Merge pull request #2 from inputobjects/fixme/wordpress-follow-up

Version 1.0.2 escaping attributes in rendered code
2021-12-29 22:40:45 +01:00 · 2021-12-29 22:40:45 +01:00 · 08c6d8f022
commit 08c6d8f022
parent db6109e748 0d727f3aee
3 changed files with 10 additions and 9 deletions
--- a/readme.txt
+++ b/readme.txt
@ -4,7 +4,7 @@ Tags: web analytics, tracking, web traffic, analytics
 Requires at least: 5.2
 Tested up to: 5.8.2
 Requires PHP: 7.2
-Stable tag: 1.0.1
+Stable tag: 1.0.2
 License: GPLv2
 Easily add Wide Angle Analytics tracker script to your WordPress site. You can quickly configure your web analytics tracker script.
--- a/types/WideAngleConfig.php
+++ b/types/WideAngleConfig.php
@ -26,11 +26,12 @@ EOD;
  function generateFooterScript() {
    $pathExlusionsAttribute = $this->generateExclusionsAttribute();
    $includeParamsAttribute = $this->generateIncludeParamsAttribute();
-
+    $trackerUrlAttribute = esc_attr("https://{$this->trackerDomain}/script/{$this->siteId}.js");
    $ignoreHashAttribute = esc_attr($this->ignoreHash);
    $script = <<<EOD
 <script async defer
-  src="https://{$this->trackerDomain}/script/{$this->siteId}.js"
+  src="{$trackerUrlAttribute}"
-  data-waa-ignore-hash="{$this->ignoreHash}"
+  data-waa-ignore-hash="{$ignoreHashAttribute}"
  $includeParamsAttribute
  $pathExlusionsAttribute></script>
 EOD;
@ -40,7 +41,7 @@ EOD;
  private function generateIncludeParamsAttribute() {
    $params = $this->helpers->parseIncludeParamsSetting($this->includeParamsString);
    if(sizeof($params) > 0) {
-      return "data-waa-inc-params=\"" . implode(",", $params) . "\"";
+      return "data-waa-inc-params=\"" . esc_attr(implode(",", $params)) . "\"";
    }
    return "";
  }
@ -54,7 +55,7 @@ EOD;
    $pathExlusionsAttributeWithKey = "";
    if(trim($pathExlusionsAttribute) != "") {
-      $pathExlusionsAttributeWithKey = "data-waa-exc-paths=\"" . $pathExlusionsAttribute ."\"";
+      $pathExlusionsAttributeWithKey = "data-waa-exc-paths=\"" . esc_attr($pathExlusionsAttribute) ."\"";
    }
    return $pathExlusionsAttributeWithKey;
  }
--- a/wide-angle-analytics.php
+++ b/wide-angle-analytics.php
@ -5,7 +5,7 @@
  Description:          Easily enable and configure Wide Angle Analytics on your Wordpress site
  Author:               Wide Angle Analytics by Input Objects GmbH
  Author URI:           https://wideangle.co
-  Version:              1.0.1
+  Version:              1.0.2
  Requires at least:    5.2
  Requires PHP:         7.2
  License:              GPL v2
@ -37,8 +37,8 @@ class WideAngleAnalytics {
      "regex" => "RegEx",
    );
-    add_action( 'admin_init', array( &$this, 'registerPluginSettings' ) );
+    add_action('admin_init', array( &$this, 'registerPluginSettings' ) );
-    add_action( 'admin_menu', array( &$this, 'registerAdminMenu' ));
+    add_action('admin_menu', array( &$this, 'registerAdminMenu' ));
    add_action('wp_head', array( &$this, 'renderHeaderScript'));
    add_action('wp_footer', array( &$this, 'renderFooterScript'));
  }