Add check that resize was called from correct domain
[MAILPOET-2811]
This commit is contained in:
Rostislav Wolny
committed by
Veljko V
Veljko V
parent
7a9f605fb4
commit
0039dec079
@@ -43,6 +43,11 @@ const FormPreview = () => {
|
||||
[]
|
||||
);
|
||||
|
||||
const editorUrl = useSelect(
|
||||
(select) => select('mailpoet-form-editor').getEditorUrl(),
|
||||
[]
|
||||
);
|
||||
|
||||
useEffect(() => {
|
||||
setIframeLoaded(false);
|
||||
}, [isPreview]);
|
||||
@@ -72,6 +77,7 @@ const FormPreview = () => {
|
||||
const urlData = {
|
||||
id: formId,
|
||||
form_type: previewSettings.formType,
|
||||
editor_url: editorUrl,
|
||||
};
|
||||
let iframeSrc = `${(window as any).mailpoet_form_preview_page}&data=${btoa(JSON.stringify(urlData))}`;
|
||||
// Add anchor to scroll to certain types of form
|
||||
|
||||
@@ -13,6 +13,12 @@ jQuery(($) => {
|
||||
if (!event.data) {
|
||||
return;
|
||||
}
|
||||
// Allow message processing only when send from editor's origin
|
||||
const editorUrl = new URL(previewForm.data('editor-url'));
|
||||
if (editorUrl.origin !== event.origin) {
|
||||
return;
|
||||
}
|
||||
|
||||
let width = null;
|
||||
const formType = event.data.formType;
|
||||
// Get width settings based on type
|
||||
|
||||
@@ -110,6 +110,9 @@ export default {
|
||||
hasUnsavedChanges(state) {
|
||||
return state.hasUnsavedChanges;
|
||||
},
|
||||
getEditorUrl(state) {
|
||||
return state.editorUrl;
|
||||
},
|
||||
|
||||
/**
|
||||
* Goes thru all parents of the block and return
|
||||
|
||||
@@ -59,6 +59,7 @@ export default () => {
|
||||
openedPanels: ['basic-settings'],
|
||||
},
|
||||
previewSettings,
|
||||
editorUrl: window.location.href,
|
||||
};
|
||||
|
||||
const config = {
|
||||
|
||||
@@ -39,7 +39,7 @@ class PreviewPage {
|
||||
$this->assetsController = $assetsController;
|
||||
}
|
||||
|
||||
public function renderPage(int $formId, string $formType): string {
|
||||
public function renderPage(int $formId, string $formType, string $editorUrl): string {
|
||||
$this->assetsController->setupFormPreviewDependencies();
|
||||
$formData = $this->fetchFormData($formId);
|
||||
if (!is_array($formData)) {
|
||||
@@ -49,7 +49,7 @@ class PreviewPage {
|
||||
'form/form_preview.html',
|
||||
[
|
||||
'post' => $this->getPostContent(),
|
||||
'form' => $this->getFormContent($formData, $formId, $formType),
|
||||
'form' => $this->getFormContent($formData, $formId, $formType, $editorUrl),
|
||||
'formType' => $formType,
|
||||
]
|
||||
);
|
||||
@@ -81,10 +81,11 @@ class PreviewPage {
|
||||
return null;
|
||||
}
|
||||
|
||||
private function getFormContent(array $formData, int $formId, string $formDisplayType): string {
|
||||
private function getFormContent(array $formData, int $formId, string $formDisplayType, string $editorUrl): string {
|
||||
$htmlId = 'mailpoet_form_preview_' . $formId;
|
||||
$templateData = [
|
||||
'is_preview' => true,
|
||||
'editor_url' => $editorUrl,
|
||||
'form_html_id' => $htmlId,
|
||||
'form_id' => $formId,
|
||||
'form_success_message' => $formData['settings']['success_message'] ?? null,
|
||||
|
||||
@@ -45,6 +45,10 @@ class FormPreview {
|
||||
if (!isset($this->data['id']) || !isset($this->data['form_type'])) {
|
||||
return '';
|
||||
}
|
||||
return $this->formPreviewPage->renderPage((int)$this->data['id'], (string)$this->data['form_type']);
|
||||
return $this->formPreviewPage->renderPage(
|
||||
(int)$this->data['id'],
|
||||
(string)$this->data['form_type'],
|
||||
(string)$this->data['editor_url']
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
class="mailpoet_form mailpoet_form_<%= form_type %>"
|
||||
<% if(is_preview) %>
|
||||
data-is-preview="1"
|
||||
data-editor-url="<%= editor_url %>"
|
||||
<% endif %>
|
||||
>
|
||||
<% if form_type == 'popup' or form_type == 'fixed_bar' or form_type == 'slide_in' %>
|
||||
|
||||
Reference in New Issue
Block a user