cookie-notice/page.php
CHANGED
@@ -1,5 +1,6 @@
|
|
1 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
2 |
<input type="hidden" name="action" value="admin-cookie-notice">
|
|
|
3 |
|
4 |
<h1><?php _e('Cookie Notice','shapepress-dsgvo')?></h1>
|
5 |
|
1 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
2 |
<input type="hidden" name="action" value="admin-cookie-notice">
|
3 |
+
<?php wp_nonce_field( SPDSGVOCookieNoticeAction::getActionName(). '-nonce' ); ?>
|
4 |
|
5 |
<h1><?php _e('Cookie Notice','shapepress-dsgvo')?></h1>
|
6 |
|
admin/tabs/gravity-forms/class-sp-dsgvo-gravity-forms-action.php
CHANGED
@@ -5,6 +5,7 @@ Class SPDSGVOGravityFormsAction extends SPDSGVOAjaxAction{
|
|
5 |
protected $action = 'admin-gravity-forms';
|
6 |
|
7 |
protected function run(){
|
|
|
8 |
$this->requireAdmin();
|
9 |
|
10 |
SPDSGVOSettings::set('gf_save_no_data', $this->get('gf_save_no_data'), '0');
|
5 |
protected $action = 'admin-gravity-forms';
|
6 |
|
7 |
protected function run(){
|
8 |
+
$this->checkCSRF();
|
9 |
$this->requireAdmin();
|
10 |
|
11 |
SPDSGVOSettings::set('gf_save_no_data', $this->get('gf_save_no_data'), '0');
|
admin/tabs/gravity-forms/page.php
CHANGED
@@ -1,5 +1,6 @@
|
|
1 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
2 |
<input type="hidden" name="action" value="admin-gravity-forms">
|
|
|
3 |
|
4 |
<h1><?php _e('Gravity Forms','shapepress-dsgvo')?></h1>
|
5 |
|
1 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
2 |
<input type="hidden" name="action" value="admin-gravity-forms">
|
3 |
+
<?php wp_nonce_field( SPDSGVOGravityFormsAction::getActionName(). '-nonce' ); ?>
|
4 |
|
5 |
<h1><?php _e('Gravity Forms','shapepress-dsgvo')?></h1>
|
6 |
|
admin/tabs/imprint/class-sp-dsgvo-imprint-action.php
CHANGED
@@ -5,6 +5,7 @@ Class SPDSGVOImprintAction extends SPDSGVOAjaxAction{
|
|
5 |
protected $action = 'imprint';
|
6 |
|
7 |
protected function run(){
|
|
|
8 |
$this->requireAdmin();
|
9 |
|
10 |
if($this->has('imprint_page')){
|
5 |
protected $action = 'imprint';
|
6 |
|
7 |
protected function run(){
|
8 |
+
$this->checkCSRF();
|
9 |
$this->requireAdmin();
|
10 |
|
11 |
if($this->has('imprint_page')){
|
admin/tabs/imprint/page.php
CHANGED
@@ -3,6 +3,7 @@
|
|
3 |
|
4 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
5 |
<input type="hidden" name="action" value="imprint">
|
|
|
6 |
|
7 |
<table class="form-table btn-settings-show">
|
8 |
<tbody>
|
3 |
|
4 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
5 |
<input type="hidden" name="action" value="imprint">
|
6 |
+
<?php wp_nonce_field( SPDSGVOImprintAction::getActionName(). '-nonce' ); ?>
|
7 |
|
8 |
<table class="form-table btn-settings-show">
|
9 |
<tbody>
|
admin/tabs/integrations/class-sp-dsgvo-integrations-action.php
CHANGED
@@ -5,6 +5,7 @@ Class SPDSGVOIntegrationsAction extends SPDSGVOAjaxAction{
|
|
5 |
protected $action = 'SPDSGVO-integrations-submit';
|
6 |
|
7 |
protected function run(){
|
|
|
8 |
$this->requireAdmin();
|
9 |
|
10 |
$time = time();
|
5 |
protected $action = 'SPDSGVO-integrations-submit';
|
6 |
|
7 |
protected function run(){
|
8 |
+
$this->checkCSRF();
|
9 |
$this->requireAdmin();
|
10 |
|
11 |
$time = time();
|
admin/tabs/integrations/page.php
CHANGED
@@ -3,6 +3,7 @@
|
|
3 |
|
4 |
<form method="post" action="<?= SPDSGVOIntegrationsAction::formURL() ?>">
|
5 |
<input type="hidden" name="action" value="<?= SPDSGVOIntegrationsAction::getActionName() ?>">
|
|
|
6 |
|
7 |
<table class="form-table">
|
8 |
<tbody>
|
3 |
|
4 |
<form method="post" action="<?= SPDSGVOIntegrationsAction::formURL() ?>">
|
5 |
<input type="hidden" name="action" value="<?= SPDSGVOIntegrationsAction::getActionName() ?>">
|
6 |
+
<?php wp_nonce_field( SPDSGVOIntegrationsAction::getActionName(). '-nonce' ); ?>
|
7 |
|
8 |
<table class="form-table">
|
9 |
<tbody>
|
admin/tabs/privacy-policy/class-sp-dsgvo-privacy-policy-action.php
CHANGED
@@ -5,6 +5,7 @@ Class SPDSGVOPrivacyPolicyAction extends SPDSGVOAjaxAction{
|
|
5 |
protected $action = 'privacy-policy';
|
6 |
|
7 |
protected function run(){
|
|
|
8 |
$this->requireAdmin();
|
9 |
|
10 |
|
5 |
protected $action = 'privacy-policy';
|
6 |
|
7 |
protected function run(){
|
8 |
+
$this->checkCSRF();
|
9 |
$this->requireAdmin();
|
10 |
|
11 |
|
admin/tabs/privacy-policy/page.php
CHANGED
@@ -6,6 +6,7 @@
|
|
6 |
</p>
|
7 |
|
8 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
|
|
9 |
<table class="form-table btn-settings-show">
|
10 |
<tbody>
|
11 |
<tr>
|
6 |
</p>
|
7 |
|
8 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
9 |
+
<?php wp_nonce_field( SPDSGVOPrivacyPolicyAction::getActionName(). '-nonce' ); ?>
|
10 |
<table class="form-table btn-settings-show">
|
11 |
<tbody>
|
12 |
<tr>
|
admin/tabs/services/class-sp-dsgvo-add-service-action.php
CHANGED
@@ -5,6 +5,7 @@ Class SPDSGVOAddServiceAction extends SPDSGVOAjaxAction{
|
|
5 |
protected $action = 'admin-add-service';
|
6 |
|
7 |
protected function run(){
|
|
|
8 |
$this->requireAdmin();
|
9 |
|
10 |
if(!empty($this->get('new_name')) && !empty($this->get('new_reason'))){
|
5 |
protected $action = 'admin-add-service';
|
6 |
|
7 |
protected function run(){
|
8 |
+
$this->checkCSRF();
|
9 |
$this->requireAdmin();
|
10 |
|
11 |
if(!empty($this->get('new_name')) && !empty($this->get('new_reason'))){
|
admin/tabs/services/class-sp-dsgvo-delete-service-action.php
CHANGED
@@ -5,6 +5,7 @@ Class SPDSGVODeleteServiceAction extends SPDSGVOAjaxAction{
|
|
5 |
protected $action = 'delete-service';
|
6 |
|
7 |
protected function run(){
|
|
|
8 |
$this->requireAdmin();
|
9 |
|
10 |
|
5 |
protected $action = 'delete-service';
|
6 |
|
7 |
protected function run(){
|
8 |
+
$this->checkCSRF();
|
9 |
$this->requireAdmin();
|
10 |
|
11 |
|
admin/tabs/services/class-sp-dsgvo-services-action.php
CHANGED
@@ -5,6 +5,7 @@ Class SPDSGVOServicesAction extends SPDSGVOAjaxAction{
|
|
5 |
protected $action = 'admin-services';
|
6 |
|
7 |
protected function run(){
|
|
|
8 |
$this->requireAdmin();
|
9 |
|
10 |
|
5 |
protected $action = 'admin-services';
|
6 |
|
7 |
protected function run(){
|
8 |
+
$this->checkCSRF();
|
9 |
$this->requireAdmin();
|
10 |
|
11 |
|
admin/tabs/services/page.php
CHANGED
@@ -5,6 +5,7 @@
|
|
5 |
|
6 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
7 |
<input type="hidden" name="action" value="admin-services">
|
|
|
8 |
|
9 |
<table class="form-table btn-settings-show" >
|
10 |
<tbody>
|
@@ -111,7 +112,11 @@
|
|
111 |
</td>
|
112 |
<!-- i592995 -->
|
113 |
<td class="column-reason">
|
114 |
-
|
|
|
|
|
|
|
|
|
115 |
</td>
|
116 |
</tr>
|
117 |
|
@@ -137,6 +142,7 @@
|
|
137 |
|
138 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
139 |
<input type="hidden" name="action" value="admin-add-service">
|
|
|
140 |
<br><br>
|
141 |
|
142 |
<h3><?php _e('Add service','shapepress-dsgvo')?></h3>
|
5 |
|
6 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
7 |
<input type="hidden" name="action" value="admin-services">
|
8 |
+
<?php wp_nonce_field( SPDSGVOServicesAction::getActionName(). '-nonce' ); ?>
|
9 |
|
10 |
<table class="form-table btn-settings-show" >
|
11 |
<tbody>
|
112 |
</td>
|
113 |
<!-- i592995 -->
|
114 |
<td class="column-reason">
|
115 |
+
<?php
|
116 |
+
$action_url = wp_nonce_url( SPDSGVODeleteServiceAction::url(['slug' => $slug]), SPDSGVODeleteServiceAction::getActionName(). '-nonce' );
|
117 |
+
// $action_url is now "/change-color/?color=blue&_wpnonce=GENERATED_VALUE"
|
118 |
+
?>
|
119 |
+
<a href="<?= esc_url( $action_url ) ?>"><?php _e('Delete','shapepress-dsgvo')?></a>
|
120 |
</td>
|
121 |
</tr>
|
122 |
|
142 |
|
143 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
144 |
<input type="hidden" name="action" value="admin-add-service">
|
145 |
+
<?php wp_nonce_field( SPDSGVOAddServiceAction::getActionName(). '-nonce' ); ?>
|
146 |
<br><br>
|
147 |
|
148 |
<h3><?php _e('Add service','shapepress-dsgvo')?></h3>
|
admin/tabs/subject-access-request/class-sp-dsgvo-subject-access-request-action.php
CHANGED
@@ -5,6 +5,7 @@ Class SPDSGVOAdminSubjectAccessRequestAction extends SPDSGVOAjaxAction{
|
|
5 |
protected $action = 'admin-subject-access-request';
|
6 |
|
7 |
protected function run(){
|
|
|
8 |
$this->requireAdmin();
|
9 |
|
10 |
if ($this->has('process') == false && $this->get('all') != '1')
|
5 |
protected $action = 'admin-subject-access-request';
|
6 |
|
7 |
protected function run(){
|
8 |
+
$this->checkCSRF();
|
9 |
$this->requireAdmin();
|
10 |
|
11 |
if ($this->has('process') == false && $this->get('all') != '1')
|
admin/tabs/subject-access-request/page.php
CHANGED
@@ -5,6 +5,7 @@
|
|
5 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
6 |
<input type="hidden" name="action"
|
7 |
value="<?= SPDSGVOAdminSubjectAccessRequestAction::getActionName(); ?>">
|
|
|
8 |
|
9 |
<?php $disablePremiumFeatures = isValidPremiumEdition() == false; ?>
|
10 |
|
5 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
6 |
<input type="hidden" name="action"
|
7 |
value="<?= SPDSGVOAdminSubjectAccessRequestAction::getActionName(); ?>">
|
8 |
+
<?php wp_nonce_field( SPDSGVOAdminSubjectAccessRequestAction::getActionName(). '-nonce' ); ?>
|
9 |
|
10 |
<?php $disablePremiumFeatures = isValidPremiumEdition() == false; ?>
|
11 |
|
admin/tabs/super-unsubscribe/class-sp-dsgvo-dismiss-unsubscribe-action.php
CHANGED
@@ -5,6 +5,10 @@ Class SPDSGVODismissUnsubscribeAction extends SPDSGVOAjaxAction{
|
|
5 |
protected $action = 'admin-dismiss-unsubscribe';
|
6 |
|
7 |
protected function run(){
|
|
|
|
|
|
|
|
|
8 |
$id = $this->get('id');
|
9 |
wp_delete_post($id);
|
10 |
die();
|
5 |
protected $action = 'admin-dismiss-unsubscribe';
|
6 |
|
7 |
protected function run(){
|
8 |
+
|
9 |
+
//$this->checkCSRF();
|
10 |
+
$this->requireAdmin();
|
11 |
+
|
12 |
$id = $this->get('id');
|
13 |
wp_delete_post($id);
|
14 |
die();
|
admin/tabs/super-unsubscribe/class-sp-dsgvo-super-unsubscribe-action.php
CHANGED
@@ -5,6 +5,7 @@ Class SPDSGVOSuperUnsubscribeAction extends SPDSGVOAjaxAction{
|
|
5 |
protected $action = 'admin-super-unsubscribe';
|
6 |
|
7 |
protected function run(){
|
|
|
8 |
$this->requireAdmin();
|
9 |
|
10 |
if ($this->has('process') == false && $this->get('all') != '1')
|
5 |
protected $action = 'admin-super-unsubscribe';
|
6 |
|
7 |
protected function run(){
|
8 |
+
$this->checkCSRF();
|
9 |
$this->requireAdmin();
|
10 |
|
11 |
if ($this->has('process') == false && $this->get('all') != '1')
|
admin/tabs/super-unsubscribe/page.php
CHANGED
@@ -4,8 +4,10 @@
|
|
4 |
|
5 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
6 |
<input type="hidden" name="action"
|
7 |
-
value="<?= SPDSGVOSuperUnsubscribeAction::getActionName(); ?>">
|
|
|
8 |
type="hidden" name="CSRF" value="<?= sp_dsgvo_CSRF_TOKEN() ?>">
|
|
|
9 |
<?php $disablePremiumFeatures = isValidPremiumEdition() == false; ?>
|
10 |
|
11 |
<table class="form-table">
|
@@ -249,7 +251,7 @@ if (isset($_GET['status']) && in_array($_GET['status'], $statuses)) {
|
|
249 |
</td>
|
250 |
<!-- .i592995 -->
|
251 |
<td class="column-dismiss">
|
252 |
-
<svg class="unsubscribe-dismiss" width="10" height="10" data-id="<?php echo $confirmedRequest->ID; ?>">
|
253 |
<line x1="0" y1="0" x2="10" y2="10" />
|
254 |
<line x1="0" y1="10" x2="10" y2="0" />
|
255 |
</svg>
|
@@ -302,6 +304,7 @@ if (isset($_GET['status']) && in_array($_GET['status'], $statuses)) {
|
|
302 |
<input type="hidden" name="action"
|
303 |
value="<?= SPDSGVOSuperUnsubscribeFormAction::getActionName(); ?>"> <input
|
304 |
type="hidden" name="is_admin" value="1"> <br>
|
|
|
305 |
<br>
|
306 |
|
307 |
<h3><?php _e('Add entry','shapepress-dsgvo')?></h3>
|
4 |
|
5 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
6 |
<input type="hidden" name="action"
|
7 |
+
value="<?= SPDSGVOSuperUnsubscribeAction::getActionName(); ?>">
|
8 |
+
<input
|
9 |
type="hidden" name="CSRF" value="<?= sp_dsgvo_CSRF_TOKEN() ?>">
|
10 |
+
<?php wp_nonce_field( SPDSGVOSuperUnsubscribeAction::getActionName(). '-nonce' ); ?>
|
11 |
<?php $disablePremiumFeatures = isValidPremiumEdition() == false; ?>
|
12 |
|
13 |
<table class="form-table">
|
251 |
</td>
|
252 |
<!-- .i592995 -->
|
253 |
<td class="column-dismiss">
|
254 |
+
<svg class="unsubscribe-dismiss" width="10" height="10" data-id="<?php echo $confirmedRequest->ID; ?>" data-nonce="<?php echo wp_create_nonce( SPDSGVODismissUnsubscribeAction::getActionName() .'-nonce' ) ?>">
|
255 |
<line x1="0" y1="0" x2="10" y2="10" />
|
256 |
<line x1="0" y1="10" x2="10" y2="0" />
|
257 |
</svg>
|
304 |
<input type="hidden" name="action"
|
305 |
value="<?= SPDSGVOSuperUnsubscribeFormAction::getActionName(); ?>"> <input
|
306 |
type="hidden" name="is_admin" value="1"> <br>
|
307 |
+
<?php wp_nonce_field( SPDSGVOSuperUnsubscribeFormAction::getActionName(). '-nonce' ); ?>
|
308 |
<br>
|
309 |
|
310 |
<h3><?php _e('Add entry','shapepress-dsgvo')?></h3>
|
admin/tabs/terms-conditions/page.php
CHANGED
@@ -5,6 +5,7 @@
|
|
5 |
|
6 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
7 |
<input type="hidden" name="action" value="terms-conditions">
|
|
|
8 |
|
9 |
<table class="form-table btn-settings-show" style="display: none;">
|
10 |
<tbody>
|
5 |
|
6 |
<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
|
7 |
<input type="hidden" name="action" value="terms-conditions">
|
8 |
+
<?php wp_nonce_field( SPDSGVOTermsConditionsAction::getActionName(). '-nonce' ); ?>
|
9 |
|
10 |
<table class="form-table btn-settings-show" style="display: none;">
|
11 |
<tbody>
|
includes/class-sp-dsgvo-ajax-action.php
CHANGED
@@ -103,6 +103,19 @@ abstract class SPDSGVOAjaxAction{
|
|
103 |
}
|
104 |
|
105 |
public function checkCSRF(){
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
106 |
if(!$this->has('CSRF')){
|
107 |
echo '1. CSRF ERROR';
|
108 |
die;
|
@@ -122,6 +135,7 @@ abstract class SPDSGVOAjaxAction{
|
|
122 |
update_user_meta($this->user->ID, 'sp_dsgvo_CSRF_token', wp_generate_password(20, FALSE, FALSE));
|
123 |
|
124 |
return TRUE;
|
|
|
125 |
}
|
126 |
|
127 |
public function error($message){
|
103 |
}
|
104 |
|
105 |
public function checkCSRF(){
|
106 |
+
|
107 |
+
$actionName = self::getActionName().'-nonce';
|
108 |
+
$submittedNonce = $_REQUEST['_wpnonce'];
|
109 |
+
|
110 |
+
if ( wp_verify_nonce( $submittedNonce, $actionName ) ) {
|
111 |
+
return TRUE;
|
112 |
+
} else
|
113 |
+
{
|
114 |
+
echo 'CSRF ERROR: Nonce not valid';
|
115 |
+
die;
|
116 |
+
//return FALSE;
|
117 |
+
}
|
118 |
+
/*
|
119 |
if(!$this->has('CSRF')){
|
120 |
echo '1. CSRF ERROR';
|
121 |
die;
|
135 |
update_user_meta($this->user->ID, 'sp_dsgvo_CSRF_token', wp_generate_password(20, FALSE, FALSE));
|
136 |
|
137 |
return TRUE;
|
138 |
+
*/
|
139 |
}
|
140 |
|
141 |
public function error($message){
|
public/shortcodes/subject-access-request/subject-access-request-action.php
CHANGED
@@ -5,6 +5,9 @@ Class SPDSGVOSubjectAccessRequestAction extends SPDSGVOAjaxAction{
|
|
5 |
protected $action = 'subject-access-request';
|
6 |
|
7 |
public function run(){
|
|
|
|
|
|
|
8 |
if(!$this->has('email') || empty($this->get('email'))){
|
9 |
$this->error(__('Please enter an email address','shapepress-dsgvo'));
|
10 |
}
|
5 |
protected $action = 'subject-access-request';
|
6 |
|
7 |
public function run(){
|
8 |
+
|
9 |
+
$this->checkCSRF();
|
10 |
+
|
11 |
if(!$this->has('email') || empty($this->get('email'))){
|
12 |
$this->error(__('Please enter an email address','shapepress-dsgvo'));
|
13 |
}
|
public/shortcodes/subject-access-request/subject-access-request.php
CHANGED
@@ -19,6 +19,7 @@ function SPDSGVODownloadMyDataShortcode($atts){
|
|
19 |
|
20 |
<?php else: ?>
|
21 |
<form method="post" action="<?= SPDSGVOSubjectAccessRequestAction::url() ?>" class="sp-dsgvo-framework">
|
|
|
22 |
<fieldset>
|
23 |
|
24 |
<div class="row">
|
19 |
|
20 |
<?php else: ?>
|
21 |
<form method="post" action="<?= SPDSGVOSubjectAccessRequestAction::url() ?>" class="sp-dsgvo-framework">
|
22 |
+
<?php wp_nonce_field( SPDSGVOSubjectAccessRequestAction::getActionName(). '-nonce' ); ?>
|
23 |
<fieldset>
|
24 |
|
25 |
<div class="row">
|
public/shortcodes/super-unsubscribe/unsubscribe-form-action.php
CHANGED
@@ -5,6 +5,9 @@ Class SPDSGVOSuperUnsubscribeFormAction extends SPDSGVOAjaxAction{
|
|
5 |
protected $action = 'super-unsubscribe';
|
6 |
|
7 |
public function run(){
|
|
|
|
|
|
|
8 |
if(!$this->has('email') || empty($this->get('email'))){
|
9 |
$this->error(__('Please enter an email address.','shapepress-dsgvo'));
|
10 |
}
|
5 |
protected $action = 'super-unsubscribe';
|
6 |
|
7 |
public function run(){
|
8 |
+
|
9 |
+
$this->checkCSRF();
|
10 |
+
|
11 |
if(!$this->has('email') || empty($this->get('email'))){
|
12 |
$this->error(__('Please enter an email address.','shapepress-dsgvo'));
|
13 |
}
|
public/shortcodes/super-unsubscribe/unsubscribe-form.php
CHANGED
@@ -24,6 +24,7 @@ function SPDSGVOUnsubscribeShortcode($atts){
|
|
24 |
|
25 |
<?php else: ?>
|
26 |
<form method="post" action="<?= SPDSGVOSuperUnsubscribeFormAction::url() ?>" class="sp-dsgvo-framework">
|
|
|
27 |
<fieldset>
|
28 |
<div class="row">
|
29 |
<div class="column">
|
24 |
|
25 |
<?php else: ?>
|
26 |
<form method="post" action="<?= SPDSGVOSuperUnsubscribeFormAction::url() ?>" class="sp-dsgvo-framework">
|
27 |
+
<?php wp_nonce_field( SPDSGVOSuperUnsubscribeFormAction::getActionName(). '-nonce' ); ?>
|
28 |
<fieldset>
|
29 |
<div class="row">
|
30 |
<div class="column">
|
sp-dsgvo.php
CHANGED
@@ -16,7 +16,7 @@
|
|
16 |
* Plugin Name: WP DSGVO Tools (GDPR)
|
17 |
* Plugin URI: https://wp-dsgvo.eu
|
18 |
* Description: WP DSGVO Tools (GDPR) help you to fulfill the GDPR (DGSVO) compliance guidance (<a target="_blank" href="https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/">GDPR</a>)
|
19 |
-
* Version: 2.2.
|
20 |
* Author: Shapepress eU
|
21 |
* Author URI: https://www.shapepress.com
|
22 |
* License URI: http://www.gnu.org/licenses/gpl-2.0.txt
|
@@ -28,7 +28,7 @@ if (! defined('WPINC')) {
|
|
28 |
die();
|
29 |
}
|
30 |
|
31 |
-
define('sp_dsgvo_VERSION', '2.2.
|
32 |
define('sp_dsgvo_NAME', 'sp-dsgvo');
|
33 |
/* i592995 */
|
34 |
define('sp_dsgvo_URL', plugin_dir_url( __FILE__ ));
|
16 |
* Plugin Name: WP DSGVO Tools (GDPR)
|
17 |
* Plugin URI: https://wp-dsgvo.eu
|
18 |
* Description: WP DSGVO Tools (GDPR) help you to fulfill the GDPR (DGSVO) compliance guidance (<a target="_blank" href="https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/">GDPR</a>)
|
19 |
+
* Version: 2.2.19
|
20 |
* Author: Shapepress eU
|
21 |
* Author URI: https://www.shapepress.com
|
22 |
* License URI: http://www.gnu.org/licenses/gpl-2.0.txt
|
28 |
die();
|
29 |
}
|
30 |
|
31 |
+
define('sp_dsgvo_VERSION', '2.2.19');
|
32 |
define('sp_dsgvo_NAME', 'sp-dsgvo');
|
33 |
/* i592995 */
|
34 |
define('sp_dsgvo_URL', plugin_dir_url( __FILE__ ));
|