Version Description
- improved sanitation and escaping
- fixed errors at unsubscribe and subject access request
Download this release
Release Info
Developer | legalweb |
Plugin | WP DSGVO Tools |
Version | 3.1.27 |
Comparing to | |
See all releases |
Code changes from version 3.1.26 to 3.1.27
- README.txt +5 -1
- admin/js/sp-dsgvo-admin.js +4 -2
- admin/tabs/v3/subject-access-request/page.php +1 -1
- admin/tabs/v3/super-unsubscribe/class-sp-dsgvo-dismiss-unsubscribe-action.php +2 -2
- admin/tabs/v3/super-unsubscribe/page.php +1 -1
- includes/class-sp-dsgvo-ajax-action.php +1 -17
- includes/class-sp-dsgvo-embedding-api-base.php +5 -2
- includes/class-sp-dsgvo-integration-api-base.php +1 -1
- includes/helpers.php +19 -0
- public/shortcodes/subject-access-request/subject-access-request.php +1 -1
- public/shortcodes/super-unsubscribe/unsubscribe-form.php +2 -2
- sp-dsgvo.php +2 -2
README.txt
CHANGED
@@ -4,7 +4,7 @@ Donate link: https://legalweb.io
|
|
4 |
Tags: gdpr, dsgvo, datenschutz, privacy, privacy policy, imprint, impressum, wordpress, compliance, privacy, woocommerce, law
|
5 |
Requires at least: 3.0.1
|
6 |
Tested up to: 5.8.1
|
7 |
-
Stable tag: 3.1.
|
8 |
Requires PHP: 5.6.0
|
9 |
License: GPLv2 or later
|
10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
@@ -203,6 +203,10 @@ Just install via WordPress plugin feature or upload zip and activate it.
|
|
203 |
|
204 |
|
205 |
== Changelog ==
|
|
|
|
|
|
|
|
|
206 |
= 3.1.26 =
|
207 |
* improved sanitation and escaping
|
208 |
|
4 |
Tags: gdpr, dsgvo, datenschutz, privacy, privacy policy, imprint, impressum, wordpress, compliance, privacy, woocommerce, law
|
5 |
Requires at least: 3.0.1
|
6 |
Tested up to: 5.8.1
|
7 |
+
Stable tag: 3.1.27
|
8 |
Requires PHP: 5.6.0
|
9 |
License: GPLv2 or later
|
10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
203 |
|
204 |
|
205 |
== Changelog ==
|
206 |
+
= 3.1.27 =
|
207 |
+
* improved sanitation and escaping
|
208 |
+
* fixed errors at unsubscribe and subject access request
|
209 |
+
|
210 |
= 3.1.26 =
|
211 |
* improved sanitation and escaping
|
212 |
|
admin/js/sp-dsgvo-admin.js
CHANGED
@@ -47,13 +47,15 @@ var spDsgvoActiveAdminSubmenu = '';
|
|
47 |
|
48 |
$('.unsubscribe-dismiss').on('click tap', function() {
|
49 |
var $this = $(this),
|
50 |
-
id = $this.attr('data-id')
|
|
|
51 |
|
52 |
if(confirm(args.dismiss_confirm)) {
|
53 |
$this.parent().parent().fadeOut(500);
|
54 |
$.post( args.ajaxurl, {
|
55 |
action: 'admin-dismiss-unsubscribe',
|
56 |
-
id: id
|
|
|
57 |
},
|
58 |
function( data ) {
|
59 |
} );
|
47 |
|
48 |
$('.unsubscribe-dismiss').on('click tap', function() {
|
49 |
var $this = $(this),
|
50 |
+
id = $this.attr('data-id'),
|
51 |
+
wpnonce = $this.attr('data-nonce');
|
52 |
|
53 |
if(confirm(args.dismiss_confirm)) {
|
54 |
$this.parent().parent().fadeOut(500);
|
55 |
$.post( args.ajaxurl, {
|
56 |
action: 'admin-dismiss-unsubscribe',
|
57 |
+
id: id,
|
58 |
+
_wpnonce: wpnonce
|
59 |
},
|
60 |
function( data ) {
|
61 |
} );
|
admin/tabs/v3/subject-access-request/page.php
CHANGED
@@ -194,7 +194,7 @@ $hasValidLicense = isValidPremiumEdition() || isValidBlogEdition();
|
|
194 |
<!-- i592995 -->
|
195 |
<td class="column-dismiss">
|
196 |
<svg class="unsubscribe-dismiss" width="10" height="10"
|
197 |
-
data-id="<?php echo esc_attr($pendingRequest->ID); ?>">
|
198 |
<line x1="0" y1="0" x2="10" y2="10"/>
|
199 |
<line x1="0" y1="10" x2="10" y2="0"/>
|
200 |
</svg>
|
194 |
<!-- i592995 -->
|
195 |
<td class="column-dismiss">
|
196 |
<svg class="unsubscribe-dismiss" width="10" height="10"
|
197 |
+
data-id="<?php echo esc_attr($pendingRequest->ID); ?>" data-nonce="<?php echo wp_create_nonce(SPDSGVODismissUnsubscribeAction::getActionName() . '-nonce'); ?>">
|
198 |
<line x1="0" y1="0" x2="10" y2="10"/>
|
199 |
<line x1="0" y1="10" x2="10" y2="0"/>
|
200 |
</svg>
|
admin/tabs/v3/super-unsubscribe/class-sp-dsgvo-dismiss-unsubscribe-action.php
CHANGED
@@ -10,9 +10,9 @@ Class SPDSGVODismissUnsubscribeAction extends SPDSGVOAjaxAction{
|
|
10 |
$this->checkCSRF();
|
11 |
|
12 |
$id = $this->get('id');
|
13 |
-
if (is_numeric()) {
|
14 |
$postType = get_post_type($id );
|
15 |
-
if ($postType == "subjectaccessrequest") {
|
16 |
wp_delete_post( $id );
|
17 |
}
|
18 |
}
|
10 |
$this->checkCSRF();
|
11 |
|
12 |
$id = $this->get('id');
|
13 |
+
if (is_numeric($id)) {
|
14 |
$postType = get_post_type($id );
|
15 |
+
if ($postType == "subjectaccessrequest" || $postType == "spdsgvo_unsubscriber") {
|
16 |
wp_delete_post( $id );
|
17 |
}
|
18 |
}
|
admin/tabs/v3/super-unsubscribe/page.php
CHANGED
@@ -318,7 +318,7 @@ if (isset($_GET['status']) && in_array($_GET['status'], $statuses)) {
|
|
318 |
<td class="column-dismiss">
|
319 |
<span class="wpk-services-table-name"><?php _e('Dismiss', 'shapepress-dsgvo') ?></span>
|
320 |
<svg class="unsubscribe-dismiss" width="10" height="10"
|
321 |
-
data-id="<?php echo esc_attr($confirmedRequest->ID); ?>">
|
322 |
<line x1="0" y1="0" x2="10" y2="10"/>
|
323 |
<line x1="0" y1="10" x2="10" y2="0"/>
|
324 |
</svg>
|
318 |
<td class="column-dismiss">
|
319 |
<span class="wpk-services-table-name"><?php _e('Dismiss', 'shapepress-dsgvo') ?></span>
|
320 |
<svg class="unsubscribe-dismiss" width="10" height="10"
|
321 |
+
data-id="<?php echo esc_attr($confirmedRequest->ID); ?>" data-nonce="<?php echo wp_create_nonce(SPDSGVODismissUnsubscribeAction::getActionName() . '-nonce'); ?>">
|
322 |
<line x1="0" y1="0" x2="10" y2="10"/>
|
323 |
<line x1="0" y1="10" x2="10" y2="0"/>
|
324 |
</svg>
|
includes/class-sp-dsgvo-ajax-action.php
CHANGED
@@ -177,7 +177,7 @@ abstract class SPDSGVOAjaxAction{
|
|
177 |
$result = null;
|
178 |
|
179 |
if(is_array($_REQUEST[$key])){
|
180 |
-
return
|
181 |
}
|
182 |
|
183 |
if ($sanitizeMethod != 'wp_kses_scripts') {
|
@@ -226,23 +226,7 @@ abstract class SPDSGVOAjaxAction{
|
|
226 |
|
227 |
}
|
228 |
|
229 |
-
/**
|
230 |
-
* Recursive sanitation for an array
|
231 |
-
* @param $array
|
232 |
-
* @return mixed
|
233 |
-
*/
|
234 |
-
function recursive_sanitize_text_field($array) {
|
235 |
-
foreach ( $array as $key => &$value ) {
|
236 |
-
if ( is_array( $value ) ) {
|
237 |
-
$value = recursive_sanitize_text_field($value);
|
238 |
-
}
|
239 |
-
else {
|
240 |
-
$value = sanitize_text_field( $value );
|
241 |
-
}
|
242 |
-
}
|
243 |
|
244 |
-
return $array;
|
245 |
-
}
|
246 |
|
247 |
public function returnBack(){
|
248 |
if(isset($_SERVER['HTTP_REFERER'])){
|
177 |
$result = null;
|
178 |
|
179 |
if(is_array($_REQUEST[$key])){
|
180 |
+
return spDsgvo_recursive_sanitize_text_field($_REQUEST[$key]);
|
181 |
}
|
182 |
|
183 |
if ($sanitizeMethod != 'wp_kses_scripts') {
|
226 |
|
227 |
}
|
228 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
229 |
|
|
|
|
|
230 |
|
231 |
public function returnBack(){
|
232 |
if(isset($_SERVER['HTTP_REFERER'])){
|
includes/class-sp-dsgvo-embedding-api-base.php
CHANGED
@@ -153,11 +153,14 @@ abstract class SPDSGVOEmbeddingApiBase
|
|
153 |
if ($cookieDecisionMade == false) return false;
|
154 |
|
155 |
// the settings are stored in an array like "integration-slug" => '0'
|
156 |
-
$integrationSettings = json_decode(
|
157 |
// check if it is a class and has the property
|
158 |
if ($integrationSettings instanceof stdClass == false || !property_exists($integrationSettings, 'integrations')) return false;
|
159 |
|
160 |
-
$
|
|
|
|
|
|
|
161 |
$integrationSettings = null; // we only need here the array of enabled integrations, which we sanitze and filter in the above lines. the rest gets nulled
|
162 |
if ($enabledIntegrations == false || isset($enabledIntegrations) == false) return false;
|
163 |
|
153 |
if ($cookieDecisionMade == false) return false;
|
154 |
|
155 |
// the settings are stored in an array like "integration-slug" => '0'
|
156 |
+
$integrationSettings = (json_decode(stripslashes($_COOKIE[SPDSGVOConstants::CCOKIE_NAME])));
|
157 |
// check if it is a class and has the property
|
158 |
if ($integrationSettings instanceof stdClass == false || !property_exists($integrationSettings, 'integrations')) return false;
|
159 |
|
160 |
+
$integrationSettingsArray = (array)$integrationSettings;
|
161 |
+
$integrationSettingsArray = spDsgvo_recursive_sanitize_text_field($integrationSettingsArray);
|
162 |
+
|
163 |
+
$enabledIntegrations = $integrationSettingsArray['integrations'];//filter_var_array($integrationSettings->integrations,FILTER_SANITIZE_ENCODED);
|
164 |
$integrationSettings = null; // we only need here the array of enabled integrations, which we sanitze and filter in the above lines. the rest gets nulled
|
165 |
if ($enabledIntegrations == false || isset($enabledIntegrations) == false) return false;
|
166 |
|
includes/class-sp-dsgvo-integration-api-base.php
CHANGED
@@ -222,7 +222,7 @@ abstract class SPDSGVOIntegrationApiBase
|
|
222 |
if ($cookieDecisionMade == false) return false;
|
223 |
|
224 |
// the settings are stored in an array like "integration-slug" => '0'
|
225 |
-
$integrationSettings = json_decode(
|
226 |
// check if it is a class and has the property
|
227 |
if ($integrationSettings instanceof stdClass == false || !property_exists($integrationSettings, 'integrations')) return false;
|
228 |
|
222 |
if ($cookieDecisionMade == false) return false;
|
223 |
|
224 |
// the settings are stored in an array like "integration-slug" => '0'
|
225 |
+
$integrationSettings = sanitize_text_field(json_decode(stripslashes($_COOKIE[SPDSGVOConstants::CCOKIE_NAME])));
|
226 |
// check if it is a class and has the property
|
227 |
if ($integrationSettings instanceof stdClass == false || !property_exists($integrationSettings, 'integrations')) return false;
|
228 |
|
includes/helpers.php
CHANGED
@@ -236,6 +236,25 @@ if (! function_exists('spDsgvoRemoveScriptTagsFromString')) {
|
|
236 |
}
|
237 |
}
|
238 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
239 |
if (! function_exists('spDsgvoWriteInput')) {
|
240 |
/**
|
241 |
*
|
236 |
}
|
237 |
}
|
238 |
|
239 |
+
/**
|
240 |
+
* Recursive sanitation for an array
|
241 |
+
* @param $array
|
242 |
+
* @return mixed
|
243 |
+
*/
|
244 |
+
if (! function_exists('spDsgvo_recursive_sanitize_text_field')) {
|
245 |
+
function spDsgvo_recursive_sanitize_text_field( $array ) {
|
246 |
+
foreach ( $array as $key => &$value ) {
|
247 |
+
if ( is_array( $value ) ) {
|
248 |
+
$value = spDsgvo_recursive_sanitize_text_field( $value );
|
249 |
+
} else {
|
250 |
+
$value = sanitize_text_field( $value );
|
251 |
+
}
|
252 |
+
}
|
253 |
+
|
254 |
+
return $array;
|
255 |
+
}
|
256 |
+
}
|
257 |
+
|
258 |
if (! function_exists('spDsgvoWriteInput')) {
|
259 |
/**
|
260 |
*
|
public/shortcodes/subject-access-request/subject-access-request.php
CHANGED
@@ -13,7 +13,7 @@ function SPDSGVODownloadMyDataShortcode($atts){
|
|
13 |
|
14 |
ob_start();
|
15 |
?>
|
16 |
-
<?php if(isset($_REQUEST['result']) &&
|
17 |
|
18 |
<p class="sp-dsgvo sar-success-message"><?php _e('Your request has been created','shapepress-dsgvo')?> <br> <?php _e('You will receive an email from us with a current extract of your data stored with us.','shapepress-dsgvo')?></p>
|
19 |
|
13 |
|
14 |
ob_start();
|
15 |
?>
|
16 |
+
<?php if(isset($_REQUEST['result']) && (sanitize_text_field($_REQUEST['result'])) === 'success'): ?>
|
17 |
|
18 |
<p class="sp-dsgvo sar-success-message"><?php _e('Your request has been created','shapepress-dsgvo')?> <br> <?php _e('You will receive an email from us with a current extract of your data stored with us.','shapepress-dsgvo')?></p>
|
19 |
|
public/shortcodes/super-unsubscribe/unsubscribe-form.php
CHANGED
@@ -14,11 +14,11 @@ function SPDSGVOUnsubscribeShortcode($atts){
|
|
14 |
|
15 |
ob_start();
|
16 |
?>
|
17 |
-
<?php if(isset($_REQUEST['result']) &&
|
18 |
|
19 |
<p class="sp-dsgvo us-success-message"><?php _e('Request sent successfully. You will receive an email in a few minutes.','shapepress-dsgvo')?></p>
|
20 |
|
21 |
-
<?php elseif(isset($_REQUEST['result']) &&
|
22 |
|
23 |
<p class="sp-dsgvo us-success-message"><?php _e('Request successfully completed. Your data has been completely deleted.','shapepress-dsgvo')?></p>
|
24 |
|
14 |
|
15 |
ob_start();
|
16 |
?>
|
17 |
+
<?php if(isset($_REQUEST['result']) && (sanitize_text_field($_REQUEST['result'])) === 'success'): ?>
|
18 |
|
19 |
<p class="sp-dsgvo us-success-message"><?php _e('Request sent successfully. You will receive an email in a few minutes.','shapepress-dsgvo')?></p>
|
20 |
|
21 |
+
<?php elseif(isset($_REQUEST['result']) && sanitize_text_field($_REQUEST['result']) === 'confirmed'): ?>
|
22 |
|
23 |
<p class="sp-dsgvo us-success-message"><?php _e('Request successfully completed. Your data has been completely deleted.','shapepress-dsgvo')?></p>
|
24 |
|
sp-dsgvo.php
CHANGED
@@ -16,7 +16,7 @@
|
|
16 |
* Plugin Name: WP DSGVO Tools (GDPR)
|
17 |
* Plugin URI: https://legalweb.io
|
18 |
* Description: WP DSGVO Tools (GDPR) help you to fulfill the GDPR (DGSVO) compliance guidance (<a target="_blank" href="https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/">GDPR</a>)
|
19 |
-
* Version: 3.1.
|
20 |
* Author: legalweb
|
21 |
* Author URI: https://www.legalweb.io
|
22 |
* License URI: http://www.gnu.org/licenses/gpl-2.0.txt
|
@@ -28,7 +28,7 @@ if (! defined('WPINC')) {
|
|
28 |
die();
|
29 |
}
|
30 |
|
31 |
-
define('sp_dsgvo_VERSION', '3.1.
|
32 |
define('sp_dsgvo_NAME', 'sp-dsgvo');
|
33 |
define('sp_dsgvo_PLUGIN_NAME', 'shapepress-dsgvo');
|
34 |
define('sp_dsgvo_LEGAL_TEXTS_MIN_VERSION', '1579021814');
|
16 |
* Plugin Name: WP DSGVO Tools (GDPR)
|
17 |
* Plugin URI: https://legalweb.io
|
18 |
* Description: WP DSGVO Tools (GDPR) help you to fulfill the GDPR (DGSVO) compliance guidance (<a target="_blank" href="https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/">GDPR</a>)
|
19 |
+
* Version: 3.1.27
|
20 |
* Author: legalweb
|
21 |
* Author URI: https://www.legalweb.io
|
22 |
* License URI: http://www.gnu.org/licenses/gpl-2.0.txt
|
28 |
die();
|
29 |
}
|
30 |
|
31 |
+
define('sp_dsgvo_VERSION', '3.1.27');
|
32 |
define('sp_dsgvo_NAME', 'sp-dsgvo');
|
33 |
define('sp_dsgvo_PLUGIN_NAME', 'shapepress-dsgvo');
|
34 |
define('sp_dsgvo_LEGAL_TEXTS_MIN_VERSION', '1579021814');
|