WP DSGVO Tools - Version 2.2.19

Version Description

security update

Release Info

Developer	shapepress
Plugin	WP DSGVO Tools
Version	2.2.19
Comparing to
See all releases

Code changes from version 2.2.18 to 2.2.19

Files changed (30) hide show

README.txt +4 -1
admin/js/sp-dsgvo-admin.js +3 -1
admin/tabs/common-settings/class-sp-dsgvo-common-settings-action.php +2 -1
admin/tabs/common-settings/page.php +3 -2
admin/tabs/cookie-notice/class-sp-dsgvo-cookie-notice-action.php +1 -0
admin/tabs/cookie-notice/page.php +1 -0
admin/tabs/gravity-forms/class-sp-dsgvo-gravity-forms-action.php +1 -0
admin/tabs/gravity-forms/page.php +1 -0
admin/tabs/imprint/class-sp-dsgvo-imprint-action.php +1 -0
admin/tabs/imprint/page.php +1 -0
admin/tabs/integrations/class-sp-dsgvo-integrations-action.php +1 -0
admin/tabs/integrations/page.php +1 -0
admin/tabs/privacy-policy/class-sp-dsgvo-privacy-policy-action.php +1 -0
admin/tabs/privacy-policy/page.php +1 -0
admin/tabs/services/class-sp-dsgvo-add-service-action.php +1 -0
admin/tabs/services/class-sp-dsgvo-delete-service-action.php +1 -0
admin/tabs/services/class-sp-dsgvo-services-action.php +1 -0
admin/tabs/services/page.php +7 -1
admin/tabs/subject-access-request/class-sp-dsgvo-subject-access-request-action.php +1 -0
admin/tabs/subject-access-request/page.php +1 -0
admin/tabs/super-unsubscribe/class-sp-dsgvo-dismiss-unsubscribe-action.php +4 -0
admin/tabs/super-unsubscribe/class-sp-dsgvo-super-unsubscribe-action.php +1 -0
admin/tabs/super-unsubscribe/page.php +5 -2
admin/tabs/terms-conditions/page.php +1 -0
includes/class-sp-dsgvo-ajax-action.php +14 -0
public/shortcodes/subject-access-request/subject-access-request-action.php +3 -0
public/shortcodes/subject-access-request/subject-access-request.php +1 -0
public/shortcodes/super-unsubscribe/unsubscribe-form-action.php +3 -0
public/shortcodes/super-unsubscribe/unsubscribe-form.php +1 -0
sp-dsgvo.php +2 -2

README.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://wp-dsgvo.eu
4	Tags: gdpr, dsgvo, datenschutz, wordpress, compliance, data, privacy, woocommerce,
5	Requires at least: 3.0.1
6	Tested up to: 5.2.2
7	- Stable tag: 2.2.18
8	Requires PHP: 5.6.0
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
	@@ -80,6 +80,9 @@ Important: Disable other cookie notice plugins and Google Analytics or FB Pixel
80
81	== Changelog ==
82



83	= 2.2.18 =
84	* style compatibility
85


4	Tags: gdpr, dsgvo, datenschutz, wordpress, compliance, data, privacy, woocommerce,
5	Requires at least: 3.0.1
6	Tested up to: 5.2.2
7	+ Stable tag: 2.2.19
8	Requires PHP: 5.6.0
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html

80
81	== Changelog ==
82
83	+ = 2.2.19 =
84	+ * security update
85	+
86	= 2.2.18 =
87	* style compatibility
88

admin/js/sp-dsgvo-admin.js CHANGED Viewed

	@@ -73,12 +73,14 @@
73	$('.unsubscribe-dismiss').on('click tap', function() {
74	var $this = $(this),
75	id = $this.attr('data-id');

76
77	if(confirm(args.dismiss_confirm)) {
78	$this.parent().parent().fadeOut(500);
79	$.post( args.ajaxurl, {
80	action: 'admin-dismiss-unsubscribe',
81	- id: id

82	},
83	function( data ) {
84	} );


73	$('.unsubscribe-dismiss').on('click tap', function() {
74	var $this = $(this),
75	id = $this.attr('data-id');
76	+ var nonce = $this.attr('data-nonce');
77
78	if(confirm(args.dismiss_confirm)) {
79	$this.parent().parent().fadeOut(500);
80	$.post( args.ajaxurl, {
81	action: 'admin-dismiss-unsubscribe',
82	+ id: id,
83	+ _wpnonce:nonce
84	},
85	function( data ) {
86	} );

admin/tabs/common-settings/class-sp-dsgvo-common-settings-action.php CHANGED Viewed

	@@ -7,9 +7,10 @@ class SPDSGVOCommonSettingsAction extends SPDSGVOAjaxAction
7
8	protected function run()
9	{

10	$this->requireAdmin();
11
12	- SPDSGVOSettings::set('admin_email', $this->get('admin_email', ''));
13	SPDSGVOSettings::set('use_wpml_strings', $this->get('use_wpml_strings', '0'));
14
15	SPDSGVOSettings::set('sp_dsgvo_comments_checkbox', $this->get('sp_dsgvo_comments_checkbox', '0'));


7
8	protected function run()
9	{
10	+ $this->checkCSRF();
11	$this->requireAdmin();
12
13	+ SPDSGVOSettings::set('admin_email', sanitize_email($this->get('admin_email', '')));
14	SPDSGVOSettings::set('use_wpml_strings', $this->get('use_wpml_strings', '0'));
15
16	SPDSGVOSettings::set('sp_dsgvo_comments_checkbox', $this->get('sp_dsgvo_comments_checkbox', '0'));

admin/tabs/common-settings/page.php CHANGED Viewed

	@@ -7,6 +7,7 @@
7	<td>
8	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>" style="display: inline">
9	<input type="hidden" name="action" value="admin-common-settings-activate">

10	<label for="dsgvo_licence"> <input name="dsgvo_licence"
11	type="text" id="dsgvo_licence" style="width: 200px"
12	value="<?= SPDSGVOSettings::get('dsgvo_licence'); ?>">
	@@ -65,7 +66,7 @@
65
66	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
67	<input type="hidden" name="action" value="admin-common-settings">
68	-
69	<input type="hidden" value="<?= SPDSGVOSettings::get('dsgvo_licence'); ?>" id="dsgvo_licence_hidden" name="dsgvo_licence_hidden" />
70
71	<h1><?php _e('Common Settings','shapepress-dsgvo')?></h1>
	@@ -75,7 +76,7 @@
75	<th scope="row"><?php _e('Admin Email','shapepress-dsgvo')?></th>
76	<td><label for="admin_email"> <input name="admin_email"
77	type="text" id="admin_email" style="width: 300px"
78	- value="<?= SPDSGVOSettings::get('admin_email'); ?>">
79	</label><span class="info-text"><?php _e('Used by sending emails.','shapepress-dsgvo')?></span></td>
80	</tr>
81	<!--


7	<td>
8	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>" style="display: inline">
9	<input type="hidden" name="action" value="admin-common-settings-activate">
10	+ <?php wp_nonce_field( SPDSGVOCommonSettingsActivateAction::getActionName(). '-nonce' ); ?>
11	<label for="dsgvo_licence"> <input name="dsgvo_licence"
12	type="text" id="dsgvo_licence" style="width: 200px"
13	value="<?= SPDSGVOSettings::get('dsgvo_licence'); ?>">

66
67	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
68	<input type="hidden" name="action" value="admin-common-settings">
69	+ <?php wp_nonce_field( SPDSGVOCommonSettingsAction::getActionName(). '-nonce' ); ?>
70	<input type="hidden" value="<?= SPDSGVOSettings::get('dsgvo_licence'); ?>" id="dsgvo_licence_hidden" name="dsgvo_licence_hidden" />
71
72	<h1><?php _e('Common Settings','shapepress-dsgvo')?></h1>

76	<th scope="row"><?php _e('Admin Email','shapepress-dsgvo')?></th>
77	<td><label for="admin_email"> <input name="admin_email"
78	type="text" id="admin_email" style="width: 300px"
79	+ value="<?= esc_html( SPDSGVOSettings::get('admin_email')); ?>">
80	</label><span class="info-text"><?php _e('Used by sending emails.','shapepress-dsgvo')?></span></td>
81	</tr>
82	<!--

admin/tabs/cookie-notice/class-sp-dsgvo-cookie-notice-action.php CHANGED Viewed

	@@ -5,6 +5,7 @@ Class SPDSGVOCookieNoticeAction extends SPDSGVOAjaxAction{
5	protected $action = 'admin-cookie-notice';
6
7	protected function run(){

8	$this->requireAdmin();
9
10	SPDSGVOSettings::set('cn_tracker_init', $this->get('cn_tracker_init', 'on_load'));


5	protected $action = 'admin-cookie-notice';
6
7	protected function run(){
8	+ $this->checkCSRF();
9	$this->requireAdmin();
10
11	SPDSGVOSettings::set('cn_tracker_init', $this->get('cn_tracker_init', 'on_load'));

admin/tabs/cookie-notice/page.php CHANGED Viewed

	@@ -1,5 +1,6 @@
1	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
2	<input type="hidden" name="action" value="admin-cookie-notice">

3
4	<h1><?php _e('Cookie Notice','shapepress-dsgvo')?></h1>
5


1	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
2	<input type="hidden" name="action" value="admin-cookie-notice">
3	+ <?php wp_nonce_field( SPDSGVOCookieNoticeAction::getActionName(). '-nonce' ); ?>
4
5	<h1><?php _e('Cookie Notice','shapepress-dsgvo')?></h1>
6

admin/tabs/gravity-forms/class-sp-dsgvo-gravity-forms-action.php CHANGED Viewed

	@@ -5,6 +5,7 @@ Class SPDSGVOGravityFormsAction extends SPDSGVOAjaxAction{
5	protected $action = 'admin-gravity-forms';
6
7	protected function run(){

8	$this->requireAdmin();
9
10	SPDSGVOSettings::set('gf_save_no_data', $this->get('gf_save_no_data'), '0');


5	protected $action = 'admin-gravity-forms';
6
7	protected function run(){
8	+ $this->checkCSRF();
9	$this->requireAdmin();
10
11	SPDSGVOSettings::set('gf_save_no_data', $this->get('gf_save_no_data'), '0');

admin/tabs/gravity-forms/page.php CHANGED Viewed

	@@ -1,5 +1,6 @@
1	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
2	<input type="hidden" name="action" value="admin-gravity-forms">

3
4	<h1><?php _e('Gravity Forms','shapepress-dsgvo')?></h1>
5


1	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
2	<input type="hidden" name="action" value="admin-gravity-forms">
3	+ <?php wp_nonce_field( SPDSGVOGravityFormsAction::getActionName(). '-nonce' ); ?>
4
5	<h1><?php _e('Gravity Forms','shapepress-dsgvo')?></h1>
6

admin/tabs/imprint/class-sp-dsgvo-imprint-action.php CHANGED Viewed

	@@ -5,6 +5,7 @@ Class SPDSGVOImprintAction extends SPDSGVOAjaxAction{
5	protected $action = 'imprint';
6
7	protected function run(){

8	$this->requireAdmin();
9
10	if($this->has('imprint_page')){


5	protected $action = 'imprint';
6
7	protected function run(){
8	+ $this->checkCSRF();
9	$this->requireAdmin();
10
11	if($this->has('imprint_page')){

admin/tabs/imprint/page.php CHANGED Viewed

	@@ -3,6 +3,7 @@
3
4	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
5	<input type="hidden" name="action" value="imprint">

6
7	<table class="form-table btn-settings-show">
8	<tbody>


3
4	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
5	<input type="hidden" name="action" value="imprint">
6	+ <?php wp_nonce_field( SPDSGVOImprintAction::getActionName(). '-nonce' ); ?>
7
8	<table class="form-table btn-settings-show">
9	<tbody>

admin/tabs/integrations/class-sp-dsgvo-integrations-action.php CHANGED Viewed

	@@ -5,6 +5,7 @@ Class SPDSGVOIntegrationsAction extends SPDSGVOAjaxAction{
5	protected $action = 'SPDSGVO-integrations-submit';
6
7	protected function run(){

8	$this->requireAdmin();
9
10	$time = time();


5	protected $action = 'SPDSGVO-integrations-submit';
6
7	protected function run(){
8	+ $this->checkCSRF();
9	$this->requireAdmin();
10
11	$time = time();

admin/tabs/integrations/page.php CHANGED Viewed

	@@ -3,6 +3,7 @@
3
4	<form method="post" action="<?= SPDSGVOIntegrationsAction::formURL() ?>">
5	<input type="hidden" name="action" value="<?= SPDSGVOIntegrationsAction::getActionName() ?>">

6
7	<table class="form-table">
8	<tbody>


3
4	<form method="post" action="<?= SPDSGVOIntegrationsAction::formURL() ?>">
5	<input type="hidden" name="action" value="<?= SPDSGVOIntegrationsAction::getActionName() ?>">
6	+ <?php wp_nonce_field( SPDSGVOIntegrationsAction::getActionName(). '-nonce' ); ?>
7
8	<table class="form-table">
9	<tbody>

admin/tabs/privacy-policy/class-sp-dsgvo-privacy-policy-action.php CHANGED Viewed

	@@ -5,6 +5,7 @@ Class SPDSGVOPrivacyPolicyAction extends SPDSGVOAjaxAction{
5	protected $action = 'privacy-policy';
6
7	protected function run(){

8	$this->requireAdmin();
9
10


5	protected $action = 'privacy-policy';
6
7	protected function run(){
8	+ $this->checkCSRF();
9	$this->requireAdmin();
10
11

admin/tabs/privacy-policy/page.php CHANGED Viewed

	@@ -6,6 +6,7 @@
6	</p>
7
8	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">

9	<table class="form-table btn-settings-show">
10	<tbody>
11	<tr>


6	</p>
7
8	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
9	+ <?php wp_nonce_field( SPDSGVOPrivacyPolicyAction::getActionName(). '-nonce' ); ?>
10	<table class="form-table btn-settings-show">
11	<tbody>
12	<tr>

admin/tabs/services/class-sp-dsgvo-add-service-action.php CHANGED Viewed

	@@ -5,6 +5,7 @@ Class SPDSGVOAddServiceAction extends SPDSGVOAjaxAction{
5	protected $action = 'admin-add-service';
6
7	protected function run(){

8	$this->requireAdmin();
9
10	if(!empty($this->get('new_name')) && !empty($this->get('new_reason'))){


5	protected $action = 'admin-add-service';
6
7	protected function run(){
8	+ $this->checkCSRF();
9	$this->requireAdmin();
10
11	if(!empty($this->get('new_name')) && !empty($this->get('new_reason'))){

admin/tabs/services/class-sp-dsgvo-delete-service-action.php CHANGED Viewed

	@@ -5,6 +5,7 @@ Class SPDSGVODeleteServiceAction extends SPDSGVOAjaxAction{
5	protected $action = 'delete-service';
6
7	protected function run(){

8	$this->requireAdmin();
9
10


5	protected $action = 'delete-service';
6
7	protected function run(){
8	+ $this->checkCSRF();
9	$this->requireAdmin();
10
11

admin/tabs/services/class-sp-dsgvo-services-action.php CHANGED Viewed

	@@ -5,6 +5,7 @@ Class SPDSGVOServicesAction extends SPDSGVOAjaxAction{
5	protected $action = 'admin-services';
6
7	protected function run(){

8	$this->requireAdmin();
9
10


5	protected $action = 'admin-services';
6
7	protected function run(){
8	+ $this->checkCSRF();
9	$this->requireAdmin();
10
11

admin/tabs/services/page.php CHANGED Viewed

	@@ -5,6 +5,7 @@
5
6	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
7	<input type="hidden" name="action" value="admin-services">

8
9	<table class="form-table btn-settings-show" >
10	<tbody>
	@@ -111,7 +112,11 @@
111	</td>
112	<!-- i592995 -->
113	<td class="column-reason">
114	- ~~<a href="<?= SPDSGVODeleteServiceAction::url(['slug' => $slug]) ?>"><?~~php ~~_e('Delete','shapepress-dsgvo')?></a>~~




115	</td>
116	</tr>
117
	@@ -137,6 +142,7 @@
137
138	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
139	<input type="hidden" name="action" value="admin-add-service">

140	<br><br>
141
142	<h3><?php _e('Add service','shapepress-dsgvo')?></h3>


5
6	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
7	<input type="hidden" name="action" value="admin-services">
8	+ <?php wp_nonce_field( SPDSGVOServicesAction::getActionName(). '-nonce' ); ?>
9
10	<table class="form-table btn-settings-show" >
11	<tbody>

112	</td>
113	<!-- i592995 -->
114	<td class="column-reason">
115	+ <?php
116	+ $action_url = wp_nonce_url( SPDSGVODeleteServiceAction::url(['slug' => $slug]), SPDSGVODeleteServiceAction::getActionName(). '-nonce' );
117	+ // $action_url is now "/change-color/?color=blue&_wpnonce=GENERATED_VALUE"
118	+ ?>
119	+ <a href="<?= esc_url( $action_url ) ?>"><?php _e('Delete','shapepress-dsgvo')?></a>
120	</td>
121	</tr>
122

142
143	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
144	<input type="hidden" name="action" value="admin-add-service">
145	+ <?php wp_nonce_field( SPDSGVOAddServiceAction::getActionName(). '-nonce' ); ?>
146	<br><br>
147
148	<h3><?php _e('Add service','shapepress-dsgvo')?></h3>

admin/tabs/subject-access-request/class-sp-dsgvo-subject-access-request-action.php CHANGED Viewed

	@@ -5,6 +5,7 @@ Class SPDSGVOAdminSubjectAccessRequestAction extends SPDSGVOAjaxAction{
5	protected $action = 'admin-subject-access-request';
6
7	protected function run(){

8	$this->requireAdmin();
9
10	if ($this->has('process') == false && $this->get('all') != '1')


5	protected $action = 'admin-subject-access-request';
6
7	protected function run(){
8	+ $this->checkCSRF();
9	$this->requireAdmin();
10
11	if ($this->has('process') == false && $this->get('all') != '1')

admin/tabs/subject-access-request/page.php CHANGED Viewed

	@@ -5,6 +5,7 @@
5	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
6	<input type="hidden" name="action"
7	value="<?= SPDSGVOAdminSubjectAccessRequestAction::getActionName(); ?>">

8
9	<?php $disablePremiumFeatures = isValidPremiumEdition() == false; ?>
10


5	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
6	<input type="hidden" name="action"
7	value="<?= SPDSGVOAdminSubjectAccessRequestAction::getActionName(); ?>">
8	+ <?php wp_nonce_field( SPDSGVOAdminSubjectAccessRequestAction::getActionName(). '-nonce' ); ?>
9
10	<?php $disablePremiumFeatures = isValidPremiumEdition() == false; ?>
11

admin/tabs/super-unsubscribe/class-sp-dsgvo-dismiss-unsubscribe-action.php CHANGED Viewed

	@@ -5,6 +5,10 @@ Class SPDSGVODismissUnsubscribeAction extends SPDSGVOAjaxAction{
5	protected $action = 'admin-dismiss-unsubscribe';
6
7	protected function run(){




8	$id = $this->get('id');
9	wp_delete_post($id);
10	die();


5	protected $action = 'admin-dismiss-unsubscribe';
6
7	protected function run(){
8	+
9	+ //$this->checkCSRF();
10	+ $this->requireAdmin();
11	+
12	$id = $this->get('id');
13	wp_delete_post($id);
14	die();

admin/tabs/super-unsubscribe/class-sp-dsgvo-super-unsubscribe-action.php CHANGED Viewed

	@@ -5,6 +5,7 @@ Class SPDSGVOSuperUnsubscribeAction extends SPDSGVOAjaxAction{
5	protected $action = 'admin-super-unsubscribe';
6
7	protected function run(){

8	$this->requireAdmin();
9
10	if ($this->has('process') == false && $this->get('all') != '1')


5	protected $action = 'admin-super-unsubscribe';
6
7	protected function run(){
8	+ $this->checkCSRF();
9	$this->requireAdmin();
10
11	if ($this->has('process') == false && $this->get('all') != '1')

admin/tabs/super-unsubscribe/page.php CHANGED Viewed

	@@ -4,8 +4,10 @@
4
5	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
6	<input type="hidden" name="action"
7	- value="<?= SPDSGVOSuperUnsubscribeAction::getActionName(); ?>"> ~~<input~~

8	type="hidden" name="CSRF" value="<?= sp_dsgvo_CSRF_TOKEN() ?>">

9	<?php $disablePremiumFeatures = isValidPremiumEdition() == false; ?>
10
11	<table class="form-table">
	@@ -249,7 +251,7 @@ if (isset($_GET['status']) && in_array($_GET['status'], $statuses)) {
249	</td>
250	<!-- .i592995 -->
251	<td class="column-dismiss">
252	- <svg class="unsubscribe-dismiss" width="10" height="10" data-id="<?php echo $confirmedRequest->ID; ?>">
253	<line x1="0" y1="0" x2="10" y2="10" />
254	<line x1="0" y1="10" x2="10" y2="0" />
255	</svg>
	@@ -302,6 +304,7 @@ if (isset($_GET['status']) && in_array($_GET['status'], $statuses)) {
302	<input type="hidden" name="action"
303	value="<?= SPDSGVOSuperUnsubscribeFormAction::getActionName(); ?>"> <input
304	type="hidden" name="is_admin" value="1"> <br>

305	<br>
306
307	<h3><?php _e('Add entry','shapepress-dsgvo')?></h3>


4
5	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
6	<input type="hidden" name="action"
7	+ value="<?= SPDSGVOSuperUnsubscribeAction::getActionName(); ?>">
8	+ <input
9	type="hidden" name="CSRF" value="<?= sp_dsgvo_CSRF_TOKEN() ?>">
10	+ <?php wp_nonce_field( SPDSGVOSuperUnsubscribeAction::getActionName(). '-nonce' ); ?>
11	<?php $disablePremiumFeatures = isValidPremiumEdition() == false; ?>
12
13	<table class="form-table">

251	</td>
252	<!-- .i592995 -->
253	<td class="column-dismiss">
254	+ <svg class="unsubscribe-dismiss" width="10" height="10" data-id="<?php echo $confirmedRequest->ID; ?>" data-nonce="<?php echo wp_create_nonce( SPDSGVODismissUnsubscribeAction::getActionName() .'-nonce' ) ?>">
255	<line x1="0" y1="0" x2="10" y2="10" />
256	<line x1="0" y1="10" x2="10" y2="0" />
257	</svg>

304	<input type="hidden" name="action"
305	value="<?= SPDSGVOSuperUnsubscribeFormAction::getActionName(); ?>"> <input
306	type="hidden" name="is_admin" value="1"> <br>
307	+ <?php wp_nonce_field( SPDSGVOSuperUnsubscribeFormAction::getActionName(). '-nonce' ); ?>
308	<br>
309
310	<h3><?php _e('Add entry','shapepress-dsgvo')?></h3>

admin/tabs/terms-conditions/page.php CHANGED Viewed

	@@ -5,6 +5,7 @@
5
6	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
7	<input type="hidden" name="action" value="terms-conditions">

8
9	<table class="form-table btn-settings-show" style="display: none;">
10	<tbody>


5
6	<form method="post" action="<?= admin_url('/admin-ajax.php'); ?>">
7	<input type="hidden" name="action" value="terms-conditions">
8	+ <?php wp_nonce_field( SPDSGVOTermsConditionsAction::getActionName(). '-nonce' ); ?>
9
10	<table class="form-table btn-settings-show" style="display: none;">
11	<tbody>

includes/class-sp-dsgvo-ajax-action.php CHANGED Viewed

	@@ -103,6 +103,19 @@ abstract class SPDSGVOAjaxAction{
103	}
104
105	public function checkCSRF(){













106	if(!$this->has('CSRF')){
107	echo '1. CSRF ERROR';
108	die;
	@@ -122,6 +135,7 @@ abstract class SPDSGVOAjaxAction{
122	update_user_meta($this->user->ID, 'sp_dsgvo_CSRF_token', wp_generate_password(20, FALSE, FALSE));
123
124	return TRUE;

125	}
126
127	public function error($message){


103	}
104
105	public function checkCSRF(){
106	+
107	+ $actionName = self::getActionName().'-nonce';
108	+ $submittedNonce = $_REQUEST['_wpnonce'];
109	+
110	+ if ( wp_verify_nonce( $submittedNonce, $actionName ) ) {
111	+ return TRUE;
112	+ } else
113	+ {
114	+ echo 'CSRF ERROR: Nonce not valid';
115	+ die;
116	+ //return FALSE;
117	+ }
118	+ /*
119	if(!$this->has('CSRF')){
120	echo '1. CSRF ERROR';
121	die;

135	update_user_meta($this->user->ID, 'sp_dsgvo_CSRF_token', wp_generate_password(20, FALSE, FALSE));
136
137	return TRUE;
138	+ */
139	}
140
141	public function error($message){

public/shortcodes/subject-access-request/subject-access-request-action.php CHANGED Viewed

	@@ -5,6 +5,9 @@ Class SPDSGVOSubjectAccessRequestAction extends SPDSGVOAjaxAction{
5	protected $action = 'subject-access-request';
6
7	public function run(){



8	if(!$this->has('email') \|\| empty($this->get('email'))){
9	$this->error(__('Please enter an email address','shapepress-dsgvo'));
10	}


5	protected $action = 'subject-access-request';
6
7	public function run(){
8	+
9	+ $this->checkCSRF();
10	+
11	if(!$this->has('email') \|\| empty($this->get('email'))){
12	$this->error(__('Please enter an email address','shapepress-dsgvo'));
13	}

public/shortcodes/subject-access-request/subject-access-request.php CHANGED Viewed

	@@ -19,6 +19,7 @@ function SPDSGVODownloadMyDataShortcode($atts){
19
20	<?php else: ?>
21	<form method="post" action="<?= SPDSGVOSubjectAccessRequestAction::url() ?>" class="sp-dsgvo-framework">

22	<fieldset>
23
24	<div class="row">


19
20	<?php else: ?>
21	<form method="post" action="<?= SPDSGVOSubjectAccessRequestAction::url() ?>" class="sp-dsgvo-framework">
22	+ <?php wp_nonce_field( SPDSGVOSubjectAccessRequestAction::getActionName(). '-nonce' ); ?>
23	<fieldset>
24
25	<div class="row">

public/shortcodes/super-unsubscribe/unsubscribe-form-action.php CHANGED Viewed

	@@ -5,6 +5,9 @@ Class SPDSGVOSuperUnsubscribeFormAction extends SPDSGVOAjaxAction{
5	protected $action = 'super-unsubscribe';
6
7	public function run(){



8	if(!$this->has('email') \|\| empty($this->get('email'))){
9	$this->error(__('Please enter an email address.','shapepress-dsgvo'));
10	}


5	protected $action = 'super-unsubscribe';
6
7	public function run(){
8	+
9	+ $this->checkCSRF();
10	+
11	if(!$this->has('email') \|\| empty($this->get('email'))){
12	$this->error(__('Please enter an email address.','shapepress-dsgvo'));
13	}

public/shortcodes/super-unsubscribe/unsubscribe-form.php CHANGED Viewed

	@@ -24,6 +24,7 @@ function SPDSGVOUnsubscribeShortcode($atts){
24
25	<?php else: ?>
26	<form method="post" action="<?= SPDSGVOSuperUnsubscribeFormAction::url() ?>" class="sp-dsgvo-framework">

27	<fieldset>
28	<div class="row">
29	<div class="column">


24
25	<?php else: ?>
26	<form method="post" action="<?= SPDSGVOSuperUnsubscribeFormAction::url() ?>" class="sp-dsgvo-framework">
27	+ <?php wp_nonce_field( SPDSGVOSuperUnsubscribeFormAction::getActionName(). '-nonce' ); ?>
28	<fieldset>
29	<div class="row">
30	<div class="column">

sp-dsgvo.php CHANGED Viewed

	@@ -16,7 +16,7 @@
16	* Plugin Name: WP DSGVO Tools (GDPR)
17	* Plugin URI: https://wp-dsgvo.eu
18	* Description: WP DSGVO Tools (GDPR) help you to fulfill the GDPR (DGSVO) compliance guidance (<a target="_blank" href="https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/">GDPR</a>)
19	- * Version: 2.2.18
20	* Author: Shapepress eU
21	* Author URI: https://www.shapepress.com
22	* License URI: http://www.gnu.org/licenses/gpl-2.0.txt
	@@ -28,7 +28,7 @@ if (! defined('WPINC')) {
28	die();
29	}
30
31	- define('sp_dsgvo_VERSION', '2.2.18');
32	define('sp_dsgvo_NAME', 'sp-dsgvo');
33	/* i592995 */
34	define('sp_dsgvo_URL', plugin_dir_url( __FILE__ ));


16	* Plugin Name: WP DSGVO Tools (GDPR)
17	* Plugin URI: https://wp-dsgvo.eu
18	* Description: WP DSGVO Tools (GDPR) help you to fulfill the GDPR (DGSVO) compliance guidance (<a target="_blank" href="https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/">GDPR</a>)
19	+ * Version: 2.2.19
20	* Author: Shapepress eU
21	* Author URI: https://www.shapepress.com
22	* License URI: http://www.gnu.org/licenses/gpl-2.0.txt

28	die();
29	}
30
31	+ define('sp_dsgvo_VERSION', '2.2.19');
32	define('sp_dsgvo_NAME', 'sp-dsgvo');
33	/* i592995 */
34	define('sp_dsgvo_URL', plugin_dir_url( __FILE__ ));