Tracking Code Manager - Version 2.0.7

Version Description

Release Date - 2022-6-28

  • IWP-435 Expanded input sanitization to users request headers
Download this release

Release Info

Developer data443
Plugin Icon 128x128 Tracking Code Manager
Version 2.0.7
Comparing to
See all releases

Code changes from version 2.0.6 to 2.0.7

Files changed (6) hide show
  1. includes/admin/manager.php +0 -30
  2. includes/classes/core/Manager.php +1 -1
  3. includes/classes/utils/Options.php +3 -0
  4. includes/classes/utils/Utils.php +5 -1
  5. index.php +2 -2
  6. readme.txt +7 -2
includes/admin/manager.php CHANGED
@@ -1,34 +1,4 @@
1
  <?php
2
- //column renderer
3
- function tcmp_ui_manager_column($active, $values=NULL, $hide=FALSE) {
4
- global $tcmp;
5
- ?>
6
- <td style="text-align:center;">
7
- <?php
8
- if($hide) {
9
- $text='-';
10
- } else {
11
- if($active) {
12
- $text='<span style="font-weight:bold; color:green">'.$tcmp->Lang->L('Yes').'</span>';
13
- } else {
14
- $text='<span style="font-weight:bold; color:red">'.$tcmp->Lang->L('No').'</span>';
15
- }
16
- if($active && $values) {
17
- if(!is_array($values)) {
18
- $text.='&nbsp;{'.$values.'}';
19
- } elseif(count($values)>0) {
20
- $what=implode(',', $values);
21
- if($what!='') {
22
- $text.='&nbsp;['.$what.']';
23
- }
24
- }
25
- }
26
- }
27
- echo $text;
28
- ?>
29
- </td>
30
- <?php
31
- }
32
 
33
  function tcmp_ui_manager() {
34
  global $tcmp;
1
  <?php
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2
 
3
  function tcmp_ui_manager() {
4
  global $tcmp;
includes/classes/core/Manager.php CHANGED
@@ -423,7 +423,7 @@ class TCMP_Manager {
423
  }
424
  $text=$buffer;
425
  }
426
- echo $text;
427
  }
428
  }
429
 
423
  }
424
  $text=$buffer;
425
  }
426
+ echo $text; // this string is built from known script code and trying to sanitize it will break the plugin
427
  }
428
  }
429
 
includes/classes/utils/Options.php CHANGED
@@ -323,8 +323,11 @@ class TCMP_Options {
323
  $this->setRequest($type.'Messages', $array);
324
  }
325
  private function writeGenericMessages($type, $clean=TRUE) {
 
326
  $result=FALSE;
327
  $array=$this->getRequest($type.'Messages', array());
 
 
328
  if(is_array($array) && count($array)>0) {
329
  $result=TRUE;
330
  ?>
323
  $this->setRequest($type.'Messages', $array);
324
  }
325
  private function writeGenericMessages($type, $clean=TRUE) {
326
+ $type = sanitize_text_field($type);
327
  $result=FALSE;
328
  $array=$this->getRequest($type.'Messages', array());
329
+ // These messages are built by the plugin and have been already sanitized.
330
+ // Trying to sanitize them again will break plugin functionality since some of the messages contain html.
331
  if(is_array($array) && count($array)>0) {
332
  $result=TRUE;
333
  ?>
includes/classes/utils/Utils.php CHANGED
@@ -2488,12 +2488,16 @@ class TCMP_Utils {
2488
  } else {
2489
  $ip=$_SERVER['REMOTE_ADDR'];
2490
  }
 
 
 
 
2491
  return $ip;
2492
  }
2493
  public function getVisitorUserAgent() {
2494
  $result='';
2495
  if(isset($_SERVER['HTTP_USER_AGENT'])) {
2496
- $result=$_SERVER['HTTP_USER_AGENT'];
2497
  }
2498
  return $result;
2499
  }
2488
  } else {
2489
  $ip=$_SERVER['REMOTE_ADDR'];
2490
  }
2491
+ $ip = sanitize_text_field($ip);
2492
+ if (!filter_var($ip, FILTER_VALIDATE_IP)) {
2493
+ $ip = '';
2494
+ }
2495
  return $ip;
2496
  }
2497
  public function getVisitorUserAgent() {
2498
  $result='';
2499
  if(isset($_SERVER['HTTP_USER_AGENT'])) {
2500
+ $result = sanitize_text_field($_SERVER['HTTP_USER_AGENT']);
2501
  }
2502
  return $result;
2503
  }
index.php CHANGED
@@ -6,7 +6,7 @@ Description: A plugin to manage ALL your tracking code and conversion pixels, si
6
  Author: Data443
7
  Author URI: https://data443.com/
8
  Email: info@intellywp.com
9
- Version: 2.0.6
10
  Requires at least: 3.6.0
11
  Requires PHP: 5.6
12
  */
@@ -26,7 +26,7 @@ define('TCMP_PLUGIN_PREFIX', 'TCMP_');
26
  define('TCMP_PLUGIN_FILE',__FILE__);
27
  define('TCMP_PLUGIN_SLUG', 'tracking-code-manager');
28
  define('TCMP_PLUGIN_NAME', 'Tracking Code Manager');
29
- define('TCMP_PLUGIN_VERSION', '2.0.6');
30
  define('TCMP_PLUGIN_AUTHOR', 'IntellyWP');
31
 
32
  define('TCMP_PLUGIN_DIR', dirname(__FILE__).'/');
6
  Author: Data443
7
  Author URI: https://data443.com/
8
  Email: info@intellywp.com
9
+ Version: 2.0.7
10
  Requires at least: 3.6.0
11
  Requires PHP: 5.6
12
  */
26
  define('TCMP_PLUGIN_FILE',__FILE__);
27
  define('TCMP_PLUGIN_SLUG', 'tracking-code-manager');
28
  define('TCMP_PLUGIN_NAME', 'Tracking Code Manager');
29
+ define('TCMP_PLUGIN_VERSION', '2.0.7');
30
  define('TCMP_PLUGIN_AUTHOR', 'IntellyWP');
31
 
32
  define('TCMP_PLUGIN_DIR', dirname(__FILE__).'/');
readme.txt CHANGED
@@ -2,7 +2,7 @@
2
  Contributors: IntellyWP, Data443
3
  Tags: adwords remarketing, analytics conversion tracking, conversion pixel, conversion tracking, conversion tracking adwords, conversion tracking pixel, conversion tracking script,Facebook Ads, facebook conversion pixel, facebook custom audience, facebook retargeting, google adwords, google analytics web tracking code, google tag manager, html snippet, html snippets, html tracking code, javascript snippet, javascript snippets, header and footer, pay per click tracking, pixel tracking code, remarketing, retargeting, snippets, Tag Management, track conversion, track conversions, tracking code, tracking codes, tracking script, woocommerce, edd, easy digital downloads, wp ecommerce, wp e-commerce
4
  Requires at least: 2.7
5
- Tested up to: 5.9
6
 
7
  A plugin to manage ALL of your tracking code and conversion pixels. Compatible with Facebook Ads, Google Adwords, WooCommerce, Easy Digital Downloads, ..
8
 
@@ -109,7 +109,12 @@ Have a look at the source code of your page (search for: Tracking Code Manager)
109
 
110
  For detailed release notes, see our documentation here: [https://intellywp.com/docs/category/tracking-code-manager/](https://intellywp.com/docs/category/tracking-code-manager/).
111
 
112
- = 2.0.6 =
 
 
 
 
 
113
  *Release Date - 2022-4-7*
114
 
115
  * IWP-419 Fix conflict with WP Super Cache
2
  Contributors: IntellyWP, Data443
3
  Tags: adwords remarketing, analytics conversion tracking, conversion pixel, conversion tracking, conversion tracking adwords, conversion tracking pixel, conversion tracking script,Facebook Ads, facebook conversion pixel, facebook custom audience, facebook retargeting, google adwords, google analytics web tracking code, google tag manager, html snippet, html snippets, html tracking code, javascript snippet, javascript snippets, header and footer, pay per click tracking, pixel tracking code, remarketing, retargeting, snippets, Tag Management, track conversion, track conversions, tracking code, tracking codes, tracking script, woocommerce, edd, easy digital downloads, wp ecommerce, wp e-commerce
4
  Requires at least: 2.7
5
+ Tested up to: 6.0
6
 
7
  A plugin to manage ALL of your tracking code and conversion pixels. Compatible with Facebook Ads, Google Adwords, WooCommerce, Easy Digital Downloads, ..
8
 
109
 
110
  For detailed release notes, see our documentation here: [https://intellywp.com/docs/category/tracking-code-manager/](https://intellywp.com/docs/category/tracking-code-manager/).
111
 
112
+ = 2.0.7 =
113
+ *Release Date - 2022-6-28*
114
+
115
+ * IWP-435 Expanded input sanitization to user’s request headers
116
+
117
+ = 2.0.6 =
118
  *Release Date - 2022-4-7*
119
 
120
  * IWP-419 Fix conflict with WP Super Cache