Changeset 3228041 for gdpr-cookie-compliance

Timestamp:

01/24/2025 01:02:16 PM (14 months ago)

Author:

MooveAgency

Message:

Version 4.15.7 released

Location:

gdpr-cookie-compliance

Files:

• tags/4.15.7 (added)
• tags/4.15.7/assets (added)
• tags/4.15.7/assets/fonts (added)
• tags/4.15.7/assets/fonts/.gitkeep (added)
• tags/4.15.7/assets/fonts/nunito-v8-latin-700.eot (added)
• tags/4.15.7/assets/fonts/nunito-v8-latin-700.svg (added)
• tags/4.15.7/assets/fonts/nunito-v8-latin-700.ttf (added)
• tags/4.15.7/assets/fonts/nunito-v8-latin-700.woff (added)
• tags/4.15.7/assets/fonts/nunito-v8-latin-700.woff2 (added)
• tags/4.15.7/assets/fonts/nunito-v8-latin-regular.eot (added)
• tags/4.15.7/assets/fonts/nunito-v8-latin-regular.svg (added)
• tags/4.15.7/assets/fonts/nunito-v8-latin-regular.ttf (added)
• tags/4.15.7/assets/fonts/nunito-v8-latin-regular.woff (added)
• tags/4.15.7/assets/fonts/nunito-v8-latin-regular.woff2 (added)
• tags/4.15.7/assets/images (added)
• tags/4.15.7/assets/images/.gitkeep (added)
• tags/4.15.7/assets/images/gdpr-cookie-compliance-icon.png (added)
• tags/4.15.7/assets/images/gdpr-icon.png (added)
• tags/4.15.7/assets/images/gdpr-logo.png (added)
• tags/4.15.7/assets/images/moove-gdpr-inputs.png (added)
• tags/4.15.7/assets/images/moove_logo_br.png (added)
• tags/4.15.7/assets/images/uat-promo-wp.png (added)
• tags/4.15.7/assets/manifest.json (added)
• tags/4.15.7/assets/scripts (added)
• tags/4.15.7/assets/scripts/.eslintrc.js (added)
• tags/4.15.7/assets/scripts/admin.js (added)
• tags/4.15.7/assets/scripts/codemirror.js (added)
• tags/4.15.7/assets/scripts/colorpicker.js (added)
• tags/4.15.7/assets/scripts/gdpr_lightbox.js (added)
• tags/4.15.7/assets/scripts/main.js (added)
• tags/4.15.7/assets/styles (added)
• tags/4.15.7/assets/styles/admin.scss (added)
• tags/4.15.7/assets/styles/back-end (added)
• tags/4.15.7/assets/styles/back-end/_codemirror.scss (added)
• tags/4.15.7/assets/styles/back-end/_global.scss (added)
• tags/4.15.7/assets/styles/custom-editor-style.scss (added)
• tags/4.15.7/assets/styles/frontend (added)
• tags/4.15.7/assets/styles/frontend/main-nf.scss (added)
• tags/4.15.7/assets/styles/frontend/main.scss (added)
• tags/4.15.7/assets/styles/main-nf.scss (added)
• tags/4.15.7/assets/styles/main.scss (added)
• tags/4.15.7/assets/styles/modules (added)
• tags/4.15.7/assets/styles/modules/_fonts.scss (added)
• tags/4.15.7/assets/styles/modules/_gdpr_lightbox.scss (added)
• tags/4.15.7/assets/styles/modules/_global.scss (added)
• tags/4.15.7/bower.json (added)
• tags/4.15.7/class-gdpr-modules-view.php (added)
• tags/4.15.7/class-gdpr-modules.php (added)
• tags/4.15.7/class-gdpr-view.php (added)
• tags/4.15.7/class-moove-gdpr-actions.php (added)
• tags/4.15.7/class-moove-gdpr-content.php (added)
• tags/4.15.7/class-moove-gdpr-options.php (added)
• tags/4.15.7/controllers (added)
• tags/4.15.7/controllers/class-moove-gdpr-controller.php (added)
• tags/4.15.7/controllers/class-moove-gdpr-db-controller.php (added)
• tags/4.15.7/controllers/class-moove-gdpr-license-manager.php (added)
• tags/4.15.7/controllers/class-moove-gdpr-review.php (added)
• tags/4.15.7/dist (added)
• tags/4.15.7/dist/fonts (added)
• tags/4.15.7/dist/fonts/nunito-v8-latin-700.eot (added)
• tags/4.15.7/dist/fonts/nunito-v8-latin-700.svg (added)
• tags/4.15.7/dist/fonts/nunito-v8-latin-700.ttf (added)
• tags/4.15.7/dist/fonts/nunito-v8-latin-700.woff (added)
• tags/4.15.7/dist/fonts/nunito-v8-latin-700.woff2 (added)
• tags/4.15.7/dist/fonts/nunito-v8-latin-regular.eot (added)
• tags/4.15.7/dist/fonts/nunito-v8-latin-regular.svg (added)
• tags/4.15.7/dist/fonts/nunito-v8-latin-regular.ttf (added)
• tags/4.15.7/dist/fonts/nunito-v8-latin-regular.woff (added)
• tags/4.15.7/dist/fonts/nunito-v8-latin-regular.woff2 (added)
• tags/4.15.7/dist/images (added)
• tags/4.15.7/dist/images/gdpr-cookie-compliance-icon.png (added)
• tags/4.15.7/dist/images/gdpr-icon.png (added)
• tags/4.15.7/dist/images/gdpr-logo.png (added)
• tags/4.15.7/dist/images/moove-gdpr-inputs.png (added)
• tags/4.15.7/dist/images/moove_logo_br.png (added)
• tags/4.15.7/dist/images/uat-promo-wp.png (added)
• tags/4.15.7/dist/scripts (added)
• tags/4.15.7/dist/scripts/admin.js (added)
• tags/4.15.7/dist/scripts/codemirror.js (added)
• tags/4.15.7/dist/scripts/colorpicker.js (added)
• tags/4.15.7/dist/scripts/main.js (added)
• tags/4.15.7/dist/styles (added)
• tags/4.15.7/dist/styles/admin.css (added)
• tags/4.15.7/dist/styles/custom-editor-style.css (added)
• tags/4.15.7/dist/styles/gdpr-main-nf.css (added)
• tags/4.15.7/dist/styles/gdpr-main.css (added)
• tags/4.15.7/gdpr-functions.php (added)
• tags/4.15.7/gdpr-modules (added)
• tags/4.15.7/gdpr-modules/branding-styles.php (added)
• tags/4.15.7/gdpr-modules/infobar (added)
• tags/4.15.7/gdpr-modules/infobar/floating-button.php (added)
• tags/4.15.7/gdpr-modules/infobar/infobar-base.php (added)
• tags/4.15.7/gdpr-modules/infobar/infobar-buttons.php (added)
• tags/4.15.7/gdpr-modules/infobar/infobar-content.php (added)
• tags/4.15.7/gdpr-modules/modal (added)
• tags/4.15.7/gdpr-modules/modal/company-logo.php (added)
• tags/4.15.7/gdpr-modules/modal/content-sections (added)
• tags/4.15.7/gdpr-modules/modal/content-sections/advanced.php (added)
• tags/4.15.7/gdpr-modules/modal/content-sections/cookiepolicy.php (added)
• tags/4.15.7/gdpr-modules/modal/content-sections/overview.php (added)
• tags/4.15.7/gdpr-modules/modal/content-sections/strictly.php (added)
• tags/4.15.7/gdpr-modules/modal/content-sections/third_party.php (added)
• tags/4.15.7/gdpr-modules/modal/gdpr-branding.php (added)
• tags/4.15.7/gdpr-modules/modal/modal-base-onepage.php (added)
• tags/4.15.7/gdpr-modules/modal/modal-base-tabs.php (added)
• tags/4.15.7/gdpr-modules/modal/tab-footer-buttons.php (added)
• tags/4.15.7/gdpr-modules/modal/tab-navigation.php (added)
• tags/4.15.7/gulpfile.js (added)
• tags/4.15.7/languages (added)
• tags/4.15.7/languages/gdpr-cookie-compliance.pot (added)
• tags/4.15.7/moove-gdpr.php (added)
• tags/4.15.7/package.json (added)
• tags/4.15.7/readme.txt (added)
• tags/4.15.7/views (added)
• tags/4.15.7/views/moove (added)
• tags/4.15.7/views/moove/admin (added)
• tags/4.15.7/views/moove/admin/settings (added)
• tags/4.15.7/views/moove/admin/settings/accept-on-scroll.php (added)
• tags/4.15.7/views/moove/admin/settings/advanced-cookies.php (added)
• tags/4.15.7/views/moove/admin/settings/banner-settings.php (added)
• tags/4.15.7/views/moove/admin/settings/branding.php (added)
• tags/4.15.7/views/moove/admin/settings/consent-log.php (added)
• tags/4.15.7/views/moove/admin/settings/cookie-banner-manager.php (added)
• tags/4.15.7/views/moove/admin/settings/cookie-declaration.php (added)
• tags/4.15.7/views/moove/admin/settings/cookie-policy.php (added)
• tags/4.15.7/views/moove/admin/settings/export-import.php (added)
• tags/4.15.7/views/moove/admin/settings/floating-button.php (added)
• tags/4.15.7/views/moove/admin/settings/full-screen-mode.php (added)
• tags/4.15.7/views/moove/admin/settings/general-settings.php (added)
• tags/4.15.7/views/moove/admin/settings/geo-location.php (added)
• tags/4.15.7/views/moove/admin/settings/help.php (added)
• tags/4.15.7/views/moove/admin/settings/iframe-blocker.php (added)
• tags/4.15.7/views/moove/admin/settings/integrations.php (added)
• tags/4.15.7/views/moove/admin/settings/licence.php (added)
• tags/4.15.7/views/moove/admin/settings/multisite-settings.php (added)
• tags/4.15.7/views/moove/admin/settings/plugin-boxes.php (added)
• tags/4.15.7/views/moove/admin/settings/privacy-overview.php (added)
• tags/4.15.7/views/moove/admin/settings/renew-consent.php (added)
• tags/4.15.7/views/moove/admin/settings/screen-settings.php (added)
• tags/4.15.7/views/moove/admin/settings/settings-page.php (added)
• tags/4.15.7/views/moove/admin/settings/stats.php (added)
• tags/4.15.7/views/moove/admin/settings/strictly-necessary-cookies.php (added)
• tags/4.15.7/views/moove/admin/settings/support.php (added)
• tags/4.15.7/views/moove/admin/settings/third-party-cookies.php (added)
• tags/4.15.7/views/moove/admin/settings/video-tutorial.php (added)
• trunk/class-gdpr-modules.php (modified) (13 diffs)
• trunk/gdpr-modules/infobar/floating-button.php (modified) (2 diffs)
• trunk/gdpr-modules/infobar/infobar-base.php (modified) (1 diff)
• trunk/gdpr-modules/infobar/infobar-buttons.php (modified) (1 diff)
• trunk/gdpr-modules/modal/company-logo.php (modified) (1 diff)
• trunk/gdpr-modules/modal/content-sections/advanced.php (modified) (2 diffs)
• trunk/gdpr-modules/modal/content-sections/cookiepolicy.php (modified) (1 diff)
• trunk/gdpr-modules/modal/content-sections/overview.php (modified) (1 diff)
• trunk/gdpr-modules/modal/content-sections/strictly.php (modified) (2 diffs)
• trunk/gdpr-modules/modal/content-sections/third_party.php (modified) (2 diffs)
• trunk/gdpr-modules/modal/modal-base-onepage.php (modified) (1 diff)
• trunk/gdpr-modules/modal/modal-base-tabs.php (modified) (1 diff)
• trunk/moove-gdpr.php (modified) (2 diffs)
• trunk/readme.txt (modified) (2 diffs)
• trunk/views/moove/admin/settings/banner-settings.php (modified) (2 diffs)
• trunk/views/moove/admin/settings/branding.php (modified) (1 diff)
• trunk/views/moove/admin/settings/cookie-policy.php (modified) (1 diff)
• trunk/views/moove/admin/settings/privacy-overview.php (modified) (1 diff)

gdpr-cookie-compliance/trunk/class-gdpr-modules.php

@@ -80 +80 @@
 
         $data->label = ( isset( $modal_options[ 'moove_gdpr_floating_button_label' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_floating_button_label' . $wpml_lang ] ) ? $modal_options[ 'moove_gdpr_floating_button_label' . $wpml_lang ] : __( 'Change cookie settings', 'gdpr-cookie-compliance' );
+        $data->label = esc_attr( $data->label );
         return $view_controller->load( 'infobar.floating-button', $data );
     }
@@ -92 +93 @@
         $layout              = isset( $modal_options['moove_gdpr_plugin_layout'] ) ? $modal_options['moove_gdpr_plugin_layout'] : 'v1';
         $tab_title           = isset( $modal_options[ 'moove_gdpr_privacy_overview_tab_title' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_privacy_overview_tab_title' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_privacy_overview_tab_title' . $wpml_lang ] : __( 'Privacy Overview', 'gdpr-cookie-compliance' );
+        $tab_title                   = esc_attr( $tab_title );
         $data                = new stdClass();
         $data->logo_position = apply_filters( 'gdpr_logo_position', 'left' );
@@ -157 +159 @@
 
         $content            = isset( $modal_options[ 'moove_gdpr_info_bar_content' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_info_bar_content' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_info_bar_content' . $wpml_lang ] : $_content;
+
+        $content                        = wp_kses_post( $content );
+
         $tabindex                   = apply_filters('gdpr_tabindex_attribute', '', '0' );
         $content            = str_replace( '[setting]', '<button ' . $tabindex . ' data-href="#moove_gdpr_cookie_modal" class="change-settings-button">', $content );
@@ -177 +182 @@
         $data->has_accept       = $has_accept;
         $data->button_label     = isset( $modal_options[ 'moove_gdpr_infobar_accept_button_label' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_infobar_accept_button_label' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_infobar_accept_button_label' . $wpml_lang ] : __( 'Accept', 'gdpr-cookie-compliance' );
+        $data->button_label     = esc_attr( $data->button_label );
         $buttons_order  = isset( $modal_options['gdpr_bs_buttons_order'] ) ? json_decode( $modal_options['gdpr_bs_buttons_order'], true ) : array('accept', 'reject', 'settings', 'close');
         $data->accept_order     = in_array( 'accept', $buttons_order ) ? array_search( 'accept', $buttons_order ) : 'auto';
@@ -197 +203 @@
         $logo_details           = gdpr_get_logo_details( $data->logo_url, $modal_options );
         $data->logo_alt         = gdpr_get_logo_alt( $data->logo_url, $modal_options );
-        $data->logo_width   = isset( $logo_details['width'] ) ? $logo_details['width'] : false;
-        $data->logo_height  = isset( $logo_details['height'] ) ? $logo_details['height'] : false;
-        $data->logo_url         = isset( $logo_details['logo_url'] ) ? $logo_details['logo_url'] : $data->logo_url;
+        $data->logo_width   = isset( $logo_details['width'] ) ? esc_attr( $logo_details['width'] ) : false;
+        $data->logo_height  = isset( $logo_details['height'] ) ? esc_attr( $logo_details['height'] ) : false;
+        $data->logo_url         = isset( $logo_details['logo_url'] ) ? esc_attr( $logo_details['logo_url'] ) : esc_attr( $data->logo_url );
         $data->logo_url         = apply_filters( 'gdpr_cc_modal_logo_url', $data->logo_url );
         return $view_controller->load( 'modal.company-logo', $data );
@@ -230 +236 @@
         $layout               = isset( $modal_options['moove_gdpr_plugin_layout'] ) ? $modal_options['moove_gdpr_plugin_layout'] : 'v1';
         $tab_title            = isset( $modal_options[ 'moove_gdpr_privacy_overview_tab_title' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_privacy_overview_tab_title' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_privacy_overview_tab_title' . $wpml_lang ] : __( 'Privacy Overview', 'gdpr-cookie-compliance' );
+        $tab_title                      = esc_attr( $tab_title ); 
         $tab_content          = isset( $modal_options[ 'moove_gdpr_privacy_overview_tab_content' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_privacy_overview_tab_content' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_privacy_overview_tab_content' . $wpml_lang ] : $gdpr_default_content->moove_gdpr_get_privacy_overview_content();
+
         $data                 = new stdClass();
         $data->options        = $modal_options;
         $data->wpml_lang      = $wpml_lang;
         $data->tab_title      = 'v1' === $layout ? $tab_title : false;
-        $data->tab_content    = wpautop( $tab_content );
+        $data->tab_content    = wp_kses_post ( wpautop( $tab_content ) );
         $data->visibility     = 'v1' === $layout ? 'style="display:none"' : '';
 
@@ -258 +266 @@
         $data->options                = $modal_options;
         $data->wpml_lang              = $wpml_lang;
-        $data->tab_title              = $tab_title;
-        $data->tab_content            = wpautop( $tab_content );
+        $data->tab_title              = esc_attr( $tab_title );
+        $data->tab_content            = wp_kses_post( wpautop( $tab_content ) );
         $data->show                   = 3 !== $strictly;
         $data->is_checked             = 1 !== $strictly ? 'disabled checked="checked" ' : '';
         $data->text_enable            = isset( $modal_options[ 'moove_gdpr_modal_enabled_checkbox_label' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_modal_enabled_checkbox_label' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_modal_enabled_checkbox_label' . $wpml_lang ] : __( 'Enabled', 'gdpr-cookie-compliance' );
         $data->text_disable           = isset( $modal_options[ 'moove_gdpr_modal_disabled_checkbox_label' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_modal_disabled_checkbox_label' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_modal_disabled_checkbox_label' . $wpml_lang ] : __( 'Disabled', 'gdpr-cookie-compliance' );
-        $data->warning_message_top    = 'v2' === $layout && 1 === $strictly ? wpautop( $warning_msg ) : false;
-        $data->warning_message_bottom = 'v1' === $layout ? wpautop( $warning_msg ) : false;
+        $data->warning_message_top    = 'v2' === $layout && 1 === $strictly ? wp_kses_post( wpautop( $warning_msg ) ) : false;
+        $data->warning_message_bottom = 'v1' === $layout ? wp_kses_post( wpautop( $warning_msg ) ) : false;
         $data->checkbox_state         = 1 !== $strictly ? 'gdpr-checkbox-disabled checkbox-selected' : '';
         $data->visibility             = 'v1' === $layout ? 'style="display:none"' : '';
@@ -287 +295 @@
         $data->options         = $modal_options;
         $data->wpml_lang       = $wpml_lang;
-        $data->tab_title       = $tab_title;
-        $data->tab_content     = wpautop( $tab_content );
+        $data->tab_title       = esc_attr( $tab_title );
+        $data->tab_content     = wp_kses_post( wpautop( $tab_content ) );
         $data->show            = isset( $modal_options['moove_gdpr_advanced_cookies_enable'] ) && 1 === intval( $modal_options['moove_gdpr_advanced_cookies_enable'] ) ? true : false;
         $data->is_checked      = 1 !== $strictly ? '' : 'disabled';
         $data->fieldset        = 1 !== $strictly ? 'fl-strenabled' : 'fl-disabled';
         $data->text_enable     = isset( $modal_options[ 'moove_gdpr_modal_enabled_checkbox_label' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_modal_enabled_checkbox_label' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_modal_enabled_checkbox_label' . $wpml_lang ] : __( 'Enabled', 'gdpr-cookie-compliance' );
+        $data->text_enable       = esc_attr( $data->text_enable );
         $data->text_disable    = isset( $modal_options[ 'moove_gdpr_modal_disabled_checkbox_label' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_modal_disabled_checkbox_label' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_modal_disabled_checkbox_label' . $wpml_lang ] : __( 'Disabled', 'gdpr-cookie-compliance' );
+        $data->text_disable      = esc_attr( $data->text_disable );
         $data->warning_message = isset( $modal_options[ 'moove_gdpr_modal_strictly_secondary_notice' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_modal_strictly_secondary_notice' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_modal_strictly_secondary_notice' . $wpml_lang ] : $gdpr_default_content->moove_gdpr_get_secondary_notice();
-        $data->warning_message = wpautop( $data->warning_message );
+        $data->warning_message = wp_kses_post( wpautop( $data->warning_message ) );
         $data->visibility      = 'v1' === $layout ? 'style="display:none"' : '';
         return $view_controller->load( 'modal.content-sections.advanced', $data );
@@ -315 +325 @@
         $data->options         = $modal_options;
         $data->wpml_lang       = $wpml_lang;
-        $data->tab_title       = $tab_title;
+        $data->tab_title       = esc_attr( $tab_title );
         $data->tab_content     = wpautop( $tab_content );
         $data->show            = isset( $modal_options['moove_gdpr_third_party_cookies_enable'] ) && 1 === intval( $modal_options['moove_gdpr_third_party_cookies_enable'] ) ? true : false;
@@ -321 +331 @@
         $data->fieldset        = 1 !== $strictly ? 'fl-strenabled' : 'fl-disabled';
         $data->text_enable     = isset( $modal_options[ 'moove_gdpr_modal_enabled_checkbox_label' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_modal_enabled_checkbox_label' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_modal_enabled_checkbox_label' . $wpml_lang ] : __( 'Enabled', 'gdpr-cookie-compliance' );
+        $data->text_enable     = esc_attr( $data->text_enable );
         $data->text_disable    = isset( $modal_options[ 'moove_gdpr_modal_disabled_checkbox_label' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_modal_disabled_checkbox_label' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_modal_disabled_checkbox_label' . $wpml_lang ] : __( 'Disabled', 'gdpr-cookie-compliance' );
+        $data->text_disable      = esc_attr( $data->text_disable );
         $data->warning_message = isset( $modal_options[ 'moove_gdpr_modal_strictly_secondary_notice' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_modal_strictly_secondary_notice' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_modal_strictly_secondary_notice' . $wpml_lang ] : $gdpr_default_content->moove_gdpr_get_secondary_notice();
-        $data->warning_message = wpautop( $data->warning_message );
+        $data->warning_message = wp_kses_post( wpautop( $data->warning_message ) );
         $data->visibility      = 'v1' === $layout ? 'style="display:none"' : '';
         return $view_controller->load( 'modal.content-sections.third_party', $data );
@@ -371 +383 @@
         $data->options        = $modal_options;
         $data->wpml_lang      = $wpml_lang;
-        $data->tab_title      = $tab_title;
-        $data->tab_content    = wpautop( $tab_content );
+        $data->tab_title      = esc_attr( $tab_title );
+        $data->tab_content    = wp_kses_post( wpautop( $tab_content ) );
         $data->show           = isset( $modal_options['moove_gdpr_cookie_policy_enable'] ) && 1 === intval( $modal_options['moove_gdpr_cookie_policy_enable'] ) ? true : false;
         $data->visibility     = 'v1' === $layout ? 'style="display:none"' : '';
@@ -388 +400 @@
         $data->settings_v       = isset( $modal_options['moove_gdpr_save_settings_button_enable'] ) ? ( intval( $modal_options['moove_gdpr_save_settings_button_enable'] ) === 1 ? true : ( ! isset( $modal_options['moove_gdpr_save_settings_button_enable'] ) ? true : false ) ) : true;
         $data->settings_label = isset( $modal_options[ 'moove_gdpr_modal_save_button_label' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_modal_save_button_label' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_modal_save_button_label' . $wpml_lang ] : __( 'Save Settings', 'gdpr-cookie-compliance' );
-        
+        $data->settings_label = esc_attr( $data->settings_label );
+
         $data->allow_v              = isset( $modal_options['moove_gdpr_enable_all_button_enable'] ) ? ( intval( $modal_options['moove_gdpr_enable_all_button_enable'] ) === 1 ? true : ( ! isset( $modal_options['moove_gdpr_enable_all_button_enable'] ) ? true : false ) ) : true;
         $data->allow_label    = isset( $modal_options[ 'moove_gdpr_modal_allow_button_label' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_modal_allow_button_label' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_modal_allow_button_label' . $wpml_lang ] : __( 'Enable All', 'gdpr-cookie-compliance' );
+        $data->allow_label      = esc_attr( $data->allow_label );
 
         $data->reject_v             = isset( $modal_options['moove_gdpr_reject_all_button_enable'] ) ? ( intval( $modal_options['moove_gdpr_reject_all_button_enable'] ) === 1 ? true : ( ! isset( $modal_options['moove_gdpr_reject_all_button_enable'] ) ? false : false ) ) : false;
         $data->reject_label     = isset( $modal_options[ 'moove_gdpr_modal_reject_button_label' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_modal_reject_button_label' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_modal_reject_button_label' . $wpml_lang ] : __( 'Reject All', 'gdpr-cookie-compliance' );
+        $data->reject_label     = esc_attr( $data->reject_label );
+
         $data->buttons_order    = isset( $modal_options['gdpr_gs_buttons_order'] ) ? json_decode( $modal_options['gdpr_gs_buttons_order'], true ) : array( 'enable', 'reject', 'save', 'close' );
 
@@ -416 +432 @@
         // OVERVIEW.
         $data->overview->nav_label = isset( $modal_options[ 'moove_gdpr_privacy_overview_tab_title' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_privacy_overview_tab_title' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_privacy_overview_tab_title' . $wpml_lang ] : __( 'Privacy Overview', 'gdpr-cookie-compliance' );
+        $data->overview->nav_label = esc_attr( $data->overview->nav_label );
 
         // STRICTLY.
         $data->strictly->show      = 3 !== $strictly;
         $data->strictly->nav_label = isset( $modal_options[ 'moove_gdpr_strictly_necessary_cookies_tab_title' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_strictly_necessary_cookies_tab_title' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_strictly_necessary_cookies_tab_title' . $wpml_lang ] : __( 'Strictly Necessary Cookies', 'gdpr-cookie-compliance' );
+        $data->strictly->nav_label = esc_attr( $data->strictly->nav_label );
 
         // THIRD PARTY.
         $data->third_party->show      = isset( $modal_options['moove_gdpr_third_party_cookies_enable'] ) && 1 === intval( $modal_options['moove_gdpr_third_party_cookies_enable'] ) ? true : false;
         $data->third_party->nav_label = isset( $modal_options[ 'moove_gdpr_performance_cookies_tab_title' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_performance_cookies_tab_title' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_performance_cookies_tab_title' . $wpml_lang ] : __( '3rd Party Cookies', 'gdpr-cookie-compliance' );
+        $data->third_party->nav_label = esc_attr( $data->third_party->nav_label );
 
         // ADVANCED.
         $data->advanced->show      = isset( $modal_options['moove_gdpr_advanced_cookies_enable'] ) && 1 === intval( $modal_options['moove_gdpr_advanced_cookies_enable'] ) ? true : false;
         $data->advanced->nav_label = isset( $modal_options[ 'moove_gdpr_advanced_cookies_tab_title' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_advanced_cookies_tab_title' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_advanced_cookies_tab_title' . $wpml_lang ] : __( 'Additional Cookies', 'gdpr-cookie-compliance' );
+        $data->advanced->nav_label = esc_attr( $data->advanced->nav_label );
 
         // COOKIEPOLICY.
         $data->cookiepolicy->show      = isset( $modal_options['moove_gdpr_cookie_policy_enable'] ) && 1 === intval( $modal_options['moove_gdpr_cookie_policy_enable'] ) ? true : false;
         $data->cookiepolicy->nav_label = isset( $modal_options[ 'moove_gdpr_cookie_policy_tab_nav_label' . $wpml_lang ] ) && $modal_options[ 'moove_gdpr_cookie_policy_tab_nav_label' . $wpml_lang ] ? $modal_options[ 'moove_gdpr_cookie_policy_tab_nav_label' . $wpml_lang ] : __( 'Cookie Policy', 'gdpr-cookie-compliance' );
+        $data->cookiepolicy->nav_label = esc_attr( $data->cookiepolicy->nav_label );
 
         return $view_controller->load( 'modal.tab-navigation', $data );

gdpr-cookie-compliance/trunk/gdpr-modules/infobar/floating-button.php

@@ -7 +7 @@
 <?php if ( $content->is_enabled ) : ?>
   <!--copyscapeskip-->
-  <button data-href="#moove_gdpr_cookie_modal" <?php echo apply_filters('gdpr_tabindex_attribute', '', 1 ); ?> id="moove_gdpr_save_popup_settings_button" style='<?php echo $content->styles; ?>' class="<?php echo $content->class; ?>" aria-label="<?php echo $content->label; ?>">
+  <button data-href="#moove_gdpr_cookie_modal" <?php echo apply_filters('gdpr_tabindex_attribute', '', 1 ); ?> id="moove_gdpr_save_popup_settings_button" style='<?php echo $content->styles; ?>' class="<?php echo esc_attr( $content->class ); ?>" aria-label="<?php echo esc_attr( $content->label ); ?>">
     <span class="moove_gdpr_icon">
       <svg viewBox="0 0 512 512" xmlns="http://www.w3.org/2000/svg" style="max-width: 30px; max-height: 30px;">
@@ -17 +17 @@
     </span>
 
-    <span class="moove_gdpr_text"><?php echo $content->label; ?></span>
+    <span class="moove_gdpr_text"><?php echo esc_attr( $content->label ); ?></span>
   </button>
   <!--/copyscapeskip-->

gdpr-cookie-compliance/trunk/gdpr-modules/infobar/infobar-base.php

@@ -8 +8 @@
 if ( $content->show ) : ?>
   <!--copyscapeskip-->
-  <aside id="moove_gdpr_cookie_info_bar" class="<?php echo $content->class; ?>" aria-label="<?php esc_html_e('GDPR Cookie Banner', 'gdpr-cookie-compliance'); ?>" style="display: none;">
+  <aside id="moove_gdpr_cookie_info_bar" class="<?php echo esc_attr( $content->class ); ?>" aria-label="<?php esc_html_e('GDPR Cookie Banner', 'gdpr-cookie-compliance'); ?>" style="display: none;">
     <div class="moove-gdpr-info-bar-container">
       <div class="moove-gdpr-info-bar-content">

gdpr-cookie-compliance/trunk/gdpr-modules/infobar/infobar-buttons.php

@@ -7 +7 @@
 <div class="moove-gdpr-button-holder">
     <?php if ( isset( $content->has_accept ) && $content->has_accept ) : ?>
-      <button class="mgbutton moove-gdpr-infobar-allow-all <?php echo isset( $content->accept_order ) ? 'gdpr-fbo-' . $content->accept_order : ''; ?>" aria-label="<?php echo $content->button_label; ?>" <?php echo apply_filters('gdpr_tabindex_attribute', '', 1 ); ?>><?php echo $content->button_label; ?></button>
+      <button class="mgbutton moove-gdpr-infobar-allow-all <?php echo isset( $content->accept_order ) ? 'gdpr-fbo-' . $content->accept_order : ''; ?>" aria-label="<?php echo esc_attr( $content->button_label ); ?>" <?php echo apply_filters('gdpr_tabindex_attribute', '', 1 ); ?>><?php echo esc_attr( $content->button_label ); ?></button>
     <?php endif; ?>
   <?php do_action( 'gdpr_info_bar_button_extensions' ); ?>

gdpr-cookie-compliance/trunk/gdpr-modules/modal/company-logo.php

@@ -6 +6 @@
 
 <div class="moove-gdpr-company-logo-holder">
-  <img src="<?php echo esc_url( $content->logo_url ); ?>" alt="<?php echo esc_attr( $content->logo_alt ); ?>" <?php echo apply_filters( 'gpdr_logo_extra_atts', ''); ?> <?php echo $content->logo_width ? ' width="' . $content->logo_width . '"' : '' ?> <?php echo $content->logo_height ? ' height="' . $content->logo_height . '"' : '' ?>  class="img-responsive" />
+  <img src="<?php echo esc_url( $content->logo_url ); ?>" alt="<?php echo esc_attr( $content->logo_alt ); ?>" <?php echo apply_filters( 'gpdr_logo_extra_atts', ''); ?> <?php echo $content->logo_width ? ' width="' . esc_attr( $content->logo_width ) . '"' : '' ?> <?php echo $content->logo_height ? ' height="' . esc_attr( $content->logo_height ) . '"' : '' ?>  class="img-responsive" />
 </div>
 <!--  .moove-gdpr-company-logo-holder -->

gdpr-cookie-compliance/trunk/gdpr-modules/modal/content-sections/advanced.php

@@ -6 +6 @@
 
 <?php if ( $content->show ) : ?>
-  <div id="advanced-cookies" class="moove-gdpr-tab-main" <?php echo $content->visibility; ?>>
-    <span class="tab-title"><?php echo $content->tab_title; ?></span>
+  <div id="advanced-cookies" class="moove-gdpr-tab-main" <?php echo esc_attr( $content->visibility ); ?>>
+    <span class="tab-title"><?php echo esc_attr( $content->tab_title ); ?></span>
     <div class="moove-gdpr-tab-main-content">
       <?php echo $content->tab_content; ?>
@@ -15 +15 @@
             <label class="cookie-switch" for="moove_gdpr_advanced_cookies">    
               <span class="gdpr-sr-only"><?php esc_html_e( 'Enable or Disable Cookies', 'gdpr-cookie-compliance' ); ?></span>
-              <input type="checkbox" aria-label="<?php echo $content->tab_title; ?>" value="check" name="moove_gdpr_advanced_cookies" id="moove_gdpr_advanced_cookies" <?php echo $content->is_checked; ?>>
-              <span class="cookie-slider cookie-round" data-text-enable="<?php echo $content->text_enable; ?>" data-text-disabled="<?php echo $content->text_disable; ?>"></span>
+              <input type="checkbox" aria-label="<?php echo esc_attr( $content->tab_title ); ?>" value="check" name="moove_gdpr_advanced_cookies" id="moove_gdpr_advanced_cookies" <?php echo $content->is_checked; ?>>
+              <span class="cookie-slider cookie-round" data-text-enable="<?php echo esc_attr( $content->text_enable ); ?>" data-text-disabled="<?php echo esc_attr( $content->text_disable ); ?>"></span>
             </label>
           </div>

gdpr-cookie-compliance/trunk/gdpr-modules/modal/content-sections/cookiepolicy.php

@@ -7 +7 @@
 <?php if ( $content->show ) : ?>
   <div id="cookie_policy_modal" class="moove-gdpr-tab-main" <?php echo $content->visibility; ?>>
-    <span class="tab-title"><?php echo $content->tab_title; ?></span>
+    <span class="tab-title"><?php echo esc_attr( $content->tab_title ); ?></span>
     <div class="moove-gdpr-tab-main-content">
       <?php echo $content->tab_content; ?>

gdpr-cookie-compliance/trunk/gdpr-modules/modal/content-sections/overview.php

@@ -7 +7 @@
 <div id="privacy_overview" class="moove-gdpr-tab-main">
   <?php if ( $content->tab_title ) : ?>
-    <span class="tab-title"><?php echo $content->tab_title; ?></span>
+    <span class="tab-title"><?php echo esc_attr( $content->tab_title ); ?></span>
   <?php endif; ?>
   <div class="moove-gdpr-tab-main-content">

gdpr-cookie-compliance/trunk/gdpr-modules/modal/content-sections/strictly.php

@@ -7 +7 @@
 <?php if ( $content->show ) : ?>
   <div id="strict-necessary-cookies" class="moove-gdpr-tab-main" <?php echo $content->visibility; ?>>
-    <span class="tab-title"><?php echo $content->tab_title; ?></span>
+    <span class="tab-title"><?php echo esc_attr( $content->tab_title ); ?></span>
     <div class="moove-gdpr-tab-main-content">
       <?php 
@@ -13 +13 @@
         echo $content->warning_message_top ? $content->warning_message_top : '';
       ?>
-      <div class="moove-gdpr-status-bar <?php echo $content->checkbox_state; ?>">
+      <div class="moove-gdpr-status-bar <?php echo esc_attr( $content->checkbox_state ); ?>">
         <div class="gdpr-cc-form-wrap">
           <div class="gdpr-cc-form-fieldset">
             <label class="cookie-switch" for="moove_gdpr_strict_cookies">    
               <span class="gdpr-sr-only"><?php esc_html_e( 'Enable or Disable Cookies', 'gdpr-cookie-compliance' ); ?></span>        
-              <input type="checkbox" aria-label="<?php echo $content->tab_title; ?>" <?php echo $content->is_checked; ?> value="check" name="moove_gdpr_strict_cookies" id="moove_gdpr_strict_cookies">
-              <span class="cookie-slider cookie-round" data-text-enable="<?php echo $content->text_enable; ?>" data-text-disabled="<?php echo $content->text_disable; ?>"></span>
+              <input type="checkbox" aria-label="<?php echo esc_attr( $content->tab_title ); ?>" <?php echo $content->is_checked; ?> value="check" name="moove_gdpr_strict_cookies" id="moove_gdpr_strict_cookies">
+              <span class="cookie-slider cookie-round" data-text-enable="<?php echo esc_attr( $content->text_enable ); ?>" data-text-disabled="<?php echo esc_attr( $content->text_disable ); ?>"></span>
             </label>
           </div>

gdpr-cookie-compliance/trunk/gdpr-modules/modal/content-sections/third_party.php

@@ -6 +6 @@
 
 <?php if ( $content->show ) : ?>
-  <div id="third_party_cookies" class="moove-gdpr-tab-main" <?php echo $content->visibility; ?>>
-    <span class="tab-title"><?php echo $content->tab_title; ?></span>
+  <div id="third_party_cookies" class="moove-gdpr-tab-main" <?php echo esc_attr( $content->visibility ); ?>>
+    <span class="tab-title"><?php echo esc_attr( $content->tab_title ); ?></span>
     <div class="moove-gdpr-tab-main-content">
       <?php echo $content->tab_content; ?>
@@ -15 +15 @@
             <label class="cookie-switch" for="moove_gdpr_performance_cookies">    
               <span class="gdpr-sr-only"><?php esc_html_e( 'Enable or Disable Cookies', 'gdpr-cookie-compliance' ); ?></span>     
-              <input type="checkbox" aria-label="<?php echo $content->tab_title; ?>" value="check" name="moove_gdpr_performance_cookies" id="moove_gdpr_performance_cookies" <?php echo $content->is_checked; ?>>
-              <span class="cookie-slider cookie-round" data-text-enable="<?php echo $content->text_enable; ?>" data-text-disabled="<?php echo $content->text_disable; ?>"></span>
+              <input type="checkbox" aria-label="<?php echo esc_attr( $content->tab_title ); ?>" value="check" name="moove_gdpr_performance_cookies" id="moove_gdpr_performance_cookies" <?php echo $content->is_checked; ?>>
+              <span class="cookie-slider cookie-round" data-text-enable="<?php echo esc_attr( $content->text_enable ); ?>" data-text-disabled="<?php echo esc_attr( $content->text_disable ); ?>"></span>
             </label>
           </div>

gdpr-cookie-compliance/trunk/gdpr-modules/modal/modal-base-onepage.php

@@ -25 +25 @@
           <div class="moove-gdpr-modal-title"> 
             <div>
-              <span class="tab-title"><?php echo $content->modal_title; ?></span>
+              <span class="tab-title"><?php echo esc_attr( $content->modal_title ); ?></span>
             </div>
             <?php echo gdpr_get_module('company-logo'); ?>

gdpr-cookie-compliance/trunk/gdpr-modules/modal/modal-base-tabs.php

@@ -25 +25 @@
       <div class="moove-gdpr-modal-right-content">
         <div class="moove-gdpr-modal-title">
-          <?php echo $content->modal_title; ?> 
+          <?php echo esc_attr( $content->modal_title ); ?> 
         </div>
         <!-- .moove-gdpr-modal-ritle -->

gdpr-cookie-compliance/trunk/moove-gdpr.php

@@ -5 +5 @@
  *  Plugin URI: https://wordpress.org/plugins/gdpr-cookie-compliance/
  *  Description: Our plugin is useful in preparing your site for the following data protection and privacy regulations: GDPR, CCPA, PIPEDA, AAP, LGPD and others.
- *  Version: 4.15.6
+ *  Version: 4.15.7
  *  Author: Moove Agency
  *  Domain Path: /languages
@@ -19 +19 @@
 } // Exit if accessed directly
 
-define( 'MOOVE_GDPR_VERSION', '4.15.6' );
+define( 'MOOVE_GDPR_VERSION', '4.15.7' );
 if ( ! defined( 'MOOVE_SHOP_URL' ) ) :
     define( 'MOOVE_SHOP_URL', 'https://shop.mooveagency.com' );

gdpr-cookie-compliance/trunk/readme.txt

@@ -3 +3 @@
 Donate link: https://www.mooveagency.com/wordpress-plugins/gdpr-cookie-compliance/
 Tags: GDPR, CCPA, DSGVO, CPRA, RGPD
-Stable tag: 4.15.6
+Stable tag: 4.15.7
 Requires at least: 4.5
 Tested up to: 6.7
@@ -270 +270 @@
 
 == Changelog ==
+= 4.15.7: 24 January 2025 =
+* Security improvements
+
 = 4.15.6: 2 December 2024 =
 * Lightbox area-hidden fix *

gdpr-cookie-compliance/trunk/views/moove/admin/settings/banner-settings.php

@@ -106 +106 @@
             foreach ( $_POST as $form_key => $form_value ) :
                 if ( 'moove_gdpr_info_bar_content' === $form_key ) :
+                    $form_value                                                         = wp_kses_post( $form_value );
                     $value                                  = wpautop( wp_unslash( $form_value ) );
                     $gdpr_options[ $form_key . $wpml_lang ] = $value;
                 elseif ( 'moove_gdpr_modal_strictly_secondary_notice' . $wpml_lang === $form_key ) :
-                    $value                     = wpautop( wp_unslash( $form_value ) );
+                    $value                     = wp_kses_post( wpautop( wp_unslash( $form_value ) ) );
                     $gdpr_options[ $form_key ] = $value;
                 elseif ( 'gdpr_initialization_delay' === $form_key ) :
@@ -182 +183 @@
                         $content  = $_content;
                     endif;
+                    $content = wp_kses_post( $content );
                     ?>
                     <?php

gdpr-cookie-compliance/trunk/views/moove/admin/settings/branding.php

@@ -29 +29 @@
             foreach ( $_POST as $form_key => $form_value ) :
                 if ( 'moove_gdpr_info_bar_content' === $form_key ) :
-                    $value                                  = wpautop( wp_unslash( $form_value ) );
+                    $value                                  = wp_kses_post( wpautop( wp_unslash( $form_value ) ) );
                     $gdpr_options[ $form_key . $wpml_lang ] = $value;
                 elseif ( 'moove_gdpr_modal_strictly_secondary_notice' . $wpml_lang === $form_key ) :
-                    $value                     = wpautop( wp_unslash( $form_value ) );
+                    $value                     = wp_kses_post( pautop( wp_unslash( $form_value ) ) );
                     $gdpr_options[ $form_key ] = $value;
                 elseif ( 'moove_gdpr_floating_button_enable' !== $form_key && 'moove_gdpr_modal_powered_by_disable' !== $form_key && 'moove_gdpr_company_logo_id' !== $form_key ) :

gdpr-cookie-compliance/trunk/views/moove/admin/settings/cookie-policy.php

@@ -33 +33 @@
             foreach ( $_POST as $form_key => $form_value ) :
                 if ( 'moove_gdpr_cookies_policy_tab_content' === $form_key ) :
-                    $value                                  = wp_unslash( $form_value );
+                    $value                                  = wp_kses_post( wp_unslash( $form_value ) );
                     $gdpr_options[ $form_key . $wpml_lang ] = $value;
                     update_option( $option_name, $gdpr_options );

gdpr-cookie-compliance/trunk/views/moove/admin/settings/privacy-overview.php

@@ -25 +25 @@
             foreach ( $_POST as $form_key => $form_value ) :
                 if ( 'moove_gdpr_privacy_overview_tab_content' === $form_key ) :
-                    $value                                  = wp_unslash( $form_value );
+                    $value                                  = wp_kses_post( wp_unslash( $form_value ) );
                     $gdpr_options[ $form_key . $wpml_lang ] = $value;
                     update_option( $option_name, $gdpr_options );