Fix: & encoded as & after wp_kses call

duracelltomi · Jul 9, 2024 · 6c73ec8 · 6c73ec8
1 parent 3506921
commit 6c73ec8
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 25 deletions.
diff --git a/integration/woocommerce.php b/integration/woocommerce.php
@@ -20,7 +20,7 @@
 $gtm4wp_product_counter   = 0;
 $gtm4wp_last_widget_title = 'Sidebar Products';
 
-$GLOBALS['gtm4wp_grouped_product_ix']               = 1;
+$GLOBALS['gtm4wp_grouped_product_ix'] = 1;
 
 /**
  * Function to be called on the gtm4wp_add_global_vars_array hook to output WooCommerce related global JavaScript variables.
@@ -804,9 +804,11 @@ function gtm4wp_woocommerce_thankyou( $order_id ) {
 		}
 </script>';
 
-		echo wp_kses(
-			$script_tag,
-			gtm4wp_get_sanitize_script_block_rules()
+		echo htmlspecialchars_decode( //phpcs:ignore
+			wp_kses(
+				$script_tag,
+				gtm4wp_get_sanitize_script_block_rules()
+			)
 		);
 
 		if ( ! $do_not_flag_tracked_order ) {

diff --git a/public/frontend.php b/public/frontend.php
@@ -890,9 +890,11 @@ function gtm4wp_wp_footer() {
 	}
 </script>";
 
-			echo wp_kses(
-				$script_tag,
-				gtm4wp_get_sanitize_script_block_rules()
+			echo htmlspecialchars_decode( //phpcs:ignore
+				wp_kses(
+					$script_tag,
+					gtm4wp_get_sanitize_script_block_rules()
+				)
 			);
 
 			unset( $_COOKIE['gtm4wp_user_logged_in'] );
@@ -914,9 +916,11 @@ function gtm4wp_wp_footer() {
 	}
 </script>";
 
-			echo wp_kses(
-				$script_tag,
-				gtm4wp_get_sanitize_script_block_rules()
+			echo htmlspecialchars_decode( //phpcs:ignore
+				wp_kses(
+					$script_tag,
+					gtm4wp_get_sanitize_script_block_rules()
+				)
 			);
 
 			unset( $_COOKIE['gtm4wp_user_registered'] );
@@ -1082,9 +1086,11 @@ function gtm4wp_wp_header_begin( $echo = true ) {
 	$script_tag .= '
 </script>';
 
-	echo wp_kses(
-		$script_tag,
-		gtm4wp_get_sanitize_script_block_rules()
+	echo htmlspecialchars_decode( //phpcs:ignore
+		wp_kses(
+			$script_tag,
+			gtm4wp_get_sanitize_script_block_rules()
+		)
 	);
 
 	do_action( GTM4WP_WPACTION_AFTER_DATALAYER );
@@ -1101,9 +1107,11 @@ function gtm4wp_wp_header_begin( $echo = true ) {
 	console.warn && console.warn("[GTM4WP] Data layer codes are active but GTM container must be loaded using custom coding !!!");
 </script>';
 
-		echo wp_kses(
-			$script_tag,
-			gtm4wp_get_sanitize_script_block_rules()
+		echo htmlspecialchars_decode( //phpcs:ignore
+			wp_kses(
+				$script_tag,
+				gtm4wp_get_sanitize_script_block_rules()
+			)
 		);
 	}
 
@@ -1122,9 +1130,11 @@ function gtm4wp_wp_header_begin( $echo = true ) {
 	console.warn && console.warn("[GTM4WP] Data layer codes are active but GTM container code is omitted !!!");
 </script>';
 
-					echo wp_kses(
-						$script_tag,
-						gtm4wp_get_sanitize_script_block_rules()
+					echo htmlspecialchars_decode( //phpcs:ignore
+						wp_kses(
+							$script_tag,
+							gtm4wp_get_sanitize_script_block_rules()
+						)
 					);
 				}
 
@@ -1151,9 +1161,11 @@ function gtag(){dataLayer.push(arguments);}
 		});
 </script>';
 
-		echo wp_kses(
-			$script_tag,
-			gtm4wp_get_sanitize_script_block_rules()
+		echo htmlspecialchars_decode( //phpcs:ignore
+			wp_kses(
+				$script_tag,
+				gtm4wp_get_sanitize_script_block_rules()
+			)
 		);
 	}
 
@@ -1193,9 +1205,11 @@ function gtag(){dataLayer.push(arguments);}
 })(window,document,\'script\',\'' . esc_js( $gtm4wp_datalayer_name ) . '\',\'' . esc_js( $one_gtm_id ) . '\');
 </script>';
 
-			echo wp_kses(
-				$script_tag,
-				gtm4wp_get_sanitize_script_block_rules()
+			echo htmlspecialchars_decode( //phpcs:ignore
+				wp_kses(
+					$script_tag,
+					gtm4wp_get_sanitize_script_block_rules()
+				)
 			);
 		} // end foreach $_gtm_codes
 	} // end if container code output possible