WP DSGVO Tools - Version 3.1.22

Version Description

  • fixed xss vulnerability
Download this release

Release Info

Developer legalweb
Plugin Icon 128x128 WP DSGVO Tools
Version 3.1.22
Comparing to
See all releases

Code changes from version 3.1.21 to 3.1.22

Files changed (4) hide show
  1. README.txt +4 -180
  2. admin/tabs/v3/subject-access-request/page.php +2 -2
  3. admin/tabs/v3/super-unsubscribe/page.php +2 -2
  4. sp-dsgvo.php +2 -2
README.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://legalweb.io
4
  Tags: gdpr, dsgvo, datenschutz, privacy, privacy policy, imprint, impressum, wordpress, compliance, privacy, woocommerce, law
5
  Requires at least: 3.0.1
6
  Tested up to: 5.8.2
7
- Stable tag: 3.1.21
8
  Requires PHP: 5.6.0
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -204,6 +204,9 @@ Just install via wordpress plugin feature or upload zip and activate it.
204
 
205
  == Changelog ==
206
 
 
 
 
207
  = 3.1.21 =
208
  * added mautic
209
  * fixed bug with forcing cookie popup
@@ -220,185 +223,6 @@ Just install via wordpress plugin feature or upload zip and activate it.
220
  * improved custom fonts loading (option to disable it)
221
  * hide emtpy owner texts in imprint
222
 
223
- = 3.1.17 =
224
- * fixed issues with some embeddings
225
-
226
- = 3.1.16 =
227
- * improved embeddings
228
-
229
- = 3.1.15 =
230
- * implemented/raising an JS Event 'lw-optinout' when an opt-in or opt-out was made
231
- * possibility to let visitors decide if necessary integrations should be enabled
232
-
233
- = 3.1.14 =
234
- * updated webinar section
235
-
236
- = 3.1.13 =
237
- * added hobex
238
- * small bugfixes
239
-
240
- = 3.1.12 =
241
- * removed register_rest_route notice
242
-
243
- = 3.1.11 =
244
- * added support to embed shortcodes in content-block shortcode like [lw_content_block type="id_here" shortcode="other shortcode here"]
245
- * fixed slashes at cookie notice images
246
- * fixed translation bug
247
- * added the title of the privacy policy to wpml-config to enable translation support via string translations
248
-
249
- = 3.1.10 =
250
- * fixed cronjob of delete requests
251
- * bugfixes with dynamic blocking of content
252
- * CDN text fix
253
- * use custom endpoint for popup texts instead of ajax
254
-
255
- = 3.1.9 =
256
- * IE compatibility
257
- * changed yt channel
258
-
259
- = 3.1.8 =
260
- * Google Adsense
261
- * compatibility mode for ratio classes of specific templates which does not have a negative margin
262
- * mandatory integration behaviour loading improved
263
- * popup closing behaviour improved
264
- * shortcode for manual content blocking [lw_content_block]
265
-
266
- = 3.1.7 =
267
- * css improvements
268
- * openstreetmap blocking improved
269
- * performance improvements
270
- * privacy policy: restored texts of mandatory service
271
- * WPGlobus compatibility
272
-
273
- = 3.1.6 =
274
- * IE fixes
275
-
276
- = 3.1.5 =
277
- * improved tcpdf loading to save memory
278
- * reminder email for newer privacy policy texts only get send once
279
- * imprint: email address changed to mailto link
280
- * improved blocking of dynamic loaded embeddings (with option for enabling this feature)
281
- * fixed privacy policy and popup texts for agency modes of matomo and piwik
282
- * added easyname as hoster
283
- * option to set a custom title to privacy policy
284
- * load custom css for embeddings now after default css to apply styles in correct order
285
- * a click on outside the popup (= overlay) closes the popup now and accept nothing
286
- * feature to specify a lifetime if popup get dismissed (no selection is also dismiss)
287
- * closing the popup is equal to dismissAll -> legally seen there are only accept or dismiss, not "no decision"
288
- * free webinars menu
289
-
290
- = 3.1.4 =
291
- * css classes for success messages of sar and delete request form
292
- * fixed privacy policy texts for statistic integrations not supporting different implementation modes
293
- * added message to privacy policy texts if they are actual
294
- * improved responsive features of the popup for small display sizes
295
- * changed to direct opt-in if a user clicks on the button for enabling a embedding instead of showing the popup
296
- * fixed js animation effects of the cookie notice
297
-
298
- = 3.1.3 =
299
- * validation fixes in forms of sar und delete request
300
- * header style fixes in privacy policy
301
- * fixed matomo & piwik privacy policy text, changed emails to email links, changed targets to blank for hrefs
302
- * ui fix for matomo & piwik
303
-
304
- = 3.1.2 =
305
- * fixed a warning message at editing posts or pages
306
-
307
- = 3.1.1 =
308
- * removed some warnings, typos and improved css
309
-
310
- = 3.1.0 =
311
- * added support (popup, content blocking, privacy policy) for embedded content of facebook, twitter, youtube, vimeo, soundcloud, google maps, openstreetmap, instagram
312
- * added matomo tag manager
313
- * spam protection for sar and unsubscribe form
314
- * cookie notice border color and border with can now be configured
315
- * shortcodes for creating link to privacy policy and opening popup
316
- * fixed little html and js syntax errors
317
- * fixed custom email texts of data and delete request
318
- * pot file added to support other translation tools
319
- * minified css
320
- * translation updates
321
- * a lot of other improvements and fixes
322
-
323
- = 3.0.20 =
324
- * translation fixes
325
- * popup "all details" language fix
326
- * popup css compatibility improved
327
- * popup button alignment fixed
328
- * darkmode improvements
329
- * added hoster
330
-
331
- = 3.0.19 =
332
- * popup logo fixes
333
- * js bug fixes
334
- * operator tab saving fixes
335
- * gtag manager fix
336
-
337
- = 3.0.18 =
338
- * improved the text notification of free license
339
- * optional email notification when new privacy texts are downloadable
340
- * renamed icon file names to avoid a broken image link
341
- * fixed translation errors
342
- * darkmode color compatibility improved
343
-
344
- = 3.0.17 =
345
- * GTAG Manager fix
346
-
347
- = 3.0.16 =
348
- * fallback language for legal texts
349
- * added LinkedIn Pixel, Bing Ads UET as targeting integration
350
- * added Hotjar as statistic integration
351
- * added SiteGround (Hosting) and Mailpoet (newslettering)
352
-
353
- = 3.0.15 =
354
- * translation improvement
355
- * js script bugfix
356
-
357
- = 3.0.14 =
358
- * js frontenend fix
359
- * clear caches of common plugin on saving of cookie notice/popup relevant data
360
- * added techn. necessary integrations feature to popup
361
- * allow "auto opt-in" for piwik and matomo according to latest gdpr facts
362
- * updated legal texts
363
- * added "no integration mode" for popup, just do display text and ok button
364
- * newsletter provider added to backend and privacy policy
365
-
366
- = 3.0.13 =
367
- * fixes in imprint and privacy policy shortcode
368
- * fixes casing of included fonts
369
- * added WP Statistics
370
- * added new hoster: lima city
371
- * removed duplicated header in privacy policy
372
- * css compatibility improvements
373
- * improved translations
374
-
375
- = 3.0.12 =
376
- * down to 3.0.1
377
- * moved styling functionality to Free version
378
- * compatibility improvements to themes used by our users
379
- * translation updates & fixes
380
- * backend fix at delete request page actions
381
- * css & html fixes of the frontend
382
- * option to show popup although it's not needed
383
- * fixed http 500 error at some installations with endless loop
384
- * fixed casing of included fonts
385
- * updated legal texts
386
- * fixed click handler on mobile devices
387
- * reacted to a lot of user wishes
388
-
389
- = 3.0.0 =
390
- * Redesigned the backend, separated functions, improved usability, added more help texts
391
- * Redesigned frontend to ensure GDPR compliance - full opt-in for supported services/integrations
392
- * Dynamic generation of valid and compliant privacy policy for AT, DE and third states + privacy policy text upgrade service
393
- * Added Matomo in Free version, moved FB Pixel to Premium/Blog
394
- * Sorted out unneeded or non mandatory functions in case of GDPR
395
- * Cookie Popup now in all versions/editions
396
- * Styles for cookie notice
397
- * Dark mode for cookie popup
398
- * TCPDF update to latest bits + improvement of compatibility to other plugins
399
- * a lot of other bugfixes and improvements
400
-
401
-
402
  == Upgrade Notice ==
403
  = 3.1.10 =
404
  * Important if you upgrade from V2: In V3 a lot of important changes have been made. Please check all your settings after updating to ensure correct functionality
4
  Tags: gdpr, dsgvo, datenschutz, privacy, privacy policy, imprint, impressum, wordpress, compliance, privacy, woocommerce, law
5
  Requires at least: 3.0.1
6
  Tested up to: 5.8.2
7
+ Stable tag: 3.1.22
8
  Requires PHP: 5.6.0
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
204
 
205
  == Changelog ==
206
 
207
+ = 3.1.22 =
208
+ * fixed xss vulnerability
209
+
210
  = 3.1.21 =
211
  * added mautic
212
  * fixed bug with forcing cookie popup
223
  * improved custom fonts loading (option to disable it)
224
  * hide emtpy owner texts in imprint
225
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
226
  == Upgrade Notice ==
227
  = 3.1.10 =
228
  * Important if you upgrade from V2: In V3 a lot of important changes have been made. Please check all your settings after updating to ensure correct functionality
admin/tabs/v3/subject-access-request/page.php CHANGED
@@ -179,10 +179,10 @@ $hasValidLicense = isValidPremiumEdition() || isValidBlogEdition();
179
  <td class="column-email"><strong><?= $pendingRequest->email ?></strong>
180
  </td>
181
  <td class="column-integrations">
182
- <?= $pendingRequest->first_name ?>
183
  </td>
184
  <td class="column-auto-deleting-on">
185
- <?= $pendingRequest->last_name ?>
186
  </td>
187
  <td class="column-auto-deleting-on">
188
  <?= $pendingRequest->dsgvo_accepted === '1' ? __('Yes', 'shapepress-dsgvo') : __('No', 'shapepress-dsgvo') ?>
179
  <td class="column-email"><strong><?= $pendingRequest->email ?></strong>
180
  </td>
181
  <td class="column-integrations">
182
+ <?= htmlspecialchars($pendingRequest->first_name); ?>
183
  </td>
184
  <td class="column-auto-deleting-on">
185
+ <?= htmlspecialchars($pendingRequest->last_name); ?>
186
  </td>
187
  <td class="column-auto-deleting-on">
188
  <?= $pendingRequest->dsgvo_accepted === '1' ? __('Yes', 'shapepress-dsgvo') : __('No', 'shapepress-dsgvo') ?>
admin/tabs/v3/super-unsubscribe/page.php CHANGED
@@ -290,11 +290,11 @@ if (isset($_GET['status']) && in_array($_GET['status'], $statuses)) {
290
  </td>
291
  <td class="column-integrations">
292
  <span class="wpk-services-table-name"><?php _e('First name', 'shapepress-dsgvo') ?></span>
293
- <?= $confirmedRequest->first_name ?>
294
  </td>
295
  <td class="column-auto-deleting-on">
296
  <span class="wpk-services-table-name"><?php _e('Last name', 'shapepress-dsgvo') ?></span>
297
- <?= $confirmedRequest->last_name ?>
298
  </td>
299
  <td class="column-auto-deleting-on">
300
  <span class="wpk-services-table-name"><?php _e('GDPR approval', 'shapepress-dsgvo') ?></span>
290
  </td>
291
  <td class="column-integrations">
292
  <span class="wpk-services-table-name"><?php _e('First name', 'shapepress-dsgvo') ?></span>
293
+ <?= htmlspecialchars($confirmedRequest->first_name); ?>
294
  </td>
295
  <td class="column-auto-deleting-on">
296
  <span class="wpk-services-table-name"><?php _e('Last name', 'shapepress-dsgvo') ?></span>
297
+ <?= htmlspecialchars($confirmedRequest->last_name); ?>
298
  </td>
299
  <td class="column-auto-deleting-on">
300
  <span class="wpk-services-table-name"><?php _e('GDPR approval', 'shapepress-dsgvo') ?></span>
sp-dsgvo.php CHANGED
@@ -16,7 +16,7 @@
16
  * Plugin Name: WP DSGVO Tools (GDPR)
17
  * Plugin URI: https://legalweb.io
18
  * Description: WP DSGVO Tools (GDPR) help you to fulfill the GDPR (DGSVO) compliance guidance (<a target="_blank" href="https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/">GDPR</a>)
19
- * Version: 3.1.21
20
  * Author: legalweb
21
  * Author URI: https://www.legalweb.io
22
  * License URI: http://www.gnu.org/licenses/gpl-2.0.txt
@@ -28,7 +28,7 @@ if (! defined('WPINC')) {
28
  die();
29
  }
30
 
31
- define('sp_dsgvo_VERSION', '3.1.21');
32
  define('sp_dsgvo_NAME', 'sp-dsgvo');
33
  define('sp_dsgvo_PLUGIN_NAME', 'shapepress-dsgvo');
34
  define('sp_dsgvo_LEGAL_TEXTS_MIN_VERSION', '1579021814');
16
  * Plugin Name: WP DSGVO Tools (GDPR)
17
  * Plugin URI: https://legalweb.io
18
  * Description: WP DSGVO Tools (GDPR) help you to fulfill the GDPR (DGSVO) compliance guidance (<a target="_blank" href="https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/">GDPR</a>)
19
+ * Version: 3.1.22
20
  * Author: legalweb
21
  * Author URI: https://www.legalweb.io
22
  * License URI: http://www.gnu.org/licenses/gpl-2.0.txt
28
  die();
29
  }
30
 
31
+ define('sp_dsgvo_VERSION', '3.1.22');
32
  define('sp_dsgvo_NAME', 'sp-dsgvo');
33
  define('sp_dsgvo_PLUGIN_NAME', 'shapepress-dsgvo');
34
  define('sp_dsgvo_LEGAL_TEXTS_MIN_VERSION', '1579021814');