WordPress.org
Get WordPress

Plugin Directory

Changeset 3051655


Ignore:
Timestamp:
03/15/2024 11:44:03 AM (13 months ago)
Author:
scribit
Message:

Version 1.3.0

Location:
gdpr-compliance/trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed

  • gdpr-compliance/trunk/README.txt

    r2436755 r3051655  
    22Contributors: scribit
    33Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&[email protected]&item_name=GDPR Compliance Wordpress plugin donation&no_note=0
    4 Tags: GDPR, compliance, data, protection, users, privacy, regulation, european, eea, legislation
     4Tags: GDPR, compliance, protection, privacy, legislation
    55Requires at least: 4.0
    6 Tested up to: 5.6.0
    7 Stable tag: 1.2.5
     6Tested up to: 6.4.3
     7Stable tag: 1.3.0
    88Requires PHP: 5.6
    99License: GPLv2 or later
     
    4040
    4141== Changelog ==
     42
     43= 1.3.0 =
     44* Security fixes
     45* CSV download enabled only for users with "edit_users" capability
     46* Removed "user_pass" from visible and downloadable informations
     47* Removed sensible usermeta parameters from visible and downloadable informations
     48* Wordpress 6.4.3 compatibility
    4249
    4350= 1.2.5 =

  • gdpr-compliance/trunk/admin/class-gdpr-compliance-admin.php

    r2436755 r3051655  
    162162    public function gdpr_compliance_user_table_row($val, $column_name, $user_id)
    163163    {
     164        if (!current_user_can( 'edit_users' )) return $val;
     165
    164166        switch ($column_name) {
    165167            case 'download_gdpr_data':
     
    186188    public function gdpr_compliance_userdata_download()
    187189    {
     190        if (!current_user_can( 'edit_users' )) return false;
     191
    188192        if (isset($_GET['user_id']) && is_numeric($_GET['user_id'])) {
    189193            $user_id = $_GET['user_id'];
     
    209213
    210214        $user_fields = array();
    211         foreach ($settings['others'] as $field => $setting) {
    212             if ($setting['enabled'] && $this->startsWith($field, $wpdb->prefix .'users')) {     // Include only users table
    213                 $user_fields[$field] = $setting;
    214             }
    215         }
     215        if (isset($settings))
     216            foreach ($settings['others'] as $field => $setting) {
     217                if ($setting['enabled'] && $this->startsWith($field, $wpdb->prefix .'users')) {     // Include only users table
     218                    $user_fields[$field] = $setting;
     219                }
     220            }
    216221
    217222        $usermeta_fields = array();
    218         foreach ($settings['usermetas'] as $usermeta => $setting) {
    219             if ($setting['enabled']) {
    220                 $usermeta_fields[$usermeta] = $setting['desc'];
    221             }
    222         }
     223        if (isset($settings))
     224            foreach ($settings['usermetas'] as $usermeta => $setting) {
     225                if ($setting['enabled']) {
     226                    $usermeta_fields[$usermeta] = $setting['desc'];
     227                }
     228            }
    223229
    224230        if (count($user_fields) > 0 || count($usermeta_fields) > 0) {
     
    292298        $postmeta_fields_desc = array();
    293299
    294         foreach ($settings['types'] as $postmeta => $setting) {
    295             if ($setting['enabled']) {
    296                 $meta_fields = explode('.', $postmeta); // Every postmeta should be composed as: posttype.metakey
    297 
    298                 if (count($meta_fields) == 2) {
    299                     $postmeta_fields_desc[$meta_fields[0]]['metas'][$meta_fields[1]] = $setting['desc'];
    300                 } elseif (count($meta_fields) == 1) {
    301                     $postmeta_fields_desc[$meta_fields[0]]['desc'] = $setting['desc'];
    302                 }
    303             }
    304         }
     300        if (isset($settings))
     301            foreach ($settings['types'] as $postmeta => $setting) {
     302                if ($setting['enabled']) {
     303                    $meta_fields = explode('.', $postmeta); // Every postmeta should be composed as: posttype.metakey
     304
     305                    if (count($meta_fields) == 2) {
     306                        $postmeta_fields_desc[$meta_fields[0]]['metas'][$meta_fields[1]] = $setting['desc'];
     307                    } elseif (count($meta_fields) == 1) {
     308                        $postmeta_fields_desc[$meta_fields[0]]['desc'] = $setting['desc'];
     309                    }
     310                }
     311            }
    305312
    306313        if (count($postmeta_fields_desc) > 0) {
     
    374381
    375382        $other_fields_desc = array();
    376         foreach ($settings['others'] as $field => $setting) {
    377             if ($setting['enabled']) {
    378                 if ($this->startsWith($field, $wpdb->prefix .'users')) {
    379                     continue;
    380                 }   // Esclude users table
    381 
    382                 $table_fields = explode('.', $field);   // Every information should be composed as: tablename.fieldname
    383                 if (count($table_fields) < 1 || count($table_fields) > 2) {
    384                     continue;
    385                 }
    386 
    387                 if (!isset($other_fields_desc[$table_fields[0]])) {
    388                     $other_fields_desc[$table_fields[0]] = array();
    389                 }
    390 
    391                 if (count($table_fields) == 2) {
    392                     $other_fields_desc[$table_fields[0]]['fields'][$table_fields[1]] = $setting['desc'];
    393                 } else {
    394                     $other_fields_desc[$table_fields[0]]['desc'] = $setting['desc'];
    395                 }
    396             }
    397         }
     383        if (isset($settings))
     384            foreach ($settings['others'] as $field => $setting) {
     385                if ($setting['enabled']) {
     386                    if ($this->startsWith($field, $wpdb->prefix .'users')) {
     387                        continue;
     388                    }   // Esclude users table
     389
     390                    $table_fields = explode('.', $field);   // Every information should be composed as: tablename.fieldname
     391                    if (count($table_fields) < 1 || count($table_fields) > 2) {
     392                        continue;
     393                    }
     394
     395                    if (!isset($other_fields_desc[$table_fields[0]])) {
     396                        $other_fields_desc[$table_fields[0]] = array();
     397                    }
     398
     399                    if (count($table_fields) == 2) {
     400                        $other_fields_desc[$table_fields[0]]['fields'][$table_fields[1]] = $setting['desc'];
     401                    } else {
     402                        $other_fields_desc[$table_fields[0]]['desc'] = $setting['desc'];
     403                    }
     404                }
     405            }
    398406
    399407        if (count($other_fields_desc) > 0) {

  • gdpr-compliance/trunk/admin/partials/gdpr-compliance-admin-display-users-data.php

    r2205887 r3051655  
    1515if (isset($_POST['submit'])) {
    1616    $res = true;
    17     $nonce = $_POST['nonce'];
    18    
    19     if ( wp_verify_nonce( $_POST['nonce'], 'gdpr-compliance-admin-menu-save' ) ){
    20        
    21         //print_r($_POST); echo '<br/><br/>';
    22        
     17    $nonce = sanitize_text_field(wp_unslash($_POST['nonce']));
     18   
     19    if ( wp_verify_nonce( $nonce, 'gdpr-compliance-admin-menu-save' ) ){
    2320        // Sanitizing
    2421        $settings['types'] = array();
     
    3532       
    3633        update_option( GDPR_COMPLIANCE_USERDATA_SETTINGNAME, json_encode($settings) );
    37        
    3834    }
    3935    else $res = false;
     
    8177        <?php $table_with_userid_columns = $wpdb->get_results("SELECT table_name AS 'table', column_name AS 'column'
    8278                FROM information_schema.columns
    83                 WHERE table_schema = '{$wpdb->dbname}' AND table_name = '{$wpdb->prefix}users'");
     79                WHERE table_schema = '{$wpdb->dbname}' AND table_name = '{$wpdb->prefix}users' And column_name != 'user_pass'");
    8480            $table_with_userid_example = $wpdb->get_results("SELECT *
    8581                FROM {$wpdb->prefix}users
     
    119115                FROM {$wpdb->prefix}usermeta u1
    120116                WHERE CONCAT('',meta_value * 1) <> meta_value
    121                     AND meta_value
    122                     NOT IN ('true', 'false', '', 'a:0:{}')
     117                    AND meta_value NOT IN ('true', 'false', '', 'a:0:{}')
     118                    AND meta_key NOT LIKE '{$wpdb->prefix}%_capabilities' AND meta_key != 'session_tokens'
    123119                GROUP BY meta_key", ARRAY_A);
    124120        ?>

  • gdpr-compliance/trunk/gdpr-compliance-consts.php

    r2436755 r3051655  
    88 */
    99
    10 define( 'GDPR_COMPLIANCE_VERSION', '1.2.5' );
     10define( 'GDPR_COMPLIANCE_VERSION', '1.3.0' );
    1111
    1212if (!defined('GDPR_COMPLIANCE_USERDATA_SETTINGNAME'))

  • gdpr-compliance/trunk/gdpr-compliance.php

    r2436755 r3051655  
    1717 * Plugin URI:        https://www.scribit.it/en/wordpress-open-source-plugins/
    1818 * Description:       This plugin helps webmasters to accomplish the european GDPR (data protection regulation) allowing users to manage their personal data.
    19  * Version:           1.2.5
     19 * Version:           1.3.0
    2020 * Author:            Scribit
    2121 * Author URI:        https://www.scribit.it/

  • gdpr-compliance/trunk/public/class-gdpr-compliance-public.php

    r2436755 r3051655  
    120120        // Note: I must mantain users table settings into "others" setting array for retrocompatibility (<=1.1.0)
    121121        $user_fields = array();
    122         foreach($settings['others'] as $field => $setting)
    123             if ( $setting['enabled'] && $this->startsWith($field, $wpdb->prefix .'users') )     // Include only users table
     122        foreach($settings['others'] as $field => $setting){
     123            // Include only users table fields, excluding user_pass
     124            if ( $setting['enabled'] && $this->startsWith($field, $wpdb->prefix .'users') && ($field != $wpdb->prefix .'users.user_pass'))
    124125                $user_fields[$field] = $setting;
     126        }
    125127               
    126128        $usermeta_fields = array();
     
    166168                    FROM {$wpdb->prefix}usermeta
    167169                    WHERE user_id = %d
    168                         AND meta_key in ('". $usermeta_fields_string  ."')", $current_user->ID)
     170                        AND meta_key IN ('$usermeta_fields_string')
     171                        AND meta_key NOT LIKE '{$wpdb->prefix}%_capabilities' AND meta_key != 'session_tokens'",
     172                        $current_user->ID)
    169173                    , ARRAY_A );
    170174                   
Note: See TracChangeset for help on using the changeset viewer.