Changeset 3237954
- Timestamp:
- 02/10/2025 01:29:40 PM (13 months ago)
- Location:
- accessibe/trunk
- Files:
-
- 4 edited
-
accessibe.php (modified) (1 diff)
-
accessiebe.php (modified) (1 diff)
-
class.accessibeforwp.php (modified) (19 diffs)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
accessibe/trunk/accessibe.php
r3235362 r3237954 4 4 * Plugin URI: https://accessibe.com/ 5 5 * Description: accessiBe is the #1 fully automated web accessibility solution. Protect your website from lawsuits and increase your potential audience. 6 * Version: 2. 56 * Version: 2.6 7 7 * Author: accessiBe 8 8 * Author URI: https://accessibe.com/ -
accessibe/trunk/accessiebe.php
r3231917 r3237954 38 38 include_once __DIR__ . '/' . $new; 39 39 } 40 40 41 41 // Update the active plugins option in the database. 42 42 update_option('active_plugins', $active_plugins); -
accessibe/trunk/class.accessibeforwp.php
r3235362 r3237954 134 134 $old_page_slug = 'accessiBe'; // Slug for the old settings page 135 135 136 if (isset($_GET['page']) && $_GET['page'] === $old_page_slug && strpos( $_SERVER['REQUEST_URI'], 'options-general.php') !== false) {137 wp_ redirect(admin_url('admin.php?page=accessibe'));136 if (isset($_GET['page']) && $_GET['page'] === $old_page_slug && strpos(sanitize_url($_SERVER['REQUEST_URI']), 'options-general.php') !== false) { 137 wp_safe_redirect(admin_url('admin.php?page=accessibe')); 138 138 exit(); 139 139 } … … 182 182 return $accessibe_links; 183 183 } // accessibe_add_action_links 184 185 184 186 185 /** … … 195 194 || (isset($accessibe_options['accessibe']) && 'enabled' != $accessibe_options['accessibe'] && (!isset($accessibe_options['script']) || !isset($accessibe_options['script'][$current_domain]))) 196 195 || (isset($accessibe_options["script"][$current_domain]) && $accessibe_options["script"][$current_domain]['widgetStatus'] != true)) { 197 echo "<script>console.log(". json_encode($accessibe_options).")</script>";196 echo "<script>console.log(".wp_json_encode($accessibe_options).")</script>"; 198 197 } 199 198 … … 217 216 $accessibe_options = array_merge(self::$DEFAULT_WIDGET_CONFIG_FOR_SCRIPT, $accessibe_options); 218 217 219 echo "<script>(function(){var s=document.createElement('script'); e = !document.body ? document.querySelector('head'):document.body;s.src='https://acsbapp.com/apps/app/dist/js/app.js';s.setAttribute('data-source', 'WordPress');s.setAttribute('data-plugin-version', '".self::accessibe_get_plugin_version()."');s.defer=true;s.onload=function(){acsbJS.init({218 echo "<script>(function(){var s=document.createElement('script');var e = !document.body ? document.querySelector('head'):document.body;s.src='https://acsbapp.com/apps/app/dist/js/app.js';s.setAttribute('data-source', 'WordPress');s.setAttribute('data-plugin-version', '".esc_js(self::accessibe_get_plugin_version())."');s.defer=true;s.onload=function(){acsbJS.init({ 220 219 statementLink : '" . esc_url($accessibe_options['statementLink']) . "', 221 220 footerHtml : '" . esc_html($accessibe_options['footerHtml']) . "', … … 268 267 $current_user = wp_get_current_user(); 269 268 $current_user_options = json_decode(get_option(ACCESSIBE_WP_OPTIONS_KEY)); 269 // Sanitize and escape values 270 $user_email = sanitize_email($current_user->user_email); 271 $display_name = sanitize_text_field($current_user->display_name); 272 $user_login = sanitize_text_field($current_user->user_login); 273 270 274 $detail = array( 271 275 'source' => 'WordPress', 272 'userId' => $current_user->ID,273 'email' => $ current_user->user_email,274 'fullName' => $ current_user->display_name,276 'userId' => absint($current_user->ID), 277 'email' => $user_email, 278 'fullName' => $display_name, 275 279 'storeId' => self::sanitizeDomain(wp_parse_url(site_url())['host']), 276 280 'mixpanelProps' => array ( 277 'wordpressStoreName' => self::sanitizeDomain(wp_parse_url(site_url())['host']), 278 'wordpressPluginVersionNumber' => self::accessibe_get_plugin_version() . '', 279 'wordpressAccountUserID' => $current_user->ID,280 'wordpressUserEmail' => $ current_user->user_email,281 'wordpressUsername' => $ current_user->user_login281 'wordpressStoreName' => self::sanitizeDomain(wp_parse_url(site_url())['host']), 282 'wordpressPluginVersionNumber' => self::accessibe_get_plugin_version() . '', 283 'wordpressAccountUserID' => absint($current_user->ID), 284 'wordpressUserEmail' => $user_email, 285 'wordpressUsername' => $user_login 282 286 ) 283 // 'storeId' => '9cc3-2405-201-5c0f-d070-14fd-b303-b02-1999.ngrok-free.app' 287 // 'storeId' => '9cc3-2405-201-5c0f-d070-14fd-b303-b02-1999.ngrok-free.app' 284 288 ); 285 289 290 // Ensure sanitized user options 286 291 if (isset($current_user_options->acsbUserId)) { 287 $detail['acsbUserId'] = $current_user_options->acsbUserId;288 } 289 292 $detail['acsbUserId'] = sanitize_text_field($current_user_options->acsbUserId); 293 } 294 290 295 // Conditionally add fields if isLoggedIn is true 291 296 if (isset($current_user_options->activeLicenseId) && isset($current_user_options->licenses) && $current_user_options->activeLicenseId != '') { 292 $active_license_id = $current_user_options->activeLicenseId;293 $detail['licenseId'] = $current_user_options->licenses->$active_license_id->licenseId;294 $detail['widgetStatus'] = $current_user_options->licenses->$active_license_id->widgetStatus;295 $detail['widgetConfig'] = $current_user_options->licenses->$active_license_id->widgetConfig;297 $active_license_id = sanitize_text_field($current_user_options->activeLicenseId); 298 $detail['licenseId'] = sanitize_text_field($current_user_options->licenses->$active_license_id->licenseId); 299 $detail['widgetStatus'] = (bool) $current_user_options->licenses->$active_license_id->widgetStatus; 300 $detail['widgetConfig'] = self::sanitizeWidgetConfig($current_user_options->licenses->$active_license_id->widgetConfig); 296 301 } 297 302 // Convert the array to JSON 298 $detail_json = json_encode($detail); 299 echo $detail_json; 303 echo wp_json_encode($detail); 300 304 wp_die(); 301 305 } // accessibe_merchant_detail_ajax … … 329 333 } 330 334 331 echo json_encode($domains_list);335 echo wp_json_encode($domains_list); 332 336 wp_die(); 333 337 } // accessibe_domain_list_ajax … … 338 342 error_log(get_option(ACCESSIBE_WP_OPTIONS_KEY)); 339 343 $current_data = json_decode(get_option(ACCESSIBE_WP_OPTIONS_KEY)) ?: (object) []; 340 $current_data->email = $data_decoded->email;341 $current_data->acsbUserId = $data_decoded->userId;344 $current_data->email = sanitize_email($data_decoded->email); 345 $current_data->acsbUserId = sanitize_text_field($data_decoded->userId); 342 346 if(isset($current_data->mixpanelUUID)) { 343 347 $mixpanelHandler = new MixpanelHandler(); … … 345 349 unset($current_data->mixpanelUUID); 346 350 } 347 $current_data->acsbDefaultAccountId = $data_decoded->accountId;351 $current_data->acsbDefaultAccountId = sanitize_text_field($data_decoded->accountId); 348 352 update_option(ACCESSIBE_WP_OPTIONS_KEY, json_encode($current_data)); 349 echo json_encode(array('message' => 'ok'));353 echo wp_json_encode(array('message' => 'ok')); 350 354 wp_die(); 351 355 } … … 355 359 $data_decoded = json_decode(stripslashes($_POST['data'])); 356 360 $current_data = json_decode(get_option(ACCESSIBE_WP_OPTIONS_KEY)) ?: (object) []; 357 $current_data->email = $data_decoded->email;358 $current_data->acsbUserId = $data_decoded->userId;361 $current_data->email = sanitize_email($data_decoded->email); 362 $current_data->acsbUserId = sanitize_text_field($data_decoded->userId); 359 363 if(isset($current_data->mixpanelUUID)) { 360 364 $mixpanelHandler = new MixpanelHandler(); … … 362 366 unset($current_data->mixpanelUUID); 363 367 } 364 $current_data->acsbDefaultAccountId = $data_decoded->accountId;368 $current_data->acsbDefaultAccountId = sanitize_text_field($data_decoded->accountId); 365 369 update_option(ACCESSIBE_WP_OPTIONS_KEY, json_encode($current_data)); 366 echo json_encode(array('message' => 'ok'));370 echo wp_json_encode(array('message' => 'ok')); 367 371 wp_die(); 368 372 } … … 370 374 public static function accessibe_license_trial_ajax() { 371 375 372 $data_decoded = json_decode(stripslashes($_POST['data'])); 376 $data_received = json_decode(stripslashes($_POST['data'])); 377 378 $data_decoded = (object) [ 379 "licenseId" => sanitize_text_field($data_received->licenseId), 380 "siteId" => sanitize_text_field($data_received->siteId), 381 "domain" => sanitize_text_field($data_received->domain), 382 "accountId" => sanitize_text_field($data_received->accountId), 383 "widgetStatus" => (bool) $data_received->widgetStatus, 384 "isNewLicenseTrial" => (bool) $data_received->isNewLicenseTrial 385 ]; 386 387 if (isset($data_received->widgetConfig)) { 388 $data_decoded->widgetConfig = self::sanitizeWidgetConfig($data_received->widgetConfig); 389 } 390 391 if(isset($data_received->newLicense)) { 392 $data_decoded->newLicense = (bool) $data_received->newLicense; 393 } 373 394 374 395 $current_data = json_decode(get_option(ACCESSIBE_WP_OPTIONS_KEY)) ?: (object)[]; … … 417 438 } 418 439 update_option(ACCESSIBE_WP_OPTIONS_KEY, json_encode($current_data)); 419 echo json_encode($data_decoded);440 echo wp_json_encode($data_decoded); 420 441 wp_die(); 421 442 } … … 427 448 update_option(ACCESSIBE_WP_OPTIONS_KEY, json_encode($current_data)); 428 449 } 429 echo json_encode(array('message' => 'ok'));450 echo wp_json_encode(array('message' => 'ok')); 430 451 wp_die(); 431 452 } … … 438 459 $current_data->script->$active_domain->widgetStatus = true; 439 460 update_option(ACCESSIBE_WP_OPTIONS_KEY, json_encode($current_data)); 440 echo json_encode(array('message' => 'ok'));461 echo wp_json_encode(array('message' => 'ok')); 441 462 wp_die(); 442 463 } … … 449 470 $current_data->script->$active_domain->widgetStatus = false; 450 471 update_option(ACCESSIBE_WP_OPTIONS_KEY, json_encode($current_data)); 451 echo json_encode(array('message' => 'ok'));472 echo wp_json_encode(array('message' => 'ok')); 452 473 wp_die(); 453 474 } … … 457 478 $current_data = json_decode(get_option(ACCESSIBE_WP_OPTIONS_KEY)); 458 479 $active_license_id = $current_data->activeLicenseId; 459 $current_data->licenses->$active_license_id->widgetConfig = $widgetConfig;480 $current_data->licenses->$active_license_id->widgetConfig = self::sanitizeWidgetConfig($widgetConfig); 460 481 $active_domain = $current_data->licenses->$active_license_id->domain; 461 $current_data->script->$active_domain->widgetConfig = $widgetConfig;482 $current_data->script->$active_domain->widgetConfig = self::sanitizeWidgetConfig($widgetConfig); 462 483 update_option(ACCESSIBE_WP_OPTIONS_KEY, json_encode($current_data)); 463 echo json_encode(array('message' => 'ok'));484 echo wp_json_encode(array('message' => 'ok')); 464 485 wp_die(); 465 486 } … … 766 787 } 767 788 } 768 }789 } 769 790 770 791 public static function accessibe_after_update_tasks() { 771 792 772 793 // Check if the plugin was recently updated. 773 $previous_version = get_transient('accessibe_previous_version'); 774 error_log($previous_version); 775 if ($previous_version) { 794 $transient_previous_version = get_transient('accessibe_previous_version'); 795 if ($transient_previous_version) { 776 796 // Delete the transient after fetching its value. 777 797 delete_transient('accessibe_previous_version'); … … 781 801 $current_data = json_decode(get_option(ACCESSIBE_WP_OPTIONS_KEY), true); 782 802 $current_user = wp_get_current_user(); 803 804 $previous_version = null; 805 if(isset($current_data['pluginVersion'])) { 806 $previous_version = $current_data['pluginVersion']; 807 } 783 808 784 809 if(!isset($current_data['acsbUserId']) && !isset($current_data['mixpanelUUID'])) { … … 799 824 update_option(ACCESSIBE_WP_OPTIONS_KEY, json_encode($current_data)); 800 825 } 801 } 802 826 } 827 828 public static function sanitizeWidgetConfig($widgetConfig) { 829 if (is_object($widgetConfig)) { 830 $widgetConfig = json_decode(json_encode($widgetConfig), true); 831 } 832 833 // Sanitize the data 834 foreach ($widgetConfig as $key => $value) { 835 if (empty($value)) { 836 $widgetConfig[$key] = ''; 837 } 838 $widgetConfig[$key] = sanitize_text_field($value); // sanitize text values 839 } 840 841 // Convert the sanitized array back into an object 842 return (object) $widgetConfig; 843 } 803 844 804 845 -
accessibe/trunk/readme.txt
r3235362 r3237954 4 4 Requires at least: 4.7 5 5 Tested up to: 6.7 6 Stable tag: 2. 56 Stable tag: 2.6 7 7 Requires PHP: 7.0 8 8 License: GPLv2 or later … … 68 68 69 69 == Changelog == 70 = v2.6 = 71 * 2025-02-07 72 * Security fixes 73 70 74 = v2.5 = 71 75 * 2025-02-05
Note: See TracChangeset
for help on using the changeset viewer.