diff --git a/lib/API/JSON/v1/Subscribers.php b/lib/API/JSON/v1/Subscribers.php index 028d62213d..38ddefb9af 100644 --- a/lib/API/JSON/v1/Subscribers.php +++ b/lib/API/JSON/v1/Subscribers.php @@ -4,6 +4,7 @@ use MailPoet\API\JSON\Endpoint as APIEndpoint; use MailPoet\API\JSON\Error as APIError; use MailPoet\API\JSON\Access as APIAccess; +use MailPoet\Form\Util\FieldNameObfuscator; use MailPoet\Listing; use MailPoet\Models\Subscriber; use MailPoet\Models\Form; @@ -123,15 +124,8 @@ class Subscribers extends APIEndpoint { } private function deobfuscateFormPayload($data) { - $result = array(); - foreach($data as $key => $value) { - if(strpos($key, 'form_field_') === 0) { - $result[base64_decode(substr($key, 11))] = $value; - } else { - $result[$key] = $value; - } - } - return $result; + $obfuscator = new FieldNameObfuscator(); + return $obfuscator->deobfuscateFormPayload($data); } function save($data = array()) { diff --git a/lib/Form/Block/Base.php b/lib/Form/Block/Base.php index 39e6c5809d..7ef12cbf85 100644 --- a/lib/Form/Block/Base.php +++ b/lib/Form/Block/Base.php @@ -1,6 +1,8 @@ 0) { return 'cf_'.$block['id']; } else { - return 'form_field_'.base64_encode($block['id']);//obfuscate field name for spambots + $obfuscator = new FieldNameObfuscator(); + return $obfuscator->obfuscate($block['id']);//obfuscate field name for spambots } } diff --git a/lib/Form/Util/FieldNameObfuscator.php b/lib/Form/Util/FieldNameObfuscator.php new file mode 100644 index 0000000000..4e29b49d89 --- /dev/null +++ b/lib/Form/Util/FieldNameObfuscator.php @@ -0,0 +1,38 @@ + $value) { + $result[$this->deobfuscateField($key)] = $value; + } + return $result; + } + + private function deobfuscateField($name) { + if($this->wasFieldObfuscated($name)) { + return $this->deobfuscate($name); + } else { + return $name; + } + } + + private function wasFieldObfuscated($name) { + return strpos($name, FieldNameObfuscator::OBFUSCATED_FIELD_PREFIX) === 0; + } + +} \ No newline at end of file diff --git a/tests/unit/Form/Util/FieldNameObfuscatorTest.php b/tests/unit/Form/Util/FieldNameObfuscatorTest.php new file mode 100644 index 0000000000..3fd78e37c1 --- /dev/null +++ b/tests/unit/Form/Util/FieldNameObfuscatorTest.php @@ -0,0 +1,31 @@ +obfuscate('email'))->notContains('email'); + } + + public function testObfuscateDeobfuscateWorks() { + $obfuscator = new FieldNameObfuscator(); + $obfuscated = $obfuscator->obfuscate('email'); + expect($obfuscator->deobfuscate($obfuscated))->equals('email'); + } + + public function testObfuscatePayloadWorks() { + $obfuscator = new FieldNameObfuscator(); + $obfuscated = $obfuscator->obfuscate('email'); + $data = array( + 'regularField' => 'regularValue', + $obfuscated => 'obfuscatedFieldValue', + ); + $deobfuscatedPayload = $obfuscator->deobfuscateFormPayload($data); + expect($deobfuscatedPayload)->equals(array( + 'regularField' => 'regularValue', + 'email' => 'obfuscatedFieldValue', + )); + } +}