WP DSGVO Tools - Version 3.1.27

Version Description

  • improved sanitation and escaping
  • fixed errors at unsubscribe and subject access request
Download this release

Release Info

Developer legalweb
Plugin Icon 128x128 WP DSGVO Tools
Version 3.1.27
Comparing to
See all releases

Code changes from version 3.1.26 to 3.1.27

Files changed (12) hide show
  1. README.txt +5 -1
  2. admin/js/sp-dsgvo-admin.js +4 -2
  3. admin/tabs/v3/subject-access-request/page.php +1 -1
  4. admin/tabs/v3/super-unsubscribe/class-sp-dsgvo-dismiss-unsubscribe-action.php +2 -2
  5. admin/tabs/v3/super-unsubscribe/page.php +1 -1
  6. includes/class-sp-dsgvo-ajax-action.php +1 -17
  7. includes/class-sp-dsgvo-embedding-api-base.php +5 -2
  8. includes/class-sp-dsgvo-integration-api-base.php +1 -1
  9. includes/helpers.php +19 -0
  10. public/shortcodes/subject-access-request/subject-access-request.php +1 -1
  11. public/shortcodes/super-unsubscribe/unsubscribe-form.php +2 -2
  12. sp-dsgvo.php +2 -2
README.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://legalweb.io
4
  Tags: gdpr, dsgvo, datenschutz, privacy, privacy policy, imprint, impressum, wordpress, compliance, privacy, woocommerce, law
5
  Requires at least: 3.0.1
6
  Tested up to: 5.8.1
7
- Stable tag: 3.1.26
8
  Requires PHP: 5.6.0
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -203,6 +203,10 @@ Just install via WordPress plugin feature or upload zip and activate it.
203
 
204
 
205
  == Changelog ==
 
 
 
 
206
  = 3.1.26 =
207
  * improved sanitation and escaping
208
 
4
  Tags: gdpr, dsgvo, datenschutz, privacy, privacy policy, imprint, impressum, wordpress, compliance, privacy, woocommerce, law
5
  Requires at least: 3.0.1
6
  Tested up to: 5.8.1
7
+ Stable tag: 3.1.27
8
  Requires PHP: 5.6.0
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
203
 
204
 
205
  == Changelog ==
206
+ = 3.1.27 =
207
+ * improved sanitation and escaping
208
+ * fixed errors at unsubscribe and subject access request
209
+
210
  = 3.1.26 =
211
  * improved sanitation and escaping
212
 
admin/js/sp-dsgvo-admin.js CHANGED
@@ -47,13 +47,15 @@ var spDsgvoActiveAdminSubmenu = '';
47
 
48
  $('.unsubscribe-dismiss').on('click tap', function() {
49
  var $this = $(this),
50
- id = $this.attr('data-id');
 
51
 
52
  if(confirm(args.dismiss_confirm)) {
53
  $this.parent().parent().fadeOut(500);
54
  $.post( args.ajaxurl, {
55
  action: 'admin-dismiss-unsubscribe',
56
- id: id
 
57
  },
58
  function( data ) {
59
  } );
47
 
48
  $('.unsubscribe-dismiss').on('click tap', function() {
49
  var $this = $(this),
50
+ id = $this.attr('data-id'),
51
+ wpnonce = $this.attr('data-nonce');
52
 
53
  if(confirm(args.dismiss_confirm)) {
54
  $this.parent().parent().fadeOut(500);
55
  $.post( args.ajaxurl, {
56
  action: 'admin-dismiss-unsubscribe',
57
+ id: id,
58
+ _wpnonce: wpnonce
59
  },
60
  function( data ) {
61
  } );
admin/tabs/v3/subject-access-request/page.php CHANGED
@@ -194,7 +194,7 @@ $hasValidLicense = isValidPremiumEdition() || isValidBlogEdition();
194
  <!-- i592995 -->
195
  <td class="column-dismiss">
196
  <svg class="unsubscribe-dismiss" width="10" height="10"
197
- data-id="<?php echo esc_attr($pendingRequest->ID); ?>">
198
  <line x1="0" y1="0" x2="10" y2="10"/>
199
  <line x1="0" y1="10" x2="10" y2="0"/>
200
  </svg>
194
  <!-- i592995 -->
195
  <td class="column-dismiss">
196
  <svg class="unsubscribe-dismiss" width="10" height="10"
197
+ data-id="<?php echo esc_attr($pendingRequest->ID); ?>" data-nonce="<?php echo wp_create_nonce(SPDSGVODismissUnsubscribeAction::getActionName() . '-nonce'); ?>">
198
  <line x1="0" y1="0" x2="10" y2="10"/>
199
  <line x1="0" y1="10" x2="10" y2="0"/>
200
  </svg>
admin/tabs/v3/super-unsubscribe/class-sp-dsgvo-dismiss-unsubscribe-action.php CHANGED
@@ -10,9 +10,9 @@ Class SPDSGVODismissUnsubscribeAction extends SPDSGVOAjaxAction{
10
  $this->checkCSRF();
11
 
12
  $id = $this->get('id');
13
- if (is_numeric()) {
14
  $postType = get_post_type($id );
15
- if ($postType == "subjectaccessrequest") {
16
  wp_delete_post( $id );
17
  }
18
  }
10
  $this->checkCSRF();
11
 
12
  $id = $this->get('id');
13
+ if (is_numeric($id)) {
14
  $postType = get_post_type($id );
15
+ if ($postType == "subjectaccessrequest" || $postType == "spdsgvo_unsubscriber") {
16
  wp_delete_post( $id );
17
  }
18
  }
admin/tabs/v3/super-unsubscribe/page.php CHANGED
@@ -318,7 +318,7 @@ if (isset($_GET['status']) && in_array($_GET['status'], $statuses)) {
318
  <td class="column-dismiss">
319
  <span class="wpk-services-table-name"><?php _e('Dismiss', 'shapepress-dsgvo') ?></span>
320
  <svg class="unsubscribe-dismiss" width="10" height="10"
321
- data-id="<?php echo esc_attr($confirmedRequest->ID); ?>">
322
  <line x1="0" y1="0" x2="10" y2="10"/>
323
  <line x1="0" y1="10" x2="10" y2="0"/>
324
  </svg>
318
  <td class="column-dismiss">
319
  <span class="wpk-services-table-name"><?php _e('Dismiss', 'shapepress-dsgvo') ?></span>
320
  <svg class="unsubscribe-dismiss" width="10" height="10"
321
+ data-id="<?php echo esc_attr($confirmedRequest->ID); ?>" data-nonce="<?php echo wp_create_nonce(SPDSGVODismissUnsubscribeAction::getActionName() . '-nonce'); ?>">
322
  <line x1="0" y1="0" x2="10" y2="10"/>
323
  <line x1="0" y1="10" x2="10" y2="0"/>
324
  </svg>
includes/class-sp-dsgvo-ajax-action.php CHANGED
@@ -177,7 +177,7 @@ abstract class SPDSGVOAjaxAction{
177
  $result = null;
178
 
179
  if(is_array($_REQUEST[$key])){
180
- return $this->recursive_sanitize_text_field($_REQUEST[$key]);
181
  }
182
 
183
  if ($sanitizeMethod != 'wp_kses_scripts') {
@@ -226,23 +226,7 @@ abstract class SPDSGVOAjaxAction{
226
 
227
  }
228
 
229
- /**
230
- * Recursive sanitation for an array
231
- * @param $array
232
- * @return mixed
233
- */
234
- function recursive_sanitize_text_field($array) {
235
- foreach ( $array as $key => &$value ) {
236
- if ( is_array( $value ) ) {
237
- $value = recursive_sanitize_text_field($value);
238
- }
239
- else {
240
- $value = sanitize_text_field( $value );
241
- }
242
- }
243
 
244
- return $array;
245
- }
246
 
247
  public function returnBack(){
248
  if(isset($_SERVER['HTTP_REFERER'])){
177
  $result = null;
178
 
179
  if(is_array($_REQUEST[$key])){
180
+ return spDsgvo_recursive_sanitize_text_field($_REQUEST[$key]);
181
  }
182
 
183
  if ($sanitizeMethod != 'wp_kses_scripts') {
226
 
227
  }
228
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
229
 
 
 
230
 
231
  public function returnBack(){
232
  if(isset($_SERVER['HTTP_REFERER'])){
includes/class-sp-dsgvo-embedding-api-base.php CHANGED
@@ -153,11 +153,14 @@ abstract class SPDSGVOEmbeddingApiBase
153
  if ($cookieDecisionMade == false) return false;
154
 
155
  // the settings are stored in an array like "integration-slug" => '0'
156
- $integrationSettings = json_decode(sanitize_text_field(stripslashes($_COOKIE[SPDSGVOConstants::CCOKIE_NAME])));
157
  // check if it is a class and has the property
158
  if ($integrationSettings instanceof stdClass == false || !property_exists($integrationSettings, 'integrations')) return false;
159
 
160
- $enabledIntegrations = filter_var_array($integrationSettings->integrations,FILTER_SANITIZE_ENCODED);
 
 
 
161
  $integrationSettings = null; // we only need here the array of enabled integrations, which we sanitze and filter in the above lines. the rest gets nulled
162
  if ($enabledIntegrations == false || isset($enabledIntegrations) == false) return false;
163
 
153
  if ($cookieDecisionMade == false) return false;
154
 
155
  // the settings are stored in an array like "integration-slug" => '0'
156
+ $integrationSettings = (json_decode(stripslashes($_COOKIE[SPDSGVOConstants::CCOKIE_NAME])));
157
  // check if it is a class and has the property
158
  if ($integrationSettings instanceof stdClass == false || !property_exists($integrationSettings, 'integrations')) return false;
159
 
160
+ $integrationSettingsArray = (array)$integrationSettings;
161
+ $integrationSettingsArray = spDsgvo_recursive_sanitize_text_field($integrationSettingsArray);
162
+
163
+ $enabledIntegrations = $integrationSettingsArray['integrations'];//filter_var_array($integrationSettings->integrations,FILTER_SANITIZE_ENCODED);
164
  $integrationSettings = null; // we only need here the array of enabled integrations, which we sanitze and filter in the above lines. the rest gets nulled
165
  if ($enabledIntegrations == false || isset($enabledIntegrations) == false) return false;
166
 
includes/class-sp-dsgvo-integration-api-base.php CHANGED
@@ -222,7 +222,7 @@ abstract class SPDSGVOIntegrationApiBase
222
  if ($cookieDecisionMade == false) return false;
223
 
224
  // the settings are stored in an array like "integration-slug" => '0'
225
- $integrationSettings = json_decode(sanitize_text_field(stripslashes($_COOKIE[SPDSGVOConstants::CCOKIE_NAME])));
226
  // check if it is a class and has the property
227
  if ($integrationSettings instanceof stdClass == false || !property_exists($integrationSettings, 'integrations')) return false;
228
 
222
  if ($cookieDecisionMade == false) return false;
223
 
224
  // the settings are stored in an array like "integration-slug" => '0'
225
+ $integrationSettings = sanitize_text_field(json_decode(stripslashes($_COOKIE[SPDSGVOConstants::CCOKIE_NAME])));
226
  // check if it is a class and has the property
227
  if ($integrationSettings instanceof stdClass == false || !property_exists($integrationSettings, 'integrations')) return false;
228
 
includes/helpers.php CHANGED
@@ -236,6 +236,25 @@ if (! function_exists('spDsgvoRemoveScriptTagsFromString')) {
236
  }
237
  }
238
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
239
  if (! function_exists('spDsgvoWriteInput')) {
240
  /**
241
  *
236
  }
237
  }
238
 
239
+ /**
240
+ * Recursive sanitation for an array
241
+ * @param $array
242
+ * @return mixed
243
+ */
244
+ if (! function_exists('spDsgvo_recursive_sanitize_text_field')) {
245
+ function spDsgvo_recursive_sanitize_text_field( $array ) {
246
+ foreach ( $array as $key => &$value ) {
247
+ if ( is_array( $value ) ) {
248
+ $value = spDsgvo_recursive_sanitize_text_field( $value );
249
+ } else {
250
+ $value = sanitize_text_field( $value );
251
+ }
252
+ }
253
+
254
+ return $array;
255
+ }
256
+ }
257
+
258
  if (! function_exists('spDsgvoWriteInput')) {
259
  /**
260
  *
public/shortcodes/subject-access-request/subject-access-request.php CHANGED
@@ -13,7 +13,7 @@ function SPDSGVODownloadMyDataShortcode($atts){
13
 
14
  ob_start();
15
  ?>
16
- <?php if(isset($_REQUEST['result']) && santize_text_field($_REQUEST['result']) === 'success'): ?>
17
 
18
  <p class="sp-dsgvo sar-success-message"><?php _e('Your request has been created','shapepress-dsgvo')?> <br> <?php _e('You will receive an email from us with a current extract of your data stored with us.','shapepress-dsgvo')?></p>
19
 
13
 
14
  ob_start();
15
  ?>
16
+ <?php if(isset($_REQUEST['result']) && (sanitize_text_field($_REQUEST['result'])) === 'success'): ?>
17
 
18
  <p class="sp-dsgvo sar-success-message"><?php _e('Your request has been created','shapepress-dsgvo')?> <br> <?php _e('You will receive an email from us with a current extract of your data stored with us.','shapepress-dsgvo')?></p>
19
 
public/shortcodes/super-unsubscribe/unsubscribe-form.php CHANGED
@@ -14,11 +14,11 @@ function SPDSGVOUnsubscribeShortcode($atts){
14
 
15
  ob_start();
16
  ?>
17
- <?php if(isset($_REQUEST['result']) && santize_text_field($_REQUEST['result']) === 'success'): ?>
18
 
19
  <p class="sp-dsgvo us-success-message"><?php _e('Request sent successfully. You will receive an email in a few minutes.','shapepress-dsgvo')?></p>
20
 
21
- <?php elseif(isset($_REQUEST['result']) && santize_text_field($_REQUEST['result']) === 'confirmed'): ?>
22
 
23
  <p class="sp-dsgvo us-success-message"><?php _e('Request successfully completed. Your data has been completely deleted.','shapepress-dsgvo')?></p>
24
 
14
 
15
  ob_start();
16
  ?>
17
+ <?php if(isset($_REQUEST['result']) && (sanitize_text_field($_REQUEST['result'])) === 'success'): ?>
18
 
19
  <p class="sp-dsgvo us-success-message"><?php _e('Request sent successfully. You will receive an email in a few minutes.','shapepress-dsgvo')?></p>
20
 
21
+ <?php elseif(isset($_REQUEST['result']) && sanitize_text_field($_REQUEST['result']) === 'confirmed'): ?>
22
 
23
  <p class="sp-dsgvo us-success-message"><?php _e('Request successfully completed. Your data has been completely deleted.','shapepress-dsgvo')?></p>
24
 
sp-dsgvo.php CHANGED
@@ -16,7 +16,7 @@
16
  * Plugin Name: WP DSGVO Tools (GDPR)
17
  * Plugin URI: https://legalweb.io
18
  * Description: WP DSGVO Tools (GDPR) help you to fulfill the GDPR (DGSVO) compliance guidance (<a target="_blank" href="https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/">GDPR</a>)
19
- * Version: 3.1.26
20
  * Author: legalweb
21
  * Author URI: https://www.legalweb.io
22
  * License URI: http://www.gnu.org/licenses/gpl-2.0.txt
@@ -28,7 +28,7 @@ if (! defined('WPINC')) {
28
  die();
29
  }
30
 
31
- define('sp_dsgvo_VERSION', '3.1.26');
32
  define('sp_dsgvo_NAME', 'sp-dsgvo');
33
  define('sp_dsgvo_PLUGIN_NAME', 'shapepress-dsgvo');
34
  define('sp_dsgvo_LEGAL_TEXTS_MIN_VERSION', '1579021814');
16
  * Plugin Name: WP DSGVO Tools (GDPR)
17
  * Plugin URI: https://legalweb.io
18
  * Description: WP DSGVO Tools (GDPR) help you to fulfill the GDPR (DGSVO) compliance guidance (<a target="_blank" href="https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/">GDPR</a>)
19
+ * Version: 3.1.27
20
  * Author: legalweb
21
  * Author URI: https://www.legalweb.io
22
  * License URI: http://www.gnu.org/licenses/gpl-2.0.txt
28
  die();
29
  }
30
 
31
+ define('sp_dsgvo_VERSION', '3.1.27');
32
  define('sp_dsgvo_NAME', 'sp-dsgvo');
33
  define('sp_dsgvo_PLUGIN_NAME', 'shapepress-dsgvo');
34
  define('sp_dsgvo_LEGAL_TEXTS_MIN_VERSION', '1579021814');