Changeset 3262123
- Timestamp:
- 03/26/2025 11:17:37 AM (12 months ago)
- Location:
- usermaven
- Files:
-
- 8 edited
- 1 copied
-
tags/1.2.2 (copied) (copied from usermaven/trunk)
-
tags/1.2.2/README.txt (modified) (2 diffs)
-
tags/1.2.2/includes/class-usermaven.php (modified) (1 diff)
-
tags/1.2.2/includes/usermaven-settings-form.php (modified) (2 diffs)
-
tags/1.2.2/usermaven.php (modified) (2 diffs)
-
trunk/README.txt (modified) (2 diffs)
-
trunk/includes/class-usermaven.php (modified) (1 diff)
-
trunk/includes/usermaven-settings-form.php (modified) (2 diffs)
-
trunk/usermaven.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
usermaven/tags/1.2.2/README.txt
r3261442 r3262123 6 6 Tested up to: 6.7.1 7 7 Requires PHP: 5.6 8 Stable tag: 1.2. 18 Stable tag: 1.2.2 9 9 License: Massachusetts Institute of Technology (MIT) license 10 10 License URI: https://opensource.org/licenses/MIT … … 72 72 == Changelog == 73 73 74 = 1.2.2 - March 26, 2025 = 75 - Fixed CSRF vulnerability in settings form 76 - Added nonce verification to improve security in admin settings 77 74 78 = 1.2.1 - March 25, 2025 = 75 79 - Fixed shareable dashboard documentation link -
usermaven/tags/1.2.2/includes/class-usermaven.php
r3261442 r3262123 81 81 $this->version = USERMAVEN_VERSION; 82 82 } else { 83 $this->version = '1.2. 1';83 $this->version = '1.2.2'; 84 84 } 85 85 $this->plugin_name = 'usermaven'; -
usermaven/tags/1.2.2/includes/usermaven-settings-form.php
r3261442 r3262123 7 7 // Check if the form has been submitted 8 8 if ( isset( $_POST['submit'] ) ) { 9 // Get the form data 10 $autocapture = isset( $_POST['autocapture'] ) ? true : false; 11 $cookie_less_tracking = isset( $_POST['cookie_less_tracking'] ) ? true : false; 12 $identify_verification = isset( $_POST['identify_verification'] ) ? true : false; 13 $embed_dashboard = isset( $_POST['embed_dashboard'] ) ? true : false; 14 $track_woocommerce = isset( $_POST['track_woocommerce'] ) ? true : false; 15 16 $api_key = sanitize_text_field($_POST['api_key']); 17 $server_token = isset($_POST['server_token']) ? sanitize_text_field($_POST['server_token']) : ''; 18 $custom_domain = ''; 19 $shared_link = ''; 20 21 if ( ! empty( $_POST['custom_domain'] ) ) { 22 $custom_domain = sanitize_url($_POST['custom_domain']); 23 } 24 25 if ( ! empty( $_POST['shared_link'] ) ) { 26 $shared_link = sanitize_url($_POST['shared_link']); 27 } 28 29 30 $error = ''; 31 // Validate the API key 32 if ( empty( $api_key ) ) { 33 $error = "API key can't be empty"; 34 } 35 36 // check if the url contains http or https, if not add https. 37 if (!empty($custom_domain)) { 38 $custom_domain = preg_replace("/^http:/i", "https:", $custom_domain); 39 if (!preg_match('/^https?:\/\//', $custom_domain)) { 40 $custom_domain = 'https://' . $custom_domain; 41 } 42 } 43 44 45 $pattern = '/^(https?:\/\/)?[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)*\.[a-zA-Z]{2,63}(\/\S*)?$/i'; 46 47 // Validate the custom domain 48 if ( ! empty( $custom_domain ) && ! preg_match( $pattern, $custom_domain ) ) { 49 $error = "Invalid custom domain"; 50 } 51 52 // Validate the shared link 53 if ( ! empty( $shared_link ) && ! preg_match( $pattern, $shared_link ) ) { 54 $error = "Invalid shared link"; 55 } 56 57 if (!$error) { 58 // Save the form data in the options table 59 update_option( 'usermaven_autocapture', $autocapture ); 60 update_option( 'usermaven_cookie_less_tracking', $cookie_less_tracking ); 61 update_option( 'usermaven_identify_verification', $identify_verification ); 62 update_option( 'usermaven_embed_dashboard', $embed_dashboard ); 63 update_option( 'usermaven_shared_link', $shared_link); 64 update_option( 'usermaven_api_key', $api_key ); 65 update_option( 'usermaven_custom_domain', $custom_domain ); 66 67 // Always update server token, even if empty 68 update_option( 'usermaven_server_token', $server_token ); 69 70 // If server token is empty, disable WooCommerce tracking 71 if (empty($server_token)) { 72 update_option( 'usermaven_track_woocommerce', false ); 9 // Verify the nonce for security 10 if ( ! isset( $_POST['usermaven_settings_nonce'] ) || ! wp_verify_nonce( $_POST['usermaven_settings_nonce'], 'usermaven_settings_action' ) ) { 11 // Nonce verification failed 12 $error = "Security verification failed. Please try again."; 13 $success_message = '<div class="notice-toast notice-error"><p>' . $error . '</p></div>'; 14 } else { 15 // Get the form data 16 $autocapture = isset( $_POST['autocapture'] ) ? true : false; 17 $cookie_less_tracking = isset( $_POST['cookie_less_tracking'] ) ? true : false; 18 $identify_verification = isset( $_POST['identify_verification'] ) ? true : false; 19 $embed_dashboard = isset( $_POST['embed_dashboard'] ) ? true : false; 20 $track_woocommerce = isset( $_POST['track_woocommerce'] ) ? true : false; 21 22 $api_key = sanitize_text_field($_POST['api_key']); 23 $server_token = isset($_POST['server_token']) ? sanitize_text_field($_POST['server_token']) : ''; 24 $custom_domain = ''; 25 $shared_link = ''; 26 27 if ( ! empty( $_POST['custom_domain'] ) ) { 28 $custom_domain = sanitize_url($_POST['custom_domain']); 29 } 30 31 if ( ! empty( $_POST['shared_link'] ) ) { 32 $shared_link = sanitize_url($_POST['shared_link']); 33 } 34 35 36 $error = ''; 37 // Validate the API key 38 if ( empty( $api_key ) ) { 39 $error = "API key can't be empty"; 40 } 41 42 // check if the url contains http or https, if not add https. 43 if (!empty($custom_domain)) { 44 $custom_domain = preg_replace("/^http:/i", "https:", $custom_domain); 45 if (!preg_match('/^https?:\/\//', $custom_domain)) { 46 $custom_domain = 'https://' . $custom_domain; 47 } 48 } 49 50 51 $pattern = '/^(https?:\/\/)?[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)*\.[a-zA-Z]{2,63}(\/\S*)?$/i'; 52 53 // Validate the custom domain 54 if ( ! empty( $custom_domain ) && ! preg_match( $pattern, $custom_domain ) ) { 55 $error = "Invalid custom domain"; 56 } 57 58 // Validate the shared link 59 if ( ! empty( $shared_link ) && ! preg_match( $pattern, $shared_link ) ) { 60 $error = "Invalid shared link"; 61 } 62 63 if (!$error) { 64 // Save the form data in the options table 65 update_option( 'usermaven_autocapture', $autocapture ); 66 update_option( 'usermaven_cookie_less_tracking', $cookie_less_tracking ); 67 update_option( 'usermaven_identify_verification', $identify_verification ); 68 update_option( 'usermaven_embed_dashboard', $embed_dashboard ); 69 update_option( 'usermaven_shared_link', $shared_link); 70 update_option( 'usermaven_api_key', $api_key ); 71 update_option( 'usermaven_custom_domain', $custom_domain ); 72 73 // Always update server token, even if empty 74 update_option( 'usermaven_server_token', $server_token ); 75 76 // If server token is empty, disable WooCommerce tracking 77 if (empty($server_token)) { 78 update_option( 'usermaven_track_woocommerce', false ); 79 } else { 80 update_option( 'usermaven_track_woocommerce', $track_woocommerce ); 81 } 82 83 // Roles to be tracked 84 update_option( 'usermaven_role_administrator', isset( $_POST['role_administrator'] ) ? true : false ); 85 update_option( 'usermaven_role_author', isset( $_POST['role_author'] ) ? true : false ); 86 update_option( 'usermaven_role_contributor', isset( $_POST['role_contributor'] ) ? true : false ); 87 update_option( 'usermaven_role_editor', isset( $_POST['role_editor'] ) ? true : false ); 88 update_option( 'usermaven_role_subscriber', isset( $_POST['role_subscriber'] ) ? true : false ); 89 update_option( 'usermaven_role_translator', isset( $_POST['role_translator'] ) ? true : false ); 90 91 // Display a success message 92 $success_message = '<div class="notice-toast notice-success"><p>Settings saved successfully</p></div>'; 73 93 } else { 74 update_option( 'usermaven_track_woocommerce', $track_woocommerce ); 75 } 76 77 // Roles to be tracked 78 update_option( 'usermaven_role_administrator', isset( $_POST['role_administrator'] ) ? true : false ); 79 update_option( 'usermaven_role_author', isset( $_POST['role_author'] ) ? true : false ); 80 update_option( 'usermaven_role_contributor', isset( $_POST['role_contributor'] ) ? true : false ); 81 update_option( 'usermaven_role_editor', isset( $_POST['role_editor'] ) ? true : false ); 82 update_option( 'usermaven_role_subscriber', isset( $_POST['role_subscriber'] ) ? true : false ); 83 update_option( 'usermaven_role_translator', isset( $_POST['role_translator'] ) ? true : false ); 84 85 // Display a success message 86 $success_message = '<div class="notice-toast notice-success"><p>Settings saved successfully</p></div>'; 87 } else { 88 $success_message = '<div class="notice-toast notice-error"><p>' . $error . '</p></div>'; 94 $success_message = '<div class="notice-toast notice-error"><p>' . $error . '</p></div>'; 95 } 89 96 } 90 97 } … … 107 114 <div class="form-input"> 108 115 <form class="form" method="post"> 116 <?php wp_nonce_field('usermaven_settings_action', 'usermaven_settings_nonce'); ?> 109 117 <h2 class="form-heading">Usermaven Tracking Setup</h2> 110 118 <div class="input-block"> -
usermaven/tags/1.2.2/usermaven.php
r3261442 r3262123 19 19 * Description: The Easiest Website and Product Analytics Platform 20 20 21 * Version: 1.2. 121 * Version: 1.2.2 22 22 * Author: Usermaven 23 23 * Author URI: https://usermaven.com/ … … 38 38 * Rename this for your plugin and update it as you release new versions. 39 39 */ 40 define( 'USERMAVEN_VERSION', '1.2. 1' );40 define( 'USERMAVEN_VERSION', '1.2.2' ); 41 41 42 42 /** -
usermaven/trunk/README.txt
r3261442 r3262123 6 6 Tested up to: 6.7.1 7 7 Requires PHP: 5.6 8 Stable tag: 1.2. 18 Stable tag: 1.2.2 9 9 License: Massachusetts Institute of Technology (MIT) license 10 10 License URI: https://opensource.org/licenses/MIT … … 72 72 == Changelog == 73 73 74 = 1.2.2 - March 26, 2025 = 75 - Fixed CSRF vulnerability in settings form 76 - Added nonce verification to improve security in admin settings 77 74 78 = 1.2.1 - March 25, 2025 = 75 79 - Fixed shareable dashboard documentation link -
usermaven/trunk/includes/class-usermaven.php
r3261442 r3262123 81 81 $this->version = USERMAVEN_VERSION; 82 82 } else { 83 $this->version = '1.2. 1';83 $this->version = '1.2.2'; 84 84 } 85 85 $this->plugin_name = 'usermaven'; -
usermaven/trunk/includes/usermaven-settings-form.php
r3261442 r3262123 7 7 // Check if the form has been submitted 8 8 if ( isset( $_POST['submit'] ) ) { 9 // Get the form data 10 $autocapture = isset( $_POST['autocapture'] ) ? true : false; 11 $cookie_less_tracking = isset( $_POST['cookie_less_tracking'] ) ? true : false; 12 $identify_verification = isset( $_POST['identify_verification'] ) ? true : false; 13 $embed_dashboard = isset( $_POST['embed_dashboard'] ) ? true : false; 14 $track_woocommerce = isset( $_POST['track_woocommerce'] ) ? true : false; 15 16 $api_key = sanitize_text_field($_POST['api_key']); 17 $server_token = isset($_POST['server_token']) ? sanitize_text_field($_POST['server_token']) : ''; 18 $custom_domain = ''; 19 $shared_link = ''; 20 21 if ( ! empty( $_POST['custom_domain'] ) ) { 22 $custom_domain = sanitize_url($_POST['custom_domain']); 23 } 24 25 if ( ! empty( $_POST['shared_link'] ) ) { 26 $shared_link = sanitize_url($_POST['shared_link']); 27 } 28 29 30 $error = ''; 31 // Validate the API key 32 if ( empty( $api_key ) ) { 33 $error = "API key can't be empty"; 34 } 35 36 // check if the url contains http or https, if not add https. 37 if (!empty($custom_domain)) { 38 $custom_domain = preg_replace("/^http:/i", "https:", $custom_domain); 39 if (!preg_match('/^https?:\/\//', $custom_domain)) { 40 $custom_domain = 'https://' . $custom_domain; 41 } 42 } 43 44 45 $pattern = '/^(https?:\/\/)?[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)*\.[a-zA-Z]{2,63}(\/\S*)?$/i'; 46 47 // Validate the custom domain 48 if ( ! empty( $custom_domain ) && ! preg_match( $pattern, $custom_domain ) ) { 49 $error = "Invalid custom domain"; 50 } 51 52 // Validate the shared link 53 if ( ! empty( $shared_link ) && ! preg_match( $pattern, $shared_link ) ) { 54 $error = "Invalid shared link"; 55 } 56 57 if (!$error) { 58 // Save the form data in the options table 59 update_option( 'usermaven_autocapture', $autocapture ); 60 update_option( 'usermaven_cookie_less_tracking', $cookie_less_tracking ); 61 update_option( 'usermaven_identify_verification', $identify_verification ); 62 update_option( 'usermaven_embed_dashboard', $embed_dashboard ); 63 update_option( 'usermaven_shared_link', $shared_link); 64 update_option( 'usermaven_api_key', $api_key ); 65 update_option( 'usermaven_custom_domain', $custom_domain ); 66 67 // Always update server token, even if empty 68 update_option( 'usermaven_server_token', $server_token ); 69 70 // If server token is empty, disable WooCommerce tracking 71 if (empty($server_token)) { 72 update_option( 'usermaven_track_woocommerce', false ); 9 // Verify the nonce for security 10 if ( ! isset( $_POST['usermaven_settings_nonce'] ) || ! wp_verify_nonce( $_POST['usermaven_settings_nonce'], 'usermaven_settings_action' ) ) { 11 // Nonce verification failed 12 $error = "Security verification failed. Please try again."; 13 $success_message = '<div class="notice-toast notice-error"><p>' . $error . '</p></div>'; 14 } else { 15 // Get the form data 16 $autocapture = isset( $_POST['autocapture'] ) ? true : false; 17 $cookie_less_tracking = isset( $_POST['cookie_less_tracking'] ) ? true : false; 18 $identify_verification = isset( $_POST['identify_verification'] ) ? true : false; 19 $embed_dashboard = isset( $_POST['embed_dashboard'] ) ? true : false; 20 $track_woocommerce = isset( $_POST['track_woocommerce'] ) ? true : false; 21 22 $api_key = sanitize_text_field($_POST['api_key']); 23 $server_token = isset($_POST['server_token']) ? sanitize_text_field($_POST['server_token']) : ''; 24 $custom_domain = ''; 25 $shared_link = ''; 26 27 if ( ! empty( $_POST['custom_domain'] ) ) { 28 $custom_domain = sanitize_url($_POST['custom_domain']); 29 } 30 31 if ( ! empty( $_POST['shared_link'] ) ) { 32 $shared_link = sanitize_url($_POST['shared_link']); 33 } 34 35 36 $error = ''; 37 // Validate the API key 38 if ( empty( $api_key ) ) { 39 $error = "API key can't be empty"; 40 } 41 42 // check if the url contains http or https, if not add https. 43 if (!empty($custom_domain)) { 44 $custom_domain = preg_replace("/^http:/i", "https:", $custom_domain); 45 if (!preg_match('/^https?:\/\//', $custom_domain)) { 46 $custom_domain = 'https://' . $custom_domain; 47 } 48 } 49 50 51 $pattern = '/^(https?:\/\/)?[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)*\.[a-zA-Z]{2,63}(\/\S*)?$/i'; 52 53 // Validate the custom domain 54 if ( ! empty( $custom_domain ) && ! preg_match( $pattern, $custom_domain ) ) { 55 $error = "Invalid custom domain"; 56 } 57 58 // Validate the shared link 59 if ( ! empty( $shared_link ) && ! preg_match( $pattern, $shared_link ) ) { 60 $error = "Invalid shared link"; 61 } 62 63 if (!$error) { 64 // Save the form data in the options table 65 update_option( 'usermaven_autocapture', $autocapture ); 66 update_option( 'usermaven_cookie_less_tracking', $cookie_less_tracking ); 67 update_option( 'usermaven_identify_verification', $identify_verification ); 68 update_option( 'usermaven_embed_dashboard', $embed_dashboard ); 69 update_option( 'usermaven_shared_link', $shared_link); 70 update_option( 'usermaven_api_key', $api_key ); 71 update_option( 'usermaven_custom_domain', $custom_domain ); 72 73 // Always update server token, even if empty 74 update_option( 'usermaven_server_token', $server_token ); 75 76 // If server token is empty, disable WooCommerce tracking 77 if (empty($server_token)) { 78 update_option( 'usermaven_track_woocommerce', false ); 79 } else { 80 update_option( 'usermaven_track_woocommerce', $track_woocommerce ); 81 } 82 83 // Roles to be tracked 84 update_option( 'usermaven_role_administrator', isset( $_POST['role_administrator'] ) ? true : false ); 85 update_option( 'usermaven_role_author', isset( $_POST['role_author'] ) ? true : false ); 86 update_option( 'usermaven_role_contributor', isset( $_POST['role_contributor'] ) ? true : false ); 87 update_option( 'usermaven_role_editor', isset( $_POST['role_editor'] ) ? true : false ); 88 update_option( 'usermaven_role_subscriber', isset( $_POST['role_subscriber'] ) ? true : false ); 89 update_option( 'usermaven_role_translator', isset( $_POST['role_translator'] ) ? true : false ); 90 91 // Display a success message 92 $success_message = '<div class="notice-toast notice-success"><p>Settings saved successfully</p></div>'; 73 93 } else { 74 update_option( 'usermaven_track_woocommerce', $track_woocommerce ); 75 } 76 77 // Roles to be tracked 78 update_option( 'usermaven_role_administrator', isset( $_POST['role_administrator'] ) ? true : false ); 79 update_option( 'usermaven_role_author', isset( $_POST['role_author'] ) ? true : false ); 80 update_option( 'usermaven_role_contributor', isset( $_POST['role_contributor'] ) ? true : false ); 81 update_option( 'usermaven_role_editor', isset( $_POST['role_editor'] ) ? true : false ); 82 update_option( 'usermaven_role_subscriber', isset( $_POST['role_subscriber'] ) ? true : false ); 83 update_option( 'usermaven_role_translator', isset( $_POST['role_translator'] ) ? true : false ); 84 85 // Display a success message 86 $success_message = '<div class="notice-toast notice-success"><p>Settings saved successfully</p></div>'; 87 } else { 88 $success_message = '<div class="notice-toast notice-error"><p>' . $error . '</p></div>'; 94 $success_message = '<div class="notice-toast notice-error"><p>' . $error . '</p></div>'; 95 } 89 96 } 90 97 } … … 107 114 <div class="form-input"> 108 115 <form class="form" method="post"> 116 <?php wp_nonce_field('usermaven_settings_action', 'usermaven_settings_nonce'); ?> 109 117 <h2 class="form-heading">Usermaven Tracking Setup</h2> 110 118 <div class="input-block"> -
usermaven/trunk/usermaven.php
r3261442 r3262123 19 19 * Description: The Easiest Website and Product Analytics Platform 20 20 21 * Version: 1.2. 121 * Version: 1.2.2 22 22 * Author: Usermaven 23 23 * Author URI: https://usermaven.com/ … … 38 38 * Rename this for your plugin and update it as you release new versions. 39 39 */ 40 define( 'USERMAVEN_VERSION', '1.2. 1' );40 define( 'USERMAVEN_VERSION', '1.2.2' ); 41 41 42 42 /**
Note: See TracChangeset
for help on using the changeset viewer.