WP GDPR Compliance - Version 2.0.12

Version Description

Release date: 31st March 2022 * Improved code quality of the plugin * More Security improvements.

Download this release

Release Info

Developer merlijnvanlent
Plugin Icon 128x128 WP GDPR Compliance
Version 2.0.12
Comparing to
See all releases

Code changes from version 2.0.11 to 2.0.12

Files changed (17) hide show
  1. Templates/Admin/Elements/notice-fancy.php +2 -2
  2. Templates/Admin/Pages/Processors/item.php +1 -1
  3. Utils/AdminHelper.php +29 -0
  4. Utils/FormHandler.php +1 -1
  5. Utils/Helper.php +4 -2
  6. Utils/Integration.php +8 -4
  7. Utils/IpAddress.php +8 -8
  8. Utils/Redirect.php +2 -0
  9. Utils/Session.php +0 -15
  10. WordPress/Admin/Actions.php +2 -2
  11. WordPress/Ajax/AbstractAjax.php +10 -2
  12. WordPress/Ajax/UpdateIntegration.php +14 -0
  13. WordPress/Front.php +1 -1
  14. WordPress/Settings.php +1 -1
  15. WordPress/Shortcodes/RequestAccessForm.php +1 -1
  16. readme.txt +5 -0
  17. wp-gdpr-compliance.php +2 -2
Templates/Admin/Elements/notice-fancy.php CHANGED
@@ -23,10 +23,10 @@ if ( $type === 'wizard' ) {
23
  <div class="wpgdprc-message__container">
24
  <div class="wpgdprc-message__content">
25
  <h3 class="wpgdprc-message__title h3"><?php echo esc_html( $title ); ?></h3>
26
- <p class="wpgdprc-message__text"><?php echo $text; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?></p>
27
  </div>
28
  <div class="wpgdprc-message__icon">
29
- <?php echo $icon; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
30
  </div>
31
  </div>
32
  <div class="wpgdprc-message__action">
23
  <div class="wpgdprc-message__container">
24
  <div class="wpgdprc-message__content">
25
  <h3 class="wpgdprc-message__title h3"><?php echo esc_html( $title ); ?></h3>
26
+ <p class="wpgdprc-message__text"><?php echo wp_kses_post($text); ?></p>
27
  </div>
28
  <div class="wpgdprc-message__icon">
29
+ <?php echo wp_kses($icon, \WPGDPRC\Utils\AdminHelper::getAllowedSvgTags()); ?>
30
  </div>
31
  </div>
32
  <div class="wpgdprc-message__action">
Templates/Admin/Pages/Processors/item.php CHANGED
@@ -29,7 +29,7 @@ if ( $stamp < 0 ) {
29
  <span class="wpgdprc-banner-item__edited">
30
  <?php
31
  /* translators: %1s: date */
32
- echo esc_html( printf( _x( '(Last edited on %1s)', 'admin', 'wp-gdpr-compliance' ), $date ) );
33
  ?>
34
  </span>
35
  </div>
29
  <span class="wpgdprc-banner-item__edited">
30
  <?php
31
  /* translators: %1s: date */
32
+ echo esc_html( sprintf( _x( '(Last edited on %1s)', 'admin', 'wp-gdpr-compliance' ), $date ) );
33
  ?>
34
  </span>
35
  </div>
Utils/AdminHelper.php CHANGED
@@ -301,6 +301,10 @@ class AdminHelper {
301
  'h2' => [],
302
  'p' => [],
303
  'ol' => [],
 
 
 
 
304
  ];
305
  break;
306
  }
@@ -308,6 +312,31 @@ class AdminHelper {
308
  return apply_filters( Plugin::PREFIX . '_allowed_html_tags', $output, $plugin );
309
  }
310
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
311
  /**
312
  * Check if the user can manage plugin settings
313
  *
301
  'h2' => [],
302
  'p' => [],
303
  'ol' => [],
304
+ 'abbr' => [
305
+ 'class' => [],
306
+ 'title' => []
307
+ ]
308
  ];
309
  break;
310
  }
312
  return apply_filters( Plugin::PREFIX . '_allowed_html_tags', $output, $plugin );
313
  }
314
 
315
+ /*
316
+ * @return \bool[][]
317
+ */
318
+ public static function getAllowedSvgTags(): array
319
+ {
320
+ return [
321
+ 'svg' => [
322
+ 'class' => true,
323
+ 'aria-hidden' => true,
324
+ 'aria-labelledby' => true,
325
+ 'role' => true,
326
+ 'xmlns' => true,
327
+ 'width' => true,
328
+ 'height' => true,
329
+ 'viewbox' => true,
330
+ ],
331
+ 'g' => ['fill' => true],
332
+ 'title' => ['title' => true],
333
+ 'path' => [
334
+ 'd' => true,
335
+ 'fill' => true,
336
+ ],
337
+ ];
338
+ }
339
+
340
  /**
341
  * Check if the user can manage plugin settings
342
  *
Utils/FormHandler.php CHANGED
@@ -87,7 +87,7 @@ class FormHandler {
87
  */
88
  public static function consentEditFormRedirect( $args = [] ) {
89
  // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- only url is hardcoded
90
- echo '<script>location.href = "' . esc_url( add_query_arg( $args, PageDashboard::getTabUrl( PageDashboard::TAB_PROCESSORS ) ) ) . '";</script>';
91
  die();
92
  }
93
  }
87
  */
88
  public static function consentEditFormRedirect( $args = [] ) {
89
  // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- only url is hardcoded
90
+ echo '<script>debugger;location.href = "' . filter_var( add_query_arg( $args, PageDashboard::getTabUrl( PageDashboard::TAB_PROCESSORS ) ), FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED ) . '";</script>';
91
  die();
92
  }
93
  }
Utils/Helper.php CHANGED
@@ -44,8 +44,10 @@ class Helper {
44
  public static function getCurrentUrl(): string {
45
  if ( isset( $_SERVER['HTTP_HOST'] ) ) {
46
  $protocol = ( isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http' );
47
- $host = sanitize_url( wp_unslash( $_SERVER['HTTP_HOST'] ?? '' ) ); // phpcs:ignore
48
- $uri = sanitize_url( wp_unslash( $_SERVER['REQUEST_URI'] ?? '' ) ); // phpcs:ignore
 
 
49
  return $protocol . '://' . $host . $uri;
50
  }
51
 
44
  public static function getCurrentUrl(): string {
45
  if ( isset( $_SERVER['HTTP_HOST'] ) ) {
46
  $protocol = ( isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http' );
47
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- is sanitzed.
48
+ $host = sanitize_url( wp_unslash( $_SERVER['HTTP_HOST'] ?? '' ) );
49
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- is sanitzed.
50
+ $uri = sanitize_url( wp_unslash( $_SERVER['REQUEST_URI'] ?? '' ) );
51
  return $protocol . '://' . $host . $uri;
52
  }
53
 
Utils/Integration.php CHANGED
@@ -160,10 +160,14 @@ class Integration {
160
 
161
  $settings[ $type ] = ! empty( $_POST[ $option ] ) ? 1 : 0;
162
  if ( ! empty( $integration->getSelectForm() ) ) {
 
 
 
 
163
  $result = [];
164
- if ( isset( $_POST[ $option . '_' . static::KEY_FORMS ] ) && is_iterable( $_POST[ $option . '_' . static::KEY_FORMS ] ) ) {
165
  // is an array
166
- foreach ( $_POST[ $option . '_' . static::KEY_FORMS ] as $id => $set ) { // phpcs:ignore
167
  if ( !empty( $set ) ) {
168
  $result[] = $id;
169
  }
@@ -176,13 +180,13 @@ class Integration {
176
  if ( empty( $integration->getSelectForm() ) ) {
177
  $settings[ $type . '_' . $key ] = isset( $_POST[ $option . '_' . $key ] ) ? sanitize_text_field( wp_unslash( $_POST[ $option . '_' . $key ] ) ) : $value;
178
  } else {
179
- $settings[ $type . '_' . $key ] = isset( $_POST[ $option . '_' . $key ] ) ? Helper::sanitizeStringArray( $_POST[ $option . '_' . $key ] ) : [ $value ]; // phpcs:ignore
180
  }
181
  }
182
 
183
  // check activation/disabling of integration
184
  if ( ! empty( $_POST[ $group ] ) && is_iterable($_POST[ $group ]) ) {
185
- foreach ( $_POST[ $group ] as $key => $integration ) { // phpcs:ignore
186
  $settings[ key( $integration ) ] = $key == 'disable' ? '0' : '1';
187
  }
188
  }
160
 
161
  $settings[ $type ] = ! empty( $_POST[ $option ] ) ? 1 : 0;
162
  if ( ! empty( $integration->getSelectForm() ) ) {
163
+ $key = $option . '_' . static::KEY_FORMS;
164
+ $data = wp_unslash($_POST);
165
+ $value = $data[$key] ?? null;
166
+
167
  $result = [];
168
+ if ( is_iterable( $value ) ) {
169
  // is an array
170
+ foreach ( $value as $id => $set ) {
171
  if ( !empty( $set ) ) {
172
  $result[] = $id;
173
  }
180
  if ( empty( $integration->getSelectForm() ) ) {
181
  $settings[ $type . '_' . $key ] = isset( $_POST[ $option . '_' . $key ] ) ? sanitize_text_field( wp_unslash( $_POST[ $option . '_' . $key ] ) ) : $value;
182
  } else {
183
+ $settings[ $type . '_' . $key ] = isset( $_POST[ $option . '_' . $key ] ) ? Helper::sanitizeStringArray( $_POST[ $option . '_' . $key ] ) : [ $value ]; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,WordPress.Security.ValidatedSanitizedInput.MissingUnslash
184
  }
185
  }
186
 
187
  // check activation/disabling of integration
188
  if ( ! empty( $_POST[ $group ] ) && is_iterable($_POST[ $group ]) ) {
189
+ foreach ( $_POST[ $group ] as $key => $integration ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,WordPress.Security.ValidatedSanitizedInput.MissingUnslash
190
  $settings[ key( $integration ) ] = $key == 'disable' ? '0' : '1';
191
  }
192
  }
Utils/IpAddress.php CHANGED
@@ -62,17 +62,17 @@ class IpAddress {
62
  */
63
  public static function getClientIp() {
64
  // Check for shared internet/ISP IP
65
- $httpClientIp = sanitize_url( wp_unslash( $_SERVER['HTTP_CLIENT_IP'] ?? '' ) ); // phpcs:ignore
66
  if ( ! empty( $httpClientIp ) && self::validateIp( $httpClientIp ) ) {
67
  return $httpClientIp;
68
  }
69
 
70
  // Check for IPs passing through proxies
71
- $httpXForwardedFor = sanitize_url( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ?? '' ) ); // phpcs:ignore
72
  if ( ! empty( $httpXForwardedFor ) ) {
73
  // Check if multiple ips exist in var
74
  if ( strpos( $httpXForwardedFor, ',' ) !== false ) {
75
- $listOfIpAddresses = explode( ',', sanitize_url( wp_unslash( $httpXForwardedFor ?? '' ) ) ); // phpcs:ignore
76
  foreach ( $listOfIpAddresses as $ipAddress ) {
77
  $ipAddress = trim( $ipAddress );
78
  if ( self::validateIp( $ipAddress ) ) {
@@ -84,28 +84,28 @@ class IpAddress {
84
  }
85
  }
86
 
87
- $httpXForwarded = sanitize_url( wp_unslash( $_SERVER['HTTP_X_FORWARDED'] ?? '' ) ); // phpcs:ignore
88
  if ( ! empty( $httpXForwarded ) && self::validateIp( $httpXForwarded ) ) {
89
  return $httpXForwarded;
90
  }
91
 
92
- $httpXClusterClientIp = sanitize_url( wp_unslash( $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] ?? '' ) ); // phpcs:ignore
93
  if ( ! empty( $httpXClusterClientIp ) && self::validateIp( $httpXClusterClientIp ) ) {
94
  return$httpXClusterClientIp;
95
  }
96
 
97
- $httpForwardedFor = sanitize_url( wp_unslash( $_SERVER['HTTP_FORWARDED_FOR'] ?? '' ) ); // phpcs:ignore
98
  if ( ! empty( $httpForwardedFor ) && self::validateIp( $httpForwardedFor ) ) {
99
  return $httpForwardedFor;
100
  }
101
 
102
- $httpForwarded = sanitize_url( wp_unslash( $_SERVER['HTTP_FORWARDED'] ?? '' ) ); // phpcs:ignore
103
  if ( ! empty( $httpForwarded ) && self::validateIp( $httpForwarded ) ) {
104
  return $httpForwarded;
105
  }
106
 
107
  // Return unreliable ip since all else failed
108
- return sanitize_url( wp_unslash( $_SERVER['REMOTE_ADDR'] ?? '') ); // phpcs:ignore
109
  }
110
 
111
  /**
62
  */
63
  public static function getClientIp() {
64
  // Check for shared internet/ISP IP
65
+ $httpClientIp = sanitize_url( wp_unslash( $_SERVER['HTTP_CLIENT_IP'] ?? '' ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
66
  if ( ! empty( $httpClientIp ) && self::validateIp( $httpClientIp ) ) {
67
  return $httpClientIp;
68
  }
69
 
70
  // Check for IPs passing through proxies
71
+ $httpXForwardedFor = sanitize_url( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ?? '' ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
72
  if ( ! empty( $httpXForwardedFor ) ) {
73
  // Check if multiple ips exist in var
74
  if ( strpos( $httpXForwardedFor, ',' ) !== false ) {
75
+ $listOfIpAddresses = explode( ',', sanitize_url( wp_unslash( $httpXForwardedFor ?? '' ) ) );
76
  foreach ( $listOfIpAddresses as $ipAddress ) {
77
  $ipAddress = trim( $ipAddress );
78
  if ( self::validateIp( $ipAddress ) ) {
84
  }
85
  }
86
 
87
+ $httpXForwarded = sanitize_url( wp_unslash( $_SERVER['HTTP_X_FORWARDED'] ?? '' ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
88
  if ( ! empty( $httpXForwarded ) && self::validateIp( $httpXForwarded ) ) {
89
  return $httpXForwarded;
90
  }
91
 
92
+ $httpXClusterClientIp = sanitize_url( wp_unslash( $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] ?? '' ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
93
  if ( ! empty( $httpXClusterClientIp ) && self::validateIp( $httpXClusterClientIp ) ) {
94
  return$httpXClusterClientIp;
95
  }
96
 
97
+ $httpForwardedFor = sanitize_url( wp_unslash( $_SERVER['HTTP_FORWARDED_FOR'] ?? '' ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
98
  if ( ! empty( $httpForwardedFor ) && self::validateIp( $httpForwardedFor ) ) {
99
  return $httpForwardedFor;
100
  }
101
 
102
+ $httpForwarded = sanitize_url( wp_unslash( $_SERVER['HTTP_FORWARDED'] ?? '' ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
103
  if ( ! empty( $httpForwarded ) && self::validateIp( $httpForwarded ) ) {
104
  return $httpForwarded;
105
  }
106
 
107
  // Return unreliable ip since all else failed
108
+ return sanitize_url( wp_unslash( $_SERVER['REMOTE_ADDR'] ?? '') ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
109
  }
110
 
111
  /**
Utils/Redirect.php CHANGED
@@ -33,6 +33,8 @@ class Redirect {
33
  if ( empty( $url ) ) {
34
  return;
35
  }
 
 
36
  ?>
37
  <script>history.replaceState({},'','<?php echo esc_js( $url ); ?>');</script>
38
  <?php
33
  if ( empty( $url ) ) {
34
  return;
35
  }
36
+ var_dump($url);
37
+ exit();
38
  ?>
39
  <script>history.replaceState({},'','<?php echo esc_js( $url ); ?>');</script>
40
  <?php
Utils/Session.php CHANGED
@@ -43,19 +43,4 @@ class Session {
43
  self::start();
44
  $_SESSION[ $key ] = $value;
45
  }
46
-
47
- /**
48
- * Gets session variable
49
- * @param string $key
50
- * @param mixed $default
51
- * @return mixed
52
- */
53
- public static function getVar( $key = '', $default = false ) {
54
- self::start();
55
- if ( empty( $key ) ) {
56
- return $default;
57
- }
58
- return isset( $_SESSION[ $key ] ) ? $_SESSION[ $key ] : $default;
59
- }
60
-
61
  }
43
  self::start();
44
  $_SESSION[ $key ] = $value;
45
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
46
  }
WordPress/Admin/Actions.php CHANGED
@@ -43,8 +43,8 @@ class Actions {
43
  }
44
 
45
  if ( ! empty( $_POST[ PageDashboard::TAB_PROCESSORS ] ) ) {
46
- // is an array.
47
- $args = FormHandler::consentEditForm( wp_unslash( $_POST[ PageDashboard::TAB_PROCESSORS ] ) ); // phpcs:ignore
48
  FormHandler::consentEditFormRedirect( $args );
49
  }
50
  }
43
  }
44
 
45
  if ( ! empty( $_POST[ PageDashboard::TAB_PROCESSORS ] ) ) {
46
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- is an array.
47
+ $args = FormHandler::consentEditForm( wp_unslash( $_POST[ PageDashboard::TAB_PROCESSORS ] ) );
48
  FormHandler::consentEditFormRedirect( $args );
49
  }
50
  }
WordPress/Ajax/AbstractAjax.php CHANGED
@@ -64,9 +64,19 @@ abstract class AbstractAjax {
64
  }
65
 
66
  $data = static::validateData();
 
67
  static::buildResponse( $data );
68
  }
69
 
 
 
 
 
 
 
 
 
 
70
  /**
71
  * Validates the data attribute
72
  * @return array|void
@@ -81,8 +91,6 @@ abstract class AbstractAjax {
81
  $data = (array) json_decode( wp_unslash( $_POST['data'] ) );
82
  }
83
 
84
- $data = Helper::sanitizeStringArray( $data );
85
-
86
  $error = __( 'Missing data.', 'wp-gdpr-compliance' );
87
  if ( empty( $data ) ) {
88
  static::returnError( $error );
64
  }
65
 
66
  $data = static::validateData();
67
+ $data = static::sanitizeData($data);
68
  static::buildResponse( $data );
69
  }
70
 
71
+ /**
72
+ * Sanitizes
73
+ * @param array $data
74
+ * @return array
75
+ */
76
+ public static function sanitizeData($data) {
77
+ return Helper::sanitizeStringArray( $data );
78
+ }
79
+
80
  /**
81
  * Validates the data attribute
82
  * @return array|void
91
  $data = (array) json_decode( wp_unslash( $_POST['data'] ) );
92
  }
93
 
 
 
94
  $error = __( 'Missing data.', 'wp-gdpr-compliance' );
95
  if ( empty( $data ) ) {
96
  static::returnError( $error );
WordPress/Ajax/UpdateIntegration.php CHANGED
@@ -1,6 +1,7 @@
1
  <?php
2
  namespace WPGDPRC\WordPress\Ajax;
3
 
 
4
  use WPGDPRC\Utils\Integration;
5
  use WPGDPRC\WordPress\Plugin;
6
  use WPGDPRC\WordPress\Settings;
@@ -34,6 +35,19 @@ class UpdateIntegration extends AbstractAjax {
34
  return [ 'value', 'name', 'type' ];
35
  }
36
 
 
 
 
 
 
 
 
 
 
 
 
 
 
37
  /**
38
  * Builds the AJAX response
39
  * (security handling + data validation -if any- is done in the abstract class)
1
  <?php
2
  namespace WPGDPRC\WordPress\Ajax;
3
 
4
+ use WPGDPRC\Utils\AdminHelper;
5
  use WPGDPRC\Utils\Integration;
6
  use WPGDPRC\WordPress\Plugin;
7
  use WPGDPRC\WordPress\Settings;
35
  return [ 'value', 'name', 'type' ];
36
  }
37
 
38
+ /**
39
+ * @inheritDoc
40
+ */
41
+ public static function sanitizeData($data)
42
+ {
43
+ return [
44
+ 'value' => wp_kses(wp_unslash($data['value']), AdminHelper::getAllowedHTMLTags()),
45
+ 'name' => sanitize_text_field($data['name']),
46
+ 'type' => sanitize_text_field($data['type']),
47
+ 'integration' => sanitize_text_field($data['integration'])
48
+ ];
49
+ }
50
+
51
  /**
52
  * Builds the AJAX response
53
  * (security handling + data validation -if any- is done in the abstract class)
WordPress/Front.php CHANGED
@@ -89,7 +89,7 @@ class Front {
89
  ];
90
 
91
  if ( ! empty( $_REQUEST[ Plugin::PREFIX ] ) ) {
92
- $list['token'] = esc_js( sanitize_title_with_dashes( urldecode( wp_unslash( $_REQUEST[ Plugin::PREFIX ] ) ) ) ); // phpcs:ignore
93
  }
94
 
95
  if ( DataProcessor::isActive() ) {
89
  ];
90
 
91
  if ( ! empty( $_REQUEST[ Plugin::PREFIX ] ) ) {
92
+ $list['token'] = esc_js( sanitize_title_with_dashes( urldecode( wp_unslash( $_REQUEST[ Plugin::PREFIX ] ) ) ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
93
  }
94
 
95
  if ( DataProcessor::isActive() ) {
WordPress/Settings.php CHANGED
@@ -463,7 +463,7 @@ class Settings {
463
  }
464
 
465
  // is an array
466
- $submit = wp_unslash( $_POST[ self::SETTINGS_GROUP ]['submit'] ); // phpcs:ignore
467
  self::setSectionTransient( esc_sql(key( $submit )) );
468
 
469
  return $value;
463
  }
464
 
465
  // is an array
466
+ $submit = wp_unslash( $_POST[ self::SETTINGS_GROUP ]['submit'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
467
  self::setSectionTransient( esc_sql(key( $submit )) );
468
 
469
  return $value;
WordPress/Shortcodes/RequestAccessForm.php CHANGED
@@ -84,7 +84,7 @@ class RequestAccessForm extends AbstractShortcode {
84
  * @return string
85
  */
86
  private static function getData(): string {
87
- $token = isset( $_REQUEST[ Plugin::PREFIX ] ) ? sanitize_title_with_dashes( urldecode( wp_unslash( $_REQUEST[ Plugin::PREFIX ] ) ) ) : false; // phpcs:ignore
88
  $request = $token !== false ? RequestAccess::getByToken( $token ) : false;
89
  if ( empty( $request ) ) {
90
  return self::getNoneText();
84
  * @return string
85
  */
86
  private static function getData(): string {
87
+ $token = isset( $_REQUEST[ Plugin::PREFIX ] ) ? sanitize_title_with_dashes( urldecode( wp_unslash( $_REQUEST[ Plugin::PREFIX ] ) ) ) : false; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
88
  $request = $token !== false ? RequestAccess::getByToken( $token ) : false;
89
  if ( empty( $request ) ) {
90
  return self::getNoneText();
readme.txt CHANGED
@@ -38,6 +38,11 @@ Get immediate access to:
38
 
39
  == Changelog ==
40
 
 
 
 
 
 
41
  = 2.0.11 =
42
  *Release date: 25th March 2022*
43
  * Improved code quality of the plugin
38
 
39
  == Changelog ==
40
 
41
+ = 2.0.12 =
42
+ *Release date: 31st March 2022*
43
+ * Improved code quality of the plugin
44
+ * More Security improvements.
45
+
46
  = 2.0.11 =
47
  *Release date: 25th March 2022*
48
  * Improved code quality of the plugin
wp-gdpr-compliance.php CHANGED
@@ -5,7 +5,7 @@
5
  * Description: This plugin helps your website stay compliant with GDPR using a free cookie pop-up.
6
  * Author: Cookie Information
7
  * Author URI: https://cookieinformation.com/
8
- * Version: 2.0.11
9
  * Text Domain: wp-gdpr-compliance
10
  * Domain Path: /Resources/languages
11
  * Requires at least: 5.3
@@ -33,7 +33,7 @@ spl_autoload_register( __NAMESPACE__ . '\\autoload' );
33
  define( 'WPGDPRC_ROOT', dirname( __FILE__ ) . '/' );
34
  define( 'WPGDPRC_ROOT_FILE', __FILE__ );
35
  define( 'WPGDPRC_FILE', plugin_basename( __FILE__ ) );
36
- define( 'WPGDPRC_VERSION', '2.0.11' );
37
  define( 'WPGDPRC_PREFIX', strtolower( __NAMESPACE__ ) );
38
 
39
  // register activation & deactivation hook to add/remove plugin specific database options
5
  * Description: This plugin helps your website stay compliant with GDPR using a free cookie pop-up.
6
  * Author: Cookie Information
7
  * Author URI: https://cookieinformation.com/
8
+ * Version: 2.0.12
9
  * Text Domain: wp-gdpr-compliance
10
  * Domain Path: /Resources/languages
11
  * Requires at least: 5.3
33
  define( 'WPGDPRC_ROOT', dirname( __FILE__ ) . '/' );
34
  define( 'WPGDPRC_ROOT_FILE', __FILE__ );
35
  define( 'WPGDPRC_FILE', plugin_basename( __FILE__ ) );
36
+ define( 'WPGDPRC_VERSION', '2.0.12' );
37
  define( 'WPGDPRC_PREFIX', strtolower( __NAMESPACE__ ) );
38
 
39
  // register activation & deactivation hook to add/remove plugin specific database options