From 3b795a3e580adef9662d0084e6a3d3896b0633d8 Mon Sep 17 00:00:00 2001 From: Vlad Date: Mon, 12 Dec 2016 18:05:11 -0500 Subject: [PATCH] - Prevents deleted newsletters from showing up in archives - Adds a relationship to the sending queue table - Resets hash on newsletter duplication and notification history creation - Updates hash generation to use random string instead of newsletter id --- lib/API/Endpoints/Newsletters.php | 10 ++++++++-- lib/Models/Newsletter.php | 25 +++++++++++++++++++------ 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/lib/API/Endpoints/Newsletters.php b/lib/API/Endpoints/Newsletters.php index 692fd2863c..47d26ca50c 100644 --- a/lib/API/Endpoints/Newsletters.php +++ b/lib/API/Endpoints/Newsletters.php @@ -220,7 +220,9 @@ class Newsletters extends APIEndpoint { $newsletter->save(); $subscriber = Subscriber::getCurrentWPUser(); $preview_url = NewsletterUrl::getViewInBrowserUrl( - $data, $subscriber, $queue = false, $preview = true + NewsletterUrl::ACTION_EDITOR, + $newsletter, + $subscriber ); return $this->successResponse( @@ -339,7 +341,11 @@ class Newsletters extends APIEndpoint { // get preview url $subscriber = Subscriber::getCurrentWPUser(); $newsletter->preview_url = NewsletterUrl::getViewInBrowserUrl( - $newsletter, $subscriber, $queue, $preview = true); + NewsletterUrl::ACTION_LISTING, + $newsletter, + $subscriber, + $queue + ); $data[] = $newsletter->asArray(); } diff --git a/lib/Models/Newsletter.php b/lib/Models/Newsletter.php index 319962d100..2ff87c13f1 100644 --- a/lib/Models/Newsletter.php +++ b/lib/Models/Newsletter.php @@ -2,6 +2,7 @@ namespace MailPoet\Models; use MailPoet\Newsletter\Renderer\Renderer; use MailPoet\Util\Helpers; +use MailPoet\Util\Security; if(!defined('ABSPATH')) exit; @@ -27,6 +28,10 @@ class Newsletter extends Model { )); } + function queue() { + return $this->has_one(__NAMESPACE__ . '\SendingQueue', 'newsletter_id', 'id'); + } + function save() { if(is_string($this->deleted_at) && strlen(trim($this->deleted_at)) === 0) { $this->set_expr('deleted_at', 'NULL'); @@ -41,7 +46,7 @@ class Newsletter extends Model { $this->set('hash', ($this->hash) ? $this->hash - : self::generateHash($this->id) + : self::generateHash() ); return parent::save(); } @@ -80,6 +85,9 @@ class Newsletter extends Model { // reset status $duplicate->set('status', self::STATUS_DRAFT); + // reset hash + $duplicate->set('hash', null); + $duplicate->save(); if($duplicate->getErrors() === false) { @@ -136,6 +144,9 @@ class Newsletter extends Model { $notification_history->set_expr('updated_at', 'NOW()'); $notification_history->set_expr('deleted_at', 'NULL'); + // reset hash + $notification_history->set('hash', null); + $notification_history->save(); if($notification_history->getErrors() === false) { @@ -640,6 +651,7 @@ class Newsletter extends Model { 'queues' ) ->where('queues.status', SendingQueue::STATUS_COMPLETED) + ->whereNull('newsletters.deleted_at') ->select('queues.processed_at') ->orderByDesc('queues.processed_at'); @@ -659,10 +671,11 @@ class Newsletter extends Model { ->findOne(); } - static function generateHash($id = null) { - if(!is_null($id)) { - return substr(md5(AUTH_KEY . $id), 0, self::NEWSLETTER_HASH_LENGTH); - } - return false; + static function generateHash() { + return substr( + md5(AUTH_KEY . Security::generateRandomString(15)), + 0, + self::NEWSLETTER_HASH_LENGTH + ); } } \ No newline at end of file