search

trewknowledge / GDPR

This plugin is meant to assist a Controller, Data Processor, and Data Protection Officer (DPO) with efforts to meet the obligations and rights enacted under the GDPR.
https://wordpress.org/plugins/gdpr/
GNU General Public License v2.0
150 stars 43 forks source link

Helper function is_allowed_cookie() does inexact match #169

Open wizzud opened 6 years ago

wizzud commented 6 years ago

Change function to (something along the lines of) ...

function is_allowed_cookie( $cookie_name, $exactMatch = false ) {
    if ( isset( $_COOKIE['gdpr']['allowed_cookies'] ) ) {
        $allowed_cookies = array_map( 
            'sanitize_text_field',
            json_decode(
                wp_unslash( $_COOKIE['gdpr']['allowed_cookies'] ),
                true
            )
        );
        if ( in_array( $cookie_name, $allowed_cookies, true ) ) {
            return true;
        }
        if ( ! $exactMatch ) {
            $name = preg_quote( $cookie_name, '~' );
            $result = preg_grep( '~' . $name . '~', $allowed_cookies );
            return ! empty( $result );
        }
    }

    return false;
}

Note : the above is suggested without reference/regard to any other Issue raised, and is merely - without changing the functionality of existing calls to the helper - a way for developers to be able to determine an exact match for, say, '_ga' (by calling is_allowed_cookie('_ga', true);), and not risk a false match against 'online_gaming' (a made-up 'for instance'!).

fclaussen commented 6 years ago

That's a good suggestion. Can you submit this as a pull request?

For your other suggestion for checking for categories, I will add as a new function so we don't break thousands of sites when changing from cookie to category based checks.