From 0d727f3aeeed2238e69df1947e4f1eef74721ef9 Mon Sep 17 00:00:00 2001
From: Jaroslaw Rozanski <jrozanski@inputobjects.eu>
Date: Wed, 29 Dec 2021 22:39:17 +0100
Subject: [PATCH] Version 1.0.2 escaping attr in rendered code

---
 readme.txt                |  2 +-
 types/WideAngleConfig.php | 11 ++++++-----
 wide-angle-analytics.php  |  6 +++---
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/readme.txt b/readme.txt
index 2ea964e..4fcd156 100644
--- a/readme.txt
+++ b/readme.txt
@@ -4,7 +4,7 @@ Tags: web analytics, tracking, web traffic, analytics
 Requires at least: 5.2
 Tested up to: 5.8.2
 Requires PHP: 7.2
-Stable tag: 1.0.1
+Stable tag: 1.0.2
 License: GPLv2
 
 Easily add Wide Angle Analytics tracker script to your WordPress site. You can quickly configure your web analytics tracker script.
diff --git a/types/WideAngleConfig.php b/types/WideAngleConfig.php
index 7a74bc4..137d462 100644
--- a/types/WideAngleConfig.php
+++ b/types/WideAngleConfig.php
@@ -26,11 +26,12 @@ EOD;
   function generateFooterScript() {
     $pathExlusionsAttribute = $this->generateExclusionsAttribute();
     $includeParamsAttribute = $this->generateIncludeParamsAttribute();
-
+    $trackerUrlAttribute = esc_attr("https://{$this->trackerDomain}/script/{$this->siteId}.js");
+    $ignoreHashAttribute = esc_attr($this->ignoreHash);
     $script = <<<EOD
 <script async defer
-  src="https://{$this->trackerDomain}/script/{$this->siteId}.js"
-  data-waa-ignore-hash="{$this->ignoreHash}"
+  src="{$trackerUrlAttribute}"
+  data-waa-ignore-hash="{$ignoreHashAttribute}"
   $includeParamsAttribute
   $pathExlusionsAttribute></script>
 EOD;
@@ -40,7 +41,7 @@ EOD;
   private function generateIncludeParamsAttribute() {
     $params = $this->helpers->parseIncludeParamsSetting($this->includeParamsString);
     if(sizeof($params) > 0) {
-      return "data-waa-inc-params=\"" . implode(",", $params) . "\"";
+      return "data-waa-inc-params=\"" . esc_attr(implode(",", $params)) . "\"";
     }
     return "";
   }
@@ -54,7 +55,7 @@ EOD;
 
     $pathExlusionsAttributeWithKey = "";
     if(trim($pathExlusionsAttribute) != "") {
-      $pathExlusionsAttributeWithKey = "data-waa-exc-paths=\"" . $pathExlusionsAttribute ."\"";
+      $pathExlusionsAttributeWithKey = "data-waa-exc-paths=\"" . esc_attr($pathExlusionsAttribute) ."\"";
     }
     return $pathExlusionsAttributeWithKey;
   }
diff --git a/wide-angle-analytics.php b/wide-angle-analytics.php
index d428433..f6609b9 100644
--- a/wide-angle-analytics.php
+++ b/wide-angle-analytics.php
@@ -5,7 +5,7 @@
   Description:          Easily enable and configure Wide Angle Analytics on your Wordpress site
   Author:               Wide Angle Analytics by Input Objects GmbH
   Author URI:           https://wideangle.co
-  Version:              1.0.1
+  Version:              1.0.2
   Requires at least:    5.2
   Requires PHP:         7.2
   License:              GPL v2
@@ -37,8 +37,8 @@ class WideAngleAnalytics {
       "regex" => "RegEx",
     );
 
-    add_action( 'admin_init', array( &$this, 'registerPluginSettings' ) );
-    add_action( 'admin_menu', array( &$this, 'registerAdminMenu' ));
+    add_action('admin_init', array( &$this, 'registerPluginSettings' ) );
+    add_action('admin_menu', array( &$this, 'registerAdminMenu' ));
     add_action('wp_head', array( &$this, 'renderHeaderScript'));
     add_action('wp_footer', array( &$this, 'renderFooterScript'));
   }