wideangle/wide-angle-analytics-wordpress
3
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #2 from inputobjects/fixme/wordpress-follow-up

Browse source 
Version 1.0.2 escaping attributes in rendered code
This commit is contained in:
Jarek Rozanski 2021-12-29 22:40:45 +01:00 committed by GitHub
commit 08c6d8f022
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

2
readme.txt
View file

@ -4,7 +4,7 @@ Tags: web analytics, tracking, web traffic, analytics
Requires at least: 5.2
Tested up to: 5.8.2
Requires PHP: 7.2
Stable tag: 1.0.1
Stable tag: 1.0.2
License: GPLv2
Easily add Wide Angle Analytics tracker script to your WordPress site. You can quickly configure your web analytics tracker script.

11
types/WideAngleConfig.php
View file

@ -26,11 +26,12 @@ EOD;
function generateFooterScript() {
$pathExlusionsAttribute = $this->generateExclusionsAttribute();
$includeParamsAttribute = $this->generateIncludeParamsAttribute();
$trackerUrlAttribute = esc_attr("https://{$this->trackerDomain}/script/{$this->siteId}.js");
$ignoreHashAttribute = esc_attr($this->ignoreHash);
$script = <<<EOD
<script async defer
src="https://{$this->trackerDomain}/script/{$this->siteId}.js"
data-waa-ignore-hash="{$this->ignoreHash}"
src="{$trackerUrlAttribute}"
data-waa-ignore-hash="{$ignoreHashAttribute}"
$includeParamsAttribute
$pathExlusionsAttribute></script>
EOD;
@ -40,7 +41,7 @@ EOD;
private function generateIncludeParamsAttribute() {
$params = $this->helpers->parseIncludeParamsSetting($this->includeParamsString);
if(sizeof($params) > 0) {
return "data-waa-inc-params=\"" . implode(",", $params) . "\"";
return "data-waa-inc-params=\"" . esc_attr(implode(",", $params)) . "\"";
}
return "";
}
@ -54,7 +55,7 @@ EOD;
$pathExlusionsAttributeWithKey = "";
if(trim($pathExlusionsAttribute) != "") {
$pathExlusionsAttributeWithKey = "data-waa-exc-paths=\"" . $pathExlusionsAttribute ."\"";
$pathExlusionsAttributeWithKey = "data-waa-exc-paths=\"" . esc_attr($pathExlusionsAttribute) ."\"";
}
return $pathExlusionsAttributeWithKey;
}

2
wide-angle-analytics.php
View file

@ -5,7 +5,7 @@
Description: Easily enable and configure Wide Angle Analytics on your Wordpress site
Author: Wide Angle Analytics by Input Objects GmbH
Author URI: https://wideangle.co
Version: 1.0.1
Version: 1.0.2
Requires at least: 5.2
Requires PHP: 7.2
License: GPL v2