Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

Verify sender Address on newsletter activation

Browse Source 
[MAILPOET-5786]
This commit is contained in:
Brezo Cordero
2024-01-13 01:07:08 -06:00
committed by Aschepikov
parent f3693f4afd
commit 1162b5aca1
2 changed files with 29 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
mailpoet/lib/API/JSON/v1/Newsletters.php
View File

@@ -23,6 +23,7 @@ use MailPoet\Newsletter\Preview\SendPreviewException;
use MailPoet\Newsletter\Scheduler\PostNotificationScheduler;
use MailPoet\Newsletter\Scheduler\Scheduler;
use MailPoet\Newsletter\Url as NewsletterUrl;
use MailPoet\Services\AuthorizedEmailsController;
use MailPoet\Settings\SettingsController;
use MailPoet\UnexpectedValueException;
use MailPoet\Util\License\Features\Subscribers as SubscribersFeature;
@@ -81,6 +82,9 @@ class Newsletters extends APIEndpoint {
/** @var Scheduler */
private $scheduler;
/** @var AuthorizedEmailsController */
private $authorizedEmailsController;
public function __construct(
Listing\Handler $listingHandler,
WPFunctions $wp,
@@ -96,7 +100,8 @@ class Newsletters extends APIEndpoint {
NewsletterSaveController $newsletterSaveController,
NewsletterUrl $newsletterUrl,
Scheduler $scheduler,
NewsletterValidator $newsletterValidator
NewsletterValidator $newsletterValidator,
AuthorizedEmailsController $authorizedEmailsController
) {
$this->listingHandler = $listingHandler;
$this->wp = $wp;
@@ -113,6 +118,7 @@ class Newsletters extends APIEndpoint {
$this->newsletterUrl = $newsletterUrl;
$this->scheduler = $scheduler;
$this->newsletterValidator = $newsletterValidator;
$this->authorizedEmailsController = $authorizedEmailsController;
}
public function get($data = []) {
@@ -185,6 +191,12 @@ class Newsletters extends APIEndpoint {
]);
}
if ($status === NewsletterEntity::STATUS_ACTIVE && !$this->authorizedEmailsController->isSenderAddressValidForActivation($newsletter)) {
return $this->errorResponse([
APIError::FORBIDDEN => __('The sender address is not an authorized sender domain.', 'mailpoet'),
], [], Response::STATUS_FORBIDDEN);
}
if ($status === NewsletterEntity::STATUS_ACTIVE) {
$validationError = $this->newsletterValidator->validate($newsletter);
if ($validationError !== null) {