Changeset 3153946

Timestamp:

09/18/2024 12:34:12 PM (19 months ago)

Author:

soulseekah

Message:

0.1.1

Location:

mailbob/trunk

Files:

• languages/mailbob.pot (modified) (5 diffs)
• mailbob.php (modified) (10 diffs)
• readme.txt (modified) (2 diffs)

mailbob/trunk/languages/mailbob.pot

@@ -1 @@
-# Copyright (C) 2024 Mailbob
-# This file is distributed under the same license as the Mailbob plugin.
+# Copyright (C) 2024 Mailbob.io
+# This file is distributed under the GPLv2 or later.
 msgid ""
 msgstr ""
-"Project-Id-Version: Mailbob 0.1.0\n"
+"Project-Id-Version: Mailbob 0.1.1\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/mailbob-wp\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
@@ -10 +10 @@
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2024-06-02T18:20:49+00:00\n"
+"POT-Creation-Date: 2024-09-18T12:27:37+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.8.1\n"
@@ -16 +16 @@
 
 #. Plugin Name of the plugin
-#. Author of the plugin
-#: mailbob.php:44
-#: mailbob.php:45
+#: mailbob.php:46
+#: mailbob.php:47
 msgid "Mailbob"
 msgstr ""
@@ -30 +29 @@
 msgstr ""
 
+#. Author of the plugin
+msgid "Mailbob.io"
+msgstr ""
+
 #. Author URI of the plugin
 msgid "https://mailbob.io"
@@ -90 +93 @@
 msgstr ""
 
-#: mailbob.php:104
+#: mailbob.php:147
 msgid "Settings"
 msgstr ""
 
-#: mailbob.php:160
+#: mailbob.php:203
 msgid "Security check failed. Please try again."
 msgstr ""
 
-#: mailbob.php:164
+#: mailbob.php:209
 msgid "Please enter a valid email address."
 msgstr ""
 
-#: mailbob.php:179
+#: mailbob.php:224
 msgid "Subscription. Please try again."
 msgstr ""
 
-#: mailbob.php:201
+#: mailbob.php:246
 msgid "You do not have permission to do this."
 msgstr ""

mailbob/trunk/mailbob.php

@@ -1 +1 @@
 <?php
 /**
- * Plugin Name:     Mailbob
- * Plugin URI:      https://github.com/mailbob-io/mailbob-wp
- * Description:     Elevate your personal brand with an email newsletter platform that makes sense. Connect your audience or start from scratch, and send your first campaign in seconds.
- * Version:         0.1.0
- * Author:          Mailbob
- * Author URI:      https://mailbob.io
- * Text Domain:     mailbob
- * Domain Path:     /languages
- * Requires PHP:    7.1
- * Requires WP:     5.5.0
- * Namespace:       Mailbob
+ * Plugin Name:       Mailbob
+ * Plugin URI:        https://github.com/mailbob-io/mailbob-wp
+ * Description:       Elevate your personal brand with an email newsletter platform that makes sense. Connect your audience or start from scratch, and send your first campaign in seconds.
+ * Version:           0.1.1
+ * Author:            Mailbob.io
+ * Author URI:        https://mailbob.io
+ * Requires at least: 6.0
+ * Requires PHP:      7.0
+ * License:           GPLv2 or later
+ * License URI:       https://www.gnu.org/licenses/gpl-2.0.html
+ * Text Domain:       mailbob
+ * Domain Path:       /languages
  */
 
@@ -21 +22 @@
     const __DIR__ = __DIR__;
     const __FILE__ = __FILE__;
+    const __VERSION__ = '0.1.1';
 
     const API_BASE = 'https://api.mailbob.io/';
@@ -64 +66 @@
                     'type' => 'array',
                     'sanitize_callback' => function( $input ) {
-                        return $input; // @todo(major): add some sanitization here
+                        $input = array_merge(
+                            get_option( 'mailbob_settings' ),
+                            $input
+                        );
+
+                        // Defaults.
+                        $sanitized_input = [
+                            'floating_widget' => [
+                                'enable' => false,
+                                'primaryColor' => '#198754',
+                                'primaryHoverColor' => '#229861',
+                            ],
+                            'user_id' => null,
+                            'api_key' => null,
+                        ];
+
+                        // Sanitize and validate.
+                        if ( isset( $input['floating_widget']['enable'] ) ) {
+                            $sanitized_input['floating_widget']['enable'] = ( bool )$input['floating_widget']['enable'];
+                        }
+
+                        if ( isset( $input['floating_widget']['primaryColor'] ) ) {
+                            if ( preg_match( '/^#([a-f0-9]{6}|[a-f0-9]{8})$/i', sanitize_text_field( $input['floating_widget']['primaryColor'] ), $matches ) ) {
+                                $sanitized_input['floating_widget']['primaryColor'] = strtolower($matches[0] );
+                            }
+                        }
+
+                        if ( isset( $input['floating_widget']['primaryHoverColor'] ) ) {
+                            if ( preg_match( '/^#([a-f0-9]{6}|[a-f0-9]{8})$/i', sanitize_text_field( $input['floating_widget']['primaryHoverColor'] ), $matches ) ) {
+                                $sanitized_input['floating_widget']['primaryHoverColor'] = strtolower( $matches[0] );
+                            }
+                        }
+
+                        if ( isset( $input['user_id'] ) ) {
+                            $sanitized_input['user_id'] = substr( sanitize_text_field( $input['user_id'] ), 0, 64 );
+                        }
+
+                        if ( isset( $input['api_key'] ) ) {
+                            $sanitized_input['api_key'] = substr( sanitize_text_field( $input['api_key'] ), 0, 64 );
+                        }
+
+                        return $sanitized_input;
                     },
                 ]
@@ -85 +128 @@
             $options = get_option( 'mailbob_settings' );
 
-            wp_add_inline_script( 'mailbob-block-subscription-editor-script', 'window.Mailbob = ' . json_encode( [
+            wp_add_inline_script( 'mailbob-block-subscription-editor-script', 'window.Mailbob = ' . wp_json_encode( [
                 'rootUrl' => plugins_url( '/', __FILE__ ),
                 'settingsUrl' => admin_url( 'admin.php?page=mailbob' ),
@@ -117 +160 @@
          */
         add_action( 'wp_enqueue_scripts', function() {
-            wp_register_script( 'mailbob-embed-js', 'https://mailbob.io/static/embed.js', [], 1, true );
+            wp_register_script( 'mailbob-embed-js', 'https://mailbob.io/static/embed.js', [], self::__VERSION__, true );
         } );
 
@@ -136 +179 @@
             wp_enqueue_script( 'mailbob-embed-js' );
 
-            ?>
-            <script>
-                window.mbConfig = window.mbConfig || [];
-
-                function mailbob() {
-                    mbConfig.push(arguments);
-                }
-
-                mailbob('colors', {
-                    primary: '<?php echo esc_attr( $options['floating_widget']['primaryColor'] ?? '#198754' ); ?>',
-                    primaryHover: '<?php echo esc_attr( $options['floating_widget']['primaryHoverColor'] ?? '#229861' ); ?>'
-                });
-                mailbob('uid', '<?php echo esc_attr( $options['user_id'] ); ?>');
-            </script>
-            <?php
+            $mbConfigJsSafe = wp_json_encode( [
+                'colors' => [
+                    'primary' => $options['floating_widget']['primaryColor'] ?? '#198754',
+                    'primaryHover' => $options['floating_widget']['primaryHoverColor'] ?? '#229861',
+                ],
+                'uid' => $options['user_id'],
+            ] );
+
+            wp_add_inline_script(
+                'mailbob-embed-js',
+                "mbConfig.push(['colors', ($mbConfigJsSafe).colors]);" .
+                "mbConfig.push(['uid', ($mbConfigJsSafe).uid]);"
+            );
         } );
 
@@ -157 +198 @@
          */
         add_action( 'wp_ajax_mailbob_block_subscribe', $callback = static function() {
-            if ( ! wp_verify_nonce( $_REQUEST['nonce'] ?? '', 'mailbob_nonce' ) ) {
+            $sanitized_nonce = sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ?? '' ) );
+
+            if ( ! wp_verify_nonce( $sanitized_nonce, 'mailbob_nonce' ) ) {
                 wp_send_json_error( [ 'message' => esc_html__( 'Security check failed. Please try again.', 'mailbob' ) ], 401 );
             }
 
-            if ( ! is_email( $_REQUEST['email'] ?? '' ) ) {
+            $sanitized_email = sanitize_text_field( $_REQUEST['email'] ?? '' );
+
+            if ( ! is_email( $sanitized_email ) ) {
                 wp_send_json_error( [ 'message' => esc_html__( 'Please enter a valid email address.', 'mailbob' ) ], 400 );
             }
@@ -172 +217 @@
                         'Authorization' => sprintf( 'Bearer %s:%s', $options['user_id'] ?? '', $options['api_key'] ?? '' ),
                     ),
-                    'body' => wp_json_encode( [ 'email' => $_REQUEST['email'] ?? '' ] ),
+                    'body' => wp_json_encode( [ 'email' => $sanitized_email ] ),
                     'data_format' => 'body',
             ] );
@@ -202 +247 @@
         }
 
-        switch ( $_REQUEST['action'] ?? '' ):
+        switch ( sanitize_text_field( $_REQUEST['action'] ?? '' ) ):
             case 'mailbob_connect':
-                $nonce = $_REQUEST['_wpnonce_mailbob_connect'] ?? '';
-                if ( ! wp_verify_nonce( $nonce, 'mailbob_connect' ) ) {
+                $sanitized_nonce = sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce_mailbob_connect'] ?? '' ) );
+
+                if ( ! wp_verify_nonce( $sanitized_nonce, 'mailbob_connect' ) ) {
                     wp_safe_redirect( admin_url( 'admin.php?page=mailbob&e=NONCE' ) );
                     exit;
@@ -246 +292 @@
 
             case 'mailbob_connect_return':
-                $nonce = $_REQUEST['_wpnonce_mailbob_connect_return'] ?? '';
-                if ( ! wp_verify_nonce( $nonce, 'mailbob_connect_return' ) ) {
+                $sanitized_nonce = sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce_mailbob_connect_return'] ?? '' ) );
+
+                if ( ! wp_verify_nonce( $sanitized_nonce, 'mailbob_connect_return' ) ) {
                     wp_safe_redirect( admin_url( 'admin.php?page=mailbob&e=NONCE' ) );
                     exit;
                 }
 
-                $user_id = $_REQUEST['mailbob_user_id'] ?? null;
-                $api_key = $_REQUEST['mailbob_api_key'] ?? null;
-
-                if ( ! $user_id || ! $api_key ) {
+                $sanitized_user_id = sanitize_text_field( $_REQUEST['mailbob_user_id'] ?? '' );
+                $sanitized_api_key = sanitize_text_field( $_REQUEST['mailbob_api_key'] ?? '' );
+
+                if ( ! $sanitized_user_id || ! $sanitized_api_key ) {
                     wp_safe_redirect( admin_url( 'admin.php?page=mailbob&e=MISSING' ) );
                     exit;
                 }
 
-                // @todo(major): verify the keys, and not just here
+                // @todo(major): verify the keys against the API, and not just here
 
                 $options = get_option( 'mailbob_settings' );
 
-                $options['user_id'] = $user_id;
-                $options['api_key'] = $api_key;
+                $options['user_id'] = $sanitized_user_id;
+                $options['api_key'] = $sanitized_api_key;
 
                 update_option( 'mailbob_settings', $options );

mailbob/trunk/readme.txt

@@ -1 +1 @@
 === Mailbob ===
+
+Stable tag:        0.1.1
 Contributors:      Kafleg, soulseekah, kovshenin, mailbob
 Tags:              blocks, editor, gutenberg, gutenberg blocks, Mailbob, subscription, newsletter
-Tested up to:      6.1
-Stable tag:        0.1.0
-Requires PHP: 7.0
-License:           GPL-2.0-or-later
+Requires at least: 6.1
+Tested up to:      6.6
+Requires PHP:      7.0
+License:           GPLv2 or later
 License URI:       https://www.gnu.org/licenses/gpl-2.0.html
+
 This plugin adds Block Editor blocks and a floating subscription widget for Mailbob.io
 
@@ -16 +19 @@
 
 The plugin source code is available at https://github.com/mailbob-io/mailbob-wp
+
+=== External service disclosure ===
+
+This official Mailbob.io integration plugin relies the following external URIs for proper operation:
+
+ - https://mailbob.io/connect/ to authenticate your Mailbob.io account, we store your WordPress website domain and your Mailbob.io account
+ - https://api.mailbob.io/subscribe/ to initiate your users' subscribption to your newsletter (double opt-in is required), the email address and the API key is sent
+ - https://mailbob.io/static/embed.js to embed the floating subscription widget on any website, be it WordPress or not
+
+When requesting these resources the following information will be logged: IP address, browser User-Agent, the time the request was made.
+
+API reference: https://mailbob-docs.notion.site/API-Reference-f647d36f0bc14d1cb07ab75dab50aa4d
+Privacy policy: https://mailbob.io/privacy/