feat(01-rodo-cookie-consent): RODO compliance — Consent Mode v2 + Facebook Pixel blokada

Phase 1 complete:
- fbq noop na wp_head priority 1 — blokuje Facebook Pixel ze wszystkich źródeł (HFCM, PYS, woo-product-feed-pro) gdy brak zgody marketingowej
- Early gtag consent update PHP-side dla powracających użytkowników — eliminuje race condition z GTM
- Granularne filtry pys_disable_*_by_gdpr — PixelYourSite honoruje kategorie marketing/analytics
- Fix: wp_unslash() przy odczycie $_COOKIE (WP wp_magic_quotes addslashes)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

wp-content/themes/Divi/functions.php

@@ -8881,3 +8881,94 @@ function podcasts_list_shortcode($atts = [], $content = null) {
 }
 
 add_shortcode('podcasts_list', 'podcasts_list_shortcode');
+
+// RODO: Block fbq (Facebook Pixel) when no marketing consent — neutralizes HFCM/PYS/woosea scripts
+add_action( 'wp_head', 'szkolenia_block_fbq_noop', 1 );
+function szkolenia_block_fbq_noop() {
+    if ( ! szkolenia_cnp_has_preference( 'marketing' ) ) {
+        ?>
+        <script>
+        // RODO: brak zgody marketingowej — fbq zablokowane
+        window.fbq = window.fbq || function() {};
+        window._fbq = window._fbq || window.fbq;
+        window.fbq.loaded = true;
+        window.fbq.version = '2.0';
+        window.fbq.queue = [];
+        </script>
+        <?php
+    }
+}
+
+// RODO: Early consent update for returning visitors (before GTM loads)
+add_action( 'wp_head', 'szkolenia_consent_early_update', 1 );
+function szkolenia_consent_early_update() {
+    $consent = isset( $_COOKIE['cnp_consent'] ) ? $_COOKIE['cnp_consent'] : '';
+    if ( $consent !== 'true' ) {
+        return;
+    }
+
+    $prefs = array();
+    if ( isset( $_COOKIE['cnp_prefs'] ) ) {
+        $decoded = json_decode( urldecode( wp_unslash( $_COOKIE['cnp_prefs'] ) ), true );
+        if ( is_array( $decoded ) ) {
+            $prefs = $decoded;
+        }
+    }
+
+    $analytics = in_array( 'analytics', $prefs ) ? 'granted' : 'denied';
+    $marketing = in_array( 'marketing', $prefs ) ? 'granted' : 'denied';
+    ?>
+    <script>
+    window.dataLayer = window.dataLayer || [];
+    if (typeof gtag !== 'function') { function gtag(){dataLayer.push(arguments);} }
+    gtag('consent', 'update', {
+        'analytics_storage': '<?php echo esc_js( $analytics ); ?>',
+        'ad_storage': '<?php echo esc_js( $marketing ); ?>',
+        'ad_user_data': '<?php echo esc_js( $marketing ); ?>',
+        'ad_personalization': '<?php echo esc_js( $marketing ); ?>'
+    });
+    </script>
+    <?php
+}
+
+// RODO: PixelYourSite — blokada pixeli na podstawie kategorii zgody Cookie Notice Pro
+add_filter( 'pys_disable_facebook_by_gdpr', 'szkolenia_pys_marketing_consent' );
+add_filter( 'pys_disable_bing_by_gdpr', 'szkolenia_pys_marketing_consent' );
+add_filter( 'pys_disable_google_ads_by_gdpr', 'szkolenia_pys_marketing_consent' );
+function szkolenia_pys_marketing_consent( $disabled ) {
+    if ( $disabled ) return true;
+    return ! szkolenia_cnp_has_preference( 'marketing' );
+}
+
+add_filter( 'pys_disable_analytics_by_gdpr', 'szkolenia_pys_analytics_consent' );
+function szkolenia_pys_analytics_consent( $disabled ) {
+    if ( $disabled ) return true;
+    return ! szkolenia_cnp_has_preference( 'analytics' );
+}
+
+function szkolenia_cnp_has_preference( $type ) {
+    if ( ! isset( $_COOKIE['cnp_consent'] ) || $_COOKIE['cnp_consent'] !== 'true' ) {
+        return false;
+    }
+    if ( ! isset( $_COOKIE['cnp_prefs'] ) ) {
+        return false;
+    }
+    $prefs = json_decode( urldecode( wp_unslash( $_COOKIE['cnp_prefs'] ) ), true );
+    return is_array( $prefs ) && in_array( $type, $prefs, true );
+}
+
+// RODO: woo-product-feed-pro (AdTribes) — blokada własnego pixela Facebook bez zgody marketingowej
+add_action( 'wp_footer', 'szkolenia_block_woosea_facebook_pixel', 1 );
+function szkolenia_block_woosea_facebook_pixel() {
+    if ( ! szkolenia_cnp_has_preference( 'marketing' ) ) {
+        remove_action( 'wp_footer', 'woosea_add_facebook_pixel' );
+    }
+}
+
+// RODO: HFCM (Header Footer Code Manager) — blokada snippetów marketingowych w <head> bez zgody
+add_action( 'wp_head', 'szkolenia_block_hfcm_header', 9 );
+function szkolenia_block_hfcm_header() {
+    if ( ! szkolenia_cnp_has_preference( 'marketing' ) ) {
+        remove_action( 'wp_head', array( 'NNR_HFCM', 'hfcm_header_scripts' ) );
+    }
+}