Hardened json_decode and added autoBlockMode setting

.craftplugin

@@ -1 +1 @@
-{"pluginName":"Cookiebot","pluginDescription":"CookieBot integration into Craft CMS.","pluginVersion":"2.0.0","pluginAuthorName":"Human Direct","pluginVendorName":"humandirect","pluginAuthorUrl":"https://humandirect.eu","pluginAuthorGithub":"","codeComments":"yes","pluginComponents":["services","utilities","variables"],"consolecommandName":"","controllerName":"","cpsectionName":"","elementName":"","fieldName":"","modelName":"","purchasableName":"","recordName":"","serviceName":"","taskName":"","utilityName":"","widgetName":"","apiVersion":"api_version_3_0"}
+{"pluginName":"Cookiebot","pluginDescription":"CookieBot integration into Craft CMS.","pluginVersion":"2.1.0","pluginAuthorName":"Human Direct","pluginVendorName":"humandirect","pluginAuthorUrl":"https://humandirect.eu","pluginAuthorGithub":"","codeComments":"yes","pluginComponents":["services","utilities","variables"],"consolecommandName":"","controllerName":"","cpsectionName":"","elementName":"","fieldName":"","modelName":"","purchasableName":"","recordName":"","serviceName":"","taskName":"","utilityName":"","widgetName":"","apiVersion":"api_version_3_0"}

src/Cookiebot.php

@@ -11,6 +11,7 @@
 use humandirect\cookiebot\variables\CookiebotVariable;
 
 use yii\base\Event;
+use yii\base\InvalidConfigException;
 
 /**
  * Cookiebot class
@@ -30,7 +31,7 @@ class Cookiebot extends Plugin
     /**
      * Initialize plugin.
      */
-    public function init()
+    public function init(): void
     {
         parent::init();
         self::$plugin = $this;
@@ -55,6 +56,8 @@ public function init()
      * Returns the cookiebot service.
      *
      * @return CookiebotService The twitter service
+     *
+     * @throws InvalidConfigException
      */
     public function getCookiebot(): CookiebotService
     {
@@ -75,6 +78,7 @@ protected function createSettingsModel(): ?Model
     protected function settingsHtml(): string
     {
         // Get and pre-validate the settings
+        /** @var Settings $settings */
         $settings = $this->getSettings();
         $settings->validate();
 

src/models/Settings.php

@@ -12,25 +12,11 @@
  */
 class Settings extends Model
 {
-    /**
-     * @var string
-     */
-    public $domainGroupID = '';
-
-    /**
-     * @var bool
-     */
-    public $defaultPreferences = false;
-
-    /**
-     * @var bool
-     */
-    public $defaultStatistics = false;
-
-    /**
-     * @var bool
-     */
-    public $defaultMarketing = false;
+    public string $domainGroupID = '';
+    public bool $defaultPreferences = false;
+    public bool $defaultStatistics = false;
+    public bool $defaultMarketing = false;
+    public bool $autoBlockingMode = true;
 
     /**
      * @inheritdoc
@@ -46,6 +32,8 @@ public function rules(): array
             ['defaultStatistics', 'default', 'value' => false],
             ['defaultMarketing', 'boolean'],
             ['defaultMarketing', 'default', 'value' => false],
+            ['autoBlockingMode', 'boolean'],
+            ['autoBlockingMode', 'default', 'value' => true],
         ];
     }
 }

src/services/CookiebotService.php

@@ -6,6 +6,7 @@
 use craft\web\View;
 
 use humandirect\cookiebot\Cookiebot;
+use humandirect\cookiebot\models\Settings;
 
 /**
  * Class CookiebotService
@@ -16,11 +17,7 @@
 class CookiebotService extends Component
 {
     private const COOKIE_NAME = 'CookieConsent';
-
-    /**
-     * @var \stdClass|null
-     */
-    private $cookieConsent;
+    private ?\stdClass $cookieConsent;
 
     /**
      * @return bool
@@ -124,6 +121,7 @@ private function decodeCookie(): \stdClass
 
         // no cookie has been set, probably the first visit or a custom closable consent template used
         if (!$this->isCookieSet()) {
+            /** @var Settings $settings */
             $settings = Cookiebot::$plugin->getSettings();
             $this->cookieConsent = $this->createConsentObject(
                 $settings->defaultPreferences,
@@ -156,7 +154,14 @@ private function decodeCookie(): \stdClass
                 str_replace("'", '"', stripslashes($_COOKIE[self::COOKIE_NAME]))
             )
         );
-        $decoded = json_decode($json);
+
+        try {
+            $decoded = json_decode($json, false, 512, JSON_THROW_ON_ERROR);
+        } catch (\JsonException) {
+            $this->cookieConsent = $this->createConsentObject();
+
+            return $this->cookieConsent;
+        }
 
         $this->cookieConsent = $this->createConsentObject(
             filter_var($decoded->preferences, FILTER_VALIDATE_BOOLEAN),
@@ -198,9 +203,11 @@ private function renderScript(string $type, string $culture = null): string
             return '';
         }
 
+        /** @var Settings $settings */
         $settings = Cookiebot::$plugin->getSettings();
         $vars['domainGroupID'] = $settings->domainGroupID;
         $vars['culture'] = $culture;
+        $vars['autoBlockingMode'] = $settings->autoBlockingMode;
 
         $oldMode = \Craft::$app->view->getTemplateMode();
         \Craft::$app->view->setTemplateMode(View::TEMPLATE_MODE_CP);

src/templates/scripts/dialog.html

@@ -2,4 +2,5 @@
         id="Cookiebot"
         src="https://consent.cookiebot.com/uc.js" data-cbid="{{ domainGroupID }}"
         {% if culture %}data-culture="{{ culture|upper }}"{% endif %}
+        {% if autoBlockingMode %}data-blockingmode="auto"{% endif %}
         async></script>

src/templates/settings/index.html

@@ -21,6 +21,17 @@
     errors: settings.getErrors('domainGroupID')
 }) }}
 
+{{ forms.lightswitchField({
+    label: "Auto Blocking Mode"|t,
+    on: settings.autoBlockingMode,
+    toggle: true,
+    id: 'autoBlockingMode',
+    name: 'autoBlockingMode',
+    disabled: 'autoBlockingMode' in overrides,
+    warning: 'autoBlockingMode' in overrides ? configWarning('autoBlockingMode'),
+    errors: settings.getErrors('autoBlockingMode')
+}) }}
+
 <hr>
 <div class="field" id="settings-prependSender-field">
     <div class="heading">