PluginProbe ʕ •ᴥ•ʔ
Jetpack – WP Security, Backup, Speed, & Growth / 16.0-beta
Jetpack – WP Security, Backup, Speed, & Growth v16.0-beta
16.0 16.0-beta 16.0-a.7 16.0-a.5 15.9.1 16.0-a.3 16.0-a.1 15.9 15.9-beta 15.9-a.7 15.9-a.5 15.9-a.3 15.9-a.1 15.8 15.8-beta 15.8-a.7 15.8-a.5 5.2.5 5.3.4 5.4.4 5.5.5 5.6.5 5.7.5 5.8.4 5.9.4 6.0.4 6.1 6.1.1 6.1.2 6.1.3 6.1.4 6.1.5 6.2 6.2.1 6.2.2 6.2.3 6.2.4 6.2.5 6.3 6.3.1 6.3.2 6.3.3 6.3.4 6.3.5 6.3.6 6.3.7 6.4 6.4.1 6.4.2 6.4.3 6.4.4 6.4.5 6.4.6 6.5 6.5.1 6.5.2 6.5.3 6.5.4 6.6 6.6.1 6.6.2 6.6.3 6.6.4 6.6.5 6.7 6.7.1 6.7.2 6.7.3 6.7.4 6.8 6.8.1 6.8.2 6.8.3 6.8.4 6.8.5 6.9 6.9.1 6.9.2 6.9.3 6.9.4 7.0 7.0.1 7.0.2 7.0.3 7.0.4 7.0.5 7.1 7.1.1 7.1.2 7.1.3 7.1.4 7.1.5 7.2 7.2.1 7.2.1.1 7.2.2 7.2.3 7.2.4 7.2.5 7.3 7.3.0.1 7.3.1 7.3.1.1 7.3.2 7.3.3 7.3.4 7.3.5 7.4 7.4.1 7.4.2 7.4.3 7.4.4 7.4.5 7.5 7.5.0.1 7.5.1 7.5.2 7.5.3 7.5.4 7.5.5 7.5.6 7.5.7 7.6 7.6.1 7.6.2 7.6.3 7.6.4 7.7 7.7.1 7.7.2 7.7.3 7.7.4 7.7.5 7.7.6 7.8 7.8.1 7.8.2 7.8.3 7.8.4 7.9 7.9.1 7.9.2 7.9.3 7.9.4 8.0 8.0.1 8.0.2 8.0.3 8.1 8.1.1 8.1.2 8.1.3 8.1.4 8.2 8.2.0.1 8.2.1 8.2.2 8.2.3 8.2.4 8.2.5 8.2.6 8.3 8.3.1 8.3.2 8.3.3 8.4 8.4.1 8.4.2 8.4.3 8.4.4 8.4.5 8.5 8.5.1 8.5.2 8.5.3 8.6 8.6.1 8.6.2 8.6.3 8.6.4 8.7 8.7.0.1 8.7.1 8.7.2 8.7.3 8.7.4 8.8 8.8.1 8.8.2 8.8.3 8.8.4 8.8.5 8.9 8.9.1 8.9.2 8.9.3 8.9.4 9.0 9.0.1 9.0.2 9.0.3 9.0.4 9.0.5 9.1 9.1.1 9.1.2 9.1.3 9.2 9.2.1 9.2.2 9.2.3 9.2.4 9.3 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.4 9.4.1 9.4.2 9.4.3 9.4.4 9.5 9.5.1 9.5.2 9.5.3 9.5.4 9.5.5 9.6 9.6.1 9.6.2 9.6.3 9.6.4 9.7 9.7.1 9.7.2 15.7-beta.2 9.7.3 15.7.1 9.8 15.8-a.1 9.8.1 15.8-a.3 9.8.2 2.0.9 9.8.3 2.1.7 9.9 2.2.10 9.9.1 2.3.10 9.9.2 2.4.7 9.9.3 2.5.5 2.6.6 2.7.5 2.8.5 2.9.6 3.0.6 3.1.5 3.2.5 3.3.6 3.4.6 3.5.6 3.6.4 3.7.5 3.8.5 3.9.10 4.0.7 4.1.4 4.2.5 4.3.5 4.4.5 4.5.3 4.6.3 4.7.4 4.8.5 4.9.3 5.0.3 5.1.4 trunk 10.0 10.0.1 10.0.2 10.1 10.1.1 10.1.2 10.2 10.2.1 10.2.2 10.2.3 10.3 10.3.1 10.3.2 10.4 10.4.1 10.4.2 10.5 10.5.1 10.5.2 10.5.3 10.6 10.6.1 10.6.2 10.7 10.7.1 10.7.2 10.8 10.8.1 10.8.2 10.9 10.9.1 10.9.2 10.9.3 11.0 11.0.1 11.0.2 11.1 11.1.1 11.1.2 11.1.3 11.1.4 11.2 11.2.1 11.2.2 11.3 11.3.1 11.3.2 11.3.3 11.3.4 11.4 11.4.1 11.4.2 11.5 11.5.1 11.5.2 11.5.3 11.6 11.6.1 11.6.2 11.7 11.7.1 11.7.2 11.7.3 11.8 11.8.3 11.8.4 11.8.5 11.8.6 11.9 11.9.1 11.9.2 11.9.3 12.0 12.0.1 12.0.2 12.1 12.1.1 12.1.2 12.2 12.2.1 12.2.2 12.3 12.3.1 12.4 12.4.1 12.5 12.5.1 12.6 12.6.1 12.6.2 12.6.3 12.7 12.7.1 12.7.2 12.8 12.8.1 12.8.2 12.9 12.9.1 12.9.2 12.9.3 12.9.4 13.0 13.0.1 13.1 13.1.1 13.1.2 13.1.3 13.1.4 13.2 13.2.1 13.2.2 13.2.3 13.3 13.3.1 13.3.2 13.4 13.4.1 13.4.2 13.4.3 13.4.4 13.5 13.5.1 13.6 13.6.1 13.7 13.7.1 13.8 13.8.1 13.8.2 13.9 13.9.1 14.0 14.1 14.2 14.2.1 14.3 14.4 14.4.1 14.5 14.6 14.7 14.8 14.9 14.9.1 15.0 15.0.1 15.0.2 15.1 15.1.1 15.2 15.3 15.3.1 15.4 15.5 15.6 15.7 15.7-a.1 15.7-a.3 15.7-a.5 15.7-a.7 15.7-beta
jetpack / modules / wordads / php / class-wordads-consent-management-provider.php
jetpack / modules / wordads / php Last commit date
networks 5 years ago class-wordads-admin.php 7 months ago class-wordads-api.php 7 months ago class-wordads-array-utils.php 7 months ago class-wordads-california-privacy.php 6 months ago class-wordads-ccpa-do-not-sell-link-widget.php 7 months ago class-wordads-consent-management-provider.php 6 months ago class-wordads-cron.php 7 months ago class-wordads-formats.php 7 months ago class-wordads-params.php 7 months ago class-wordads-shortcode.php 7 months ago class-wordads-sidebar-widget.php 7 months ago class-wordads-smart.php 2 weeks ago
class-wordads-consent-management-provider.php
127 lines
1 <?php
2 /**
3 * WordAds Consent Management Provider
4 *
5 * @package automattic/jetpack
6 */
7
8 use Automattic\Jetpack\Assets;
9
10 if ( ! defined( 'ABSPATH' ) ) {
11 exit( 0 );
12 }
13
14 /**
15 * Class WordAds_Consent_Management_Provider
16 *
17 * This is an integration with the GDPR Consent Management Provider
18 * to comply with GDPR requirements for privacy and transparency related to advertising.
19 */
20 class WordAds_Consent_Management_Provider {
21
22 /**
23 * IAB specified cookie name for storing the consent string.
24 */
25 const COOKIE_NAME = 'euconsent-v2';
26
27 /**
28 * Initializes loading of the frontend framework.
29 */
30 public static function init() {
31 // Prevent Cookies & Consent banner from displaying when the CMP is active.
32 add_filter( 'jetpack_disable_eu_cookie_law_widget', '__return_true' );
33 add_filter( 'jetpack_disable_cookie_consent_block', '__return_true' );
34
35 // Enqueue scripts.
36 add_action( 'wp_enqueue_scripts', array( __CLASS__, 'enqueue_frontend_scripts' ) );
37 }
38
39 /**
40 * AJAX handlers for fetching purposes and vendor data and setting the cookie serverside.
41 *
42 * Serverside cookie used so that the expiration can be longer than one week.
43 * This function is called from: /mu-plugins/wordads-ajax.php to ensure they run on all
44 * requests including admin requests.
45 */
46 public static function init_ajax_actions() {
47 add_action( 'wp_ajax_gdpr_set_consent', array( __CLASS__, 'handle_set_consent_request' ) );
48 add_action( 'wp_ajax_nopriv_gdpr_set_consent', array( __CLASS__, 'handle_set_consent_request' ) );
49 }
50
51 /**
52 * Handler for setting consent cookie AJAX request.
53 */
54 public static function handle_set_consent_request() {
55
56 // phpcs:disable WordPress.Security.NonceVerification.Missing
57 if ( ! isset( $_POST['consent'] ) ) {
58 // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int.
59 wp_send_json_error( null, null, JSON_UNESCAPED_SLASHES );
60 }
61
62 // TODO: Is there better sanitizing we can do here?
63 $consent = trim( wp_unslash( $_POST['consent'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
64
65 setcookie( self::COOKIE_NAME, $consent, time() + YEAR_IN_SECONDS, '/', self::get_cookie_domain(), is_ssl(), false ); // phpcs:ignore Jetpack.Functions.SetCookie -- Client side CMP needs to be able to read this value.
66
67 // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int.
68 wp_send_json_success( true, null, JSON_UNESCAPED_SLASHES );
69
70 // phpcs:enable WordPress.Security.NonceVerification.Missing
71 }
72
73 /**
74 * Enqueues the main frontend Javascript.
75 */
76 public static function enqueue_frontend_scripts() {
77 Assets::register_script(
78 'cmp_script_loader',
79 '_inc/build/wordads/js/cmp-loader.min.js',
80 JETPACK__PLUGIN_FILE,
81 array(
82 'nonmin_path' => 'modules/wordads/js/cmp-loader.js',
83 'dependencies' => array(),
84 'enqueue' => true,
85 'version' => JETPACK__VERSION,
86 )
87 );
88
89 wp_enqueue_script(
90 'cmp_config_script',
91 esc_url( self::get_config_url() ),
92 array( 'cmp_script_loader' ),
93 JETPACK__VERSION,
94 false
95 );
96 }
97
98 /**
99 * Gets the value to be used when an opt-in cookie is set.
100 *
101 * @return string The value to store in the opt-in cookie.
102 */
103 private static function get_config_url() {
104 return sprintf(
105 'https://public-api.wordpress.com/wpcom/v2/sites/%1$d/cmp/configuration/%2$s/?_jsonp=a8c_cmp_callback',
106 (int) Jetpack_Options::get_option( 'id' ),
107 strtolower( get_locale() ) // Defaults to en_US not en.
108 );
109 }
110
111 /**
112 * Gets the domain to be used for the opt-out cookie.
113 * Use the site's custom domain, or if the site has a wordpress.com subdomain, use .wordpress.com to share the cookie.
114 *
115 * @return string The domain to set for the opt-out cookie.
116 */
117 public static function get_cookie_domain() {
118 $host = 'localhost';
119
120 if ( isset( $_SERVER['HTTP_HOST'] ) ) {
121 $host = filter_var( wp_unslash( $_SERVER['HTTP_HOST'] ) );
122 }
123
124 return '.wordpress.com' === substr( $host, -strlen( '.wordpress.com' ) ) ? '.wordpress.com' : '.' . $host;
125 }
126 }
127