Gtm4wp Versions Save

No change since the beta, repeating changelog for easier access:

• Added: pagePostTerms data layer variable will now also include a meta key with post meta values that does not start with the _ character. This should allow to utilize custom fields added by plugins like Advanced Custom Fields.
• Added: new filter: gtm4wp_post_meta_in_datalayer to limit which post meta should be present with with the previously added feature.
• Added: ability to use a custom path for your server side GTM container. This makes GTM4WP compatible with services like stape.io
• Added: new advanced option to disable browser console.log() messages on frontend
• Added: new filter: gtm4wp_purchase_datalayer to be able to alter data layer content for the purchase data
• Added: new filter: gtm4wp_datalayer_on_pageload to be able to alter data layer content generated during page load
• Added: customerBillingState and customerShippingState on WooCommerce order received page, thanks massimo-maimeri
• Added: High Performance Order Storage (HPOS) compatibility for WooCommerce
• Updated: WooCommerce integration will also check target attitbute of product links while firing select_item event, thanks [robklo])(https://github.com/robklo)
• Updated: YouTube tracking will not load on pages not containing a YouTube block or a YouTube iframe
• Fixed: add_to_cart event on grouped products not working when SKU is selected as product ID in plugin options.
• Fixed: more reliable new_customer flag working with guest orders of existing customers, thanks morvy

• Added: pagePostTerms data layer variable will now also include a meta key with post meta values that does not start with the _ character. This should allow to utilize custom fields added by plugins like Advanced Custom Fields.
• Added: new filter: gtm4wp_post_meta_in_datalayer to limit which post meta should be present with with the previously added feature.
• Added: ability to use a custom path for your server side GTM container. This makes GTM4WP compatible with services like stape.io
• Added: new advanced option to disable browser console.log() messages on frontend
• Added: new filter: gtm4wp_purchase_datalayer to be able to alter data layer content for the purchase data
• Added: new filter: gtm4wp_datalayer_on_pageload to be able to alter data layer content generated during page load
• Added: customerBillingState and customerShippingState on WooCommerce order received page, thanks massimo-maimeri
• Added: High Performance Order Storage (HPOS) compatibility for WooCommerce
• Updated: WooCommerce integration will also check target attitbute of product links while firing select_item event, thanks [robklo])(https://github.com/robklo)
• Updated: YouTube tracking will not load on pages not containing a YouTube block or a YouTube iframe
• Fixed: add_to_cart event on grouped products not working when SKU is selected as product ID in plugin options.
• Fixed: more reliable new_customer flag working with guest orders of existing customers, thanks morvy

• Fixed: server side GTM hostname did not work if domain name included a hyphen character
• Fixed: user login and user registration data layer events were swapped, thanks danvy for the fix
• Fixed: JavaScript error in Chrome around event.target.closest calls, thanks pinkasey for the fix
• Fixed: cast _ga_tracked variable as integer to make the identical operator work correctly, thanks Irfan for the suggestion
• Fixed: removed extra code added in 1.14 that reloads pages in Safari in WooCommerce integration. It broke some sites.
• Updated: required PHP version raised to 7.4. Currently, this is not a hard requirement but from now I could include updates that will require this PHP version.

Fixed: GTM ID not properly set in noscript tag

This plugin version does not add or update any functionality. After recent events, the code of the plugin has been checked line by line to see where additional security checks can be added. The code has been formatted to better support readability for other programmers.

Deprecated:

• gtm4wp_get_the_gtm_tag hook and the corresponding GTM4WP_WPFILTER_GETTHEGTMTAG PHP constant.
• gtm4wp_add_global_vars hook and the corresponding GTM4WP_WPFILTER_ADDGLOBALVARS PHP constant. Use gtm4wp_add_global_vars_array / GTM4WP_WPFILTER_ADDGLOBALVARS_ARRAY instead.
• gtm4wp_after_datalayer hook and the corresponding GTM4WP_WPACTION_AFTER_DATALAYER PHP constant. Use gtm4wp_output_after_datalayer / GTM4WP_WPACTION_AFTER_DATALAYER instead witch can be used in the same way but it is an action instead of a filter.

Upcoming version will come with important changes:

• Minimum PHP version will be raised to 7.4: this will allow me to add even more safety measures
• Minimum supported WooCommerce version will be raised to WooCommerce 5.0: with this I can remove some very old compatibility code
• Deprecated features will be removed (aims to simplify code for better maintenance):
  • Do not track flag of the browser added into data layer
  • Legacy version of WooCommerce dynamic remarketing (using ecomm_ parameters)

The goal of all these changes aim to keep the plugin code clean and free from legacy solutions.

Revised some phpcs:ignore commands and added more context where it is being kept.

This plugin version does not add or update any functionality. After recent events, the code of the plugin has been checked line by line to see where additional security checks can be added. The code has been formatted to better support readability for other programmers.

Deprecated:

• gtm4wp_get_the_gtm_tag hook and the corresponding GTM4WP_WPFILTER_GETTHEGTMTAG PHP constant.
• gtm4wp_add_global_vars hook and the corresponding GTM4WP_WPFILTER_ADDGLOBALVARS PHP constant. Use gtm4wp_add_global_vars_array / GTM4WP_WPFILTER_ADDGLOBALVARS_ARRAY instead.

Upcoming version will come with important changes:

• Minimum PHP version will be raised to 7.4: this will allow me to add even more safety measures
• Minimum supported WooCommerce version will be raised to WooCommerce 5.0: with this I can remove some very old compatibility code
• Deprecated features will be removed (aims to simplify code for better maintenance):
  • Do not track flag of the browser added into data layer
  • Legacy version of WooCommerce dynamic remarketing (using ecomm_ parameters)

The goal of all these changes aim to keep the plugin code clean and free from legacy solutions.

• Fixed: Stored XSS when using the scroll tracking feature and an admin changes the content element ID into a JavaScript code.

• Fixed: JavaScript error with the newly added console logging to debug code placement issues
• Fixed: possible XSS Vulnerability if Cloudflare country code option enabled. Thanks Guillaume Fortier
• Fixed: proven XSS Vulnerability if adding site search into the data layer was enabled. Original report by not_stoppable. Root cause analysis by Cory Buecker.
• Removed: deprecated feature Google Ads remarketing. This is the outdated, classic way using the google_tag_params variable.
• Dev: removed PHP constant GTM4WP_WPFILTER_COMPILE_REMARKTING (related to removed Google Ads remarketing feature)
• Dev: removed gtm4wp_compile_remarkering WordPress filter (related to removed Google Ads remarketing feature)

Note to plugin users: I sincerely appologize for the vulnerabilities. To make sure, such cases do not happen again, the next version will be fully dedicacted to go through every peace of code and make sure proper data processing is happening in GTM4WP.

• Added: pagePostType data layer variable will now return 404-error on 404 pages and search-results on search result pages
• Added: Google Tag Manager container code can be disabled for specific WordPress user roles under Advanced plugin options. A browser console warning will be shown in such cases to prevent confusion
• Added: support for all Contact Form 7 events for more granual tracking: gtm4wp.contactForm7MailSent, gtm4wp.contactForm7MailFailed, gtm4wp.contactForm7SpamDetected, gtm4wp.contactForm7InvalidInput
• Added: additional data layer variables for date attributes: pagePostDateDayName, pagePostDateHour, pagePostDateMinute, pagePostDateIso, pagePostDateUnix - by ajtatum
• Fixed: unclickable products in WooCommerce product lists in Firefox when visiting site in Strict privacy mode or using private browsing
• Fixed: tracking step 2 on WooCommerce checkout page was broken
• Updated: removed CDATA blocks as they are not required in simple HTML and they break some cases where code optimizer is being used
• Updated: products per impression in WooCommerce integration now defaults to 10 instead of 0. This allows view_item_list event to fire on new sites as well
• Updated: code placement options. Separated container on/off option and replaced code placement with the new terminology: compatibility mode
• Updated: removed optional chaining operator usage (?.) in JavaScript codes for better compatibility with outdated browsers
• Updated: changed 'Do not flag orders as being tracked' description to be more precise about what happens if turned on or left off
• Updated: if you enter your custom domain name for server side tagging with the https:// prefix, it will be removed before domain name validation
• Updated: all script blocks to be ignored by Cookiebot if this integration is enabled
• Updated: do not track WooCommerce order where payment failed