Version Description
Release date: 31st March 2022 * Improved code quality of the plugin * More Security improvements.
Download this release
Release Info
Developer | merlijnvanlent |
Plugin | WP GDPR Compliance |
Version | 2.0.12 |
Comparing to | |
See all releases |
Code changes from version 2.0.11 to 2.0.12
- Templates/Admin/Elements/notice-fancy.php +2 -2
- Templates/Admin/Pages/Processors/item.php +1 -1
- Utils/AdminHelper.php +29 -0
- Utils/FormHandler.php +1 -1
- Utils/Helper.php +4 -2
- Utils/Integration.php +8 -4
- Utils/IpAddress.php +8 -8
- Utils/Redirect.php +2 -0
- Utils/Session.php +0 -15
- WordPress/Admin/Actions.php +2 -2
- WordPress/Ajax/AbstractAjax.php +10 -2
- WordPress/Ajax/UpdateIntegration.php +14 -0
- WordPress/Front.php +1 -1
- WordPress/Settings.php +1 -1
- WordPress/Shortcodes/RequestAccessForm.php +1 -1
- readme.txt +5 -0
- wp-gdpr-compliance.php +2 -2
Templates/Admin/Elements/notice-fancy.php
CHANGED
@@ -23,10 +23,10 @@ if ( $type === 'wizard' ) {
|
|
23 |
<div class="wpgdprc-message__container">
|
24 |
<div class="wpgdprc-message__content">
|
25 |
<h3 class="wpgdprc-message__title h3"><?php echo esc_html( $title ); ?></h3>
|
26 |
-
<p class="wpgdprc-message__text"><?php echo $text;
|
27 |
</div>
|
28 |
<div class="wpgdprc-message__icon">
|
29 |
-
<?php echo $icon;
|
30 |
</div>
|
31 |
</div>
|
32 |
<div class="wpgdprc-message__action">
|
23 |
<div class="wpgdprc-message__container">
|
24 |
<div class="wpgdprc-message__content">
|
25 |
<h3 class="wpgdprc-message__title h3"><?php echo esc_html( $title ); ?></h3>
|
26 |
+
<p class="wpgdprc-message__text"><?php echo wp_kses_post($text); ?></p>
|
27 |
</div>
|
28 |
<div class="wpgdprc-message__icon">
|
29 |
+
<?php echo wp_kses($icon, \WPGDPRC\Utils\AdminHelper::getAllowedSvgTags()); ?>
|
30 |
</div>
|
31 |
</div>
|
32 |
<div class="wpgdprc-message__action">
|
Templates/Admin/Pages/Processors/item.php
CHANGED
@@ -29,7 +29,7 @@ if ( $stamp < 0 ) {
|
|
29 |
<span class="wpgdprc-banner-item__edited">
|
30 |
<?php
|
31 |
/* translators: %1s: date */
|
32 |
-
echo esc_html(
|
33 |
?>
|
34 |
</span>
|
35 |
</div>
|
29 |
<span class="wpgdprc-banner-item__edited">
|
30 |
<?php
|
31 |
/* translators: %1s: date */
|
32 |
+
echo esc_html( sprintf( _x( '(Last edited on %1s)', 'admin', 'wp-gdpr-compliance' ), $date ) );
|
33 |
?>
|
34 |
</span>
|
35 |
</div>
|
Utils/AdminHelper.php
CHANGED
@@ -301,6 +301,10 @@ class AdminHelper {
|
|
301 |
'h2' => [],
|
302 |
'p' => [],
|
303 |
'ol' => [],
|
|
|
|
|
|
|
|
|
304 |
];
|
305 |
break;
|
306 |
}
|
@@ -308,6 +312,31 @@ class AdminHelper {
|
|
308 |
return apply_filters( Plugin::PREFIX . '_allowed_html_tags', $output, $plugin );
|
309 |
}
|
310 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
311 |
/**
|
312 |
* Check if the user can manage plugin settings
|
313 |
*
|
301 |
'h2' => [],
|
302 |
'p' => [],
|
303 |
'ol' => [],
|
304 |
+
'abbr' => [
|
305 |
+
'class' => [],
|
306 |
+
'title' => []
|
307 |
+
]
|
308 |
];
|
309 |
break;
|
310 |
}
|
312 |
return apply_filters( Plugin::PREFIX . '_allowed_html_tags', $output, $plugin );
|
313 |
}
|
314 |
|
315 |
+
/*
|
316 |
+
* @return \bool[][]
|
317 |
+
*/
|
318 |
+
public static function getAllowedSvgTags(): array
|
319 |
+
{
|
320 |
+
return [
|
321 |
+
'svg' => [
|
322 |
+
'class' => true,
|
323 |
+
'aria-hidden' => true,
|
324 |
+
'aria-labelledby' => true,
|
325 |
+
'role' => true,
|
326 |
+
'xmlns' => true,
|
327 |
+
'width' => true,
|
328 |
+
'height' => true,
|
329 |
+
'viewbox' => true,
|
330 |
+
],
|
331 |
+
'g' => ['fill' => true],
|
332 |
+
'title' => ['title' => true],
|
333 |
+
'path' => [
|
334 |
+
'd' => true,
|
335 |
+
'fill' => true,
|
336 |
+
],
|
337 |
+
];
|
338 |
+
}
|
339 |
+
|
340 |
/**
|
341 |
* Check if the user can manage plugin settings
|
342 |
*
|
Utils/FormHandler.php
CHANGED
@@ -87,7 +87,7 @@ class FormHandler {
|
|
87 |
*/
|
88 |
public static function consentEditFormRedirect( $args = [] ) {
|
89 |
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- only url is hardcoded
|
90 |
-
echo '<script>location.href = "' .
|
91 |
die();
|
92 |
}
|
93 |
}
|
87 |
*/
|
88 |
public static function consentEditFormRedirect( $args = [] ) {
|
89 |
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- only url is hardcoded
|
90 |
+
echo '<script>debugger;location.href = "' . filter_var( add_query_arg( $args, PageDashboard::getTabUrl( PageDashboard::TAB_PROCESSORS ) ), FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED ) . '";</script>';
|
91 |
die();
|
92 |
}
|
93 |
}
|
Utils/Helper.php
CHANGED
@@ -44,8 +44,10 @@ class Helper {
|
|
44 |
public static function getCurrentUrl(): string {
|
45 |
if ( isset( $_SERVER['HTTP_HOST'] ) ) {
|
46 |
$protocol = ( isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http' );
|
47 |
-
|
48 |
-
$
|
|
|
|
|
49 |
return $protocol . '://' . $host . $uri;
|
50 |
}
|
51 |
|
44 |
public static function getCurrentUrl(): string {
|
45 |
if ( isset( $_SERVER['HTTP_HOST'] ) ) {
|
46 |
$protocol = ( isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http' );
|
47 |
+
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- is sanitzed.
|
48 |
+
$host = sanitize_url( wp_unslash( $_SERVER['HTTP_HOST'] ?? '' ) );
|
49 |
+
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- is sanitzed.
|
50 |
+
$uri = sanitize_url( wp_unslash( $_SERVER['REQUEST_URI'] ?? '' ) );
|
51 |
return $protocol . '://' . $host . $uri;
|
52 |
}
|
53 |
|
Utils/Integration.php
CHANGED
@@ -160,10 +160,14 @@ class Integration {
|
|
160 |
|
161 |
$settings[ $type ] = ! empty( $_POST[ $option ] ) ? 1 : 0;
|
162 |
if ( ! empty( $integration->getSelectForm() ) ) {
|
|
|
|
|
|
|
|
|
163 |
$result = [];
|
164 |
-
if (
|
165 |
// is an array
|
166 |
-
foreach ( $
|
167 |
if ( !empty( $set ) ) {
|
168 |
$result[] = $id;
|
169 |
}
|
@@ -176,13 +180,13 @@ class Integration {
|
|
176 |
if ( empty( $integration->getSelectForm() ) ) {
|
177 |
$settings[ $type . '_' . $key ] = isset( $_POST[ $option . '_' . $key ] ) ? sanitize_text_field( wp_unslash( $_POST[ $option . '_' . $key ] ) ) : $value;
|
178 |
} else {
|
179 |
-
$settings[ $type . '_' . $key ] = isset( $_POST[ $option . '_' . $key ] ) ? Helper::sanitizeStringArray( $_POST[ $option . '_' . $key ] ) : [ $value ]; // phpcs:ignore
|
180 |
}
|
181 |
}
|
182 |
|
183 |
// check activation/disabling of integration
|
184 |
if ( ! empty( $_POST[ $group ] ) && is_iterable($_POST[ $group ]) ) {
|
185 |
-
foreach ( $_POST[ $group ] as $key => $integration ) { // phpcs:ignore
|
186 |
$settings[ key( $integration ) ] = $key == 'disable' ? '0' : '1';
|
187 |
}
|
188 |
}
|
160 |
|
161 |
$settings[ $type ] = ! empty( $_POST[ $option ] ) ? 1 : 0;
|
162 |
if ( ! empty( $integration->getSelectForm() ) ) {
|
163 |
+
$key = $option . '_' . static::KEY_FORMS;
|
164 |
+
$data = wp_unslash($_POST);
|
165 |
+
$value = $data[$key] ?? null;
|
166 |
+
|
167 |
$result = [];
|
168 |
+
if ( is_iterable( $value ) ) {
|
169 |
// is an array
|
170 |
+
foreach ( $value as $id => $set ) {
|
171 |
if ( !empty( $set ) ) {
|
172 |
$result[] = $id;
|
173 |
}
|
180 |
if ( empty( $integration->getSelectForm() ) ) {
|
181 |
$settings[ $type . '_' . $key ] = isset( $_POST[ $option . '_' . $key ] ) ? sanitize_text_field( wp_unslash( $_POST[ $option . '_' . $key ] ) ) : $value;
|
182 |
} else {
|
183 |
+
$settings[ $type . '_' . $key ] = isset( $_POST[ $option . '_' . $key ] ) ? Helper::sanitizeStringArray( $_POST[ $option . '_' . $key ] ) : [ $value ]; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,WordPress.Security.ValidatedSanitizedInput.MissingUnslash
|
184 |
}
|
185 |
}
|
186 |
|
187 |
// check activation/disabling of integration
|
188 |
if ( ! empty( $_POST[ $group ] ) && is_iterable($_POST[ $group ]) ) {
|
189 |
+
foreach ( $_POST[ $group ] as $key => $integration ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,WordPress.Security.ValidatedSanitizedInput.MissingUnslash
|
190 |
$settings[ key( $integration ) ] = $key == 'disable' ? '0' : '1';
|
191 |
}
|
192 |
}
|
Utils/IpAddress.php
CHANGED
@@ -62,17 +62,17 @@ class IpAddress {
|
|
62 |
*/
|
63 |
public static function getClientIp() {
|
64 |
// Check for shared internet/ISP IP
|
65 |
-
$httpClientIp = sanitize_url( wp_unslash( $_SERVER['HTTP_CLIENT_IP'] ?? '' ) ); // phpcs:ignore
|
66 |
if ( ! empty( $httpClientIp ) && self::validateIp( $httpClientIp ) ) {
|
67 |
return $httpClientIp;
|
68 |
}
|
69 |
|
70 |
// Check for IPs passing through proxies
|
71 |
-
$httpXForwardedFor = sanitize_url( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ?? '' ) ); // phpcs:ignore
|
72 |
if ( ! empty( $httpXForwardedFor ) ) {
|
73 |
// Check if multiple ips exist in var
|
74 |
if ( strpos( $httpXForwardedFor, ',' ) !== false ) {
|
75 |
-
$listOfIpAddresses = explode( ',', sanitize_url( wp_unslash( $httpXForwardedFor ?? '' ) ) );
|
76 |
foreach ( $listOfIpAddresses as $ipAddress ) {
|
77 |
$ipAddress = trim( $ipAddress );
|
78 |
if ( self::validateIp( $ipAddress ) ) {
|
@@ -84,28 +84,28 @@ class IpAddress {
|
|
84 |
}
|
85 |
}
|
86 |
|
87 |
-
$httpXForwarded = sanitize_url( wp_unslash( $_SERVER['HTTP_X_FORWARDED'] ?? '' ) ); // phpcs:ignore
|
88 |
if ( ! empty( $httpXForwarded ) && self::validateIp( $httpXForwarded ) ) {
|
89 |
return $httpXForwarded;
|
90 |
}
|
91 |
|
92 |
-
$httpXClusterClientIp = sanitize_url( wp_unslash( $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] ?? '' ) ); // phpcs:ignore
|
93 |
if ( ! empty( $httpXClusterClientIp ) && self::validateIp( $httpXClusterClientIp ) ) {
|
94 |
return$httpXClusterClientIp;
|
95 |
}
|
96 |
|
97 |
-
$httpForwardedFor = sanitize_url( wp_unslash( $_SERVER['HTTP_FORWARDED_FOR'] ?? '' ) ); // phpcs:ignore
|
98 |
if ( ! empty( $httpForwardedFor ) && self::validateIp( $httpForwardedFor ) ) {
|
99 |
return $httpForwardedFor;
|
100 |
}
|
101 |
|
102 |
-
$httpForwarded = sanitize_url( wp_unslash( $_SERVER['HTTP_FORWARDED'] ?? '' ) ); // phpcs:ignore
|
103 |
if ( ! empty( $httpForwarded ) && self::validateIp( $httpForwarded ) ) {
|
104 |
return $httpForwarded;
|
105 |
}
|
106 |
|
107 |
// Return unreliable ip since all else failed
|
108 |
-
return sanitize_url( wp_unslash( $_SERVER['REMOTE_ADDR'] ?? '') ); // phpcs:ignore
|
109 |
}
|
110 |
|
111 |
/**
|
62 |
*/
|
63 |
public static function getClientIp() {
|
64 |
// Check for shared internet/ISP IP
|
65 |
+
$httpClientIp = sanitize_url( wp_unslash( $_SERVER['HTTP_CLIENT_IP'] ?? '' ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
66 |
if ( ! empty( $httpClientIp ) && self::validateIp( $httpClientIp ) ) {
|
67 |
return $httpClientIp;
|
68 |
}
|
69 |
|
70 |
// Check for IPs passing through proxies
|
71 |
+
$httpXForwardedFor = sanitize_url( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ?? '' ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
72 |
if ( ! empty( $httpXForwardedFor ) ) {
|
73 |
// Check if multiple ips exist in var
|
74 |
if ( strpos( $httpXForwardedFor, ',' ) !== false ) {
|
75 |
+
$listOfIpAddresses = explode( ',', sanitize_url( wp_unslash( $httpXForwardedFor ?? '' ) ) );
|
76 |
foreach ( $listOfIpAddresses as $ipAddress ) {
|
77 |
$ipAddress = trim( $ipAddress );
|
78 |
if ( self::validateIp( $ipAddress ) ) {
|
84 |
}
|
85 |
}
|
86 |
|
87 |
+
$httpXForwarded = sanitize_url( wp_unslash( $_SERVER['HTTP_X_FORWARDED'] ?? '' ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
88 |
if ( ! empty( $httpXForwarded ) && self::validateIp( $httpXForwarded ) ) {
|
89 |
return $httpXForwarded;
|
90 |
}
|
91 |
|
92 |
+
$httpXClusterClientIp = sanitize_url( wp_unslash( $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] ?? '' ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
93 |
if ( ! empty( $httpXClusterClientIp ) && self::validateIp( $httpXClusterClientIp ) ) {
|
94 |
return$httpXClusterClientIp;
|
95 |
}
|
96 |
|
97 |
+
$httpForwardedFor = sanitize_url( wp_unslash( $_SERVER['HTTP_FORWARDED_FOR'] ?? '' ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
98 |
if ( ! empty( $httpForwardedFor ) && self::validateIp( $httpForwardedFor ) ) {
|
99 |
return $httpForwardedFor;
|
100 |
}
|
101 |
|
102 |
+
$httpForwarded = sanitize_url( wp_unslash( $_SERVER['HTTP_FORWARDED'] ?? '' ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
103 |
if ( ! empty( $httpForwarded ) && self::validateIp( $httpForwarded ) ) {
|
104 |
return $httpForwarded;
|
105 |
}
|
106 |
|
107 |
// Return unreliable ip since all else failed
|
108 |
+
return sanitize_url( wp_unslash( $_SERVER['REMOTE_ADDR'] ?? '') ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
109 |
}
|
110 |
|
111 |
/**
|
Utils/Redirect.php
CHANGED
@@ -33,6 +33,8 @@ class Redirect {
|
|
33 |
if ( empty( $url ) ) {
|
34 |
return;
|
35 |
}
|
|
|
|
|
36 |
?>
|
37 |
<script>history.replaceState({},'','<?php echo esc_js( $url ); ?>');</script>
|
38 |
<?php
|
33 |
if ( empty( $url ) ) {
|
34 |
return;
|
35 |
}
|
36 |
+
var_dump($url);
|
37 |
+
exit();
|
38 |
?>
|
39 |
<script>history.replaceState({},'','<?php echo esc_js( $url ); ?>');</script>
|
40 |
<?php
|
Utils/Session.php
CHANGED
@@ -43,19 +43,4 @@ class Session {
|
|
43 |
self::start();
|
44 |
$_SESSION[ $key ] = $value;
|
45 |
}
|
46 |
-
|
47 |
-
/**
|
48 |
-
* Gets session variable
|
49 |
-
* @param string $key
|
50 |
-
* @param mixed $default
|
51 |
-
* @return mixed
|
52 |
-
*/
|
53 |
-
public static function getVar( $key = '', $default = false ) {
|
54 |
-
self::start();
|
55 |
-
if ( empty( $key ) ) {
|
56 |
-
return $default;
|
57 |
-
}
|
58 |
-
return isset( $_SESSION[ $key ] ) ? $_SESSION[ $key ] : $default;
|
59 |
-
}
|
60 |
-
|
61 |
}
|
43 |
self::start();
|
44 |
$_SESSION[ $key ] = $value;
|
45 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46 |
}
|
WordPress/Admin/Actions.php
CHANGED
@@ -43,8 +43,8 @@ class Actions {
|
|
43 |
}
|
44 |
|
45 |
if ( ! empty( $_POST[ PageDashboard::TAB_PROCESSORS ] ) ) {
|
46 |
-
// is an array.
|
47 |
-
$args = FormHandler::consentEditForm( wp_unslash( $_POST[ PageDashboard::TAB_PROCESSORS ] ) );
|
48 |
FormHandler::consentEditFormRedirect( $args );
|
49 |
}
|
50 |
}
|
43 |
}
|
44 |
|
45 |
if ( ! empty( $_POST[ PageDashboard::TAB_PROCESSORS ] ) ) {
|
46 |
+
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- is an array.
|
47 |
+
$args = FormHandler::consentEditForm( wp_unslash( $_POST[ PageDashboard::TAB_PROCESSORS ] ) );
|
48 |
FormHandler::consentEditFormRedirect( $args );
|
49 |
}
|
50 |
}
|
WordPress/Ajax/AbstractAjax.php
CHANGED
@@ -64,9 +64,19 @@ abstract class AbstractAjax {
|
|
64 |
}
|
65 |
|
66 |
$data = static::validateData();
|
|
|
67 |
static::buildResponse( $data );
|
68 |
}
|
69 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
70 |
/**
|
71 |
* Validates the data attribute
|
72 |
* @return array|void
|
@@ -81,8 +91,6 @@ abstract class AbstractAjax {
|
|
81 |
$data = (array) json_decode( wp_unslash( $_POST['data'] ) );
|
82 |
}
|
83 |
|
84 |
-
$data = Helper::sanitizeStringArray( $data );
|
85 |
-
|
86 |
$error = __( 'Missing data.', 'wp-gdpr-compliance' );
|
87 |
if ( empty( $data ) ) {
|
88 |
static::returnError( $error );
|
64 |
}
|
65 |
|
66 |
$data = static::validateData();
|
67 |
+
$data = static::sanitizeData($data);
|
68 |
static::buildResponse( $data );
|
69 |
}
|
70 |
|
71 |
+
/**
|
72 |
+
* Sanitizes
|
73 |
+
* @param array $data
|
74 |
+
* @return array
|
75 |
+
*/
|
76 |
+
public static function sanitizeData($data) {
|
77 |
+
return Helper::sanitizeStringArray( $data );
|
78 |
+
}
|
79 |
+
|
80 |
/**
|
81 |
* Validates the data attribute
|
82 |
* @return array|void
|
91 |
$data = (array) json_decode( wp_unslash( $_POST['data'] ) );
|
92 |
}
|
93 |
|
|
|
|
|
94 |
$error = __( 'Missing data.', 'wp-gdpr-compliance' );
|
95 |
if ( empty( $data ) ) {
|
96 |
static::returnError( $error );
|
WordPress/Ajax/UpdateIntegration.php
CHANGED
@@ -1,6 +1,7 @@
|
|
1 |
<?php
|
2 |
namespace WPGDPRC\WordPress\Ajax;
|
3 |
|
|
|
4 |
use WPGDPRC\Utils\Integration;
|
5 |
use WPGDPRC\WordPress\Plugin;
|
6 |
use WPGDPRC\WordPress\Settings;
|
@@ -34,6 +35,19 @@ class UpdateIntegration extends AbstractAjax {
|
|
34 |
return [ 'value', 'name', 'type' ];
|
35 |
}
|
36 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
37 |
/**
|
38 |
* Builds the AJAX response
|
39 |
* (security handling + data validation -if any- is done in the abstract class)
|
1 |
<?php
|
2 |
namespace WPGDPRC\WordPress\Ajax;
|
3 |
|
4 |
+
use WPGDPRC\Utils\AdminHelper;
|
5 |
use WPGDPRC\Utils\Integration;
|
6 |
use WPGDPRC\WordPress\Plugin;
|
7 |
use WPGDPRC\WordPress\Settings;
|
35 |
return [ 'value', 'name', 'type' ];
|
36 |
}
|
37 |
|
38 |
+
/**
|
39 |
+
* @inheritDoc
|
40 |
+
*/
|
41 |
+
public static function sanitizeData($data)
|
42 |
+
{
|
43 |
+
return [
|
44 |
+
'value' => wp_kses(wp_unslash($data['value']), AdminHelper::getAllowedHTMLTags()),
|
45 |
+
'name' => sanitize_text_field($data['name']),
|
46 |
+
'type' => sanitize_text_field($data['type']),
|
47 |
+
'integration' => sanitize_text_field($data['integration'])
|
48 |
+
];
|
49 |
+
}
|
50 |
+
|
51 |
/**
|
52 |
* Builds the AJAX response
|
53 |
* (security handling + data validation -if any- is done in the abstract class)
|
WordPress/Front.php
CHANGED
@@ -89,7 +89,7 @@ class Front {
|
|
89 |
];
|
90 |
|
91 |
if ( ! empty( $_REQUEST[ Plugin::PREFIX ] ) ) {
|
92 |
-
$list['token'] = esc_js( sanitize_title_with_dashes( urldecode( wp_unslash( $_REQUEST[ Plugin::PREFIX ] ) ) ) ); // phpcs:ignore
|
93 |
}
|
94 |
|
95 |
if ( DataProcessor::isActive() ) {
|
89 |
];
|
90 |
|
91 |
if ( ! empty( $_REQUEST[ Plugin::PREFIX ] ) ) {
|
92 |
+
$list['token'] = esc_js( sanitize_title_with_dashes( urldecode( wp_unslash( $_REQUEST[ Plugin::PREFIX ] ) ) ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
93 |
}
|
94 |
|
95 |
if ( DataProcessor::isActive() ) {
|
WordPress/Settings.php
CHANGED
@@ -463,7 +463,7 @@ class Settings {
|
|
463 |
}
|
464 |
|
465 |
// is an array
|
466 |
-
$submit = wp_unslash( $_POST[ self::SETTINGS_GROUP ]['submit'] ); // phpcs:ignore
|
467 |
self::setSectionTransient( esc_sql(key( $submit )) );
|
468 |
|
469 |
return $value;
|
463 |
}
|
464 |
|
465 |
// is an array
|
466 |
+
$submit = wp_unslash( $_POST[ self::SETTINGS_GROUP ]['submit'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
467 |
self::setSectionTransient( esc_sql(key( $submit )) );
|
468 |
|
469 |
return $value;
|
WordPress/Shortcodes/RequestAccessForm.php
CHANGED
@@ -84,7 +84,7 @@ class RequestAccessForm extends AbstractShortcode {
|
|
84 |
* @return string
|
85 |
*/
|
86 |
private static function getData(): string {
|
87 |
-
$token = isset( $_REQUEST[ Plugin::PREFIX ] ) ? sanitize_title_with_dashes( urldecode( wp_unslash( $_REQUEST[ Plugin::PREFIX ] ) ) ) : false; // phpcs:ignore
|
88 |
$request = $token !== false ? RequestAccess::getByToken( $token ) : false;
|
89 |
if ( empty( $request ) ) {
|
90 |
return self::getNoneText();
|
84 |
* @return string
|
85 |
*/
|
86 |
private static function getData(): string {
|
87 |
+
$token = isset( $_REQUEST[ Plugin::PREFIX ] ) ? sanitize_title_with_dashes( urldecode( wp_unslash( $_REQUEST[ Plugin::PREFIX ] ) ) ) : false; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
88 |
$request = $token !== false ? RequestAccess::getByToken( $token ) : false;
|
89 |
if ( empty( $request ) ) {
|
90 |
return self::getNoneText();
|
readme.txt
CHANGED
@@ -38,6 +38,11 @@ Get immediate access to:
|
|
38 |
|
39 |
== Changelog ==
|
40 |
|
|
|
|
|
|
|
|
|
|
|
41 |
= 2.0.11 =
|
42 |
*Release date: 25th March 2022*
|
43 |
* Improved code quality of the plugin
|
38 |
|
39 |
== Changelog ==
|
40 |
|
41 |
+
= 2.0.12 =
|
42 |
+
*Release date: 31st March 2022*
|
43 |
+
* Improved code quality of the plugin
|
44 |
+
* More Security improvements.
|
45 |
+
|
46 |
= 2.0.11 =
|
47 |
*Release date: 25th March 2022*
|
48 |
* Improved code quality of the plugin
|
wp-gdpr-compliance.php
CHANGED
@@ -5,7 +5,7 @@
|
|
5 |
* Description: This plugin helps your website stay compliant with GDPR using a free cookie pop-up.
|
6 |
* Author: Cookie Information
|
7 |
* Author URI: https://cookieinformation.com/
|
8 |
-
* Version: 2.0.
|
9 |
* Text Domain: wp-gdpr-compliance
|
10 |
* Domain Path: /Resources/languages
|
11 |
* Requires at least: 5.3
|
@@ -33,7 +33,7 @@ spl_autoload_register( __NAMESPACE__ . '\\autoload' );
|
|
33 |
define( 'WPGDPRC_ROOT', dirname( __FILE__ ) . '/' );
|
34 |
define( 'WPGDPRC_ROOT_FILE', __FILE__ );
|
35 |
define( 'WPGDPRC_FILE', plugin_basename( __FILE__ ) );
|
36 |
-
define( 'WPGDPRC_VERSION', '2.0.
|
37 |
define( 'WPGDPRC_PREFIX', strtolower( __NAMESPACE__ ) );
|
38 |
|
39 |
// register activation & deactivation hook to add/remove plugin specific database options
|
5 |
* Description: This plugin helps your website stay compliant with GDPR using a free cookie pop-up.
|
6 |
* Author: Cookie Information
|
7 |
* Author URI: https://cookieinformation.com/
|
8 |
+
* Version: 2.0.12
|
9 |
* Text Domain: wp-gdpr-compliance
|
10 |
* Domain Path: /Resources/languages
|
11 |
* Requires at least: 5.3
|
33 |
define( 'WPGDPRC_ROOT', dirname( __FILE__ ) . '/' );
|
34 |
define( 'WPGDPRC_ROOT_FILE', __FILE__ );
|
35 |
define( 'WPGDPRC_FILE', plugin_basename( __FILE__ ) );
|
36 |
+
define( 'WPGDPRC_VERSION', '2.0.12' );
|
37 |
define( 'WPGDPRC_PREFIX', strtolower( __NAMESPACE__ ) );
|
38 |
|
39 |
// register activation & deactivation hook to add/remove plugin specific database options
|