Changeset 2605301 for shapepress-dsgvo

Timestamp:

09/27/2021 06:27:15 AM (5 years ago)

Author:

legalweb

Message:

• removed unused templates
• fixed remote images
• added wp_kses when we echo scripts

Location:

shapepress-dsgvo/trunk

Files:

• includes/class-sp-dsgvo-integration-api-base.php (modified) (4 diffs)
• includes/html (deleted)
• includes/integrations/tagmanager/googletagmanager/class-sp-dsgvo-google-tagmanager-api.php (modified) (2 diffs)
• includes/integrations/tagmanager/matomotagmanager/class-sp-dsgvo-matomo-tagmanager-api.php (modified) (1 diff)
• public/images/Datenschutzvereinbarungen-Einstellungen.png (added)
• public/images/banner-1544x500.png (added)
• templates/de_DE/emails/legal-texts-update.php (modified) (2 diffs)

shapepress-dsgvo/trunk/includes/class-sp-dsgvo-integration-api-base.php

@@ -190 +190 @@
     }
 
+    function getAllowedHtmlForScriptsForKses() {
+        return  array_merge(
+            wp_kses_allowed_html( 'post' ),
+            array(
+                'script' => array(
+                    'type' => array(),
+                    'src' => array(),
+                    'charset' => array(),
+                    'async' => array()
+                ),
+                'noscript' => array(),
+                'style' => array(
+                    'type' => array()
+                ),
+                'iframe' => array(
+                    'src' => array(),
+                    'height' => array(),
+                    'width' => array(),
+                    'frameborder' => array(),
+                    'allowfullscreen' => array()
+                )
+            )
+        );
+
+    }
+
     public final function checkIfIntegrationIsAllowed($integrationSlug)
     {
@@ -277 +303 @@
 
         if ($integrationAllowed) {
-            echo $result; // we cant esc here because the original script/code which the user enters has to be written. otherwise trackings scripts and chatbots,. would not work
+            echo wp_kses($result, $this->getAllowedHtmlForScriptsForKses());
         }
         return;
@@ -301 +327 @@
 
         if ($integrationAllowed) {
-            echo $result; // we cant esc here because the original script/code which the user enters has to be written. otherwise trackings scripts and chatbots,. would not work
+            echo wp_kses($result, $this->getAllowedHtmlForScriptsForKses());
         }
         return;
@@ -325 +351 @@
 
         if ($integrationAllowed) {
-            echo $result; // we cant esc here because the original script/code which the user enters has to be written. otherwise trackings scripts and chatbots,. would not work
+            echo wp_kses($result, $this->getAllowedHtmlForScriptsForKses());
         }
         return;

shapepress-dsgvo/trunk/includes/integrations/tagmanager/googletagmanager/class-sp-dsgvo-google-tagmanager-api.php

@@ -48 +48 @@
         $result = "<!-- id='sp-dsgvo-script-container-$this->slug' class='sp-dsgvo-script-container'-->$jsCode<!-- end sp-dsgvo-script-container-$this->slug -->";
         if ($integrationAllowed) {
-            echo $result; // we cant esc here because the original script/code which the user enters has to be written. otherwise trackings scripts and chatbots,. would not work
+            echo wp_kses($result, $this->getAllowedHtmlForScriptsForKses());
         }
         return;
@@ -73 +73 @@
 
         if ($integrationAllowed) {
-            echo $result; // we cant esc here because the original script/code which the user enters has to be written. otherwise trackings scripts and chatbots,. would not work
+            echo wp_kses($result, $this->getAllowedHtmlForScriptsForKses());
         }
         return;

shapepress-dsgvo/trunk/includes/integrations/tagmanager/matomotagmanager/class-sp-dsgvo-matomo-tagmanager-api.php

@@ -48 +48 @@
         $result = "<!-- id='sp-dsgvo-script-container-$this->slug' class='sp-dsgvo-script-container'-->$jsCode<!-- end sp-dsgvo-script-container-$this->slug -->";
         if ($integrationAllowed) {
-            echo $result; // we cant esc here because the original script/code which the user enters has to be written. otherwise trackings scripts and chatbots,. would not work
+            echo wp_kses($result, $this->getAllowedHtmlForScriptsForKses());
         }
         return;

shapepress-dsgvo/trunk/templates/de_DE/emails/legal-texts-update.php

@@ -244 +244 @@
                                                 <table width="100%" align="center" border="0" cellspacing="0" cellpadding="0" style="margin: 0px auto; min-width: 100%;" role="presentation">
                                                     <tr>
-                                                        <td align="center" valign="top" class="image-full-width" width="560" style="width: 560px; line-height: 0px;"> <a href="https://legalweb.io" style="font-size: inherit; border-style: none; text-decoration: none !important;" border="0"><img src="https://legalweb.io/wp-content/uploads/2019/11/banner-1544x500.png" width="560" style="height: auto; display: block !important; width: 100%; max-width: 560px; min-width: 100%;" alt="legal web GmbH" border="0" hspace="0" vspace="0" height="auto"></a></td>
+                                                        <td align="center" valign="top" class="image-full-width" width="560" style="width: 560px; line-height: 0px;"> <a href="https://legalweb.io" style="font-size: inherit; border-style: none; text-decoration: none !important;" border="0"><img src="<?php echo esc_attr(SPDSGVO::pluginURI('images\banner-1544x500.png')); ?>" width="560" style="height: auto; display: block !important; width: 100%; max-width: 560px; min-width: 100%;" alt="legal web GmbH" border="0" hspace="0" vspace="0" height="auto"></a></td>
                                                     </tr><!-- start space -->
                                                     <tr>
@@ -308 +308 @@
                                                 <table width="265" dir="ltr" align="right" border="0" cellpadding="0" cellspacing="0" class="full-width right" style="max-width: 265px; min-width: 100%;" role="presentation">
                                                     <tr>
-                                                        <td align="center" valign="top" class="image-full-width" width="265" style="width: 265px; line-height: 0px;"> <a href="#" style="text-decoration: none !important; font-size: inherit; border-style: none;" border="0"> <img src="https://legalweb.io/wp-content/uploads/2020/02/Datenschutzvereinbarungen-Einstellungen.png" width="265" style="max-width: 265px; height: auto; display: block !important; min-width: 100%;" vspace="0" hspace="0" alt="image2" height="auto"></a> </td>
+                                                        <td align="center" valign="top" class="image-full-width" width="265" style="width: 265px; line-height: 0px;"> <a href="#" style="text-decoration: none !important; font-size: inherit; border-style: none;" border="0"> <img src="<?php echo esc_attr(SPDSGVO::pluginURI('images\Datenschutzvereinbarungen-Einstellungen.png')); ?>" width="265" style="max-width: 265px; height: auto; display: block !important; min-width: 100%;" vspace="0" hspace="0" alt="image2" height="auto"></a> </td>
                                                     </tr>
                                                 </table>